
Hundreds of Devices Hidden Inside New York City Phone Booths - jboynyc
http://www.buzzfeed.com/josephbernstein/exclusive-hundreds-of-devices-hidden-inside-new-york-city-ph
======
userbinator
_Beacons are Bluetooth devices that emit simple signals that smartphones can
pick up._

 _A beacon in a New York City phone booth ad would need to recognize a
corresponding app to push beacon-linked content to that phone._

From what I can see from reading the article this isn't the scary "things that
watch you without your knowledge" but more like "things you can connect to if
you're nearby" \- and given that there's WiFi hotspots and other things in
this category too, it doesn't seem all that frightening. In other words you'd
have to have allow your phone to connect to them for them to gather any info,
and in that case it's not much worse than connecting to a WiFi hotspot setup
for marketing purposes (e.g. [http://www.washingtonpost.com/blogs/the-
switch/wp/2013/10/19...](http://www.washingtonpost.com/blogs/the-
switch/wp/2013/10/19/how-stores-use-your-phones-wifi-to-track-your-shopping-
habits/) ).

(The fact that the majority of people leave their phones in a "promiscuous"
mode with all the radios enabled and constantly looking for things to connect
to, and submissively install apps without reading their privacy policies/terms
of use carefully, is a different although related issue - but this _is_
something you can educate yourself and protect against.)

~~~
jamesk_au
It does seem a bit exaggerated:

 _" In its current iteration, a Gimbal beacon requires a third-party app to
trigger advertisements, and requires those apps to receive 'opt-in' permission
from users in order to collect data and send notifications. (Users, of course,
also need to have Bluetooth enabled.) ... Gimbal-powered apps may collect your
current location, the time of day you passed the beacon, and details about
your device."_

If the beacons are doing anything more, it is not reported in this article.

~~~
noselasd
It is however a rather small step to such a 3. party app being bundled with
your branded phone, which you've opt-ed into by buying the phone.

~~~
dwild
Then let's wait for that step to happen before jumping to conclusion.

~~~
floatrock
Are there any rules or precedent preventing this? Or is it a chicken-and-egg
not-enough-beacons-out-there-to-make-it-worth-it type situation?

One smells like conclusions are a bit premature, the other smells more like
inevitability.

------
andyhawkes
I hate all these FUD headlines that claim iBeacons can track you or send you
adverts - everything to do with beacons is (at present) mediated by an app,
and therefore subject to a user installing it and granting permissions. Sure,
you can get people to install stuff that they don't understand and which will
allow snooping etc. but that's by no means constrained to anything using the
(Apple-owned) iBeacon standard.

I'll be more interested in keeping an eye on the URL-centric 'physical Web"
experimental project recently revealed by Google
([https://github.com/google/physical-web](https://github.com/google/physical-
web)) as that potentially removes the need for app-based mediation of beacon
(without the "i" prefix) interactions, uses the universality of http and URLs
for content identification, and could make for a much lower-friction way of
implementing beacon integration across different platforms.

~~~
lifeisstillgood
Thanks for the physical web link - you can easily see Googles "play to our
strengths not Apples" thinking behind it ([https://github.com/google/physical-
web/blob/master/documenta...](https://github.com/google/physical-
web/blob/master/documentation/introduction.md))

I like it - might have to try a RPi build for one

~~~
andyhawkes
It makes total sense to make beacons broadcast something that devices can
interpret / interact with directly.

iBeacons are an interesting "first move" for the technology thanks to the
weight Apple / iOS puts behind the potential for adoption, but the current
model of interaction is just too convoluted / clumsy:

iBeacon broadcasts UUID/major/minor > subscribed app listens > app checks
internal database or more probably fetches some data from a web-based API >
decides what to do with that data / response.

vs

beacon broadcasts a URL > OS (or subscribed app) pulls data from URL > user
(or app) decides what to do with that data / response

The abstraction provided by the iBeacon model is interesting but arguably too
abstract, whereas the simple use of a URL is decidedly simple and logical by
comparison, and (potentially) cuts out the app mediation.

If you combine the simplicity of using a URL with the idea that either the OS
interacts with it directly or an app with a URL- or domain-specific mapped
intent takes over that interaction then you get a simpler and more transparent
journey as a result.

I think it's very early days for the Physical Web project, but it should
definitely be one to watch!

~~~
nitrogen
Doesn't "pull a URL specified by an untrusted third-party" just scream
potential security and definite privacy problem?

~~~
andyhawkes
The intention is that the client (whether that's the OS itself or an app as in
the current Android proof-of-concept) visiting the broadcast URL will return
specific metadata that will allow the user to know what the target content /
action is, rather than content itself - [https://github.com/google/physical-
web/blob/master/documenta...](https://github.com/google/physical-
web/blob/master/documentation/technical_overview.md)

There is obviously some potential for data snooping and privacy issues, but if
the experiment becomes a full standard then it will likely be fleshed out much
more to avoid this issue.

Pulling metadata from a publicly broadcast (and therefore inspectable) URL
still feels more transparent than the iBeacons implementation, which mediates
all beacon interactivity through the "black box" of an app with unknown
configuration (with regard to exactly which beacons it listens for - it could
be a single UUID, or it could be _all_ beacons) which could be phoning home
with all kinds of data without the user knowing.

~~~
nitrogen
And if a vulnerability is found in the client's HTTP header parser or other
part of the client?

What about these URLs recording client IP addresses and locations (based on
the known beacon location)?

Is there no way to put everything in the beacon? Will users be prompted before
their devices perform actions dictated by a third party? Will beacons be
featured in future pwn2own contests?

------
tonylemesmer
Wifi beacons were deployed in London[1][2] as part of advertising systems on
waste bins. These logged your MAC address as you passed by and allowed
targeted advertising. I believe they were removed once the rollout was
publicised and people rightly kicked up a stink about it. It was an opt-out
system because if wifi on your smartphone was switched on (which most people
probably do) then it would automatically log your phone's presence. Users
would have had to switch off wifi to avoid being tracked.

[1]
[http://www.bbc.co.uk/news/technology-23665490](http://www.bbc.co.uk/news/technology-23665490)
[2] [http://qz.com/112873/this-recycling-bin-is-following-
you/](http://qz.com/112873/this-recycling-bin-is-following-you/)

~~~
viewer5
Do people normally have wifi enabled when they're out-and-about? I turn it on
when I'm at home/at a friend's house, but otherwise turn it off since there's
no wifi to be had, and it's just an extra drain on the battery.

Or does London have widespread public wifi?

~~~
crazygringo
Yes, most people I know, certainly. For example, since my phone uses Wifi at
work and at home, my phone uses it most of the time.

I'm not going to turn off Wifi when I leave work and then turn it on again
when I get home... I've never even heard of anyone doing that, it sounds
pretty annoying to have to keep track of...

~~~
manojlds
Many phones have geofencing which should take care of switching on and off
things like wifi at particular locations. Should become mainstream soon.

~~~
eli
So now I need to have my phone ping GPS periodically (which takes longer
without wifi for guidance) to check my position so it knows whether it can
scan for access points it knows?

Personally, I think I'd rather just have it scan for access points. Apple's
MAC randomization has the right idea (if perhaps an imperfect implementation)

~~~
tonylemesmer
You can use Smarter Wifi Manager but its average at best. It uses Cell IDs to
ascertain approximate location.

------
diego_moita
This article is cheap sensationalism to foster Luddite paranoia. The beacons
will only track those that want to be tracked. And there a lot of valid
situations where people would want to share geographical information in order
to be guided, notified or rescued.

Sometimes I feel that valid concerns on privacy are doing to IT what pollution
did to chemistry: people got so panicked that blindly reject any valid
contribution that technology might give.

~~~
dreamweapon
The main point is that the beacons were installed in secret, without any
public notice or consultation. And that, time after time, many "opt-in"
services prove to be not so "opt-in" after all (thanks to technical
backdooring and/or murky service agreements).

It isn't Luddite paranoid, or cheap sensationalism to point this out; it's
good journalism, coming from a surprising source (BuzzFeed, which for years
seemed to have cheap sensationalism written into its very DNA).

------
zavulon
I thought Buzzfeed was on the list of domains you can't link to? If not, this
post is a good example why it should be..

~~~
eli
Buzzfeed does some really fine reporting. But this doesn't seem to be a good
example.

~~~
hnha
There are users here who do some really fine commenting. But they got "deaded"
for one reason or another. I would love to see buzzfeed and similar sites
punished for their wrongdoings even if sometimes they might provide something
good. The worse clearly overweighs the good to me.

~~~
eli
Is the existing voting system so broken that we need to resort to heavy handed
tactics like that?

I'm not sure I'm a fan of shadowbanning people either, except in really
exceptional situations.

------
al2o3cr
"In its current iteration, a Gimbal beacon requires a third-party app to
trigger advertisements, and requires those apps to receive “opt-in” permission
from users in order to collect data and send notifications. (Users, of course,
also need to have Bluetooth enabled.)"

FFS, Buzzfeed. This is buried practically at the end, AFTER the giant
infographic and 10+ grafs of scare text. It's like running the headline:

YOUR BREAKFAST MAY CONTAIN POISON

and then at the end of the article:

"Well, if you bought the cereal that said 'CONTAINS POISON' on the box and
decided to eat it right now, that might be true."

~~~
Lord_Zero
Clickbait at its finest.

------
tashoecraft
Why is this exaggerated journalism even on here? These aren't tracking
everyone in NYC within range, only those who have bluetooth enabled,
downloaded a very specific application, and then allow the app to track you in
the background. Now this is all for IOS, android on the other hand does have
potential to be troublesome.

------
Zigurd
Several commenters here have stated that Bluetooth beacon interactions are
mediated by apps and they are therefore not surveillance devices.

That's just not correct. Bluetooth beacons can log and report information
about devices that come within range of those beacons with active Bluetooth
radios. Only interactive-time applications of a beacon need the cooperation of
an app on a wide-area connected device.

Beacons that don't have external power generally can't use WiFi or mobile
networks to do it, but this information can be uploaded on demand. For
example, this information could be collected when coins from pay phones are
collected.

Moreover, these beacons are reportedly installed in pay phone kiosks that do
have wired connectivity. It's possible, even likely, that they "phone home."

------
joeclark77
There are still phone booths in NYC? Without reading the article, just seeing
the headline above, my first thought was that a reporter discovered strange,
long-forgotten _devices_ with handsets and number pads and coin slots,
collecting dust in the booths.

------
forca
People should not be tracked. Full stop. Even with their permission. We are
headed for worse than Orwell ever imagined. I cannot believe some people
consent to this.

There will come a time and soon whereby people will not be able to do a thing
without someone tracking it.

~~~
Zikes
I'm having a difficult time thinking of something I do that is not tracked by
someone somewhere.

Even the city knows when I take a crap thanks to "smart meters".

------
mdda
And I just became aware of the NYC Halal carts run by the NYPD (in the talk by
Steve Rambam at HopeX recently) [0].

[0]
[http://youtu.be/dNZrq2iK87k?t=2h3m9s](http://youtu.be/dNZrq2iK87k?t=2h3m9s)

------
Vulkum
I recommend watching Person of Interest. The TV show has started long before
the NSA scandal, but it's like a Hollywood post interpretation of some major
event. Except it was a premonition.

~~~
morganvachon
It's one of my favorite shows because it's at least plausible, and felt that
way even before the 2013 revelations. A lot of the tech and storylines in the
show are of course fictionalized and a bit "out there", but the core concepts
it presents are at least within the bounds of possibility. I tend to view it
both as suspension-of-disbelief popcorn entertainment, and as a telling
allegory on today's surveillance state.

------
TeMPOraL
Ah Gimbal, the HaaS company... the beacons that require you to register them
on-line to be able to reconfigure them. Also, iBeacon compatibility doesn't
work well in Series 10, i.e. those you can order a dev-kit of for free.

I'm waiting for someone to figure out how to force all those various beacons
to talk the same language. Right now, everyone is trying to lock users in to a
particular brand. It's incredibly annoying (and the same thing goes for the
entire IoT and home automation market).

------
uptown
UPDATE:

And they're being removed: [http://www.buzzfeed.com/josephbernstein/new-york-
city-to-adv...](http://www.buzzfeed.com/josephbernstein/new-york-city-to-
advertising-contractor-take-down-secretly-i)

------
pattle
Out of interest does anyone have any statistic on how often phone booths are
used? I'd have thought that with most people owning mobile phones the need to
ever use a pay phone is very rare

~~~
bluedino
I thought they were all gone in NYC for some reason.

~~~
acafourek
As of 2009, only 4 phone _booths_ remained in Manhattan:
[http://www.scoutingny.com/the-last-phone-booth-in-new-
york-c...](http://www.scoutingny.com/the-last-phone-booth-in-new-york-city/)
Comments on that thread note that in 2012, at least 2 of those were verified
as still around, but not sure about now.

There are a lot of phone stalls still around though - a number of which have
been sites for experimental improvements for some time now, including a Google
initiative to outfit some with public wifi:
[http://www.nyc.gov/html/doitt/html/business/future-of-
public...](http://www.nyc.gov/html/doitt/html/business/future-of-public-pay-
phone-wifi.shtml)

