Hacker News new | past | comments | ask | show | jobs | submit login
iOS 8 randomises the MAC address while scanning for WiFi networks (twitter.com)
442 points by DavidChouinard on June 8, 2014 | hide | past | web | favorite | 260 comments

If this becomes the trend (which in my opinon would be nice) it will become a big problem for companies that specialise in customer tracking e.g. for supermarkets and big department stores. Previously it was quite easy to track a customer, how long he or she spends time in the store, which floors he or she visits, etc. by putting up dummy WiFI-networks that the customers phones find by giving out their MAC-addresses.

It's disturbingly creepy to think that stores would even think of doing this, but on the other hand it's also an indication of how clueless the general population is about the amount of identifiable data they're unconsciously "leaking" through personal, (nearly) always-on devices. My laptop is setup with a random MAC precisely to prevent this sort of tracking.

Interestingly, the unbranded Android phones I have (one looks very much like an iPhone, ironically enough) all came with this "feature" of a random MAC every time the WiFi is turned on/off, although that was more likely the manufacturer not bothering to give each one a unique MAC.

All the more reason to keep the WiFi turned off unless you're actually using it, and this might be a bit on the paranoid side, but I do the same for the cell radio (airplane mode) - it's on only when I'm expecting a call or making one.

At the other end of the scale, this tracking via MAC almost invites making them think several million customers have suddenly entered the store...

I'm a technologist and I didn't know that devices advertise their MAC addresses when scanning for WiFi until someone in that business told me. I always thought it was the other way around (base stations advertise themselves and devices affiliate with ones they recognize).

Though accurate, "clueless" is a bit harsh. I don't expect the general public to know the implementation details of WiFi any more than I expect them to understand how a catalytic converter works. The beauty of an abstraction is that you get to reap its benefits without understanding precisely how it works.

The beauty of an abstraction is that you get to reap its benefits without understanding precisely how it works.

...and get to be manipulated and screwed over by the people who do.

While I don't expect the general public to know the details of WiFi down to e.g. the level of the 802.11 spec, I think that some general ideas, like the difference between passive/active scanning, are both simple enough to be understood by analogy and critical to privacy that they should be known more prominently.

Active scanning for known base stations is a 'feature' most people don't know about either. You phone actively tries to connect to base stations it knows, opening you up to attacks from devices like the WiFi pineapple.

Now that the MACs are random does that really solve the problem? A probe request sends out the real MAC of the AP it's looking for as well as the AP ESSID. By using anyone of many translators you can get a map of each ESSID with GPS co-ordinates. While many people will be probing for Starbucks and McDonalds they will always have a unique probe for their own home AP. So now there is no "neat" way of using the MAC as a primary key you can still infer the user by the AP least in common with anyone else, i.e. which probes are NOT McDonalds et al.

So if my home AP ESSID is Einstein, MAC=deadbeef every time I enter a store my home AP MAC is still being recorded as well as the relative movement throughout the store. As well inter-relational data could be inferred by other AP MAC addresses if I visit a friend or family member it's likely that probe will connect us.

TL;DR Relations are based on unique data just because some of the data is 'scrambled' it's reliance on static data is it's weakness.

Your assumption is incorrect - Probe requests do not contain the MAC of the AP, only the SSID. Wifi clients usually only save the name and security type/PSK of previously joined networks. In many situations, the same SSID is broadcast by multiple different APs with different MAC addresses in the same area so it wouldn't make sense to remember a specific SSID/MAC pair.

If the same client (iPhone) probes for a list of SSIDs with one random MAC and then probes for the same list again a short while later with a different randomised MAC, you could still track that individual based on the list of networks they probe for.

If the client MAC is randomised for every single new 802.11 probe that makes it harder but you could still track based on a single unique SSID probed for (i.e. something more unique than NETGEAR).

I'm going to look into this and possibly update my tool iSniff GPS.

each individual probe request will be coming from a randomized MAC, so there shouldn't be any "list" of SSIDs to compare.

The randomized MAC address doesn't help here. If two probe requests have different MAC addresses but the same SSID list, then the tracker can guess that they are the same device.

Each device sends beacons out at an interval. By sorting all the probes by these intervals (10Hz or what ever) each will likely be slightly different from each other. So my device sends probes out at 0s another will send it out at 0.5s. Also by co-relating these beacons by signal strength well the random MAC doesn't really matter.

unless Apple also decided to stop sending out the SSID list..

This only occurs for 'hidden' networks. If you do not have any hidden networks in your known network list than you will not be broadcasting SSIDs. This is yet another reason to avoid setting your AP to hidden.

>This only occurs for 'hidden' networks.

Incorrect, this occurs for all networks! I've had some fun with Wifi Pineapples before.


Do you have a source for this? Is there any documentation of this in the 802.11 spec? I'm also wondering if devices send a single probe per SSID they're looking for, or one probe with a list of SSIDs?

I'm under the impression that every request is a different random MAC, until you connect to the wifi network.

I'm under the impression that most "mobile" WiFi-enabled devices will actively probe [0] for APs that they've been associated with in the past. It's the SSIDs and MACs of these APs that will be used to figure out who you are, despite your ever-changing client MAC address.

[0] By the gods, this is such a stupid idea. Aren't beacons often sent at a 10Hz rate? Assuming that we've associated with a network that actually sends beacons, why wouldn't remaining silent, listening for the beacon, then associating work just as well as probing?

I think this is a great example of how security and privacy gets sacrificed for convenience -- everyone seems more concerned with how fast they can connect to the first open WiFi network they find when they're roaming than what info they're broadcasting, and software's behaviour and interface reflects that. I'd like finer control over what my device does, like

- whether to automatically connect to any networks

- whether to use active scanning (and if it's off by default, I should be able to force one); passive scanning is fine unless you need to connect to networks without SSID broadcast, since it's just listening. Probably saves a tiny bit of battery too.

- better management of SSID list; I find the design where items in the list appear/disappear dynamically while you're trying to manipulate it rather irritating to use. I would prefer if there was an option to control whether the list gets updated, so it will stop accumulating useless networks. Finally, one for iOS (and Windows 8, which has regressed in this area): make it possible to forget and/or otherwise manage networks that are not in range.

I think they're saying you can still identify a device with pretty good certainty by the probe requests it sends. Probe will include the MAC of your home AP and other known APs, which are unique enough, even if your phone's MAC is changing with each probe.

Without being too specific, you should assume that Large stores already do this. Any store claiming to have "in store wifi" is almost guaranteed to be tracking you through your mac address.

The system that I'm familiar with only tracks where you're going. It didn't (as of a couple months ago) have any way of linking your mac back to a consumer profile.

I was in a shopping mall recently, where the free wifi required your name and an email address before letting you use it.

Fuck that.

Name and email, you say? Check out the form you need to fill in to use free wifi at Brazilian airports:


They want your:

  marital status
  place of birth
  identity document type
  identity document number
  street address
  cellular phone number
  name of cellular provider
  landline phone number
  email address
  barcode from your boarding pass
If you think that this is an April Fool's joke, I can assure you that it's real. Some of the above are optional on the form that's shown, but other airport ISPs in Brazil do insist that you fill in a lot of fields like the above.

I'm happy to say that the trend in the United States and Canada has been toward less or zero information for using wifi. Less than 10 years ago, it was quite common to see all sorts of questions to use wifi. And Internet cafes used to demand ID in the United States and Canada (and they still do in Brazil).

At Beijing airport if you're not Chinese they require a scan of your passport photo page at a special kiosk where they then give you a unique access code....

I remember filling out that form. :-(

I also remember checking into a Brazilian hotel, where they wanted Brazilian guests, at least, to specify their highest level of formal education (!), as well as profession, date of birth, and the city from which the guest arrived and the city to which the guest planned to travel next.

I wonder if the last two are specifically meant to aid law enforcement investigations.

So they'd learn my name is Al Kapone, my nationality is the proud citizen of the glorious nation of Kazakhstan, my place of birth is the South Pole, my profession is a lion tamer and I live in 666 Fake Street, Garbadedataville. What they're going to do with this information?

What's lion taming like as a career?

Hello, my name is Guy Incognito. My email address is gincog@example.com.

Unless it requires you to click a confirmation link or something similar to that, just use a fake address at one of the example.TLD domains.

If they DO require confirmation, use mailinator or a similar service.

Catch 22 there: you have to be able to access mailinator.com in order to generate a throwaway email.

Not with mailinator. You just choose a username and it gets sent there. No need to go to mailinator.com first.

Requiring email confirmation assumes the fact that the user can already connect to the Internet to access his/her email to read the message, throwaway account or not, so that wouldn't work too well...

Connect with your phone long enough to confirm?

Possible, but never seen free wifi actually do that.

That's pretty standard for all free wifi in the UK.

If you don't give your name or other identification, how would they hold you responsible if you abused the connection?

It's not that, trust me. They make good money with your data. Take it as a way of payment for the "free" wifi.

It helps the same purpose as the loyalty cards, especially the ones that outgrow the original business (I'm looking at you both Tesco ClubCard and Nectar Card). Getting "points" by using those at other businesses like petrol stations helps them profiling you for "better" advertising. They also keep you a bit more loyal to their associated brands, but we already knew that bit :)

I wonder when that better advertising would actually come along. They keep collecting the data but so far all the ads I've seen is either utterly irrelevant crap or "you visited shoe store so our network would show you the same shoe store's ads for the next 3 months, because it can't be that you don't need buy new shoes every day".

Non-Disadvantage Cards.

It's pretty reasonable to expect a store would think of tracking a customer's path through the store. Websites do that all the time.

In addition, if we find a good way to provide information to the store owner about how his or her store is being browsed and used, it is likely that stores will provide better shopping experiences.

Explain the downvote?

Not my downvote, but I suspect people don't like the slippery slope argument ("tracking is omnipresent on the web, therefore it's OK to do it in the real world as well").

Then there's "better shopping experiences" which most people's BS translators will read as "worse shopping experiences / persuading people to spend more than they intended".

Yeah that is one perspective for sure.

To be clear, I'm not arguing that it is justified or moral. Whatever you think about 'right' or 'wrong', you have to realize that a person who builds a store is going to want to know everything about how his or her store is used. EVERYTHING. That's not good or evil, that's just logical.

Acting like it should be self evident to a store owner that tracking users is inherently wrong is just ignoring the viewpoint of the store owner wholesale. Does not lead to good policy.

I'd say wifi tracking is less 'evil' than mood and gender facescanning software thats on in-store security-camera's these days.

It doesn't make much sense and looks utterly paranoid. To me, all this "privacy" thing looks more like a hype than something of real importance, and the companies like Apple are taking advantage of such a mentality. Suppose you operate a store, what would you want to do? Obviously collecting information to improve user experience is only natural. Put it this way: If, at the end of the shopping, somebody from the mall approaches you and asks you to fill out a survey about your shopping experience and what could be improved, would you comply? Probably one half of us will. Then why, a method which is not intrusive, does not take your precious time, and doesn't waste human resource on the part of the mall, would get such a strong reaction of yours? Is it really the "rationality" you boast? I totally doubt it. It's more likely pretensive overreaction.

It's disturbingly creepy to think that stores would even think of doing this

Malls and stores have been doing this for years. See e.g. http://retailnext.net.

At least in europe a bunch of cities also deploy these trackers in public squares for commerce/tourist tracking.

Why is this so creepy? They know a piece of hardware has been in certain locations for a certain amount of time. This data can help improve your shopping experience and help the store better market to you. (While also increasing their sales). There is nothing personal about at MAC address go ahead and track it.

Also... Yes keeping your phone in Airplane mode is a bit paranoid.

Assuming they track every single purchase made at a store along with the credit card number used (or at least some form of ID associated with that particular card), and all the times the MACs left the store, how many sets of data do you think they need to get a 1:1 match between MAC and person? Even for really large stores, I'm guessing it would only take 2-3 visits before they can link you to POS records with decent accuracy.

Once they have that, your MAC address becomes personal. They know what that MAC buys, how long they spend in the store, how much they spend in the store, how often they visit, etc.

Couple that with the fact that with enough WiFi APs, you can triangulate a certain MAC to a specific location in the store, match with the cameras, etc. Probably track you to your car if they wanted with their satellites watching their parking lots.

And then we get into the problems created when these stores either start sharing this info, or the vendor they hire to install their tracking system starts approaching full coverage of the nation / developed world.

Keep in mind this isn't 'crazy future minority report' stuff. These are all things they are either doing now or could easily do now. All in all, it's just another damn piece of info about me that was once personal and now no longer is. "The amount of time Ben Reaves is spending looking at adult diapers is trending up. Flag their profile for incontinence."

Amazon, does this and it creates (for me) a better shopping experience. When I go to amazon it knows what things I want to buy and puts them right in front of me. Then it points me to other items that are related. Amazon knows precise,y what I look at and for how long before I buy it. Why is this good for online shopping and bad at a B&M store?

I think most people (including me) would probably agree that all this tracking creates a better shopping experience. Taken to its logical conclusion, eventually the stores will know what I want to buy before I even know I want it- they'll place it front and center in front of my face, said face will light up in sudden understanding that this is what I've been missing all my life, and money will exchange hands. Snark aside, I really do agree that this is a better shopping experience.

But we're not just talking shopping experiences here- the data, algorithms, and extra tracking that fuels the (perhaps extreme) future I described above has costs, mostly in personal privacy. Maybe I don't want the conglomerates (and the government, since we all now know they've got their 'black boxes' in the datacenters) to know my penis size, how good my relationship with my father is, what medical conditions I have, and just about everything else one can think of. However, this is the future we're headed towards.

Secondly, I think _greim_ said it very well in this post elsewhere in the thread: "Giving marketers deep psychological and behavioral insight increasingly enables them to circumvent rationality and "hack" consumers in various ways." There is a fine line, I think, between offering exceptional shopping experiences and manipulating your customers.

Mix that with a camera at each teller to do good facial capture for cash customers and cameras at the door scanning people coming in and it gets a bit creepier.

You know what is really creepy, when the tellers and staff at a store are painfully happy and courteous. If feels like if I frown or show any irritation their neck detonator will go off.

Just wait until they implement dynamic pricing.

>bit on the paranoid side Not at all. Probably saves battery too.

Good. It should be a problem for them.

I'm genuinely curious, how does it being a problem for them benefit you? (I'm assuming you're not saying that out of indifferent malice but because you have personal gains, which is normal.)

Can you please elaborate on your point?

I think on the general principle of privacy. But also, the idea that the more trackable you are, the more easily manipulated you are by marketers and advertisers. Free markets work better the more consumers are rational. Giving marketers deep psychological and behavioral insight increasingly enables them to circumvent rationality and "hack" consumers in various ways.

Thanks for a constructive and very insightful response.

This definitely seems to be a valid reason why people would be against being tracked. We don't want to be more easily manipulated (through the data that the ones doing tracking are able to acquire) and coerced into buying things we don't want/need (but the ones doing tracking want us to buy).

Would it be accurate to describe it like this: the consumers' interests are to be rational, less easily manipulated and "unhackable", and being tracked is a threat to those interests.

On the other hand, the store owners are trying their best to get their products sold, so their interests are opposite of the consumers, to find ways to sell as many things as possible.

If that's accurate, I find it interesting that there are these underlying "wars" occurring within a single species. In fact, a single person may wake up and go to work one morning, serving in the position of the one doing the "tracking" and fighting against the interests of consumers, then in the evening they may go shopping and end up on the other side, fighting against the interests of the ones doing tracking.

Pretty fascinating.

That's decently accurate. We're all doing what's in our best interest, in the role that we play in that time.

In general - I want to give people who don't know me personally (and especially people trying to sell me anything) less power to catch my attention and pull at my impulses, not more.

There's a ton of evidence we aren't doing what's in our best interest at minimum a significant minority of the time. In any event, the claim of economics isn't that people act in their best interest, but that they try to maximize happiness* -- whatever that is (it's rather recursively defined -- happiness is produced by voluntary transactions, which in turn are voluntary because both parties believe that the exchange will make them happier).

* or whatever it is makes transactions pareto optimal.

Meanwhile, behavioral economists have shown humans aren't even great at pursuing happiness; perhaps they have reached their high water mark, but they're certainly not completely wrong.

> Would it be accurate to describe it like this: the consumers' interests are to be rational, less easily manipulated and "unhackable", and being tracked is a threat to those interests.

In my view, yes. Being rational is by definition the only way to make my life better. The harder it is to be rational—to perceive the truth through all the layers of bullshit and manipulation—the less I trust my own conclusions, and free markets in general.

underlying "wars" occurring within a single species

Have you met any humans lately? We all have divergent interests, differently expressed in different aspects of our lives. The entirety of law and politics is this.

There's a flip side to this. Being less trackable means that any passive advertising or active marketing you do see is less tailored to your situation and needs.

When I walk around I see many billboards advertising products for which I have no use (e.g. female hair care products). If tracking technology could replace those with things I actually might buy (even if male hair care products) then I would be a touch happier.

Do you know what companies never do? They never ask.

I see dating ads, cars advertisements, feminine healthcare products, insurance ads, etc. What do I want to see? Travel accessories, computers, hardware, games, tech gadgets, etc. I never see these ads.

Why doesn't Google say, hey, you're going to see Adsense all over the internet, advertisements before videos on YouTube, etc. Would you like to select a few categories so that time is spent seeing some cool products that are relevant to you?

I've been on the internet for 15+ years, and no one stopped to ask just once. I could select categories in about 20 seconds that would be more accurate than all this data collection and profiling that happens every day.

Instead, I just block ads, and install ad block on every computer I come across. I make my living off ad revenue, but ads are absolutely awful, irrelevant and too often malicious. If they gave me the option to select some categories in the past, I probably would have discovered some decent products to buy, and keep them turned on. But nope, I can't recall clicking an ad in the past decade.

You can set your interests for ads (and see what Google thinks you like) here: https://www.google.com/settings/u/0/ads

Google thinks I am 15 years older than I am and I like cats.

But if they asked, you could lie to them. Lots of people would. There's a total presumptive lack of trust, which is part of why the whole business is so corrosive.

Serious question: are you sure you'd actually be happier? I like efficiency as much as the next guy, but that doesn't mean that I'm looking forward to companies more efficiently marketing to me. Especially if it's going to be constant.

I have already started to notice ads targeted at me. Ads for niche outdoor gear companies that I patronize.

I can report that it has indeed made me happier, as compared to when the ads were "Click here, Millionth visitor, and win a prize!". The dragnet advertising is a constant assault on your intelligence.

It also helps that the targeted ads I am seeing are tasteful & well designed.

I adblock 90%+ of the time, but I let ads through on some websites.

It can go both ways. When I was researching for the next car I was going to buy, I started getting a _ton_ of car advertisements; however, most of them were useless. What their simple algorithm failed to notice is that I was looking at a very specific class of cars, and I spent more than 1 hour on several manufacturers websites doing research and had mostly narrowed in on my choice. The proper move would be to see that and advertise different dealerships to me, but I only got ads for other cars that I already decided I _didn't_ want.

Also, I like to research, in general. Which means I can often come across and get deeply into some very odd subjects and it seems there are some odd correlations out there in society. For example, after doing a bunch of research on different world religions and their origin stories, I started getting ads for the Mormon church, and strangely, for all types of gambling websites, destinations and attractions. None of this advertising was of any use.

No, I'm not sure. However, I suspect we have some way to go before ad tech gets good enough to creep me out.

I guess it comes down to a difference in acceptability of intrusive advertising. Personally, I am absolutely disgusted when adverts are tailored towards me (especially since I don't see them most of the time with Adblock).

Seeing tailored advertisements brings me a feeling of despair, in the sense that your personal privacy is being exchanged for money. It only serves as a sad reminder that you must actively fight to protect it, and that we, as consumers, are failing at it right now.

Is it not easier to tune ads out if they're not targeted? If I want to buy something, I'll go look for it.

Just opt in. Explicitly.

What's bad or irrational about being manipulated by marketers and advertisers? I don't see how buying something because some marketing convinced you of its worth is irrational.

I just don't like them tracking me without asking my permission or even alerting me.

> I don't see how buying something because some marketing convinced you of its worth is irrational.

It's not as much that they convinced me to buy something, it's that they did it by using data they got by essentially spying on me.

Listen to your sentence, once you factor out the internal contradictions (emphasis mine):

> What's bad or irrational about being manipulated by marketers and advertisers? I don't see how buying something because some marketing manipulated you into thinking it was worth buying is irrational.

Can you take a stab at answering the question?

Most people, if it explained to them, would be generally uncomfortable with the idea of their movements in a public place being so specifically logged.

How would you feel if every time you were in a store, an employee followed you around and took notes on your actions?

Thanks for a constructive response to my question. I'm simply trying to gain a better understanding of the situation.

> How would you feel if every time you were in a store, an employee followed you around and took notes on your actions?

Most people would feel uneasy/bothered by that. But are those emotions warranted? If we did not get such emotions, would the same scenario be okay? Or are the emotions a consequence of the true reason why we're against such behavior.

It's also worth noting that the employee following you around is a visible behavior, while being tracked via Wi-Fi mac addresses is much less intrusive.

It's also worth noting that the employee following you around is a visible behavior, while being tracked via Wi-Fi mac addresses is much less intrusive.

It's less visibly intrusive, but the effect is the same. Our instincts aren't very good at reacting to effects we can't see, having evolved in a world where there were no undetectable ways for someone to follow us. Thus, we should consider what our natural reactions would be to a person doing the thing we want to use technology to do, before we create the technology to do it.

> It's less visibly intrusive, but the effect is the same. Our instincts aren't very good at reacting to effects we can't see

Absolutely true.

We should also consider the underlying causes of certain emotions, and whether or not they should be warranted.

Many phobias are unwarranted fears, so the goal is to eliminate the emotion rather than the underlying source. But the decision to _try_ to eliminate the fear can only be done after identifying and confirming that the fear is indeed unwarranted and unhealthy.

On the other hand, if the emotion is warranted, then it's completely valid.

What I'm suggesting is that human emotion serve as a really good indicator, but they cannot be taken as the absolute truth. It's best to investigate the actual facts and come up with logical conclusions. So neither trusting emotions blindly, nor ignoring them completely is the best course of action, but something in between.

Why should I have my movements tracked in a store when I'm not using the resources offered by them? They should feel lucky to have me in their store and provide service, not Orwellian surveillance.

My other beef here is that this is just another way to further dumb down and make retail employment completely mindless.

> Why should I have my movements tracked in a store when I'm not using the resources offered by them?

To answer your question directly, one of the advantages could be that they can optimize the store layout better so you don't have to walk as much to find what you want.

(There are other disadvantages and advantages, by listing one of them I don't exclude the existence of others, but I can't cover everything.)

> one of the advantages could be that they can optimize the store layout better so you don't have to walk as much to find what you want.

But stores do not want to do that. Stores know you want a pint of milk and loaf of bread. They put these two items far apart which means you need to walk past all that other stuff, this increasing the chance you'll buy something else.

Tracking technology isn't going to ne used to make my experience nicer unless that translates into more money fornthe store.

> Stores know you want a pint of milk and loaf of bread.

You, me, perhaps: what about other buyers, many of whom don't come to the store with detailed checklists? Their experience involves a fair amount of in-store exploration. For them placing milk and loaf of bread far apart might arguably be beneficial, because it makes them go past all of that other stuff they may forget to buy otherwise. Indeed, I imagine such customers are also easier to upsell to and more prone to impulse purchases of products that yield better margins—and that's part of the shopping process they visit the store for. Alas, people seem to enjoy buying things.

In short, I wouldn't be so confident that a store with more ‘rational’ layout would score better in the eye of the customer, even all else equal.

Disclaimer: I don't work in this area of business and this is purely my speculation.

This is interesting and indicative of a bigger problem.

Why isn't it most profitable for the stores to provide the best experience for customers in order to be most profitable?

Suppose there are two stores:

- Store A. Offers decent experience for the customer.

- Store B. Offers much better experience for the customer.

One would naively expect and hope that, given those two choices, more people would prefer to go to the better Store B and hence it would be more profitable. Hence the stores would try to do their best to serve the customer interests.

Why is it instead more optimal for stores not to optimize for the happiness of its customers?

Could it be because customers are not adept at recognizing which stores offer better experience for them, _and rewarding_ such stores by preferring them over other stores?

These are only speculations, but here are points based on my own habits:

1) The most important criterion for me when looking for a store, is walking distance. I don't want to bike, or drive to the store. So the closest store is almost guaranteed to win my business.

2) The second most important criterion is the price. I'm still a student so I'm a bit careful with my spending. So if a store is much much cheaper, and not too much further, then I might go there when I have big errands to run.

3) I am pretty much insensitive to the layout of the store. I'm already walking 10-15 minutes to get there, so 30 seconds between milk and bread is no problem really

Anyway, my point is that in my case, the reason why the "better" store doesn't win is that I don't really care about the criterion used to define it as "better". So going back to your point, a store doesn't have anything to do to serve my interest other than being close to my apartment and lowering the prices. The rest is almost totally irrelevant to me.

You are assuming that the customer is you, the schlub with the iPhone, are the customer in mind here. It isn't -- product merchandising in stores isn't rocket science. Any decent retail manager handles this stuff just fine and Wal-Mart has been able to track merchandising effectiveness using the registers for like 25 years now.

The customer here is the product manufacturers and distributors, and the product is shelf space. In big box and department stores, strategic shelves like end caps and the area near the escalators are paid placements.

Ditto for the supermarket. Ever notice that in different chains, Coke or Pepsi is always either in the front or back of the store across locations? That's because they bid on the preferred location.

Retailers are focusing on stuff like this because most mass retailers have unsustainable business models and aren't making money at the core job - selling stuff to people.

While I don't have evidence, I think it's reasonable to postulate that store A is able to offer the same products as store B at a lower price due to being able to offset it with the extra revenue earned from people having to walk across the store and buying additional products that they would not have otherwise. While you (and I) might value our time over saving 50 cents on a loaf of bread, a significant portion of the population would rather spend 50 cents less on a loaf of bread and be forced to walk across the store. For other people, the better experience might be saving 50 cents, whereas for you it's saving time.

Same thing with Google and TV commercials. For some people, privacy and security and saving time is a better experience, but for most, saving a few dollars here and there is a better experience.

And going even further, why don't customers punish the stores that give shitty customer by no longer shopping there? Same goes for your ISP, politician, etc... We have short memories.

ISPs = Not many people have a choice. My Parents can get Verizon DSL or Comcast Cable. Not really a "competitive choice".

Politicians = It takes time. Once they are elected terms last a long time and then people often have to choose a "new evil"... They can't just say welp, I don't support you anymore that'll solve the problem.

I think part of it is that there's no real venue for customers to express their satisfaction to other prospective customers. If I find a store relatively well-laid-out, convenient, and friendly, I don't have a lot of opportunities to evangelize that store, even if I want to, because my legitimate actual real customer opinion gets crowded out by and blends in with astro-turfers. Sure I can talk it up to my friends, but that's not really a common topic of conversation.

Depends what you're selling. A grocery store is like that since they operate on razor thin margins and making you impulse buy is how they are going to make more money.

An Apple store is not laid out like that. I always see the big ticket items upfront and the accessories in the back. Most people don't impulse buy things that expensive.

>An Apple store is not laid out like that. I always see the big ticket items upfront and the accessories in the back. Most people don't impulse buy things that expensive.

You just walked past the shiny new things twice while you were there buying a cheap accessory. Maybe you noticed something you'll buy in the near future.

Meanwhile, the big ticket items are window dressing, and people who haven't bought an iDevice don't need accessories for one yet.

If the store owner has to choose between using the data to make more profit or to enhance customer value, he'll likely choose the first option. You're not supposed to find the cheapest product easily, but that which provides the best profit ratio for the store owner. So, store layout will change in a way to manipulate your buying decision and you will not even notice the reason for the gradual change.

> If the store owner has to choose between using the data to make more profit or to enhance customer value, he'll likely choose the first option.

Are the two things mutually exclusive? Wouldn't it be better if they were one and the same? What can be done to make that so?

it's a simple test: if data companies collect where clearly explained to the user, would the user approve or not?

"By entering this store, we will permanently record your location every 60 seconds. The main purpose of said data collection is attempting to stitch your actions on the internet to store visits to more effectively sell advertising. Further, we will sell this data to many companies, most of whom we don't directly interact with. Our privacy 'policy' will most likely never be audited, and the worst possible outcome of violations is a fine in the low millions of dollars. We will hand this information over to police and lawyers if they clear the high bar of, well, asking for it. The nsa doesn't bother asking."

What do you think people would choose?

Well put analogy.

My guess is that most people would not be okay with that and choose to opt out.

But my question/argument is, would that be a rational decision? I don't see a lot of benefit for the customer to deny the store those options, so why do it if there's nothing to be gained from denying.

> attempting to stitch your actions on the internet to store visits to more effectively sell advertising

I think this is the key factor. If people see themselves as susceptible to such manipulation, then it does benefit them to deny such behavior to prevent stores from affecting them negatively.

>But my question/argument is, would that be a rational decision?

Does that matter? We[1] live in a capitalist democracy. One of the tenets of capitalism is that consumers should be well-informed and "vote with their dollars/feet", and the core principle of democracy is that the individual citizens get to decide how their society is run. We don't live in a LessWrong-ocracy where the world is run based on somebody's idea of rational objectivity or whatever.

I'm in politics so I know exactly how frustrating it can be when the average Joe doesn't necessarily agree with your vision of a rational decision, but if that's the case, the solution is to change their minds, not to circumvent or obfuscate to get around them.

[1] - I'm thinking Westerners in general, but I'm American, so I may be over-generalizing, we're good at that :-)

Notice that the very many organizations that track people, from businesses to government, rarely notify those they track (in an effective manner) and sometimes go to great lengths to hide it (e.g., many stories report police departments hiding their surveillance tactics, such as with Stingray).

If the argument is that it's good for the people tracked, why hide it?

(EDIT: Deleted the first paragraph; I can't find the reference.)

For me it is mostly about the involuntary nature of it. I actually don't mind myself, but I do mind not having the ability to turn that tracking off (well, without manually disabling Wifi all the time anyway) or in any way control or affect the profile it generates.

Interesting to compare to Google who tracks customers around the internet. Crucially, if you don't log in to a Google account you are only one 'clear cookies' away from erasing your profile (I wonder occasionally if Google reconstructs profiles across different cookie sessions or not ...). At least on that side, you have some control. You can't change your MAC address nearly so easily.

The MAC address is stable once a device is authenticated (connected) to the network. With the trend of providing 'free' wifi access within stores, making sure that users connect to that network is enough to continue tracking them.

> The MAC address is stable once a device is authenticated (connected) to the network.

That is necessary to keep the gateway from having to issue a thousand ARP requests (one for every packet you send from a different MAC), but there is no reason why the MAC chosen to connect to the network couldn't change every time you disconnect and reconnect. That would at least prevent you from being tracked between visits to the store [using this tracking method], even if you actually use the network.

True but wouldn't the landing pages of most of these services be able to document the OS, browser, resolution, type of device(tablet vs laptop and IOS vs android) and likely a lot of other stuff.

I can narrow down a huge list to a very short list using above information along with the probes being sent out co-related to the signal strength. Timing of each probe can also be leveraged in uniquely identifying,most probes are sent in interval from each device. Those probes that come in equal intervals are likely from the same source, leveraged against signal strength you can likely identify a small crowd. To take it even further you can calculate the signal as absorbed through the store to signal congestion and possibly other metrics.

Hence the "using this tracking method" caveat. Now you have to do something much more complicated just to get less specific data. And it's a cat and mouse game: You put up a useless landing page, device makers set their browsers to require TLS for any page previously found to support it, preventing you from redirecting requests to the majority of popular sites. Or they could just detect the ARP misuse that makes captive portals work and patch that particular vulnerability, because screw captive portals entirely.

MAC collisions?

It's a 48-bit space, so you'd need around 16M people connected with random IDs to have a high chance of collision.

Even by sticking to a certain subsets of OUIs, it's still probably fine. On top of that, listening to traffic (even after picking an in-use MAC) would allow you to determine if someone else is using that address.

How will you make sure of that, though? Only a tiny fraction of smartphone users will bother to connect to your wifi, and it'll be a skewed sample.

By making sure your steel-reinforced concrete mall walls are thick enough to block proper 3G/4G reception (no, really, reception is pretty bad in a lot of indoor places).

But still, I agree, it would be very hard to have everyone connect to your wifi.

it's hard to get everybody, but it's easy to get a significant sample. just set up an open network called Starbucks WiFi and watch all the iPhones connect to it

But the device is still visible on wifi even if it does not connect. Some phones tend will try to connect to known networks pro-actively and will leak the SSID of those networks.

I wonder if this explains why a lot of these 'free' Wifi networks let you connect with no issues then ask you to login or whatever when you try to do anything. I figured it was probably just to offer a better login screen (than the Wifi settings on whatever device) but stabilising devices for tracking would make sense too if others do this.

Or, it's to force you to read and accept terms and conditions, to force you to type in your email, to force you to type in a one time use code to connect, to force you to pay money to connect, ...

Nomi[0] is one startup that does this, tracking locations of customers across participating stores without customers' consent.

It's opt-out for consumers, and in order to opt-out, you must register your MAC address with them[1][2].

I really hope that cycling MAC addresses becomes easier on mobile devices, if not automatic.

[0] http://nomi.com

[1] http://nomi.com/privacy/

[2] Assuming you even know that this service exists (which most consumers don't, because why would the store owner tell them that they're doing this?)

>If this becomes the trend (which in my opinon would be nice) it will become a big problem for companies that specialise in customer tracking e.g. for supermarkets and big department stores.

That's terrible! Poor them!

Isn't that suppose to be illegal in first place? I mean without actual consent, tracking a device... Doesn't sound extremely ethical.

That said in some airports, changing MAC address is illegal. Now that the iPhone will support the feature and most owners will have no idea what's happening, I guess these airports will have to change policy :-)

> That said in some airports, changing MAC address is illegal.

Would you mind providing some links? I'm interested to see how it's laid out

What stops them from switching to tracking via the hardware address of the cellular radio?

The needed radio hardware would be more of an engineering and procurement challenge for the typical two-bit analytics startup than wifi radios.

Great idea; if public outrage forces police to stop using Stingrays then grocery stores can start buying them instead.

Probably the fact that IMSI-catchers are illegal.

You can only get that kind of information (e.g. IMEI) if you use IOKit, and you can't submit to the App Store if your app uses IOKit if you're not a part of the MFi (Made for iOS) program, i.e. a hardware manufacturer.

Edit: I'm really getting confused with downvoting on HN. How exactly is this comment poor?

I'm pretty sure the post you're replying to isn't talking about an iOS app, so IOKit doesn't have anything to do with it. They're saying that a store could install their own cell antenna to listen to nearby cell phones, record unique identifiers, and track customers that way. Apple is anonymizing MAC addresses to stop a similar form of tracking, but it won't work if there are other radio signals they can't anonymize.

Apologies if you knew that and I'm just not understanding your point.

Correct me if I'm wrong, but $tracking_co would just need to get their instore-tracker5000 approved by apple and then they are back to their old ways? I know that may not be cheap/easy for them, but still reasonably within reach.

Wouldn't you also need to install their application? The previous technology used builtin features (wifi scanning).

Yes. And for that use case - intentionally tracking one's location (for maps, proximity alerts, etc.) through an app - there is iBeacon.

I don't get it, defeating that kind of tracking sounds...awesome? Isn't that the point?

EDIT: sorry, I've had too little coffee today for proper reading comprehension. Clearly you think it'd be nice too and are not empathizing with the snoops and marketers.

That's the whole reason to do it. Do Not Track for the physical world.

Are retail stores actually using cell phones to track people at the individual level? I mean, I know the technology exists and all, but it just doesn't seem like it'd actually be all that useful to the stores.

My guess is that the stores that are using this tech are mostly concerned about how long the average person has to wait in the checkout line, not whether Joe Blow is was in the store.

Large stores use it to positionally track unique customers. They can analyze the paths they take and ultimately what they buy. This is powerful because the can optimize the layout of their stores to maximize sales based on hard data.

This will now become much more difficult to do.

I'm genuinely curious: is there data on how many or which retailers do this?

Have the stores release apps (or one app that works for the system they use) that trades a percentage off, coupons, etc, for location data.

"We'd like to learn a little about your shopping habits, and that includes sending anonymized data about your time in our store. In exchange for this, we'd love to offer you 25% off this purchase and 10% off all future purchases".

As nice as this may be for privacy, there is too much at stake here commercially, so this will likely be just a step in the cat and mouse game.

Face recognition comes to mind as a technology that can replace this, and perhaps as a result of the MAC scrambling we will see a bigger push for face recognition in stores.

Perhaps it's not quite that bad. Places like Home Depot use AT&T, so the AP is called attwifi. If you've ever used the wireless at a Starbucks or McDonald's, you've likely already approved your phone to connect to attwifi.

Privacy is inversely proportional to utility. It's basically the first rule of privacy.

Strongly disagree. The relationship, while it can exist in some areas is by no means universal and certainly not linear. In many cases privacy may be invaded for no end user utility and in others utility may be possible without any privacy costs. Of course some things cannot be offered with privacy fully preserved.

It's pretty clear that Apple is positioning themselves in stark contrast to Google, they want to be the privacy/security company. Internet companies with advertising business models are a dime a dozen so that is a real advantage that differentiates Apple.

The FT brought up a similar contrast two weeks ago when discussing Apple and Google's smart home strategies. They speculated that Apple is likely "to emphasise the privacy protections built into its smart home system... Apple considers privacy a key advantage over Google...since Google relies on targeted advertising as its main source of income" [1].

This will be an interesting competition. Google, for openness and transparency; Apple, for control and privacy.

[1] http://www.ft.com/intl/cms/s/0/1bef71b8-e433-11e3-a73a-00144...

> Google, for openness and transparency

I'm not entirely sure what you mean — that Google openly and transparently tracks user behaviors so that they can make money on targeted advertising?

If you try to compare the two companies, I'd say the difference is that Apple charges you a premium for their devices (thus making money), while Google gathers data about you so that it can be sold to advertisers (thus making money). Theoretically, each company could do both, but recently Apple started differentiating itself by actually emphasizing privacy and limiting access to data about users, in many places.

I do agree that it will be interesting, though.

I suspect OP is comparing the way the companies embrace technology. Google has been an big proponent of the open web and of supporting the same standards as everybody else. Apple has been pretty single-mindedly focused on being proprietary whenever possible. (They support open standards on the web, but the rest of their platform is only inner-operable with itself.)

It's not really transparency when what they have on you is far more extensive than what they show you. I'd say Google is for control as much as Apple, I'll concede openness vs. privacy which both sound like something spouted out by a suit.

> I'd say Google is for control as much as Apple, I'll concede openness vs. privacy which both sound like something spouted out by a suit.

Naturally they are both vying for leverage. To borrow a line from The Lords of Strategy, "the key way to think about competitive advantage is to think about how to design ecology in such a way to achieve goals you’re trying to pursue" [1].

Apple monetises device sales. It fiercely protects those sales by ensuring everything one does in its ecosystem is done through its devices. That fortification gives it more freedom with user data, which it can play against Google by encrypting and anonymizing its users' activity.

Google, on the other hand, monetises its access to user data. It fiercely protects that access by ensuring everything one does in its ecosystem runs through its servers. That fortification gives it more freedom with devices and standards, which it can play against Apple by encouraging modularity, adaptability, and customisation.

[1] http://www.amazon.com/The-Lords-Strategy-Intellectual-Corpor...

Yep so what you're saying is google is neither open nor transparent.

Maybe flexible?

> Google, for openness and transparency

I don't really see it. They have released some stuff as / contributed to open source, but so has Apple.

By transparency, do you mean their real name policy?

Notably, more recently Google has become less open. Apps written for AOSP that don't use the "Google Play Services" library are second class citizens.

Google is for "openness" only when it doesn't impact their bottom line.

> Apps written for AOSP that don't use the "Google Play Services" library are second class citizens

I love some of the hyperbole that gets written on HN about Google/Android.

Where do you even get some of this nonsense?

Maybe I'm a little high on design rhetoric right now, but I see this less in terms of Apple being a privacy/security company and more along the lines of Apple being a user-centered design company. No user wants their data shuffled around and sold, so any company that relies on the commodification of its users' data is inherently at odds with its users' needs.

Google probably also sees themselves as user-centered by providing advanced services for free.

I think that's the "easy way out," in a way. Sure, it's not easy to provide the services for free, but it also doesn't particularly excuse them.

Like Netflix vs. YouTube. Netflix fights for your ability to stream HD videos comfortably because you pay for the service. YouTube crams a perfectly-buffered, crisp HD ad down your throat before leaving you with a video that might stutter or fail to load even at 480p. Sure, people can't complain when it's free (though they do), but I think it really limits what an experience can be, and I don't consider that particularly user-centered.

Anyway, just my thoughts.

Edit: Fixed some parallel structure

I've noticed on Youtube they seem to buffer really popular videos really well, things like Gangnam Style when it was being played probably to tens of thousands of simultaneous users were surprisingly good - I think they have some sort of really good buffered caching or something. I suspect they might do the same with adverts that they know will stay the same and know they will serve to many users.

The disconnect is there for many videos where a perfectly buffered ad precedes a slow buffering video or something, but they seem to use that technology on some user videos too I think - or something similar.

You are correct.

Due to the nature of how CDNs work the ads don't normally need special treatment.

They simply benefit from being 'very popular videos'. Meaning they stay hot in all edge caches because everyone, everywhere is watching them all the time.

The ads are all in the edge caches and the videos you want to watch might not be.

It's an absolute fallacy that Google provides services for free. In fact, it is more much more expensive:

1. The advertisers who pay google get their money from us, added to the prices of the things we buy. There is no free lunch.

2. The overhead cost of advertising is huge and we pay for that too.

3. We pay the opportunity cost of a product that cannot put users first because they live or die by giving advertisers what they want (and what we want indirectly and secondarily). This includes both the cost of lost privacy as well as well as design that optimizes advertising revenue. As has been said, we are more Google's products than we are their customers.

4. We pay the social costs. Democracy and the free market assume people make voting and purchasing decisions based on facts and reason. Advertising as predominantly about manipulation and deceit. I believe this is the most expensive cost of services that rely on advertising revenue.

Added together, we are paying a lot more for "free" web searches and email than if we could just straight up pay Google for straight-up ad-free versions.

[This is a condensed version of a more detailed case with reference links that I made here: https://news.ycombinator.com/item?id=7485773]

This. If you have access to the developer sessions from WWDC14 I urge you to look at the HealthKit, CloudKit & TouchID stuff. "We take privacy very seriously" was a recurring theme and seeing it baked into the new APIs made me smile. Very cool & reassuring move.

For anyone interested: The videos are open to the public at https://developer.apple.com/videos/wwdc/2014/.

I noticed this as well after watching several sessions. Definitely a good direction.

> It's pretty clear that Apple is positioning themselves in stark contrast to Google, they want to be the privacy/security company.

I don't see how this move is anything out of line with something Google might do. Google can track you because you're using their services on their OS. They don't need a network of WiFi access points to triangulate your location, they can just read it out of your phone's GPS receiver. Randomizing your MAC when scanning for networks is in the same nature as enabling SSL by default for Google services -- it doesn't hide anything from Google (or, as the case may be, from Apple) but it hides things from other people you don't want observing you.

On the other hand, they are also actively developing the ominously named 'iBeacon' functionality. A more cynical viewpoint would be that they are trying to sabotage any possible systems that would compete with their own proximity based marketing solution.

> It's pretty clear that Apple is positioning themselves in stark contrast to Google, they want to be the privacy/security company. Internet companies with advertising business models are a dime a dozen so that is a real advantage that differentiates Apple.

Yes, Apple certainly wouldn't develop/release a product whose sole purpose is to track user's physical presence, with the primary use point being able to sell the ability to push 'app usage': http://en.wikipedia.org/wiki/IBeacon http://appleinsider.com/articles/14/06/03/apples-ios-8-uses-...

This is about the ability to track handsets, and how Apple wants to corner the market on tracking their own handsets.

No, you misunderstand iBeacon. The sole purpose of iBeacon is to let handsets detect it, not the other way around.

In order to for it to be used to track users, the user would have to run an app that detects the beacon and then communicates back to the business. In other words, the user has to opt in to tracking.

> No, you misunderstand iBeacon. The sole purpose of iBeacon is to let handsets detect it, not the other way around.

You are wrong, the point of iBeacon is to allow an app to track its position.

Apple is not about privacy, they're about controlling what they consider to be their customers. They will be the gateway the users go through for any service whatsoever. They get their 30% no matter what.


The big difference is opting in and consent. That’s what’s important. Also, yeah, Apple get their 30% – but only if apps actually cost anything. Those store apps usually don’t cost anything (the stores want to sell the stuff in the stores, not apps) so they will cost Apple money, not make Apple money.

I don’t really get where you see the incentive for Apple to do this, besides privacy.

You are confusing geolocation with tracking. Geolocation merely lets the handset determine where it is. "Tracking" implies there is another party involved in monitoring your location. That can't happen with beacons unless the user runs an app that communicates your location back to a third party -- which it could do with regular old GPS geolocation too. iBeacons are just another way to do geolocation.

Also, iBeacon broadcasts can be detected by Android, or any other platform that wants to. I'm surprised no one has said this on the thread. It's clearly not about Apple lock-in.

Here's an Android library for doing it: http://developer.radiusnetworks.com/ibeacon/android/

The difference is that for iBeacon to track devices the user has to download an app related to the beacons and give permission. MAC address tracking happens without the user giving consent.

Is it not possible to track devices based on their Bluetooth MAC?

If you have discoverable mode on, sure. But typically that's specifically user-activated and only lasts for a couple of minutes.

I'm working at a place that uses a simple app running on a Raspberry Pi to update a dashboard whenever a known Bluetooth MAC comes into the building, with no need to turn on discoverability or pair with the Pi.

flawed metrics buddy, bluetooth mac address is randomized.

Not on the iPhones and Android phones of the people whose names are consistently correctly displayed on the dashboard. The MAC address had to be entered into the dashboard software manually, but no interaction was required on the phone whatsoever.

if I recall correctly, Apple's Bluetooth BLE UUID is also randomized while in broadcasting mode.

It's pretty clear that Apple is positioning themselves in stark contrast to Google, they want to be the privacy/security company. Internet companies with advertising business models are a dime a dozen so that is a real advantage that differentiates Apple.

It's difficult to reconcile this claim with their participation in PRISM et. al., previous long-term storage of cell tower locations, ownership of a mobile ad network, and wanton abuse of the patent system to stifle competition.

- We still don't know whether or not the companies on the PRISM slides were participating voluntarily or even knowingly.

- I don't see how constructing a database of cell tower locations violates privacy. They are beacons used for finding the user's location when they have location services turned on.

- iAd is a joke of an ad network, and stores a negligible amount of user data compared to Google's. It's also relatively easy to reset tracking on iAd, for the few apps that do use it.

> - We still don't know whether or not the companies on the PRISM slides were participating voluntarily or even knowingly.

Sure we do. PRISM has an NSA part and a company part. The company had to build out their end in order to participate in PRISM.

However it's important to realize that compliance in some form with NSLs and warrants was not optional for Apple. By not participating in PRISM they would simply have turned over the same data on each request by manual means.

That modality is probably an even bigger threat to user privacy than PRISM. In PRISM, Apple's legal team would have to vet each and every single NSL or warrant and then manually activate an automated process to ship the required data over. While Apple didn't release a ton of details about how they implement it, this automated process is precisely the thing that can be done without a raft of Apple employees having to map/reduce it all manually (and possibly leak part of it themselves, maliciously or accidentally).

- I don't see how constructing a database of cell tower locations violates privacy. They are beacons used for finding the user's location when they have location services turned on.

They were storing location history: http://www.cnn.com/2011/TECH/mobile/04/20/iphone.tracking/in...

This again? They were storing location history as to more easily pinpoint the user's location without having to maintain a constant connection with a GPS satellite. They weren't storing it and sending it off to the NSA, your local police, or their own data center to mine it.

Were users warned about this before the tracking started?

It's NOT tracking. It was only ever stored locally on that device. That's called logging.

Were users warned about this before the logging started?

Edit: FWIW, "track" is the word used in the CNN article I linked.

On the user's devices.

Where anybody with physical access to their phone or their computer, or access to their cloud sync data, could get at it.

Do you have proof that it was synced to iCloud? I don't believe it ever was.

It was definitely in computer sync data. I don't use iTunes, so couldn't say whether it went into the cloud from there.

Edit: there are more ways for data to get into the "cloud" than "iCloud".

> and wanton abuse of the patent system to stifle competition.

Use (or abuse) of the patent system seems entirely orthogonal to privacy/security.

But definitely contradicts a "good citizen/respects you" persona.

Big corps would be hard pressed to be "good citizens" or bear anything resembling respectfulness. They're a multitude of individuals with often conflicting interests who are all given the general direction of going for profit. Maybe an exception could be a big company where a founder who really puts his grand vision/values above anything else is still in control, which is not the case (or has ever been for Apple.)

User IBM's original comment was that Apple is going for the "privacy/security" persona, which is kind of impossible if they're not also acting as a "good citizen" worthy of trust with one's privacy and security.

Thanks, everyone, for reminding me why I stopped reading and commenting on Apple-related threads on HN. 27+ downvotes later, I still haven't changed my mind, but if you wish to try, logic works better than weak justifications for exploitative, sociopathic corporate behavior and targeted downvoting.

I don't think your downvotes relate to criticising Apple per se; they're due to a poor argument style. I am no great fan of Apple, but hurling vague accusations and FUD, then shifting the goalposts when anyone tries to refute you, adds little to the conversation besides noise.

> I still haven't changed my mind

Well you should have. You've been thoroughly shot down. The fact you don't accept that says more about you than anyone else.

Thanks for your comment. Consider my response below to apply to the thread, not just to your comment specifically.

I don't think your downvotes relate to criticising Apple per se; they're due to a poor argument style.

I'll admit I haven't invested my best efforts into my comments on this thread, but where other than an Apple thread would every single comment by one person be downvoted beyond -4? It's not worth the effort if one knows one's comments will be grayed out anyway.

Even mpyne's much more thorough comment was downvoted, so it's clear that the downvotes aren't strictly targeting poor argumentation. Furthermore, if that were the case, there's no reason to target every single comment by a person equally, as inevitably some of them must be better argued than others.

then shifting the goalposts when anyone tries to refute you

I never shifted any goalposts. All I said was that it's difficult to reconcile user IBM's claim that Apple wants to be the "privacy" company with their actual behavior, then provided clarifications when prompted.

You've been thoroughly shot down.

Where? I see lots of disagreement, but no disproof. Show me the counterargument of the form, "Apple can be trusted despite these events because...".

It's easy to shoot somebody down. Just yell louder. What I've yet to see is a solid refutation to any of the things I said. A downvote is argumentatively equivalent to yelling, "Shut up!" So let's see how many "Shut ups" there are, and how many refutations.

It takes 5 counted downvotes to bring a comment from +1 to -4, where all of my other comments currently lie (I don't know how the HN anti-voting-ring algo turns clicks into actual downvotes, so there may be even more). However, beyond -4 points the comments can still get lighter. I'll assume that #aeaeae is the original -4 comment, since it's the darkest of my comments on this thread. I also have comments at #bebebe, #cecece and #dddddd. So I'll count #ae as 5, #be as 6, #ce as 7, and #dd as 8 or more.

  Original comment - https://news.ycombinator.com/item?id=7865747 - #dddddd - 8+
  Location history - https://news.ycombinator.com/item?id=7865843 - #bebebe - 6
  [Tracking]       - https://news.ycombinator.com/item?id=7866011 - #dddddd - 8+
  [Logging]        - https://news.ycombinator.com/item?id=7866147 - #dddddd - 8+
  Physical access  - https://news.ycombinator.com/item?id=7866013 - #dddddd - 8+
  Cloud sync       - https://news.ycombinator.com/item?id=7866132 - #cecece - 7
  Good citizen     - https://news.ycombinator.com/item?id=7865835 - #dddddd - 8+
  Worthy of trust  - https://news.ycombinator.com/item?id=7865835 - #cecece - 7
  Thanks, everyone - https://news.ycombinator.com/item?id=7866375 - #aeaeae - 5
  Total: 65+ downvotes
That's 65 or more counts of "Shut up," not including mpyne's comment. How many actual comments?

  Still don't know   - https://news.ycombinator.com/item?id=7865810
  This again?        - https://news.ycombinator.com/item?id=7865877
  Tracking semantics - https://news.ycombinator.com/item?id=7866094
  User's devices     - https://news.ycombinator.com/item?id=7865867
  Do you have proof  - https://news.ycombinator.com/item?id=7866098
  Orthogonal         - https://news.ycombinator.com/item?id=7865778
  Big corps not good - https://news.ycombinator.com/item?id=7865871
  Total: 7 comments (4 one-liners)
Only seven comments, four of which were one-liners with less content than most of my own comments. The remaining comments are mostly distractions from the actual claim, that Apple's past behavior doesn't lend itself to trust with one's privacy.

So again, where's the refutation? MAC address randomization is awesome, but why can I trust Apple to take the position of the "privacy" company?

This is Apple forcing the in-store analytics companies like Euclid to use iBeacon rather than WiFi. With the market share numbers the way they are, though, for all but the highest-end stores what Android does matters more.

I feel like this comment might give a mistaken impression, so I'd like to clarify.

Simply rolling out iBeacons does not replicate the copious data that one can currently get by monitoring WiFi probe requests. iBeacons, as designed, broadcast packets at a set rate using Bluetooth LE, and devices scan for those broadcasts. There is no two-way communication, and no probe requests from client devices.

In order for a company to use information from an iBeacon installation, they must have software running on the client scanning for unique iBeacon UUIDs, optionally filtered by "major" and "minor" uint16s to represent separate locations and nodes. Apple limits iOS apps to scanning for 20 UUIDs at any given time.

If the user does not have software that in some way scans for and does something with data from a particular iBeacon UUID, then the implementer gets no information. Thus, iBeacons move control over location and identity data from third parties to users. If a user installs, say, a Target iOS app, it can now scan for an iBeacon UUID that Target generates and can roll out across the country. Only once the user has made that affirmative choice can Target acquire information about that user or device.

> iBeacons, as currently designed, broadcast packets at a set rate using Bluetooth LE, and devices scan for those broadcasts.

It is possible that iBeacons will provide the copious amounts of data themselves, and this is the first step to that end, as the parent points out.

It is also worth noting that apps are only given access to scan for beacons if they have location services enabled. To be tracked using iBeacon, you have to download an app that scans for the correct UUID and have location services enabled for that app.

No. iBeacons broadcast their own presence only and cannot be used for surreptitious user tracking.

The only way an iBeacon could be used to track is in concert with an app running on the user's phone that communicates back to the business, letting them know you're near the beacon. In other words the user has to opt in to tracking, which is how it should be.

Despite this it does allow apple to enable customers to choose by turning bluetooth on/off, and not forcing them to disable wifi to avoid tracking (am I a minority that have bluetooth off by default?).

Using iBeacon wouldn't really be a solution for this, unless the store could depend on a significant proportion of users both installing their app and clicking the "yes, you can talk to iBeacons" option when it first runs. For most stores this won't be the case.

Yeah, I would guess that you'd get a pretty good sample without any iOS8 devices included.

It's still a good thing IMO.

It's about time. I quite intentionally keep my wifi mode off for this reason until I intend to use a network. No doubt someone is tracking and selling every transmission you make.

FWIW, once you read about a PoC of an attack/tracking vector on HackaDay, you can be sure it's already in production tracking you.



For the click averse, the above links are

* BlueTooth Sniper Rifle

* Tracking people by air pressure chips in car tires

MAC address ranges are assigned to device manufacturers, I wonder if they'll only randomize inside the Apple device range or if they'll go outside of it. Analytics companies might start seeing people carrying their sparcstations into the grocery store.

Globally administered MAC address ranges are assigned to manufacturers. The slide said "random, "locally* administered" addresses, which aren't assigned that way. There's a bit in the first octet to distinguish them; see https://en.wikipedia.org/wiki/Ethernet_address#Address_detai... .

excuse my ignorance but does that mean if one is to use a locally administered address a device is free to take whatever they please? What would be advantage of paying to the IEEE for a universally administered block?

> does that mean if one is to use a locally administered address a device is free to take whatever they please?

I think those have traditionally been set by network admins, not randomly chosen by devices, but pretty much: nobody apart from local admin coordinates addresses with the local bit set.

> What would be advantage of paying to the IEEE for a universally administered block?

The promise that no device built by other legit companies will have an address from that assigned block, so customers won't have to worry about MAC address conflicts, provided they use only widgets from those who honor the assignment scheme.

Legit devices have had duplicate Mac addresses even though they're not supposed to. In practice a totally random MAC is probably safer than the one assigned to a cheap network card.

Speaking of practice, I've found recently this: "Five thin client machines with same MAC Address?" ( http://superuser.com/q/760238/2357 )

This is interesting. If _I_ did this while trying to find an open network, I'd probably be described by the FBI man who tries to charge me with unauthorized network access as using countermeasures learned from al Qaeda's IT guys. If Apple does it on behalf of users though I'm sure it would be fine.

And yes, I've been involved in a criminal proceeding where the government tried to claim that changing a wifi MAC was evidence of malice.

well changing the MAC can be evidence for this:

imagine you get banned from your university network for breaking the terms of use (lets say torrenting) - you change your MAC address so you can get back on the network. you know you've been banned and you've made the conscious decision to bypass the security of the network.

We learned during the prosecution of Swartz that MAC addresses are the analog of VIN number numbers, and that tampering with them is a sign of ill intent. I await the federal case against Apple or an Apple customer with bated breath.

It's only a sign of ill intent if nobody does it. If everybody does it (because it's on by default) then it's normal.

>VIN number numbers

PNS syndrome plus one?!

What number numbers in VIN number numbers convinces you to number it as a number of numbers that numbers highly enough to be PNS syndrome?

You're ignoring the drastic differences in context between Swartz's actions and Apples. Context matters.

There's a great app for rooted Android devices called Pry-fi that generates random MAC addresses while you're not connected to a network.

edit: https://play.google.com/store/apps/details?id=eu.chainfire.p...

Thanks for the tip!

In reaction to the iOS news, the developer of Pry-Fi wrote this post about the state of the application:


Since the phone-specific Wifi stacks/drivers seem to be the main compatibility problem, I guess MAC randomization could be implemented as a Cyanogenmod feature on the device level.

OpenBSD's ifconfig has a flag that will cause the NIC to use a random MAC address, assuming your card allows for it.

Many Bluetooth LE devices (including iOS 7) do something similar -- otherwise you'd be able to track people by all of their BT LE devices which are constantly advertising their existence. They cycle their advertised MAC addresses every 15 minutes or so (and some provide a "random resolvable address" which you can use to find out the physical BT MAC address after pairing for easier reconnection).

From my office in downtown Los Altos, I can currently see a FitBit Flex, a FitBit One and a couple of phones -- the randomized MAC address is all that prevents someone bad from tracking them (BTLE scanners/phones are cheap!).

I guess you could still use the 15 minute MAC to track people through a train station or other semi-public space (to gather metrics on where people are coming from and going to). If you had a lot of antennas then you could circumvent the MAC cycling by linking devices in the same area with the same name and similar RSSI...

Yeah, our road authority uses anonomised Bluetooth tracking to calculate performance measures for particular routes (Automated numberplate recognition cameras are also used sometimes).

With Bluetooth, not just phones, but a lot of car stereos advertise their MACs.

Is there something like this available for Linux desktops?

There is a package called macchanger which is said to have the ability to spoof a random MAC address at each reboot. I have a new laptop with Ubuntu 14.04 freshly installed and I can't get it to work though. It's not a high priority but I would like to have this working soon. I used to do this about ten years ago on a laptop running XP and whatever program I was using worked flawlessly. I'm thinking it should be even easier in Linux but haven't found an 'it just works' solution yet.

IME the most reliable way to do this is with a udev rule.

Here's my setup (Fedora, so YMMV). /etc/udev/rules.d/51-macchanger.sh:

    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="iwlwifi", RUN+="/usr/local/bin/change-mac.sh wlp0s1"

        if [ "$#" != "1" ] 
            echo "mac changer script must be given iface name as argument: $@"
            echo "Using default of wlp0s1 instead." 

        /usr/sbin/ifconfig $iface down
        /bin/macchanger -r -b $iface #change to any random MAC address
        /usr/sbin/ifconfig $iface up
    ) >/var/log/change-mac

Note that you would need to specify the correct interface name in the udev rule (or figure out a way to get it dynamically--I never bothered). This also only works for Intel WiFi cards that use the iwlwifi driver; other cards with different drivers need their udev rule changed appropriately.

If you're wanting to accomplish this on your desktop/laptop... check out Arch Linux: https://wiki.archlinux.org/index.php/MAC_Address_Spoofing

Every single time my laptop boots up, it randomizes it's MAC address.

The FTC held a workshop this spring about location tracking, particularly the retail analytics kind that this is calculated to thwart. I spoke there and was the person on the panel categorically opposed to the tracking (though I placed the blame on the wifi device makers for leaking a tracking identifier, rather than the people taking advantage of the tracking opportunity).


You can also read the comments that various organizations filed about this:


If only they thought of that a few years ago [1] http://blog.erratasec.com/2013/01/i-conceal-my-identity-same...

I hope all the people with IOS8 won't be charged with wire fraud.

I've asked the HostAP mailing list about this as a feature request for wpa_supplicant.[1] From what Jouni Malinen says, it should be relatively straightforward.[2] (I think. I used a poor choice of words in my request.)

BTW AFAIK Android uses hostapd/wpa_supplicant.

Its beyond by technical abilities, but hopefully someone submits some patches. (Or Jouni graciously does the deed. Because he is awesome.) HINT HINT WINK WINK.

[1] http://lists.shmoo.com/pipermail/hostap/2014-June/030405.htm...

[2] http://lists.shmoo.com/pipermail/hostap/2014-June/030406.htm...

I wonder what effects this has on law enforcement. It seems probable that if stores are using systems to track people by WIFI Mac, then law enforcement is probably doing the same. An interesting trade off.

Also, does this apply to the other ID being broadcast, the Bluetooth MAC?

Im thinking this wont affect LEOs as they go through cell towers which is not wifi or bt. see: https://www.aclu.org/blog/national-security-technology-and-l...

I hope it still connects with the real MAC address. Otherwise that could get very problematic.

They could make it optional, but having such a technical option wouldn't be Apple's style. Perhaps it could generate a new random MAC address for each saved network, which would be thrown away when you use the 'Forget network' command.

That would probably solve most of the problems I was considering. But somehow I suspect implementing this may be more challenging than it appears.

Why is that? The only good use that comes to mind is MAC filtering, and that's easily defeated anyways.

DHCP with static (reserved) IP addresses comes to mind.

Yes, I do this at home because it resolves the problem of a duplicate IP addresses on the network caused by a device assuming it still has the same IP address (Apple devices seems to do this in particular) while meanwhile another one has taken it.

What? IME Apple devices are extremely polite about refusing/deactivating IP addresses that are already in use.

You may have been lucky, but I'd suggest looking at http://cafbit.com/entry/rapid_dhcp_or_how_do

There's been plenty of debate about whether this rapid DHCP behavior is desirable (e.g. Is the improvement in user experience worth the potential for conflicts and/or other issues on networks not expecting this?), but, either way, I don't see how that behavior can be fairly characterized as polite.

My experience is I get home, open my laptop, and it seems to by default assume it has the same IP as last time it was on my home network. Meanwhile my kid's 2DS game is using that IP, and I have a few minutes of chaos. I just assign fixed IPs to all the regularly connected devices and I don't encounter that.

Are you sure this isn't a router problem? A number of routers have an issue where they occasionally drop their table of DHCP allocations and just start again; this mostly only manifests when a new device connects.

It might be easily defeated, but some places rely on it, and iOS users would be effectively locked out of those networks.

If you connected to a hotspot using a captive portal, you would need to sign in every time you disconnected and re-connected from the access point.

This is just for scanning, look at the slide that is mentioned. Connects will still use the real MAC address.

This will probably throw Ruckus for a loop - http://www.ruckuswireless.com/products/smart-wireless-servic...

I don't know if anyone does that, but if you are making your access point only discoverable to known devices (i.e. known MAC addresses) then this would be a problem, right?

I think that's rare enough now that strong encryption is readily available for wireless, but yes, it would be a problem.

Has anyone stopped to ask if this is confirmed/true? TechCrunch/Gizmodo/etc... all picked up on this from Frederic's tweet but is a tweet really a definitive news source? Apple has been historically taciturn about documenting these things but does anyone have any more docs or sources for this issue?

Depressing that this is not done for OSX as well, but par for the course as iOS remains the focus of apple.

RIP Density [0].

[0] - http://www.density.io/

I think this is a feature for stores implementing WiFi tracking systems, not a hindrance. If I own a store, I really want to understand traffic patterns. If I can do that without causing a privacy shitstorm, I think that's a benefit.

They can use their extensive existing network of closed circuit video cameras to identify traffic patterns. Unless they want to tie customers to profiles (e.g. MAC to a credit card transaction) the resulting data would be the same. Cameras are even better at this because it counts everyone, smartphone owning or not.

You can't understand patterns from random data. Am I missing something you're seeing?

Traffic analysis and some statistical methods should give you a lot of interesting data. Yes it's not individualized long-term tracking, but you can figure out when and where people are visiting, and I think even tease out how long people spend at each point, even if the MAC is randomized for each request.

They can still understand when anonymous shoppers arrive and when they leave. However, I think zaroth is underestimating how much more useful it is to track an individual shopper's visits over time.

If the devices now send a random address for each probe request, you can't even do that anymore... all you'll have is a database full of single requests for a ton of random macaddress

I've got a new iPod touch that I've upgraded to the iOS 8 beta and I'm still seeing probe requests with the real MAC address. I wonder if this feature isn't turned on yet, or if it only works in certain conditions.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact