
CSEC used airport Wi-Fi to track Canadian travellers - sehugg
http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881
======
stygiansonic
I guess we really shouldn't be surprised at this point, but what many don't
understand is just how easy it is to track devices, and by extension people,
in this manner.

You don't even have to connect to an open WiFi AP, or any AP. As Glenn
Wilkinson demonstrated some time ago [1], the probe requests your device sends
out can in many cases, identify you or at least the important locations you've
been to. Basically, if WiFi is enabled on your device and it's not associated
with an AP, it's constantly sending out requests asking for the [E]SSID of
AP's it's previously connected to.

I also recommend this video:
[http://www.youtube.com/watch?v=03iEaKPRb9A](http://www.youtube.com/watch?v=03iEaKPRb9A)

~~~
f_salmon
> I guess we really shouldn't be surprised at this point

Yes, we shouldn't stop at being surprised. We should put our actions where our
surprise/shock is and do something about it.

For example: leave your mobile phone permanently in flight mode and just all
the other features, like agenda, clock, etc (or leave it always at home, if
you don't have a landline anymore).

~~~
stygiansonic
There are certain Android apps, like this one [1] that attempt to turn on/off
your WiFi automatically based on location. I have not used this one, but it
might make the process a bit less tedious. Obviously, the best option is just
to manually turn on/off WiFi yourself.

A more interesting idea would be to create an app that sends out random probe
requests with a randomized MAC address. (While not sending out any real probe
requests) I wonder if that would be effective at disrupting these sorts of
surveillance techniques.

1\.
[https://play.google.com/store/apps/details?id=net.kismetwire...](https://play.google.com/store/apps/details?id=net.kismetwireless.android.smarterwifimanager)

------
canistr
Is this really surprising?

It's to really hard for me to take this article seriously without the release
of said PowerPoint documents. All we have to go on, is that CSEC had access to
device IDs and was capable of tracking their locations across airports. And
while it's true that metadata can be used to create a graph and hence a wealth
of information, ISPs generally are suppose to collect that info. The question
is whether the contents of the messages were intercepted.

Even then, this article seems to provide a lot of reactions from professors
and commissioners without really getting into the details. It's really not
that difficult for anyone, yet alone the government, to track MAC addresses on
Wifi networks and then start geolocating them.

Take for instance this GitHub project:
[https://github.com/DanMcInerney/wifijammer](https://github.com/DanMcInerney/wifijammer)

You could easily jam Wi-Fi signals or even collect MAC addresses. Collect
enough of them from different places, and you can locate people's travelling
habits.

------
throwwit
I think I'm fine with this. I'm more concerned with the use of this tech by
malls/trashcans.

edit: I guess it all boils down to the extent of the use-cases, which tends to
be anybody's guess.

~~~
redthrowaway
Yeah, I'm cool with it too. It'd be good to know if someone connected to a
terrorist organization wanders into Pearson, and no one expects privacy at the
airport, anyway. You go there knowing it's a secure zone and that your luggage
will be gone through and your body scanned. Tracking your Internet usage seems
like less of an invasion of privacy than that.

~~~
randlet
If you read the article it's clear they were tracking people for weeks after
they left the airport:

"The document shows the federal intelligence agency was then able to track the
travellers for a week or more as they — and their wireless devices — showed up
in other Wi-Fi "hot spots" in cities across Canada and even at U.S. airports.

That included people visiting other airports, hotels, coffee shops and
restaurants, libraries, ground transportation hubs, and any number of places
among the literally thousands with public wireless internet access.

The document shows CSEC had so much data it could even track the travellers
back in time through the days leading up to their arrival at the airport,
these experts say."

------
jauer
This is a bit of a "well, duh!" thing. Pretty much every large WiFi deployment
has this capability. It is common enough that Cisco has a mainline product
family to do it (Cisco Unified Wireless Location-Based Services).

This is commonly used to track carts in hospitals, etc.

You technically don't even have to be "actively tracking" users. You just keep
the diagnostic logs of client registrations & signal strength for a while and
map it when you care. I'd be more worried about a non-government entity using
the data to survey people for blackmail or other gain (e.g. politicians: who
is commonly located near the state capital, campaign headquarters, and strip
club?)

------
ryanobjc
this is why, as a Canadian i prefer to live in the USA. Why put up with little
brother, and being a client state, when you can go for the real deal?

