Risky. MAC address tracking is definitely a legal 'grey area' at the moment. I can imagine mining/fingerprinting in this way could easily become illegal in the not-to-distant future.
In the UK, City of London already banned the wifi-enabled bins that were tracking MAC addresses.
It would be really easy to tie a name to MAC address (from point of purchase with a credit card), then see exactly where that person went via the 'sharing' of data with other retailers. This is certainly something you would expect to need 'opt in' to.
They didn't really "ban" anything. They just instructed the company that was hosting them to stop doing so, in the face of a media shitstorm. And since that company was also a licensee of the City, they saw it fit to do as told. A shop owner in the City can still do as they like.
[source: I was doing other work for the bin company (renew) and saw the whole car crash from the inside]
You are of course quite right. It wasn't a ban in any legal sense. Though I do think it highlights that the method is already frowned upon... and as and when the public becomes more aware of the fact they are walking around broadcasting their location there will be more pressure to restrict the collection of the data.
That said. CCTV does not appear to be going anywhere, and there is very little difference between processing video footage to track people and tracking a MAC address. The only difference in this particular case is that 'sharing' of the data between retailers is touted as a feature (which of course it is).
City of Houston does MAC address tracking on the freeways and surface streets to power their traffic tracking measures. It's probably used in hundreds of other places you haven't thought about. If you're concerned about your privacy just turn wifi off.
> If you're concerned about your privacy just turn wifi off.
No, you shouldn't have to turn off a very commonly used service so that people can do better business by tracking it in an intrusive manner. Privacy should be the default option in such programs.
If the city used a ton of cameras + facial recognition to track you and your car everywhere and then sold that data to companies so they could optimize for whatever meaningless metric, would you still be as casual about this, and go "Oh, you should just cover your face and walk everywhere if you expect privacy."?
What privacy is that? Your device is broadcasting information, in the clear, to anyone who cares to receive that information. You've taken no steps to prevent anyone from receiving that information.
Your device is doing the equivalent of standing on the street corner and screaming various things. You can't rightly tell someone not to listen or write down what's being said.
I don't see how this is any more invasive than CCTV cameras that every business already has anyways.
> Your device is doing the equivalent of standing on the street corner and screaming various things.
Except there's one huge difference: anyone with eyes and ears can understand what the person is screaming. I would wager that even fewer than half of HN readers realize what's being broadcasted here.
What you're saying is that every human must have complete technological and implementation knowledge of any possible invention or they are not deserving of privacy. That position is not only elitist as a technophile, it's arrogant to think that any one person could possess that knowledge, let alone billions. At some point, you'll be the clueless one.
And anyone with a smartphone (or any other reasonably general purpose device with a 802.11 radio) can "understand" (read: pick MAC addresses out of a WiFi ping). This isn't some hidden, elite, arcane black-arts knowledge as you imply, this is standard stuff.
The idea that MACs should be somehow private because someone found a novel use for them doesn't even pass the laugh test. IP addresses are not "private". Your face out in a public area is not "private". Why is this different? How is this somehow worse than the CCTV cameras in most public places anyways? How is a MAC address PII by any stretch of the word?
I'm starting to really think "privacy" has joined the heap along with "patriotism", "socialism", and "terrorist", words which are being abused so badly they've lost all meaning and and as a result mean whatever their speaker wishes them to.
>That position is not only elitist as a technophile
One shouldn't hold strong opinions about things they don't understand even on a remedial level. This hand wringing is pure and simple fear mongering.
> The idea that MACs should be somehow private because someone found a novel use for them doesn't even pass the laugh test. IP addresses are not "private". Your face out in a public area is not "private"
I think you might be misunderstanding the part of this I have a problem with, or perhaps my language wasn't explanatory enough. I have a problem with the company linking back this info to a specific person, not the information itself.
MACs shouldn't be "somehow" private. MACs are not private. But when you use them to tie back to a specific person who is in your shop (with the credit card purchase info), you are essentially tracking a person. I think this activity should be regulated and should be an opt-in thing for users. (Enforcing this regulation could be admittedly a challenge, but it will at least be a step in the direction of strongly discouraging businesses to implement such 'features'.)
Similarly, your face out in a public place is not private. But if I have a startup that sets up CCTVs in participating businesses' premises and then track the movement of specific customers from shop to shop and generate data like "Okay -- the same face that was tracked shopping at Nordstrom then went on to have lunch at the Whole Foods next door; and from the credit card that was used, we can see that it was Mr. Karunamon", it's going to run up against major privacy concerns. I think this is very similar, but not that controversial because it is not so visible.
>I think this activity should be regulated and should be an opt-in thing for users.
I think any possible regulatory hurdles that could be imagined will make life for anyone who does anything neat with wifi or some other combination of information miserable. The credit card thing makes me wonder.. like what exactly are they grabbing? Just the fact that a card swipe was recorded at the same time that X wifi radio was in front of the register?
Somehow I'm still not bothered by this. As long as there's no "hidden" information being exposed (say, my CC#), my response is a big fat "meh". Combining different kinds of public information (as in, things that any person could just walk by and see) doesn't somehow combine to become private information.
I mean, let's see what pieces of data we're dealing with here:
* Entry to the store. Public. Via CCTV, door sensor, etc.
* Items selected. Public-ish. (Recorded after checkout, some stores use RFID tagging)
* Location in the store. Public. (Anyone can see.)
* Time card was swiped. Public. (Anyone in line can see)
* Basic WiFi information (Mac address, SSID, etc). Public. (Anyone with a smartphone can see.)
Given the fact that all of these pieces of information are freely available, I find it impossible to call for someone's head or feel even vagely "creeped out" by simply combining that info.
Put yet another way, the information's always been there in the open, but now that someone decides to collect it, there's a problem??
To be clear, we're not collecting credit card data / swipes. Just anonymous movement. There's been some discussion about eventually using in-store payment systems with open API's to marry purchasing behavior to foot traffic >> but this wouldn't be tied to the individual.
The goal is not individual (person) tracking. The goal is identifying and operationalizing trends at an location-specific and network level.
We encourage users worried about privacy to opt out. But realistically, they're not individuals to the system. They're part of a trend.
As long as we get a statistically relevant percentage of movement (15-20%) we believe we can still be useful to the business. Worst case: a lot of people opt out, we drop from our current 60-70% capture to 20-30% capture and we simply extrapolate the remainder.
It's an inexact science but, we believe, very useful.
Thank you for the clarification. I think the NSA shenanigans and everything surrounding them have people hypersensitive with regard to any kind of "tracking", no matter how innocuous.
> that every human must have complete technological and implementation knowledge
Or they could use software produced by people with that knowledge and who had users' interests in mind, which would automate the appropriate way to handle these concerns. And if they're unable to judge softwares' merits, they should rely on the opinion of more knowledgeable friends.
In this case, the device could easily generate a new MAC for every connection attempt, and give you an option to make that identifier more persistent per-network.
But instead people listen to the TV (et al) as it tells them to keep buying new closed Androids and iDevices, and then act incredulous (or Stockholm syndromed) when for-profit companies end up betraying them.
> No, you shouldn't have to turn off a very commonly used service so that people can do better business by tracking it in an intrusive manner. Privacy should be the default option in such programs.
Maybe, maybe not, but if you care about your privacy you shouldn't assume everyone will follow the rules. Opt-in would be tough too--they need to know who you are before knowing if you have opted in.
It's trivial to turn off the wireless on your phone. If you want privacy in this day and age it's not going to be convenient. The difference is I can't turn off my face.
I blame the WiFi protocol. Since the routers are already broadcasting their SSID why are devices themselves broadcasting sensitive information back to them before the user has shown any interest in any particular hotspot?
This over sharing should be addressed at protocol level.
I live in Houston and never knew how it worked. I assumed they only used the toll tags. It's actually not wifi, but rather bluetooth: http://traffic.houstontranstar.org/bluetooth/transtar_blueto.... I am not sure if the bluetooth radio on the phones uses a different MAC than the wifi radio.
The bluetooth address is actually just one character different from the phone's MAC address -- although this might just be an iPhone standard. Need to check up on Android standards and if it differs by manufacturer.
What makes WiFi (currently) more relevant is more people leave it on. Likely to even out over time as more bluetooth devices are made commonplace.
There is no guarantee that the BT MAC address is related to the WiFi MAC address for a given device. These addresses may be assigned by the product (phone) manufacturer, they may also be assigned by who makes the BT or WiFi module.
I realize that. However you brought up the Houston system in response to a comment that only discussed wifi. After bringing up the Houston system in your comment you said people concerned about privacy should "just turn wifi off." Anyone coming along and reading this thread would realistically conclude that the Houston system used WiFi and that they could avoid the Houston system's tracking by "just turning wifi off."
I thought it would be important to let others know that "just turning wifi off" would not be an effective measure against a system that uses bluetooth.
Something similar caused a stir in the Netherlands as well, a month ago certain electronics stores where caught using wifi and bluetooth tracking alongside IR cameras. The Dutch Data Protection Authority said customers should be informed and have a possibility to opt-out, while the State Secretary of Security and Justice commented that people should turn off their wifi or bluetooth if they do not want to be tracked.
I have heard of a company that does this, which recorded 3 million active devices in a month -- 10% of Canada's population. Data includes, tracking people's movement through subways. CSEC is not the only party to worry about here. I am sure Google has comparable location info as well.
I built a device similar to this (with a raspberry pi). iOS from 7 and up no longer allows getting mac addresses... so it's much harder to tie a mac addresses to actual purchases. You'd have to do some sort of collaborative filtering over tons of visits to reliably tie purchases to a mac address.
At first when I saw this page, I thought they count the number of people in a store through an eye-tracking device or facial recognition. This isn't too far off.
In version 3.0 we will be seeing the ability to identify shoppers who are on a shopping spree by ringing a beep as they enter the store. Sad.
Well, it's easy from the data point of view. You basically have two data sources: (location, time, credit card) and (location, time, MAC). The location/timestamp history of any given individual is one of the most unique pieces of data you can have; correlating the two is a trivial data-science exercise.
It's the systems-integration part, moving the data from the card swipe onto the right computer, that's actually hard. You might be able to partner with your payment processor to get at that stuff.
This idea is cool, but there are some issues with their privacy claim.
They say they are hashing the MAC address (presumably on the device). However, they can't be salting the hash (else they wouldn't be able to match across different stores).
Since there is no salt (or a fixed salt), it is trivial to de-anonymise a specific MAC address (just hash it and see if any server has it).
Worse, there are only 46 bits that are variable in a MAC address, and there is structure in there (3 bytes manufacturer, 3 bytes serial), so a complete mapping from MACs to the hashed MAC is very doable.
A secret per-device key for a HMAC would preserve privacy much better, but would stop them doing the cool stuff they plan — the usual trade off.
There's no point in trying to assess any privacy claims they make — it's not a technological thing. The only value they offer is violating people's privacy.
> The only value they offer is violating people's privacy.
I don't think reading a value being freely broadcast by a person in your building is an invasion of privacy, how is this any different from having security cameras with audio or anything else. Saying you have privacy to something you are broadcasting in public, even more specifically in this case a privately owned building is a little daft. Do you think it's an invasion of privacy if someone writes down your name and address if you were yelling it in the middle of a Starbucks?
If I enter Starbucks I indeed expect that everyone around knows about it. I don't expect that some system will store this information and will be able to associate it with my other activities.
Well that is the capability of security cameras, loyalty cards, credit cards, scanning ID to get booze and a million other identification means. Unless you go to Starbucks wearing a ski-mask, a Faraday cage, and paying with cash you are possibly being tracked for marketing data. As much as I have an natural dislike against rampant corporate abuse, I am hard pressed to find a reason a privately owned merchant couldn't put one of these in their store. When I go to a hockey game I get my ticket checked, my ID checked, I have to empty my pockets, possibly even my bag, and I have to get scanned by a metal detector. But that is something I consent to so that I may go about enjoying the game. I feel as though eventually these types of Mac address scanners, loyalty cards, credit card tracking, and things of the like will just be terms that the stores set that we just sacrifice to be able to shop there. As for me I would just rather turn off my wifi and buy as much as I can off online stores.
In case it is, a HMAC (which a salted hash effectively is, except keys are secret) helps in the case of them losing the database, but not if they also lose the key, and the NSA will get access to the key as well as the database, so it won't help there.
That seems like it would work, but it turns into a "open using crowbar found inside" problem: how do I know to use the same salt on a second density.io device unless I have already matched the MAC address.
The whole point is the customers in your store have nothing on there phones. Their device simply sucking down the MAC that is broadcast. They are going to get the unprotected MAC.
Seriously. I'm thinking it's time I set up my phone to turn off wifi whenever I am away from home.
But would that even be the end of it? With Wifi off the phone is still broadcasting on cellular channels. Could a device be built that listened to those signals and uniquely identify them?
I'm confused why it's a privacy nightmare. They could just as easily sit someone there and count how many people are in a store and write it down. Your face is an identifier. I don't get why people think that anything technological anymore is instantly privacy nightmare. For an often technological website there is so much technophobia.
The difference is one of precision, scale, and duration.
Also in terms of cost, there's a difference between tracking which imposes a marginal human cost of production versus tracking which can be fully automated by machine, even if there is still a per-machine cost.
A relevant example is the Supreme Court ruling on needing a warrant for using a GPS tracker on a car versus just tailing them.
The difference is that this is equivalent to having that person follow you to the next business you shop at... and the one after that... and the one after that...
What's the advantage to a constant MAC address anyway? There must be a reason for it, but my first reaction to this article was to see if I could change mine.
At the link level, your MAC is your unique address.
First: You do not want a MAC collision. I have worked with hardware that sometimes picked a non-unique MAC and your life gets really weird and sucks away a lot of debugging time to find out why impossible things are happening.
Continuing – It made ethernet easy to implement. They could have added some complicated address negotiation protocol and then handled address collisions when partitioned networks healed, but it was "olden times" and something that complicated would not have gained traction.
Fast forward to Wi-Fi. The reason you have Wi-Fi instead of any number of other wireless ideas that died is because it looks like ethernet so people didn't have to think much about it, so you inherit that baggage.
If you really want to change your MAC address then you will want to make sure you aren't going to collide with anyone else. The odds are tiny, but it would be rude to ruin their day. Fortunately, there is a locally administered range of MAC addresses. If your first octet's last digit is 2, 6, a, or e then you are a locally administered unicast address. Assuming your network segment doesn't have an administrator actively handing out local addresses, drop 56 random bits in the remaining octets, cross your fingers, and bring up your network stacks.
> First: You do not want a MAC collision. I have worked with hardware that sometimes picked a non-unique MAC and your life gets really weird and sucks away a lot of debugging time to find out why impossible things are happening.
I can confirm. Working with a bunch of Chinese hardware with non-unique MAC addresses is painful. It was easier to buy new NICs with real serial numbers than to work out how to fix them.
Wifi drivers could easily deal with this risk by providing specific MAC addresses only to specific networks. So you lock in your home network and work network, but randomize other unknown WAPs. Or better yet, just turn off wifi when you're away from trusted WAPs and use your cellular data.
Network's that whitelist devices by MAC and device registration/provisioning by MAC. And debugging network is theoretically easier when every device has a unique MAC.
There are several applications for OSX and various *nix distros that run at boot and randomize MACs. SpoofMac is probably the most well known: https://github.com/feross/SpoofMAC
This is perfect--I'm definitely going to set this up.
I'd just like a background service for my Android device that would also randomize my MAC address... (perhaps it's time to investigate android development :P)
Yes, definitely rooted only - Linux will block any attempt to change the MAC without root access. That said, I've got a rooted android and change my mac all the time. Especially useful for coffee shops and airports.
If an unique identifier is needed, it can still be generated on a short term basis. Make it a GUID and we have generators ready that can do this without risk of collisions.
In fact, in order to make Density to GA comparison fair former needs to report all its tracking activity to a single source. Then they will be the same both in intent and implementation. Except, of course, for GA being free.
I asked original question assuming that you realize direct resemblance between Density and GA. But since you don't, I honestly don't understand how you cannot see it.
I can see the direct resemblance between tracking the two... What I really don't understand is how you can't see the difference between tracking someone's online activities that they engage in through a web browser and tracking someone's physical location.
Those are very different things and they mean very different things in people's lives.
This is really clever. So it's like Google Analytics (or any analytics) for your brick and mortar business. This is the kind of stuff I love to read about and see being developed, it makes a refreshing change from yet another javascript framework or social network for your pets.
Before you say more, check euclidanalytics.com. The creator of Google Analytics has been working on this, with funding, for a number of years already.
I had seen news about this recently and am surprised that more people didn't notice how it is essentially the same, without funding, and less developed.
I hadn't realized how trackable cell phones were until I was experimenting on a wifi project and saw both MAC addresses and Preferred Network List of devices within the area that had not joined my network. Cell phone wifi is a privacy nightmare. Even the most technical people don't realize this, so projects that popularize it are going to kick up huge amounts of mud. Think of how easy it is to identify "whale" clients, if not by direct tracking, then by revenue correlation (these N people were present for $N,NNN,NNN in revenue events). They're valuable to track because when they show up you want your sales people to be at their best, but a service that starts tracking those people is going to make real enemies quickly.
Without wishing to belittle the privacy concerns of my fellow HNers, I wonder how long it will take for people to just be ok with being tracked in this way? This seems like one of those social changes that feels strange and uncomfortable at first, but over time becomes the accepted norm.
It pains me if I see someone describing the slow and gradual installment of the total surveillance world and the loss of any privacy as just something "that feels strange and uncomfortable at first".
I for one will never be okay with it! and I know a LOT of people that are against loosing civil liberties too (even if the likes of you don't care!).
Ofcourse I know that my smartphone broadcasts its mac/stored-essids every few seconds, thats why I have wifi disabled most of the time. Most people don't realize that, most people also don't realize the tracking capabilities of cookies.
Laws in EU have begun to make it illegal to store cookies without the users consent, because even though its technically possible to block cookies, most people have no idea about that. So I can only hope that it will become one day illegal to violate peoples privacy like that!
People already have dozen of loyalty cards, and throw their email at every point of sale, which are handled in a centralized way behind the scene by a few actors.
Also, people log in with Facebook to basically anything.
"it's free" and "get cool rebates" create such an incredible variant of SEP field[0].
I never ordered one as I missed the window of opportunity. But it was claimed by the creator and users that battery life was variable depending on the make and model of your phone, and whether you had lots of background apps attempting to do things.
The claim was that in some combinations you get better battery life by using Off Pocket, and with others you get worse.
Phones don't drain greatly when they don't have a signal. A day riding the tube system between meetings in London doesn't significantly affect my battery life, so I've no reason to believe that Off Pocket would've resulted in a different outcome.
I was under the impression they were not entirely legal. I recall a movie theater saying they were going to install a 'deadzone' only to find out they weren't able to.
Keep in mind that these "anonymous" data points aren't. Your phones MAC address exposes your home wifi network thanks to Google's databases. They also expose where you work, where your friends houses are, what your favorite coffee shop is. This is beyond dangerous, it's completely unacceptable.
Your devices broadcast the names of networks it has seen recently in frequent intervals. "Yo HomeWiFI you there" essentially. Anybody listening can then correlate them with Googles database to find out detailed information about the user. Usually people have a huge list of connected networks which will be announced and give huge information about the user. "MIT" SSID? Probably a student then.
Google shouldn't have collected the data, devices shouldn't be announcing previously connected networks, and this awful privacy destroying system shouldn't exist.
Apparently Nordstrom did an experiment with this for a while - http://www.nytimes.com/2013/07/15/business/attention-shopper... - even going as far as monitoring passing traffic so you could monitor the percentage of people passing who actually come into the store. This could be pretty fascinating in the context of running certain types of window displays, sales/offers, etc, and lead to ecommerce-style split testing and the like. It says they stopped the experiment partly due to people whining though, but I imagine it'll just go 'under the radar' in future since it could be too valuable not to try.
Everyone here seems to be complaining about the anonymous tracking, which isn't really an issue for "normals". Its a relatively useless complaint too as that data already exists in the credit card network.
The real issue with this is that most SMBs are unsophisticated when it comes to the technology stack they use. I saw this firsthand in many ways working at Swipely (swipely.com) as we figured out product market fit. While things like 'see where else your customers shop' might seem like an interesting feature from an outsiders perspective, the businesses don't actually care. They often barely have the bandwidth to worry about their own customers.
Stores will have a strong incentive not to advertise that they're using your service, as Nordstrom found out. Will you be doing anything to check whether stores post the stickers properly? Will you terminate service if they don't?
Euclid Analytics keeps their customers secret, so if a store doesn't post notices, there's no way for us to know they're using the service. Will you be keeping your customers secret as well?
Since we haven't officially launched yet we hadn't posted our official opt out form. Definitely an oversight on our part, wanted to get you something as soon as possible: https://density.wufoo.com/forms/density-opt-out/
The funny part to me is that people think this is new. Companies like Euclid have literally been doing this for a couple of years(and quite successfully I might add) http://euclidanalytics.com/
Not only is it not new, its probably not going away.
I've actually seen a crude version of something like this on a trip to Taiwan a couple of years ago. I was at a mall and I noticed a wifi network called "People Counter." I wasn't entirely sure what they were doing with it, but I assumed it was counting MAC addresses.
As I understand it, the device is like a WiFi Router looking for nearby clients broadcasting their MAC. Since phones have the ability of turning themselves into WiFi Hotspots, could a phone/app offer this same capability, or is it missing a hardware piece that lives in Density/Pineapple?
If anyone knows or can say: What physical principle(s) is the sensor operating on? There doesn't seem to be much information on that (possibly deliberately).
My guess is that it's counting cellphones (based on some RF signature). It probably fingerprints the phones, too, because they claim they can track people across different businesses.
By the way, I'd love something like this for the gym.
I'd like to check if it's too crowded before I decide to go or not.
I guess for any kind of business with lines or waiting rooms, (banks, ATMS, restaurants) customers might appreciate a way to quickly gauge the crowd level before going.
No need for such a perverted privacy violation, the shop could just install a door step counter like they are commonly used already. Then you would have the information how many people are currently in the store.
I'm making an assumption about your phone, but it is probably broadcasting packets every now and then saying "Hello, is mrfusion's home network in range?" - and that packet has your MAC on it, and can be picked up by other devices.
Met these this last week, they're absolutely incredible and they understand their market really well. They take privacy incredibly seriously and they've built a product that can change the industry.
What does that even mean? They're tracking not only the number of people in a location, but where they go ... then sharing that with their customers. From their own website:
Understand your business in the context of others:
Definitely understand your concerns. In the system you're an anonymous datapoint. The information can't be used to determine who a specific individual is.
"The real danger is the gradual erosion of individual
liberties through the automation, integration, and
interconnection of many small, separate record-keeping
systems, each of which alone may seem innocuous, even
benevolent, and wholly justifiable."
— Personal Privacy in an Information Society
U.S. Privacy Protection Study Commission, 1977
In your system, I'm just an anonymous flow of movements. In the shops billing system, I'm just a CC number and a set of purchases. For the billing provider, I'm just a name and address tied to a CC number. And then with a couple of small leaps, suddenly my whole life is compiled on a single page detailing every breath I take.
So if a shop signs up for the service, and on Monday morning they have one customer who comes into the shop and buys something ... then that customer goes to another shop and just browses. You'll likely have the name of the person because they paid by credit card. You'll also have the information that this customer went down the block to some other shop. And you'll know which customer it was because you only had one customer that day.
So tell me again how I can't use this information to identify who a specific individual is.
It's not like the shop has information on individuals, they only have information on the total number and total flow. It would take a lot of collaboration with each and every store owner to be able to get to a point where they know exactly who you are.
Will you provide real-time stats? Could I see that user A523498BD5352F is currently in my store, and what other stores they frequent? If it's only aggregated data after the fact, that alleviates some of the concerns.
That's the NSA's rationale too. Except often times a collection of data points that are supposedly "anonymous" can eventually be correlated to a specific person.
Sounds like public-relations-101 speak. Same as big oil advertising green initiatives. They can counteract sentiment with PR but they can't change who they are: a company that tracks buyers without consent.
"You tell me whar a man gits his corn pone, en I'll tell you what his 'pinions is." [1]
Pretty good execution. We recently build something pretty similar for keeping track of who was in our office and where they were (partial write-up here: http://matthewmacleod.co.uk/blog/passive-wifi-tracking.html) - strictly opt-in, but we still had to wrestle with the privacy implications.
Problem is, this is a really effective and totally passive system with great benefits. But privacy-wise, it's scary.
Are there any good apps for location-aware WiFi toggling? I rarely use WiFi outside of home or work so I'd like it to turn itself off to avoid stuff like this.
Placemeter offers a substantially similar product that works based on strategically placed small cameras and machine intelligence. It recognizes individuals coming in and out of a retail location based on what they look like. Pretty cool technology and the founders were part of my Techstars class.
I'm OK with the measuring traffic volumes using this method but I'm uncomfortable with the identifying information being stored without permission.
If they provided incentives to install an app/visit a website to register for rewards or be entered into a prize in return for allowing density.io to track you that would be acceptable.
Ok so this system works by tracking MAC addresses. I assume the same sort of system using cameras and facial recognition would work too, and you can't turn off your face. I assume this must be already happening somewhere.
The amount of privacy we think we have must be a small fraction of what we actually have.
From their launch conf pitch, they did an experiment in a stadium with an attendance figure of 20000 and found 71% of attendees had a phone with wifi enabled. No idea if that audience is representative, but it seems plausible to me.
I wonder if the market for 'dumbphones' will increase as/if this sort of thing becomes more common? Probably not, but it's fun to think about. I know Nokia are still making bare-bones, extra-long-life models aimed at developing countries (eg the 105, 220).
I imagine HN would just scrape the title automatically if that's the low standard that's been set for headlines here. The "title" field is presumably there so that people can enter something more descriptive.
While I understand the concern about tracking peoples presence with phones, I don't feel like this is new. The cellular companies can track location, and it's already happening.
In the UK, City of London already banned the wifi-enabled bins that were tracking MAC addresses.
It would be really easy to tie a name to MAC address (from point of purchase with a credit card), then see exactly where that person went via the 'sharing' of data with other retailers. This is certainly something you would expect to need 'opt in' to.