
Show HN: Howmanypeoplearearound – Use wifi to calculate number of people around - qrv3w
https://github.com/schollz/howmanypeoplearearound
======
contingencies
Bluetooth equivalent would be cool, then pairing bluetooth and wifi MACs based
on temporal correlation. If one changes you can infer from the other. Over
time you could split it to _howmanylocalsaround_ verus
_howmanyvisitorsaround_.

~~~
sattoshi
People don't walk around with bt for no reason though.

~~~
pyromine
A lot of people leave the bluetooth on but just not connected

~~~
codefined
Really? From what I've seen they turn it off as soon as they can to save
battery life.

~~~
rocqua
I used to do that, but my new phone has better batteries, so that isn't an
issue any more. Combine that with my bluetooth headphones, and it's more
convenient to just keep BT on at all times.

------
flor1s
I'm sure this is already being done at a massive scale. It seems like
disabling all connectivity when you are not using it would be good for
privacy.

~~~
golergka
Is this an important privacy issue from any practi al standpoint? The
'attacker' only gets a vague idea that some amount of smartphones are working
nearby; I can't see any reasons to be concerned with such a privacy
'violation'.

~~~
adolph
Yes and no. Imho the issue at hand is that of a piece to a mosaic of over time
and other sensor data.

For example, an important piece of data to pharmaceutical companies is which
doctors are linked to prescriptions. Some states have rules against disclosing
this information. If a company were to monitor target doctor's offices and
pharmacies then the distribution data could provide clear indications of who
is writing what prescriptions. Would this be a problem? To the degree that
prescription filling discloses a health condition that a person considers
private, the use of associational wifi monitoring might be seen as a privacy
violation.

If this is seen as a problem, what could be done? In a sense, I think that the
better solution is on the client/protocol side rather than attempting to
enforce some "don't sniff" rule. Given the practicalities of updating clients,
something on the rules side would have to be done, although I doubt it would
be as effective as a speed bump.

------
olalonde
Unrelated but how accurate is that 70% statistic? I would have expected that
number to be much higher.

~~~
asafira
Also, what group of people? the World? The US? San Francisco?

~~~
qrv3w
Pew Research Center says ~77% US adults own smartphones. [1] The director at
Pew also tweeted a breakdown by country which shows a lot of variance. [2]
Thus, this script won't work at all in a lot of places.

[1] [http://www.pewinternet.org/fact-
sheet/mobile/](http://www.pewinternet.org/fact-sheet/mobile/)

[2]
[https://twitter.com/conradhackett/status/701798230619590656](https://twitter.com/conradhackett/status/701798230619590656)

------
irfan
Is there a better way to check if an OUI is being used by a mobile phone or a
router? e.g. There are plenty of huawei/apple routers and if one of them is in
your neighborhood, you'd always get incorrect count. Similarly, there are many
infamous smart phones and people use them but your code seems to ignore them.

~~~
qrv3w
Basically the OUI's I selected are from the ones with the top market share in
the United States [1]. The marketshare is totally different in countries like
India or Vietnam, so if people use this there they should be aware of this
(maybe submit a PR to improve it :) ).

I'm open to suggestions to distinguish routers from mobile phones! Perhaps
something like monitoring how "static" a mac address is (i.e. routers should
never move and would be much less dynamic than signals from phones).

[1] [https://www.comscore.com/Insights/Rankings/comScore-
Reports-...](https://www.comscore.com/Insights/Rankings/comScore-Reports-
January-2016-US-Smartphone-Subscriber-Market-Share)

------
pagnol
With two devices wouldn't it be possible to create a movement profile
(disregarding the up direction)? I envision a GUI that lets me go back and
forth in time with a slider and visually depicts the positions of
phones/people at the time.

~~~
phamilton
Don't you need 3 devices to track on 2 dimensions?

~~~
pagnol
You're right!

------
d33
> $ howmanypeoplearearound

> Specify WiFi adapter (use ifconfig to determine): wlp4s0

> [==================================================] 100% 0s left

> Found no signals, are you sure wlp4s0 supports monitor mode?

Do I need to run airmon first?

~~~
qrv3w
What kind of WiFi chip do you have? Make sure it supports monitor mode (if
should list "monitor" when running `iw list`). Although, for reasons I don't
understand, this may not be sufficient as my laptop built-in wifi does not see
signals although plugging in the TL-WN722N allows it to work just fine.

~~~
d33
Ubuntu 17.04 on Thinkpad x260. Monitor mode is supported.

~~~
qrv3w
Yeah, it might be a tshark issue? I don't know. My Dell Latitude Ubuntu 16.04
is the same - shows monitor mode but doesn't capture packets.

------
godmodus
Used to amuse myself woth fing on my phone - could do statistics of how many
sorts of devices are connected to a certain uni router, etc.

Also people think ur a hacker. Heh.

------
oneeyedpigeon
Is this the same mechanism that Google uses to determine if a place is 'busy'
within Maps?

~~~
bjackman
Google have a GPS feed from a good proportion of phones, they don't need to
sniff WiFi. Plus they'd have to sprinkle devices for detection throughout the
world (I doubt mobile WiFi chipsets do monitor mode)

~~~
Zenbit_UX
That's true that they don't need to but it didn't stop them in the past.

I remember they got into hot water a few years ago when their mapping cars
were going around and monitoring wifi data in range.

------
notdang
Does this script scan all the channels or just one?

~~~
Zenbit_UX
Little to do with channels, it's looking for ARP requests directly on the
router. Your phone goes around screaming 'hey is STARBUCKS WI-FI' around?.. No
response, so it goes to the next one it remembers.

------
mzakharo1
what about about mac address randomization?????

~~~
qrv3w
For iPhones this only happens when un-associated [1] so this script will
probably underestimate the count in public spaces. Although, I'm not sure
whether the randomization includes the OUI?

[1]
[http://papers.mathyvanhoef.com/asiaccs2016.pdf](http://papers.mathyvanhoef.com/asiaccs2016.pdf)

~~~
peterwwillis
In addition to collecting rogue broadcasts you can create a new virtual wifi
interface in Managed mode with an ESSID like "linksys", "attwifi", or
"xfinitywifi" (or all three?) and start collecting frames. This will bring out
the people who don't broadcast.

~~~
alexchamberlain
I think that'd be illegal under Misuse of Computers in the UK...

~~~
qrv3w
I think you are right. In fact, this script might be illegal in some places as
was brought to my attention. [1]

Do you know if collecting MAC addresses is illegal in UK? In US there is a
statue against "intercepting electronic information" [2] but I'm not sure it
applies because I don't know whether the MAC address is "electronic
information".

There is some precedent, as Google got in trouble for sniffing packets, but
they were actually definitely capturing information (emails/passwords) on un-
encrypted networks. [3] In any case, I put a warning on the README.

[1]
[https://github.com/schollz/howmanypeoplearearound/issues/4](https://github.com/schollz/howmanypeoplearearound/issues/4)

[2]
[https://www.law.cornell.edu/uscode/text/18/2511](https://www.law.cornell.edu/uscode/text/18/2511)

[3]
[https://en.wikipedia.org/wiki/Joffe_v._Google,_Inc](https://en.wikipedia.org/wiki/Joffe_v._Google,_Inc).

~~~
peterwwillis
Actually, it doesn't appear to be illegal (but IANAL).

The UK act applies mostly to trying to gain unathorized access to a computer
system or network. If you put up your own wifi network and simply listen to
your own interface's traffic, and other people access _your network_ without
_your authorization_ , it's actually those devices connecting to your network
that would be legally suspect - but intent matters, so the device accidentally
connecting means they're not breaking the law.

In the US, sniffing the portion of a network which you do not own or operate
is considered illegal wiretapping (or at least, it was at one time; I haven't
looked into the most recent court cases). But if you own the network (your
network interface in managed mode is basically your own AP), you can sniff it.

Your LICENSE should probably explicitly mention that this tool is for research
purposes, that you provide no warranty whatsoever, and that anyone using it
should follow all local, state, and federal laws at all times.

~~~
qrv3w
Thanks, I'll do that.

