It's disturbingly creepy to think that stores would even think of doing this, but on the other hand it's also an indication of how clueless the general population is about the amount of identifiable data they're unconsciously "leaking" through personal, (nearly) always-on devices. My laptop is setup with a random MAC precisely to prevent this sort of tracking.
Interestingly, the unbranded Android phones I have (one looks very much like an iPhone, ironically enough) all came with this "feature" of a random MAC every time the WiFi is turned on/off, although that was more likely the manufacturer not bothering to give each one a unique MAC.
All the more reason to keep the WiFi turned off unless you're actually using it, and this might be a bit on the paranoid side, but I do the same for the cell radio (airplane mode) - it's on only when I'm expecting a call or making one.
At the other end of the scale, this tracking via MAC almost invites making them think several million customers have suddenly entered the store...
I'm a technologist and I didn't know that devices advertise their MAC addresses when scanning for WiFi until someone in that business told me. I always thought it was the other way around (base stations advertise themselves and devices affiliate with ones they recognize).
Though accurate, "clueless" is a bit harsh. I don't expect the general public to know the implementation details of WiFi any more than I expect them to understand how a catalytic converter works. The beauty of an abstraction is that you get to reap its benefits without understanding precisely how it works.
The beauty of an abstraction is that you get to reap its benefits without understanding precisely how it works.
...and get to be manipulated and screwed over by the people who do.
While I don't expect the general public to know the details of WiFi down to e.g. the level of the 802.11 spec, I think that some general ideas, like the difference between passive/active scanning, are both simple enough to be understood by analogy and critical to privacy that they should be known more prominently.
Active scanning for known base stations is a 'feature' most people don't know about either. You phone actively tries to connect to base stations it knows, opening you up to attacks from devices like the WiFi pineapple.
Now that the MACs are random does that really solve the problem? A probe request sends out the real MAC of the AP it's looking for as well as the AP ESSID. By using anyone of many translators you can get a map of each ESSID with GPS co-ordinates. While many people will be probing for Starbucks and McDonalds they will always have a unique probe for their own home AP. So now there is no "neat" way of using the MAC as a primary key you can still infer the user by the AP least in common with anyone else, i.e. which probes are NOT McDonalds et al.
So if my home AP ESSID is Einstein, MAC=deadbeef every time I enter a store my home AP MAC is still being recorded as well as the relative movement throughout the store. As well inter-relational data could be inferred by other AP MAC addresses if I visit a friend or family member it's likely that probe will connect us.
TL;DR
Relations are based on unique data just because some of the data is 'scrambled' it's reliance on static data is it's weakness.
Your assumption is incorrect - Probe requests do not contain the MAC of the AP, only the SSID. Wifi clients usually only save the name and security type/PSK of previously joined networks. In many situations, the same SSID is broadcast by multiple different APs with different MAC addresses in the same area so it wouldn't make sense to remember a specific SSID/MAC pair.
If the same client (iPhone) probes for a list of SSIDs with one random MAC and then probes for the same list again a short while later with a different randomised MAC, you could still track that individual based on the list of networks they probe for.
If the client MAC is randomised for every single new 802.11 probe that makes it harder but you could still track based on a single unique SSID probed for (i.e. something more unique than NETGEAR).
I'm going to look into this and possibly update my tool iSniff GPS.
The randomized MAC address doesn't help here. If two probe requests have different MAC addresses but the same SSID list, then the tracker can guess that they are the same device.
Each device sends beacons out at an interval. By sorting all the probes by these intervals (10Hz or what ever) each will likely be slightly different from each other. So my device sends probes out at 0s another will send it out at 0.5s. Also by co-relating these beacons by signal strength well the random MAC doesn't really matter.
This only occurs for 'hidden' networks. If you do not have any hidden networks in your known network list than you will not be broadcasting SSIDs. This is yet another reason to avoid setting your AP to hidden.
Do you have a source for this? Is there any documentation of this in the 802.11 spec? I'm also wondering if devices send a single probe per SSID they're looking for, or one probe with a list of SSIDs?
I'm under the impression that most "mobile" WiFi-enabled devices will actively probe [0] for APs that they've been associated with in the past. It's the SSIDs and MACs of these APs that will be used to figure out who you are, despite your ever-changing client MAC address.
[0] By the gods, this is such a stupid idea. Aren't beacons often sent at a 10Hz rate? Assuming that we've associated with a network that actually sends beacons, why wouldn't remaining silent, listening for the beacon, then associating work just as well as probing?
I think this is a great example of how security and privacy gets sacrificed for convenience -- everyone seems more concerned with how fast they can connect to the first open WiFi network they find when they're roaming than what info they're broadcasting, and software's behaviour and interface reflects that. I'd like finer control over what my device does, like
- whether to automatically connect to any networks
- whether to use active scanning (and if it's off by default, I should be able to force one); passive scanning is fine unless you need to connect to networks without SSID broadcast, since it's just listening. Probably saves a tiny bit of battery too.
- better management of SSID list; I find the design where items in the list appear/disappear dynamically while you're trying to manipulate it rather irritating to use. I would prefer if there was an option to control whether the list gets updated, so it will stop accumulating useless networks. Finally, one for iOS (and Windows 8, which has regressed in this area): make it possible to forget and/or otherwise manage networks that are not in range.
I think they're saying you can still identify a device with pretty good certainty by the probe requests it sends. Probe will include the MAC of your home AP and other known APs, which are unique enough, even if your phone's MAC is changing with each probe.
Without being too specific, you should assume that Large stores already do this. Any store claiming to have "in store wifi" is almost guaranteed to be tracking you through your mac address.
The system that I'm familiar with only tracks where you're going. It didn't (as of a couple months ago) have any way of linking your mac back to a consumer profile.
name
sex
marital status
nationality
place of birth
profession
identity document type
identity document number
street address
city
state
country
cellular phone number
name of cellular provider
landline phone number
email address
barcode from your boarding pass
If you think that this is an April Fool's joke, I can assure you that it's real. Some of the above are optional on the form that's shown, but other airport ISPs in Brazil do insist that you fill in a lot of fields like the above.
I'm happy to say that the trend in the United States and Canada has been toward less or zero information for using wifi. Less than 10 years ago, it was quite common to see all sorts of questions to use wifi. And Internet cafes used to demand ID in the United States and Canada (and they still do in Brazil).
At Beijing airport if you're not Chinese they require a scan of your passport photo page at a special kiosk where they then give you a unique access code....
I also remember checking into a Brazilian hotel, where they wanted Brazilian guests, at least, to specify their highest level of formal education (!), as well as profession, date of birth, and the city from which the guest arrived and the city to which the guest planned to travel next.
I wonder if the last two are specifically meant to aid law enforcement investigations.
So they'd learn my name is Al Kapone, my nationality is the proud citizen of the glorious nation of Kazakhstan, my place of birth is the South Pole, my profession is a lion tamer and I live in 666 Fake Street, Garbadedataville. What they're going to do with this information?
Requiring email confirmation assumes the fact that the user can already connect to the Internet to access his/her email to read the message, throwaway account or not, so that wouldn't work too well...
It's not that, trust me. They make good money with your data. Take it as a way of payment for the "free" wifi.
It helps the same purpose as the loyalty cards, especially the ones that outgrow the original business (I'm looking at you both Tesco ClubCard and Nectar Card). Getting "points" by using those at other businesses like petrol stations helps them profiling you for "better" advertising. They also keep you a bit more loyal to their associated brands, but we already knew that bit :)
I wonder when that better advertising would actually come along. They keep collecting the data but so far all the ads I've seen is either utterly irrelevant crap or "you visited shoe store so our network would show you the same shoe store's ads for the next 3 months, because it can't be that you don't need buy new shoes every day".
It's pretty reasonable to expect a store would think of tracking a customer's path through the store. Websites do that all the time.
In addition, if we find a good way to provide information to the store owner about how his or her store is being browsed and used, it is likely that stores will provide better shopping experiences.
Not my downvote, but I suspect people don't like the slippery slope argument ("tracking is omnipresent on the web, therefore it's OK to do it in the real world as well").
Then there's "better shopping experiences" which most people's BS translators will read as "worse shopping experiences / persuading people to spend more than they intended".
To be clear, I'm not arguing that it is justified or moral. Whatever you think about 'right' or 'wrong', you have to realize that a person who builds a store is going to want to know everything about how his or her store is used. EVERYTHING. That's not good or evil, that's just logical.
Acting like it should be self evident to a store owner that tracking users is inherently wrong is just ignoring the viewpoint of the store owner wholesale. Does not lead to good policy.
It doesn't make much sense and looks utterly paranoid. To me, all this "privacy" thing looks more like a hype than something of real importance, and the companies like Apple are taking advantage of such a mentality. Suppose you operate a store, what would you want to do? Obviously collecting information to improve user experience is only natural. Put it this way: If, at the end of the shopping, somebody from the mall approaches you and asks you to fill out a survey about your shopping experience and what could be improved, would you comply? Probably one half of us will. Then why, a method which is not intrusive, does not take your precious time, and doesn't waste human resource on the part of the mall, would get such a strong reaction of yours? Is it really the "rationality" you boast? I totally doubt it. It's more likely pretensive overreaction.
Why is this so creepy? They know a piece of hardware has been in certain locations for a certain amount of time. This data can help improve your shopping experience and help the store better market to you. (While also increasing their sales). There is nothing personal about at MAC address go ahead and track it.
Also... Yes keeping your phone in Airplane mode is a bit paranoid.
Assuming they track every single purchase made at a store along with the credit card number used (or at least some form of ID associated with that particular card), and all the times the MACs left the store, how many sets of data do you think they need to get a 1:1 match between MAC and person? Even for really large stores, I'm guessing it would only take 2-3 visits before they can link you to POS records with decent accuracy.
Once they have that, your MAC address becomes personal. They know what that MAC buys, how long they spend in the store, how much they spend in the store, how often they visit, etc.
Couple that with the fact that with enough WiFi APs, you can triangulate a certain MAC to a specific location in the store, match with the cameras, etc. Probably track you to your car if they wanted with their satellites watching their parking lots.
And then we get into the problems created when these stores either start sharing this info, or the vendor they hire to install their tracking system starts approaching full coverage of the nation / developed world.
Keep in mind this isn't 'crazy future minority report' stuff. These are all things they are either doing now or could easily do now. All in all, it's just another damn piece of info about me that was once personal and now no longer is. "The amount of time Ben Reaves is spending looking at adult diapers is trending up. Flag their profile for incontinence."
Amazon, does this and it creates (for me) a better shopping experience. When I go to amazon it knows what things I want to buy and puts them right in front of me. Then it points me to other items that are related. Amazon knows precise,y what I look at and for how long before I buy it. Why is this good for online shopping and bad at a B&M store?
I think most people (including me) would probably agree that all this tracking creates a better shopping experience. Taken to its logical conclusion, eventually the stores will know what I want to buy before I even know I want it- they'll place it front and center in front of my face, said face will light up in sudden understanding that this is what I've been missing all my life, and money will exchange hands. Snark aside, I really do agree that this is a better shopping experience.
But we're not just talking shopping experiences here- the data, algorithms, and extra tracking that fuels the (perhaps extreme) future I described above has costs, mostly in personal privacy. Maybe I don't want the conglomerates (and the government, since we all now know they've got their 'black boxes' in the datacenters) to know my penis size, how good my relationship with my father is, what medical conditions I have, and just about everything else one can think of. However, this is the future we're headed towards.
Secondly, I think _greim_ said it very well in this post elsewhere in the thread: "Giving marketers deep psychological and behavioral insight increasingly enables them to circumvent rationality and "hack" consumers in various ways." There is a fine line, I think, between offering exceptional shopping experiences and manipulating your customers.
Mix that with a camera at each teller to do good facial capture for cash customers and cameras at the door scanning people coming in and it gets a bit creepier.
You know what is really creepy, when the tellers and staff at a store are painfully happy and courteous. If feels like if I frown or show any irritation their neck detonator will go off.
Interestingly, the unbranded Android phones I have (one looks very much like an iPhone, ironically enough) all came with this "feature" of a random MAC every time the WiFi is turned on/off, although that was more likely the manufacturer not bothering to give each one a unique MAC.
All the more reason to keep the WiFi turned off unless you're actually using it, and this might be a bit on the paranoid side, but I do the same for the cell radio (airplane mode) - it's on only when I'm expecting a call or making one.
At the other end of the scale, this tracking via MAC almost invites making them think several million customers have suddenly entered the store...