Slashdot Mirror
Will London Monetize Wifi Tracking Data From Its Tube Passengers? (gizmodo.co.uk)
New questions are arising about how much privacy you'll have on London's underground trains. "For a month at the end of last year, Wi-fi signals were used to track passenger journeys across the network," writes Gizmodo. "The idea is that as we travel across the Tube network, Wi-fi beacons in stations would detect the unique ID -- the MAC address -- of our phones, tablets and other devices -- even if we're not connected to the Tube's wifi network." The only way to opt-out is to turn off your phone's Wi-Fi. An anonymous reader writes:
London is struggling with the transport network capacity so the ability to learn commuters' travel patterns is compelling... Now it emerged that TfL, the operator of London Subway system, is planning to use the system to monetize passengers' data. TfL is also not ruling out sharing the data with third-parties in future.
More information shows that the privacy protection could not be as good as TfL maintains, with reversible hashing and options of giving data to law enforcement. A privacy engineering expert points out additional issues in pseudonymisation scheme and communication inconsistencies. Final deployment has been initially scheduled to start in end of 2017.
"Once the tools are in place, there will inevitably be a temptation to make use of them," warns Engadget, raising the possibility of the data's use for advertising -- or even the availability to law enforcement of location data for every passenger.
More information shows that the privacy protection could not be as good as TfL maintains, with reversible hashing and options of giving data to law enforcement. A privacy engineering expert points out additional issues in pseudonymisation scheme and communication inconsistencies. Final deployment has been initially scheduled to start in end of 2017.
"Once the tools are in place, there will inevitably be a temptation to make use of them," warns Engadget, raising the possibility of the data's use for advertising -- or even the availability to law enforcement of location data for every passenger.
Slightly off topic - doesn't everyone turn off the phone wifi & bluetooth when not in use?
We do, but Apple just turns it on again when we travel to a new location or in any case at 5am.
(unless we go out of our way to disable it in the system settings rather than through the more convenient control center which tricks us into thinking it's the same thing)
Unless things have changed since I last read up on this issue, there are two basic problems with using randomization of MAC addresses to defeat tracking:
--Software Implementation--
Lazy method of randomization. Sometimes as simple as incrementing the value of the MAC address by 1, repeatedly over time.
There are other signatures transmitted besides the MAC address that make it trivial to identify most smartphones, especially given the previous point.
--Hardware Implementation--
Smartphone chipsets handle low-level control frames in a manner that is vulnerable to tracking. As in 100% success rate. IIRC, this will happen even if you have the WiFi off in software or are in Airplane Mode.
Source