Hacker News new | comments | show | ask | jobs | submit login

I was very unhappy to discover that shoes now often have RFIDs built into soles. This + anti-theft RFIDs readers that are already deployed by the entry of most stores can allow to easily assign unique ids to shoppers.

Most anti-theft tags are not RFID and the gates are not full RFID readers. At least in Europe, vast majority I see are still based on simple resonators that get disabled on checkout. Effectively, the gates only provide a yes/no signal and can't be used for tracking.

Applied Science has a good video on how they work:


Retailers also use your MAC address from your phone which is always being published unless you take precautions.


Not on iOS anymore, that value is scrambled on a regular basis.

This is super cool. Was there any announcement or documentation for this?

We used a Cisco Meraki router once for a client and rigged it up to know who was in the office (for fun, to be aware that it could be done). It'd be nice to know the iPhone/iPad scramble themselves if possible.

Apple made this change in 2014, it was widely reported. [1] Apparently it exists on Android now also, though I don't follow that platform closely.

1. https://arstechnica.com/apple/2014/06/ios8-to-stymie-tracker...

Android does the same thing, both announced a while ago

Only if your phone is locked and it is looking for all open wifi networks. If you unlock it or it is connected to a particular wifi network this is not true.

No necessarily. If you are connected to some wifi and sending/receiving data, your MAC is still visible in the air.

Would putting my newly bought shoes into a microwave be a good countermeasure?

I've heard that you can disable RFID readers (not tags, readers) with an appropriately-resonant coil and an EMP circuit.

I'm not sure if the same can be done to tags, but considering the size of the tiny electronics, and the fact that they are manufactured under the assumption they'll never need to be touched (aka, no CMOS spike tolerance), it might be trivially...

...wait. I just remembered about RFID alarm barriers in retail stores.

Well this is annoyingly difficult to discuss, then...

Indeed you can, from a disposable camera flash circuit[1]!

Though I concur, might be used for evil purposes, couldn't resist posting this. I just love disposable cameras hacks.


Ah, very interesting. Thanks for the link.

>> Well this is annoyingly difficult to discuss, then...

Why? Is there a law against public discussion about how to disable an anti-theft device or something?

Okay, not really - but it can be tricky to know where to draw the line. I guess I was uncertain.

I draw the line where actions are taken. A discussion is not an action. Using a device illegally is, like for instance pulling the trigger of a gun with the evil intent of murder, or taking something that isn't yours.

I heard that the "is there a pot on"-impulse of induction cooktops is strong enough to kill RFID-chips without burning them. Have not tried it though.

another trick would be to pay for the shoes in cash; in this case they will not be able to link the RFID chip to your real identity. Cash payment is a very privacy friendly technology.

That's not the point - the point is being identified as an entity by a unique marker that the RFID tag gives off. It's still an anonymous entity, but it can be deanonymized by correlation... with your face via video or whatever.

Next month: new shoe regulations require the use of materials that melt or burn when microwaved.

Nah, they won't need to push that hard. "Warranty void when microwaved" will most likely be enough.

I've never made a warranty claim for shoes, so that shouldn't be a problem.

Me neither (too lazy for that), but I know they are used and abused by people too. This leads to funny cases I heard of like a company specifying that some shoes are for "walking", not for "running", and refusing to refund them if you admit to running in them.

You guys need Norwegian consumer protection...

As long as it comes bundled with Norwegian famously cruel child "protection" services, thanks but no thanks.

That doesn't sound too unreasonable. Some shoes like heels are made for fashion, not function.

If it's "not unreasonable" for them to reject warranty claims if you run in shoes "not intended for running", does that mean it is reasonable to make a warranty claim on shoes "intended for fashion" if you're not picked up while wearing them?

"Wore these heels to six bars, didn't get hit on once. Please repair or refund."

Do you have a source for this? All I can find online is the occasional use of RFID for stock management or the odd marketing campaign. But nothing about customer tracking

Is there something like this available commercially, or at least a guide on making one with a Pi?

I suppose reading the paper is one option.

EDIT: Link to the paper seems to be broken. Here's the PDF: http://www.cs.vu.nl/~ast/Publications/Papers/lisa-2006.pdf

Pretty sure they already are built into credit cards for this exact purpose.

Any sources for this?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact