
London garden bridge users to have mobile phone signals tracked - OWaz
http://www.theguardian.com/uk-news/2015/nov/06/garden-bridge-mobile-phone-signals-tracking-london
======
mattgibson
This article more or less describes what a police state would look like if the
Church of England designed it. A controlled, plasticised, corporate Little
England, where fun is monitored and must be of an approved nature, freedom of
expression is allowed as long as you don't express anything disagreeable, and
the public have no democratic rights at all.

Yet another small, sad indicator that control over the lives of Londoners and
the spaces they live in is for sale to anyone with the money to buy it. “A
private place operating as a public space” is not what I want to have on
London's limited real estate.

~~~
Wintamute
I find your comment somewhat alarmist, and lacking historical context. The
City of London (from which the Temple end of the Garden Bridge starts) is many
many hundreds of years older than the UK itself, and has always been privately
owned and governed by shadowy, corporate and arcane processes. Traditionally
even the Queen is not allowed to enter the City of London without the say-so
of the Lord Mayor. This "private place operating as a public space" has been
operating for centuries and stewarded the emergence of London as a leading
global financial centre and until recently capital of the largest Empire the
world has ever seen.

I admit it's reasonable to debate the pros and cons of private ownership of
public spaces in city centres, but my point is that in this case The City of
London is both historically unique and important, and by many measures been a
huge success for the host nation.

Informative/fun video on the subject:

[https://www.youtube.com/watch?v=LrObZ_HZZUc](https://www.youtube.com/watch?v=LrObZ_HZZUc)

~~~
pjc50
_privately owned_

I think that's also misleading; it's not a 'corporation'=='limited liability
company with shares'. It's not a "capitalist" institution, it's a pre-
capitalist feudal institution that predates the LLC by centuries. It's an
elected local body with an unusual electorate.

~~~
scholia
The bridge (if built) will be owned by a charitable trust, and government
funding covers roughly one third of the projected cost.

------
wolfgke
That's why Richard Stallman correctly described mobile phones as tracking and
surveillance devices:

> [https://stallman.org/rms-lifestyle.html](https://stallman.org/rms-
> lifestyle.html)

"Cell phones are tracking and surveillance devices. They all enable the phone
system to record where the user goes, and many (perhaps all) can be remotely
converted into listening devices."

~~~
keithpeter
The small educational centre where I teach has recently provided free wifi to
users of the building. It is a good connection. You have to give a mobile
phone number once to use the system.

This morning, I went in with my old Thinkpad on which I have replaced Xubuntu
with Slackware/MLED including a complete reformat and encryption of the SSD.
The wifi _recognised the machine_ and greeted me by name. I can only assume
that the server is recording the MAC addresses of devices that use the system.
That is just about the only thing left that it could be reading.

~~~
hellbanner
Why do machines broadcast MAC addresses to networks? to identify themselves?
Is it easy to randomize your MAC?

~~~
alexforencich
MAC addresses are part of the link layer of an Ethernet network. The same link
layer segment of a network must have unique MAC addresses so that packets can
be unambiguously routed to the correct destination. MAC addresses actually
consist of two parts, one part is assigned to the manufacturer, the other part
is basically a serial number that the manufacturer generates. So from looking
at a MAC address, you can look up who manufactured the device. The MAC
addresses are not broadcast beyond the layer 2 network segment that you're
connected to. However, that does mean that anyone in range can read the MAC
address of your wifi card as it is sent 'in the clear' (not encrypted).
Generally MAC addresses are also used for access control (though this is not
particularly effective as MAC addresses can be spoofed) and for long-term IP
address assignments (same IP can be assigned on subsequent connections).

------
TomGullen
No flying kites? Isn't that what we were saying you couldn't do under Taliban
control about 5 years ago and laughing at how ludicrous it was?

Nice to see tens of millions of public money going on vanity projects like
this with ridiculous baggage attached to it.

The £20mm public loan over a 50 year period sounds interesting. I wonder what
interest rate they are getting on that. I would LOVE to see it. Maybe I'll do
a FOI request. If I could bet on it, I'd bet they have a pretty swell deal.

~~~
deadfish
It would probably be deemed 'commercially sensitive'. I sent a FOI to my
university and that was what they used to get out of it.

~~~
TomGullen
I've sent one off, let's see what happens. I've done quite a few before. If
they don't reply, it's often worth trying again but rephrasing or targeting a
specific detail.

------
tombrossman
I did a talk on privacy topics from a user's perspective at a small 'tech
fair' this weekend and I was delighted to see this tweet showing a map of the
venue showing everyone's precise location:
[https://twitter.com/johnebridge/status/662984007370612736](https://twitter.com/johnebridge/status/662984007370612736)

I was able to add it to the slide deck just in time and people were genuinely
surprised by it. It's a good thing that the company were transparent about it
and shared the image but for many non-technical attendees it was a bit of a
wake-up call.

"Do you use the free WiFi at the local supermarkets?" "Did you buy a bunch of
liquor and condoms, and then come back a few weeks later and buy pregnancy
tests?" "Did you think you were pretty slick because you paid cash?" The
audience's eyes getting bigger and bigger...

~~~
shostack
Can you share more around how that map was generated?

~~~
atomwaffel
Not the original poster, but when you sign into a Wi-Fi network, the router
needs to know where to send the packets, so it needs to have a way to identify
your device. That's why all devices that can connect to a network have what's
called a MAC address[1] – a very long number that is unique to your device.
Your device also broadcasts that address when it scans for networks, so just
about all the time. When you control several access points and a few of them
see the same device at the same time, you can triangulate the location of that
device down to a few metres.

The company I used to work for did something similar[2] at a conference over
the course of three days. (You can drag on the map to highlight individual
devices.) It's really cool and really quite creepy.

[1]:
[https://en.wikipedia.org/wiki/MAC_address](https://en.wikipedia.org/wiki/MAC_address)

[2]:
[https://apps.opendatacity.de/relog/](https://apps.opendatacity.de/relog/)

~~~
shostack
Really helpful, thanks for sharing.

Is disabling wifi when you are not connected sufficient to stop this sort of
tracking?

~~~
atomwaffel
I'm not an expert, but yes, when you disable Wi-Fi, your device will stop
scanning for networks and broadcasting your MAC address, so you can no longer
be tracked that way. More recently, phones have also started randomising MAC
addresses while scanning (starting in iOS 8, I don't know about others), so
you can only be tracked for a short time as long as your Wi-Fi is on but not
connected.

------
privong
This does seem worrying, particularly the private citizens being given some
limited subset of police power, to issue fines and confiscate items.

> The Garden Bridge Trust said the planning documents detailed theoretical
> maximum powers that were extremely unlikely to be used

It might be intended that way, but realistially, it seems that the exercise of
power is invariably pushed to the theoretical maximum (and often beyond).

~~~
suvelx
It's been around for a while:
[https://en.wikipedia.org/wiki/Community_Safety_Accreditation...](https://en.wikipedia.org/wiki/Community_Safety_Accreditation_Scheme)

~~~
privong
Yeah, I figured from the article that it was existing program. Doesn't make it
any less worrying, though.

------
objclxt
The article title is a little misleading:

> _people’s progress across the structure would be tracked by monitors
> detecting the Wi-Fi signals from their phones, which show up the device’s
> Mac address_

...I think if you said "mobile phone signal" to someone round here they'd
assume you were talking about the GSM radio. If you think shopping malls /
cities aren't already using MAC addresses sniffed during WiFi discovery to
track location you're sadly mistaken (which is why iOS started randomizing
them from iOS 8 onwards).

~~~
acveilleux
randomizing helps, but they can still track you over the lifetime of the mac.

------
pjc50
Note that there are plenty of shops doing this kind of thing already:
[http://www.theguardian.com/technology/datablog/2014/jan/10/h...](http://www.theguardian.com/technology/datablog/2014/jan/10/how-
tracking-customers-in-store-will-soon-be-the-norm)

It seems this is the point people pick up on it and start pushing back a bit.
The real point is halfway down: "The planning document stresses that the
security measures are aimed primarily at crime and antisocial behaviour, and
notes that staff would be expected to make full use of their CSAS powers to
respond to protests or demonstrations, which are banned on the bridge."

A protest-free 'public' space. All part of the Singapore-isation of London.
The garden bridge is a massive waste of partly-public money anyway; a
conspicuous consumption vanity project like the (private) dangleway.

------
athenot
I would understand that in a private place such as Disneyland or in an ultra-
orderly city such as Singapore. But for a so-called public park, this is an
insult to democracy. Part of what makes public parks interesting is how
impromptu activities take place.

Enforce existing law to keep people safe; no need for locking everything down.

~~~
scholia
True, but it's not really a public park....

~~~
astrodust
What the hell is this thing, then? Why is private money involved?

~~~
scholia
It's a £75 million project being set up and run by a charity, the Garden
Bridge Trust, so it won't be publicly owned. It will be closed to the public
when it's rented out for commercial purposes.

The FAQ says:

 _Over 65% of the capital costs to build the bridge will be fundraised from
the private sector. More than £145 million has been pledged already and there
is a business plan to cover the £2 million annual maintenance and operations
costs. Transport for London and the Government have together contributed £60
million in total._

[https://www.gardenbridge.london/questions-answers/fact-
ficti...](https://www.gardenbridge.london/questions-answers/fact-fiction)

The arguments for the public funding contribution are that commuters will be
able to walk across it, and it will help regenerate the areas at both ends.

------
forgottenpass
Welcome to the future your cavalier "It's OK when I do it" attitudes towards
mass surveillance... er... I'm sorry... I mean "telemetry" are producing.

------
cryoshon
I guess this is another symptom of the UK's rapid slide to totalitarianism.
Recreational areas probably shouldn't be strictly surveilled and regulated by
quasi-cops at all times.

This isn't public land, even though it's built with public funds.

------
randomblast
Brilliant quote:

The bridge trust said the proposed planning conditions would not amount to the
structure becoming an overly controlled and regulated place, insisting the
visitor hosts are “not police officers”. It said that while the visitor hosts
would _theoretically_ have the power to seize any banned items, in practice
this would only happen with things such as alcohol.

Since when have any powers been granted on a theoretical basis?

------
superkuh
The issue here is not so much the invasive tracking and such. That's bad but
it is private land.

The issue is that millions of dollars of taxpayers' money is being used to pay
for things on private land as if it were public.

------
matthewmacleod
There is an obvious creeping issue regarding the privatisation of public
space, which is the interesting part here and what we should be pushing back
against.

I'm less bothered about using wifi MACs to measure traffic, so long as no data
is retained – it can provide useful insight into the number of visitors.
Randomisation is obviously in modern devices, but I'd be concerned that older
devices won't have the data regarding them deleted.

------
Spearchucker
The article is bitter sweet to me. Bitter because it's yet another little step
in a huge march intended to erode freedom. Sweet, because they track WiFi
signals.

In 2012 I started turning WiFi and location off on my phone as I left home. I
remember the date because it's when London got 4G, and as of that date I no
longer really _needed_ WiFi, but I did need my battery to last the day.

It's become habit.

~~~
pmontra
I always do it both to preserve battery and for privacy (and I never turned on
location services) but a customer of mine, in the business of counting people
entering and leaving stores, told me that about 60 to 80% of people has WiFi
turned on all the time. That was a surprise. I would have taken a zero off
those figures if I were to guess.

------
zyxley
"to have" here is such a weasel phrase.

Properly phrased title: "London Garden Bridge Trust will track mobile phone
signals of bridge users"

