Londoners Tracked By Advertising Firm's Trash Cans 189
schwit1 asks "How can I automatically have my wi-fi turn off when I leave the house unless I specifically turn it back on?" and provides this excerpt from Wired to illustrate why that would be useful: "Hundreds of thousands of pedestrians walking past 12 locations unknowingly had the unique MAC address of their smartphones recorded by Renew London. Data including the "movement, type, direction, and speed of unique devices" was recorded from smartphones that had their Wi-Fi on. First reported by Quartz, the data gathering appears to be a Minority Report-esque proof-of-concept project, demonstrating the possibility for targeted personal advertising. 'It provides an unparalleled insight into the past behavior of unique devices — entry/exit points, dwell times, places of work, places of interest, and affinity to other devices — and should provide a compelling reach data base for predictive analytics (likely places to eat, drink, personal habits etc.),' reads a blog post on the company's site. In tests running between 21-24 May and 2-9 June, over 4 million events were captured, with over 530,000 unique devices captured. Further testing is taking place at sites including Liverpool Street Station." (The name sounds a bit like a government project, but Renew London is actually an advertising / marketing firm.)
Cell phones must stop broadcasting MAC addresses (Score:5, Insightful)
The 802.11 protocol does not require cell phones to broadcast their MAC addresses. Phones do it so that they can discover nearby networks faster, but it is completely optional.
There needs to be an update to iOS and Android that gives users the option to disable this feature (I can't remember the official name). Users should understand that it will take longer to find access points, but in exchange, they get vastly increased privacy.
Cell phones (Score:5, Insightful)
If you're carrying a cell phone around, you might as well surrender any idea that your movements are not being tracked by 3rd parties without your knowledge or consent. Retailers like Target are installing ANPR systems in surveillance cameras, their wifi routers are already watching for probe attempts from cell phones as a way of monitoring where you are in the store (how long did you spend in the women's section? Where on the floor did you stop to look at advertising?) and modules are also installed to track cell phone transmissions and ESNs to uniquely identify customers at checkout (you use a credit card, and now your ESN is linked to your name)...
Trash cans are watching you. Buses are equipped with similar sensors. If you are carrying a cell phone, someone, somewhere, knows exactly where you are and is going to sell this information. You are not carrying a cell phone these days: You're carrying a tracking beacon with two-way communication capability.
government project/advertising/marketing (Score:1, Insightful)
What's the difference? Can you opt out of any of it? Not having a cell phone or Facebook is grounds for suspicion..
Disinformation ? (Score:2, Insightful)
Isnt there something like aircracks airbase that could be run nearby that would make this data useless? Something that just spits out mac addresses at random for the system to pickup?
Re:MAGNET TIME! civil disobedience ftw! (Score:5, Insightful)
If you want to screw with them, do it the legal way.
1. Get netbook.
2. Harvest the MAC addresses of phones nearby as you travel.
3. Broadcast the usual queries, but spoofing the harvested MACs and ESSID lists.
Thus their marketting database is swiftly polluted and becomes much less valuable.
Re:Cell phones must stop broadcasting MAC addresse (Score:5, Insightful)
Saying people want to auto-connect to unsecured wifi networks is like saying people want to be able to drive at 150 mph. Yeah everyone would like to do it, but they realize it's such a stupid thing to do that almost nobody willingly does so. A random unsecured wifi net in a public area is the perfect setup for a man-in-the-middle attack to harvest your email and bank login and passwords. At a minimum, automatically connecting to them should be disabled by default on all devices, and preferably there should be no way to enable such a "feature".
If you want to connect to an unsecured wifi network, you should have to make a conscious decision and take a deliberate action to do it. Auto-connecting to them is colossally stupid. So there is no need for your phone to be automatically scanning wifi nets in a manner which exposes its MAC address. If you find yourself in a random location and would like to manually connect to an open wifi net which you feel you can trust, then the phone should give up its MAC address.
If a probe request to identify nearby wifi nets requires a MAC address, that's a deficiency in the wifi handshaking standard IMHO. The phone should generate a random one just for that probe request to bypass that deficiency.
Re:Cell phones must stop broadcasting MAC addresse (Score:2, Insightful)
Saying people want to auto-connect to unsecured wifi networks is like saying people want to be able to drive at 150 mph. Yeah everyone would like to do it, but they realize it's such a stupid thing to do that almost nobody willingly does so.
Driving at 150 MPH is legal in many areas. The Autobahn, Montana during the day... And it's not stupid. As well, they're going considerably faster than 150 MPH with their phones; They're going at 670,616,629 mph.
A random unsecured wifi net in a public area is the perfect setup for a man-in-the-middle attack to harvest your email and bank login and passwords.
Find me a bank or online retailer that allows financial accounting data to be submitted over insecure connections instead of SSL. I can wait.
Auto-connecting to them is colossally stupid.
So is carrying a cell phone in public, according to some. People don't have to use military-grade encryption to browse wikipedia; There's plenty of things that open wifi is good for, even if it can be monitored. And if you're that worried about it, download Tor for Android (Orbit) or the iPhone and proxy everything through that.
Plenty of people want to make internet available to the general public for free; You know, that whole "Share and share alike" thing that we learned as kindergarners and then promptly forgot as adults as we all adopted the "what's mine is mine and what's yours is negotiable" stance.
If a probe request to identify nearby wifi nets requires a MAC address, that's a deficiency in the wifi handshaking
standard IMHO.
I think I'll stick with what the IEEE working group came up with, which included Cisco Systems, Microsoft, Hewlett Packard, and dozens of independent network engineers over your "humble opinion", thanks. But if you can figure out a way to transfer data over a packet-based network without a source and destination in the header, I am quite certain the IEEE would give you a free membership and plane rides and hotel rooms for all their meetings to explain your new protocol.
Re:Cell phones must stop broadcasting MAC addresse (Score:5, Insightful)
Re:Cell phones must stop broadcasting MAC addresse (Score:4, Insightful)
Germany here. You have to be stupid to drive 250 km/h on a public road. Take your toys to a racetrack, not the autobahn. Sorry for your small penis.
Re:Cell phones (Score:4, Insightful)
This is nothing new, except for the specific technologies involved. Stores have been doing similar things for as long as they have existed. For example, years ago Walmart was identifying what demographics specific customers belonged to based on the way they walked on the store cameras, and Target [forbes.com] was doing it based on their purchasing habits.
You simply cannot avoid being tracked in our modern world, and you have to go to a lot of effort to even minimize it. For the longest time I did not have a Facebook account, until I realized that Facebook already has a large entry in the database for me based on other people tagging my name and email and following me around with their huge tracking network embedded in half of all websites.
Check out the new Slashdot iPad app [apple.com]
Re: Cell phones must stop broadcasting MAC address (Score:5, Insightful)
It doesn't even have to go that far if you don't want. Just passively listen for known APs and only connect to those. Then add something friendly like a "look for WiFi" button to send out a probe when the user actively wants to connect to something and no known APs are broadcasting beacons.
Re:Cell phones must stop broadcasting MAC addresse (Score:4, Insightful)
I love how ignorant slashmods keep marking this as 'troll' while others who actually understand networking keep marking it informative. Sadly, the technical proficiency of people on this site continues to track lower month over month since the Dice takeover.
Now people who suggest that the people who designed the internet might have known what they are doing are moderated down while the paranoid tin foil hat crowd gets modded up for suggesting that changing the protocol is a simple handwave and people with decades of experience in this sort of thing are incompetent...
Re:Cell phones must stop broadcasting MAC addresse (Score:5, Insightful)
You're both right, a little at least. It's perfectly safe to connect to whatever random wifi you run across and use it in the sense it's intended, in the case that you are absolutely certain anything important is actually being encrypted at the application layer where it should be.
For most people, in the real world, they have no idea. Application programmers seem to do a really lousy job of it (as in usually dont even try) so it's certainly not safe to assume. Probably smarter in many cases simply to set your phone to only connect to networks you program it specifically to connect to. And encrypt them, so they cannot be trivially spoofed.
IF they are actually broadcasting their MAC when NOT attempting to connect to a network, that would be a bug to stomp. But I am pretty sure that part was just GPs ignorance.
And, btw, you SHOULD use encryption to browse wikipedia. You should, in fact, use HTTPS Everywhere [eff.org] and attempt to encrypt every single piece of data that is sent out, redundantly. This is because if you only encrypt things that you are worried about being seen, the encryption is suspicious in and of itself, and anyone investigating you for any reason (even just 'because your traffic passed our sniffer') is going to at least see exactly the data they are looking for, they will see the endpoints even if they cannot break the encryption. That 'meta data' may be more valuable than the encrypted message itself.
So if you want digital privacy, dont just encrypt important documents. Encrypt every single thing you can, and encourage others to do the same. An internet where only super-sekrit documents are sent encrypted is a fertile environment for snoops. One where the amount of traffic that is encrypted at the application level already nears 100% may be the only way to regain the privacy that we have lost in the digital era - and it certainly cannot hurt.
Re:Cell phones must stop broadcasting MAC addresse (Score:2, Insightful)
That these speeds are an everyday event doesn't mean the people doing 250km/h on public roads aren't idiots. The Autobahn is designed for 130km/h and even a tiny bump can send you flying off if you drive 250km/h. There's no warning and no way to see a bump like that in time. So yes, obviously the risk increases, and that means you should take your toys to the racetrack, which is a road "fit for purpose" and, more importantly, not full of people who are endangered by your reckless behavior. Personally I think that someone who believes that 250km/h is acceptable on a public road lacks the necessary judgment and is unfit to drive at any speed.