So... turn off Bluetooth and Wifi when you go into a store? Put subtle lines on your face with makeup to confuse their facial recognition systems? What else do we need to do now to go out in public?
fyi BLE tracking is both completely legal and has wide spread usage all across the EU. there’s hundreds of EU-based companies that provide these kinds of services.
Android has a feature called "nearby device scanning" so even if you turn off bluetooth, apps can still do BLE. I suspect stuff like this, where many many apps can spy on you on behalf of others, is why Google made BT access a Location category. But it means your weather app that uses location to tell you where you are? It is selling your location via BT beacons to 3rd parties.
Meet the newest Android Q (10) which is available as a beta. The permission levels are there for what you wish. It's impressive to see just how many apps were previously getting background location (and many other) permissions by default. Eye opening experience for someone that figured it wasn't that bad.
> Meet the newest Android Q (10) which is available as a beta. The permission levels are there for what you wish.
I would like to congratulate Google for such hard work. I mean, CyanogenMod 7 in 2010 could revoke any app permission at the user's will, but you know, computers are difficult
For those who are interested, this feature can be deactivated. The location in settings has moved around a bit, but you can just search for "nearby device scanning" and shut it off for both Wi-Fi and Bluetooth.
Nothing would make me want to buy yogurt less than an ad on my phone while I'm looking at yogurt. I would hope everyone would feel the same way, to disincentivize this.
The first time this happens, I'm not going to buy the thing, but I'm going to jump through whatever hoops are necessary to disable this feature on my device. If that doesn't work, I'm going to get another device and then I'm never going to patronize whatever retailer did this.
I suspect eventually this will make people irate and these sorts of things will become opt-in.
The best way to protest surveillance capitalism is to make it ineffective. If you get a pushy or creepy ad, go out of your way to avoid that product or brand. Even if it is appealing to you. Even if it's a good deal. Send the strongest kind of signal against targeted ads: money.
I do whenever I can. For instance, for close to a decade now I maintain a blanket ban on Groupon for that one time they spammed me with retargeted ads a bit too hard (3+ same ugly pink ads simultaneously on a single webpage).
Now that the privacy pendulum is swinging the other way I'm curious if Apple will ultimately be the undoing of this thing they helped create. If devices using iOS 13 start broadcasting a constantly changing bluetooth ID as a part of the new "Find My" feature these systems won't be able to track users from beacon to beacon or know how long you were in range of a single beacon.
This will probably wreak havoc on traffic counters and other infrastructure that use bluetooth bacons to do things like monitor highway congestion and foot traffic
> If devices using iOS 13 start broadcasting a constantly changing bluetooth ID
They've always done this. I think you have your threat model inverted. Beacons aren't tracking phones around stores.
3rd party SDKs installed in apps are tracking user's indoor location via beacon triangulation and uploading that data. A subtle, but important difference.
The issue is that there are legitimate uses for this type of code, though. For example, I have my home set up with tons of automations that change, for example, the color of the lights when I'm in the kitchen vs. when my wife is in the kitchen. She prefers warm lighting and I prefer the daytime lighting. It's the same technology, it's just being misused in these commercial instances, in my opinion. People don't actually know that they're agreeing to this type of usage.
This is incorrect. Your phone detects the beacons, not the other way around, and then forwards the notifications to {insert app here}, and then the app sends information (beacon id, user_id, ...) to their servers.
I actually implemented a nearly identical system for my senior design project, except we targeted the smart home ecosystem. Basic use cases would be automatically turning on/off lights or having a music stream/temperature preference/... follow you as you move throughout your house and enter/leave rooms. All implemented by an app on your phone detecting strategically placed beacons.
I was working with Target when they did this roll-out. As sinister as everyone here seems to make it sound, I can assure you at that time it was not. If you're familiar with the inception of corporate projects, this project was no exception to any of the stereotypical fumbles and foibles of any effort of this scale.
It began simply because Apple said "...iBEACON.." and everyone corporate wanted the new buzzword in their portfolio to let people know how hot/hip/tech they were (toys -r- us considered it for awhile) so they could pull the kids away from the internet and back into brick-and-mortar. How can we use these? What are they good for? No one really cared, they just wanted them in the store and we were there to sell them that (at a premium).
In 2015 - indoor location was bogus. Everyone in this forum seems confident that there are multiple ways you can determine location with Wifi (round trip packet time) or bluetooth (RSSI). A cacophony of radio in a catastrophically noisy environment does not work to provide reliable location information.
In fact - it was so bad, that there were a handful of other equally unrealistic solutions being pedaled by everyone from universities to light-bulb manufacturers. One such solution was to profile the accessible space of a building using a phone's compass, and then use the observations from a client device compass to identify how generated patterns correlated to the profile for the building.
The torrent of data you see pouring from your phone to the service via wireshark is real-time sensor data that is being used to feed a service side bayesian / markov-chain / monte carlo / kalman-particle filter / keyword soup monstrosity trying to generate some possible marginal confidence in a probable location. We found that this system was most effective in turning your phone into a pocket warmer, but sold like hot-cakes in a B2B setting wherein the intended end user had absolutely no voice.
Corporate wanted to buy it so they could sell advert-space (pop-up coupons) to affiliates. So we sold them something that worked barely well enough to provide a one-popup demo to potential interested parties. The affiliates bought the magic, corporate paid our company an arbitrarily large quantity of dollars for the service.
A deployment of thousands of coin-cell driven beacons per store, placed within reach of bored youths, maintained by an underpaid associate staff is of only questionable utility.
On a scale of things to worry about, ranging from nuclear holocaust to e. coli in your produce - this ranks a solid -3. In fact, in the 4 years since I've worked in this field I think the only advancement that has been made is that it's harder for third parties to sell because no one can do it well, so why not just do it in-house? It's cheaper and has the same garbage result.
If you think I'm wrong - go do it yourself. All these signals are easily grep-ed within any store (there's no way to make it proprietary), and you can create your own model and out-sell the proprietor. Surprise me. With an actual, viable client-oriented product (and assuming users actually want reliable indoor location) you'll make bundles selling it to the valley. Everyone is trying to do it (even cisco tried for awhile) - no one has.
Michael Kwet has read all the marketing copy, and rewritten it for popular consumption as a product. The insight/value provided by these systems is far more sparse than implied.
Bluetooth 5.1 promises a sub-meter accuracy in distance finding using Bluetooth beacons. When those devices become available you'll probably want to re-evaluate those statements.
I didn't know it was a secret? Figured it was pretty common knowledge back when iBeacons and similar were announced and when major retailers like Target even made press releases about it
Kind of funny that Apple pushing privacy basically helped create this kind of tracking to begin with.
Edit: NYT article mentions other apps selling data to retailers. I think it's time apps start asking permission to use BTLE. No reason a weather app needs that kind of access.
Wasn't this tracking the defining business use case going all the way back to when Apple introduced them in 2013? These devices might not be well know, but I don't think anyone was actively trying to hide why businesses were installing these things.
A provocative thought experiment: are you more annoyed by retailers recommending a product you just purchased from them, or a retailer recommending a product you probably will need soon? In a world blanketed by advertising, I would rather see relevant advertisements than be bombarded by garbage. Maybe I will get a deal, maybe I will discover something I like, maybe I will ignore it... but the spray-and-pray untargeted advertising that tries to advertise arthritis medication to me as a 31-year-old man is guaranteed only to annoy.
I find highly relevant advertisements creepy. A sort of advertising uncanny valley. I'll take the minor annoyance of a garbage ad bombardment any day over, what is to me, the much more concerning feeling of being surveilled.
> Maybe I will get a deal, maybe I will discover something I like
This is what the ad industry exploiting the fear of missing out [1] looks like when they tout the virtues of "relevant ads". You might draw a comparison with casino marketing to gambling addicts, alcohol to alcoholics, etc -- it's rather slimy.
1. Set up a bluetooth beacon in the diary aisle that broadcasts as a connectable (nor not?) device with an "SSID" (or the bluetooth equivelant) that is a known GUID
2. apps on your phone can scan for available bluetooth devices, and see the presence of the GUID, which is enough for them to know you are in the dairy aisle of Store 1234.
if that's right, does this mean disabling bluetooth, or restricting a device's access to scan for devices, will preclude this?
You don't need the Target app to be tracked by Target, since the tracking beacon code can be in any number of unrelated apps (weather, news, games, etc.)
Honestly, part of this doesn't bother me that much. It doesn't bother me for a store to know where I'm standing while I'm in their store.
What does bother me is the part where they can get lots of other data and use it to build a profile of me that spans far beyond their store. The fact that this Pulsate company encourages devs to include my email address, for example, seems really invasive, and probably would be illegal under the GDPR?
This is really big in the WiFi space. Aruba, Cisco, etc all market services to public places like malls where you throw in a huge public wifi network, and regardless of whether you connect or not, they can see phones looking for known network and track traffic patterns.
Malls can then see which stores have highest foot traffic on what days, etc.
It's actually one of the things that justifies the expense for huge, expensive free wifi deployments. And it is used to more accurately price locations around malls.
The other alternatives to getting the same kind of data is security camera analytics. Sometimes literally someone just watching footage and taking notes on who they see and what kind of demographics, etc. Which is problematic in it's own right.
A lot of Verizon stores are owned by third-party companies. I had the chance to speak to one of the regional reps in a college class and he told me his company [1] does facial tracking of everyone who comes in the store. It also monitors employees and how many breaks they are taking/what they are doing (like hiding in the stock room).
This is rage inducing. I went into this article thinking "ok as long as I don't have the Target or Ikea or whatever app installed on my phone, I'm fine." While that is a primary way, this needs to be outlawed:
> These companies take their beacon tracking code and bundle it into a toolkit developers can use. The makers of many popular apps, such as those for news or weather updates, insert these toolkits into their apps. They might be paid by the beacon companies or receive other benefits...
Ban this, full stop, on both ends of this transaction. The Reveal Medias and the scummy app devs using their ~~SDKs~~ trojan horses. At the very least these apps need to be named and shamed, I find this fraudulent and extremely difficult for end users to police.
I have very minor hope that Apple at least will one day shine light on this or ban apps who are not transparent about the data they're sending and to whom, as it doesn't conflict with their business model and they seem to be moving there. For now I have to essentially disable bluetooth when I get out of my car.
I'm guessing this can be policed by a service allowing the user to see a map containing location detail & time accessed information per apps installed. Thus, showing the user which apps installed are signaling with bluetooth and when they're entering specific stores throughout the day.
This is a feature that's being added to iOS 13, along with occasional popups reminding you that an app has location privileges, and a map of where it's been tracking you.
This is how an app like Facebook can show you an ad on something you were talking about.
It would be naive to point the finger at Facebook listening to you, it would be more accurate to assume its EVERY OTHER app (including FB) gathering data about you and your surroundings - MAYBE ONE IS ACTUALLY LISTENING - but whether any individual app is or isn't, the data brokers have all the data as well as other people like you that have probably reacted to the same external stimulus and can be predicted to be thinking about a certain product around that point in time.
POOF - an ad about that thing you talked about, now on your Facebook feed.
Zuckerberg gets hauled in front of Congress, accurately says "what? no we don't do that", data brokers and software engineers laugh to the bank and let Zuckerberg get crucified for their sins.
Yes absolutely, everyone else is gathering this apparently and it has to just be assumed now. I hadn't thought about it with the "facebook is listening" stuff but this makes way more sense.
It's particularly frustrating given how hard I try to disassociate myself and my family from "data brokers" and then I read another thing like this.
I think people jump to "the app is listening" because it's the easiest concept to understand. Anyone with a technical background knows why that's extremely unlikely, but it still makes more sense to people as a narrative than the complex web of online trackers and analytics gathering that happens out of sight and contains vastly more information about individuals than could be gleaned by eavesdropping on ambient room noise.
> This is how an app like Facebook can show you an ad on something you were talking about.
I helped my sister look at a new car an hour away in another town. Back home that evening YouTube was suddenly suggesting new car videos.
Not so much Bluetooth as my own fault for using Google products and tracking but still it was disturbing. I did not search for anything car related myself or for my sister all I did was visit a car dealership.
If Apple really cared about privacy&security, they wouldn't do only a milquetoast appeasement like "ban apps who are not transparent about the data they're sending and to whom" (which is arguably how we got into this out-of-control industry sociopathy in the first place, with "self-regulation" and "privacy policies"), but Apple could even kill off most all surveillance possibilities in apps.
Imagine if using an app on your iPhone was regarded as more safe than visiting a Web page produced by the same organization, because Apple protected you more than Web standards do. It's a definite technical possibility, and I suppose it might make business sense for Apple.
Just disable background activity for all apps that you don't fully trust. For me, that pretty much means like four first-party Apple apps that actually reasonably need it.
That's a good personal workaround, but it's not a solution to a problem - much like moving to a different city doesn't solve the problem of the manufacturing plant poisoning the water supply of the city you live in.
Adtech industry needs to be torched. GDPR was a step in the right direction, but unfortunately isn't nearly enough (I'd start with more aggressive enforcement of it, though). Something to pressure your politicians for.
I wonder if the usage of any data by advertisers was the hardest regulated, could you stifle demand for certain types of data sources. If you need to show a verifiable paper trail that leads back to a trusted acceptance from the individual user, then it would hopefully make advertisers think twice about their data sources as many technologies out there now rely on user fingerprinting to skirt privacy regulations, and could never provide proof of consent for collecting their data.
What about all the people around the world who can't afford to pay for the services that adtech currently pays for for them? Why do you feel you can make the decision to get rid of adtech on their behalf?
I'm not making the decision for anyone - I'm not the Supreme Commander of the Solar System (yet). I am merely advocating for destruction of adtech, as much as I can.
As for people using services subsidized by adtech - there's no rule of the universe that says you can either pay everything in cash, or have it free with ads. Those are only two particular business models out of space of many. Getting rid of adtech will only make ad-powered service providers switch to the next best model, hopefully a more ethical one.
The question you're posing is equivalent to "what about all the people who couldn't afford X if providing X wouldn't involve toxic chemicals poisoning their water supply?". Societies around the world consider many business models unacceptable; I'm only pleading that advertising as practiced be added to the list of such unacceptable business models.
But it won't be. And even if it were, let us remember how well the law works to curtail crime among governments and wealthy corporations and individuals. They'll hide it, "repurpose it", lie about it, and engage in years-long legal battles during which time the public loses interest. If it is more profitable to break the law and pay the fine, that is the best business decision.
That's true... and that's why we should push for 2 things to happen when it is found that a business knowingly broke the law (or knew it was at risk of breaking and went on anyways) :
- a "proportionate" fine should never be less than 100% of the profits derived from their behaviour
- whoever authorized the company to go forward should be personally on the hook too
I saw a thing 10-15 years ago with a business associate building retail. He had average income for everyone driving by, some profession data, all sources from mobile carriers.
I think it helps when you’re siting locations from a thousand miles away and don’t know the areas you are investing in. You don’t want to drop a Dollar General in an upscale suburban environment, nor drop a Chipotle a half mile away in a trailer park corridor.
I find it interesting that the article doesn't mention how various agencies track you through bluetooth beacons when you drive down a road or walk around a city. These devices are in plain view for everyone to see, but for some reason it seems that most people don't see them and basically nobody ever talks about them, yet they are everywhere.
They could have the whole thing be opt in as opposed to opt out. If you want to find the drills at your home depo then opt in via the app otherwise could be ignored. This would at least give people visibility in the same way location services, contacts and push notifications do.
Reminds me of attending a concert around 2009. We were chilling to the pre-set tracks, my date started fiddling with Shazam on her iPhone. I walked back to the sound booth and asked.
No, turning that off blocks beacons and disallows new connections via bt. It still allows existing active connections which may be where it’s confusing.
iOS 13 actually has BT permissions per-app, and blocking that has no bearing on bt audio as that’s handled on the system level. It’s quite eye opening. Netflix for example wants access to BT even though there is absolutely no Netflix accessory that would warrant such access. I’m pretty thrilled about the change and it only cements my choice of iOS for me.
That still won't change much, though, because, inevitably, there will be some app that requires Bluetooth for some fundamental aspect of its use that will also use one of these SDK's. Granting that app access to this will give it all the info it needs. What really needs to happen is that Apple needs to make some of these beacon-able permissions more granular. How to do that in a way that a tech-naive population understands what's happening is a very difficult problem to solve, though.
Fitbit is a good example. I'm willing to bet a good amount of money that they sell a lot of the BLE beacon data they snarf up alongside their heart rate monitor data.
Fitbit is a good example of an app that requires permanent Bluetooth access, but a terrible example of a company likely to sell user data. Fitbit's users are its customers, and are the source of $1.5 billion per year in revenue. Any money gained from selling that data would be miniscule in comparison, and would put the main revenue stream at risk by alienating customers.
It's not Fitbit that necessarily is collecting this data, though. Fitbit might simply be using an SDK for Bluetooth detection, for example, that's provided by a company that does sell user data. The number of paid platforms and frameworks that are out there and used by all kinds of companies is crazy and it's not too big of a stretch to realize that some kind of tracking framework runs on the business of aggregating and selling that data while only providing the company in question using the framework with some of it.
It's not even too big of a stretch to realize how many free WordPress frameworks out there collect and sell aggregated site visitor data. I mean... if you're using a free Google Analytics service, do you honestly think they're not doing something with all that access to your site info?
That doesn't change the fact that they could be using another framework or library that has code to access Bluetooth. As long as the app has been granted access, the framework would have access too.
I really doubt there is any such application that most consumers would install. Maybe there are some industrial applications but most people have no use for Bluetooth apart from audio.
Apple doesn’t pop up this permission dialog for their proprietary iBeacon system though, since thats also handled at the system level. With that taken into consideration, this feels less like a privacy feature and more like an anticompetitive move.
At least, that’s the situation to the best of my knowledge.
It makes me sad how crappy weather apps are in particular. I keep getting this ad for "NOAA Weather Radar", which sounds official, but it's actually some adware by some Russian throwaway app company. I am not sure why the NOAA lets them call the app that. (OK, I actually sent them an email about it and haven't seen the ad for a while, so maybe they got caught.)
What annoys me is that weather is built into both popular phone OSes, so I am not sure why people install ad/tracking apps to get weather information. (What makes me sad is that I really like Weather Underground and subscribed for years... but now their website is super slow and bug-ridden, and I believe it's officially been canceled by their new corporate overlords. So I have no real good way to get "advanced" radar products except via GRLevel3.)
>Location marketing aims to understand “online-offline attribution.” If a Starbucks coffee ad is sent to your email, for example, marketers want to know if you actually went there and bought a coffee. The only way to know is to monitor your online and offline habits at all times.
Make no mistake: the purpose of marketing is to maximize information asymmetry. The natural end point is totalitarian: they know everything about you, and you know nothing at all, blindly obeying.
That is not the purpose of all marketing. That might be the purpose of this kind of tracking, but I don't think telling people the product you created to serve their need is inherently evil.
At its best, marketing is a way to let people know the goods and services you have that can make their lives better.
This is marketing at its worst.
I really enjoy this explanation of why targeted advertising is such a horrible thing:
> I don't think telling people the product you created to serve their need is inherently evil.
Of course it isn't evil, but this is not what marketing is doing - and claiming so amounts to a motte-and-bailey defense of an industry that's rotten to the core and quite openly malicious towards their fellow human beings.
I won't go so far as to say there are zero companies doing ethical marketing, but I am convinced there are very few of them - simply because ethical marketing is at severe competitive disadvantage to unethical one.
"I am just saying the idea of marketing is not inherently evil."
And probably most of us, including me, would agree. The problem is when the market is saturated with goods compared to buyers so that more aggressive methods - read: lies and subtle psychological tactics - are used to convince those buyers they need this or that product when they actually don't. Which becomes even more evil when the product is something potentially harmful such as unneeded food, medicines, anything that will be soon thrown away creating more pollution, etc.
The problem isn't marketing by itself, but the total disregard for moral issues that can and will make it harmful once overproduction and saturated markets get us to a point where lying is the only way to keep businesses alive.
Correct. In capitalism, marketing is the bidirectional flow of information correcting the asymmetry from inefficient markets. This manifests as branding, advertising, affiliate, etc. in the consumer direction and research, surveying, tracking, etc. in the seller direction.
It is the opposite of what GP is saying here, despite their doomsaying at their own revelation that retailers are listening to the broadcasting device consumers bring onto their property to better understand them.
I think positioning any kind of advertising as "helpfully informing" consumers is wrong. The ad wants me to buy the product. That's its purpose. No matter if it's bad for me. No matter if it's useless, or overpriced, or a competitor makes a better one. If a product I happen to buy because of an ad is actually the best use of my money, that's nothing more than a happy coincidence. No ad ever gave a list of reasons why you shouldn't buy a product.
When someone clearly lists the merits of a product without conflict of interest, then that does indeed lets people known what goods and services make their lives better. We have a different word for that - a "review". The purpose of an ad, by definition, is not to inform - the purpose is to persuade. They are opposites.
Advertising/marketing word differences aside, when you put all of this into a bid based auction marketplace, the results for customers are pretty ugly. The flipside is that when a company over-optimizes their ad campaign and the margins of their product, there is no word of mouth and customers leave quickly because eventually the product is complete shit.
On the iPhone turning off Bluetooth using the control center doesn’t even turn it of fully, precisely so that these location services (and other features) are still available.
Sidenote, it behaves differently if you've enabled airplane mode (or at least so the UI would indicate). In airplane mode, it gives no message and the wifi/bt icon goes transparent. If you're not in airplane mode, the wifi/bt icon goes light gray and it says 'disconnecting <device type> devices until tomorrow' but the radio is still on as your article mentions.
Personally I miss the old behavior where it just turns it off, but I'm often in airplane mode so I get the old behavior anyway and great battery life :P
i believe on iphones, the fake off-switch for bluetooth disconnects the devices you actually want connected (airpods, watch), while not being completely off for everything else, like beacons.
instead, it should only maintain bluetooth connections to devices already connected (or better yet, trusted), while being invisible to everything else. i know with bluetooth this is technically difficult, if not impossible, but that would be the more customer-friendly implementation.
It keeps the watch, pencil and airpods connected. Disconnects my third party keyboard. Unsure how it works in the mall scenario.
Anyone know? Occurs to me I could shut wifi fully off when leaving home, and turn bluetooth off with the toggle to still use my devices. Don’t know if that’s useful however.
Used to use airplane mode all the time, but modern convenience became too great.
hmmm, are you sure these things stay connected? i just tried with those 3 items and none stayed connected when i fake turned-off bluetooth on my iphone/ipad.
or maybe it's a feature of the newer devices? my apple devices are older and have bluetooth 4.2 still.
Yep and I’ve been researching this for robotics. The new WiFi standard 802.11mc includes improved time-of-flight measurement of radio packets such that the device can be localized to within 1 meter reliably. Android 9 and the Pixel already support this, though WiFi APs supporting this are still in the early phases. Google WiFi supports it tho.
The good news is that this technology does not tell the AP where you are, only the device knows. However an app on your device could share this information with advertisers.
So when can we start using this stuff to get indoor navigation or navigation inside tunnels to work properly? If we are being tracked we should get some benefit from it as well.
In order for this to work the apps have to listen to bluetooth signals from the beacons (or register a hook for an OS level beacon listening service?). How do I prevent an app from listening to bluetooth? Is this gated by the iOS "access current location" permission, or the "bluetooth sharing" permission?
The iOS docs I've found are unclear:
https://developer.apple.com/ibeacon/Getting-Started-with-iBe...
Yes. My company (MixRank) downloads and analyzes mobile apps. Among other things, we determine what SDKs, APIs, etc, an app uses. We have 20k SDKs identified and track all of their installs/uninstalls.
I actually implemented a nearly identical system for my senior design project, except we targeted the smart home ecosystem. Basic use cases would be automatically turning on/off lights or having a music stream/temperature preference/... follow you as you move throughout your house and enter/leave rooms. All implemented by an app on your phone detecting strategically placed beacons.
Haha I did a very similar thing for mine - it was using these to replace clock in systems for hourly workers, no more need to clock in or out, the app would auto detect when you entered/left the building
Based on the title of the article I was expecting the stores to passively collect data based on the MAC address. I guess I was way wrong. I am a traffic engineer and we use passive BT MAC address scanners to sort out origin/destination and travel time. This is done by setting up multiple detectors around a study area. Each detector saves the time and MAC address of every device it detects. We later match the MAC addresses that have been detected at multiple locations and that gives us the travel time between them. The raw data is rather useless for any other purpose, to us at least, and is tossed after we are confident in the data results. If a store were to use something like this, they would have to tie my MAC address to me, which I doubt would be too hard.
I don't see anything wrong with passively tracking people in a store, mall, shopping center, etc., as long as it is used to inform the owners of movement patterns in the area. To use the information to push notifications and determine purchasing habits of people is over the line.
To me there is a difference between what you describe, where hardware deployed in stores collect detected bluetooth signatures, and what this article describes, which is YOUR OWN DEVICE reporting on your movements.
I feel like I need a lot more clarification here, can anybody help out, whether on iOS or Android:
1) Some random third-party app has to be running on your phone to detect beacons and send the data back... how viable/likely is this actually? It seems like this would only ever effectively detect a tiny percentage of users at best who just happen to have one of the apps open while walking around a store?
2) For an app to detect beacons, don't you have to give permission for the app to use Location Services? I've tried Googling it but can't seem to find a definite answer... I'd be surprised (and saddened) if Apple or Google are allowing apps to detect beacons without explicit location or Bluetooth permissions.
3) If the goal is to track as many users as possible... wouldn't it be far more efficient to look for Wi-Fi devices that are scanning, and identify them by their MAC address? I don't understand what Bluetooth beacons enable that Wi-Fi scanning doesn't.
4) The article lists companies that provide these third-party toolkits... but not a single name of an app that uses them, or what percentage of phones contain an app with them. Since this is the main accusation of the article... I don't understand why they wouldn't provide even a single instance of proof.
I've just seen a lot of very questionable reporting from the NYT in the past on tech/security/privacy, so I'd like to understand better how real this is or not.
Unsure about the others but for (2), no. These beacons use low energy Bluetooth so when the app finds a beacon with just Bluetooth (which doesn’t require explicit permission afaik) it can simply report back with that - presumably the owner of the beacon (the store) knows where the beacon is and now they know your approximate location without any phone location services necessary
I can answer some of these... keep in mind this perspective is from the Android ecosystem, where I was able to get a similar system working.
1. Apps can be running in the background. I'd say its more common than you think
2. You need to provide location permissions (either the ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION). It seems like every app requests these permissions anyway, so not a red flag just on its own.
3. Something scanning for a WIFI devices has no way (easily) to coorelate those addresses back to a user. With this bluetooth low energy method, the users own phone is the one who reports the detection back to {company}'s servers, so it can pass along any/all other information it has about you. Their location accuracy is also pretty crazy (radius is within centimeters if they've done it well).
4. Bluetooth low energy is actually crazy easy to set up, see here for more...
https://developer.android.com/guide/topics/connectivity/blue...
> Some random third-party app has to be running on your phone to detect beacons and send the data back
They don't have to be running. Here's my understanding (for iOS anyway):
1. Apps have the ability to subscribe to bluetooth callbacks from the OS, which is constantly scanning for them (about once a second, from memory). It will be something like, "wake me up when you detect that beacon with UUID ABCD123 is in range". ABCD123 would be the standard ID of a marketing company's beacons - there could be millions of them.
2. The beacon also have sub-IDs identifying the exact beacon being used. The marketing company will know which are where.
3. Whenever the beacon is in range, the OS pings the app with the data, which decides what to do with it in the same manner as a background data refresh. This could be something useful, like waking up to let you know your suitcase is nearby - but it could also be silently uploading that data to a server.
4. The software to do this is being bundled as a paid SDK in a great many seemingly-unrelated apps, such as weather apps.
5. This behaviour is not counted as location services in the OS, and may or may not be disabled even when bluetooth is "off" on the phone
Corrections welcome but I believe that's roughly what's going on.
I'd greatly appreciate something like Little Snitch on the iPhone so I could see which apps are doing this and delete them with extreme prejudice. Back in reality, I'm glad this is getting attention - at the very least Apple should be providing a list of apps requesting BT access, and indeed any network access over time.
I'm pretty shocked all this can go on in the background without permissions. With Apple adopting such a privacy-conscious stance, I really hope this gets their attention so beacon scanning requires explicit permission in the future (and separate from location services -- my weather app needs to know where I am, but certainly doesn't need to scan for beacons).
It certainly is. I knew about the mechanics of it but hadn't realised it was being so widely abused. I would like to see Apple come down on this swift and hard.
Third party paid SDKs! Those cunning bastards. AdTech really is the dregs.
It’s worse. I have personal knowledge from a lot client work in this space.
There are companies offering some basic functions like “wayfinding” so the retailer or mall wants to give wayfinding to the user in their app. Sounds good, in fact it’s cheap, and they will even handle the beacon deployment... hook up sdk to wireshark and find it sending lots of data, some of it comes to me (retailer api) but a metric ton of it is going back to the provider. Being able to see the installed solution in multiple retailers and seeing the app code you start to notice persistence between them... retailer and mall didn’t even ask for this. They just wanted wayfinding.
Yes that's exactly how this gets implemented in practice.
I did quite a bit of client work here too, specifically around using already existing surveillance camera networks to build user profiles.
At the end of the day the goal is to optimize for the intersection of "what the user wants" and "what we want to sell." So, a low collection system will give bad recommendations and a really good recommendation system will have an immense amount about the user.
Now that I talk with people on the other side of this, it's clear that most don't really care as long as they are getting good suggestions. I had this conversation just a few weeks ago with a young lady and her take was: "It's kind of creepy, but if it gives me good suggestions, I don't really care."
I've used systems that leverage passive detection of Bluetooth, Wifi, and other radio signals as an indicator. No Apps required. Tying beacons into points of authentication (login from workspace) or transactional data at a register.
A large portion of it was actually focused around security and not product marketing, but the tech is the same.
Does the BT detection work the same way that WiFi access point scanning works? I know that app developers use this WiFi tech from a client (device) side to determine location, but I am a bit disturbed about the aspect of this being so accurate with BT devices.
Reminds me of an old Mac application from PowerPC days that would sense your phone's Bluetooth coming into the room and automatically unlock your computer.
I thought it was pretty cool.
Current Macs have that possibility built-in, but it only works with the Watch.
I use MacID app on my iOS device to quickly wake my OSx machine via Bluetooth and authenticate w touchID. I think it's pretty slick. Not for the security crucial installation but fine for home.
>This is an Unpopular Opinion, but IMHO thats kind of a reasonable stance to take.
I disagree. The recommendation is immediate and apparent to the end-user. The negative potential uses/consequences of all the other data collection are not.
It's funny, but when an unsuspecting person gets a home loan they can't possibly afford pushed on them by a shifty mortgage broker, people here cry bloody murder. But when people ignorantly consent to having their data harvested for the pleasure of better targeted advertising, the tech community happily says "but they asked for it!"
> But when people ignorantly consent to having their data harvested for the pleasure of better targeted advertising, the tech community happily says "but they asked for it!"
What? I feel like the only topic the tech community gets worked up about that nobody else cares about is digital privacy. There are always people on hacker news condemning a lack of privacy and targeted ads - I'd venture it's the majority of people on this site that feel that way.
All Reddit twitter and HN do is complain about data privacy and ads. It’s the complete opposite of ever being “they asked for it”. Can you find any big thread with more than a few small comments Resembling “they asked for it”? I can give you tons of examples for data privacy and anti ad stances. Just go to any FB thread. Or even this thread.
That's not unpopular. That's the idea of a two sided transaction, you learn a little about me and point me in the right direction as a personal shopper and I'll buy something from you.
Also, point out that you're going to sell that data to anyone who asks, link it to your facebook profile and CC data and people start to get a little uneasy. The reason people tend to view these things as OK, is that they see it as a 2 sided transaction and don't realize the implications of unregulated data. If we had clear laws around data, and consent of use of data like GDPR in the EU, it's a completely reasonable stance to take. (even with GDPR, there's a lot of data in things like tracking beacons and video recognition in public that are difficult to consent too or have data removed . . ..)
Part of the problem I think is that these people don't actually comprehend what is happening and the possible consequences. To them it's just a magic black box.
Maybe I’m one of these people. What exactly are the consequences? So far, the most damaging consequence of overreaching customer privacy is the famous teenage pregnancy leak when Target sent out coupon mailers to expecting moms based on shopping history.
That’s a really weirdly specific issue, and hard to imaging a similar scenario that would affect my life in some equally horrible way.
Am I missing something? Why should I be so afraid of Home Depot or whatever knowing a little bit about me?
It's not that you should necessarily be afraid of it but rather that you should be more aware of it. Advertising is now weaponized to the point that companies can take advantage of people through psychological tricks to get them to disadvantage themselves just to make a sale. Imagine the housing crisis amped up to an order of magnitude. Transactions, theoretically, should be based on good faith from both parties. If a business has far more insight into you than you have into them, though, then nearly every transaction has the potential to be predatory.
As a more serious and well-known concrete threat, this type of data is regularly aggregated by data brokers, and then used by stalkers and domestic abusers to commit crimes.
I imagine it being available and cheaply for sale is also a boon for various financial crimes/fraud.
It's not home depot specifically to be worried about knowing a little about you, but about them not being competent to control that data and everyone's little bit becoming a lot more significant and dangerous when combined.
edit: Also, the same type of information can easily be used later by government. I imagine if Uyghurs were not being specifically targeted by the Chinese government for cultural extermination there would be little trouble in their cultural identity being discernible from certain purchasing profiles. Once they are rounded up into camps, the last 15 years of detailed surveillance about them becomes very troublesome for them.
Never heard of them selling to individuals but it wouldn't surprise me if they do. At the very least a record should be kept of who they sold the data to in case it is used for a purpose like stalking someone.
My wife got a box of Enfamil Fedexed to our door as a promotion on what would have been the due date of our baby. Unfortunately, she miscarried at 3 months.
They knew this because marketers get near real-time access to prescriptions, hospital admissions and other things.
You should care because your information will be sold or traded, and behaviors can be correlated against medical and other outcomes.
Are you a divorced dad who has moved within 90 days and play daily fantasy sports? I can buy a list that will find you for $250. You are a risk for opioid addiction and may get denied service in the future for medical issues. Or you may attract advertising tailored to get you to gamble or drink more, when you are at your most vulnerable.
If what you are saying is true (I'm genuinely asking), that sounds like behavior that should absolutely be made illegal and severely punished.
I try to maintain a "lite" internet footprint (no facebook, only social media is LinkedIn, I use a VPN when I can) ... it's a little disturbing to think that someone can just purchase my buying history and use it as, essentially, an attack vector to serve me ads or gaslight me into buying stuff I don't really want or need.
Yes, you are. The events surrounding what happened to my wife was very painful (an ectopic pregnancy that nearly killed her), and a thoughtless reminder was very unwelcome. I still feel violated and betrayed.
In our case, I found out the marketing list from Enfamil and bought it for my zip code. I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
In our case, the hospital pharmacy issued drugs to her indicative of a pregnancy. The pharmacy or insurer provides that information in real time to data brokers. The pharmaceutical companies assign quotas and send salespeople for certain drugs. There are other ways for data to get out that we’re not certain of. Perhaps the insurer “anonymizes” and sells subrogation information. Or the lab. In any case, they knew that my wife was admitted to an OB floor of a hospital, but didn’t know the outcome.
It’s not going away. The US government uses these same techniques with companies like Google to combat extremism or terrorist conversions — they actually use factors like this to target potential recruits with counter-information via ads.
That's really awful; I'm so sorry you both had to go through that.
Would you mind sharing more information about how you found that list (esp for a given zip), and how you think they tied that information to an address? My email is in my profile, if you wouldn't mind reaching out.
I called and asked Enfamil. They readily provided the name of the marketing list. When I bought it, you had to get a minimum number of entries, which I did by targeting a couple of local zip codes.
I don’t have ready access to it now, but it had all sorts of stuff, probably about 150 columns. Stuff ranging from likely medical conditions to car owned, to stores frequently shopped to specific consumer products used.
It's not a HIPPA violation because they give the information to one of their "partners", and you agree to this in all the crap that gets signed.
I went to a Norton Hospital Immediate Care Center and paid cash because I didn't have insurance at the time. Because I paid cash, Norton turned all of my contact information over to a company that sells health insurance and gives loans to pay for medical services. They bugged the everlovin' shit out of me with automated phone calls until I decided enough is enough.
The Immediate Care Center denied giving any information out and were shocked this was happening, but Norton central billing knew about it, said they would remove me, but the 3rd party already had my info so it was too late.
The 3rd party were complete assholes, and when I got fired up because I wouldn't give them even MORE personal info to be removed from their call list, they said it was my fault: if I had just called them back and given them the 15-digit code, an agent would have removed me. That's also a lie, because I eventually did try that.
To protect my privacy, I told Norton my phone number had changed, and my new number was 812-555-1212, which is the 812 area code directory assistance number.
They did the same thing to my sister when she paid with cash because her husband had just changed jobs and she didn't have the new insurance info yet.
> I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
Both of those are the wrong venue for complaint on this issue; the hospital privacy officer exist to protect the hospital from liability and will never confirm to an outside party, especially a complaining party, that an act is a violation of the hospital’s legal duty, and the state regulator isn't responsible for enforcing federal law.
The right place for complaint is the federal Department of Health and Human Services Office or Civil Rights, which is actually responsible for enforcing the privacy provisions of HIPAA. Or getting your own attorney.
I work in credit scoring and you should be afraid of what you will not be eligible / priced systematically for in the future.
What will employers find when they use this for background checks? If you regularly buy alcohol a drinks_alcohol flag could be set or a health_indicator could increase.
This feels like it should be better dealt with via legislation. Already sounds like health data, which is legislated to high-heaven in the US, and also sounds like the juiciest ever GDPR suit waiting to happen in the EU.
Well the example was now around health data, but you can easily make up other more innocuous examples that will discriminate enough to give you a disadvantage.
This is, in general, the problem with America and other countries, in my opinion. Technical literacy is extremely low for the level of technical sophistication present in everyone's everyday life. I know it's not great in other countries but I think America has it worse in a lot of ways because our society encourages companies to take advantage of people in every way imaginable and lawmakers are possibly even less tech savvy than the majority of the population. People don't actually understand the consequences of their actions (agreeing to ToS, giving Facebook their data, using Amazon Echo/Google Home, etc.) and so they can't actually make an informed decision. The EU, at the very least, has attempted to make this conversation more public through the GDPR, but America is too self-involved to even consider educating the populace.
Is there a concise, well written, summary of the types of things that are likely to happen to folks because of data collection? Would be nice to have something to give people that don’t understand.
Maybe the existence of such toolkits is a Chesterton's Fence that says you can't make this work without something installed on the phone. But this would be possible without these trojans.
You can also do the same with Wifi access points: Phones are constantly broadcasting their MAC address during active scanning for networks. The location from signal strength isn't as good (a Bluetooth beacon can pin you down near the Yoplait yogurt, a Wifi beacon and signal strength measurement just put you in dairy) but it's getting better (worse?). See: https://www.crc.id.au/tracking-people-via-wifi-even-when-not...
I imagine it would not be perfect but would be acceptably easy to use these "anonymous" MAC addresses to connect you to a name and address on a debit card. If your MAC and 20 other people left the store Friday at 2PM, and you and 20 other people went through checkout, and then your MAC and checkout are seen with 20 different people next week it's pretty trivial to identify you.
The cynic in me, though, says that even a minor loss of fidelity in tracking data weighed against the minimal risk and cost of building the spyware makes it worth building both.
> Maybe the existence of such toolkits is a Chesterton's Fence that says you can't make this work without something installed on the phone. But this would be possible without these trojans.
Without these trojans the store would have on its hands a major networking infrastructure project. With these trojans, all they have to do is drop a few battery-powered beacons in their venue and store their IDs along with coordinates in a database.
"The store" that implements these is probably not a mom-and-pop. Places like Walmart succeed because of their ability to execute major logistics and networking projects.
If the beacons increased Wal-Mart's revenue by 1%, the "major networking infrastructure" project could be a $5 billion department, larger than Google's entire R&D operating expenses.
Can't compare revenue to operating expenses for funding a new department, should use earnings minus income taxes instead. It would be closer to funding a $1 billion department.
Sure, but the Beacon technology was designed for this cheaper type of use (dumb beacon, smart phone) from the get-go - people working on it probably may have wanted it to be useful not just for the biggest chains, but also smaller franchises and mom-and-pop stores (why limit your market prematurely?). In the alternate reality in which BLE beacons were never created, maybe Wal-Mart did its own major project to get the same results the hard way.
They have security cameras too. Correlate video with AP locations and you can probably figure out whos phone it. Tie that in with some facial recognition database and can really identify people.
Walmart has been adding cameras on high shrink isles that are almost eye level. At some point they might add even more cameras for "security" that are also used for eye tracking. Think of all the opportunities to optimize product and ad placement.
self checkouts already have eye level cameras and they know which items you actually purchase so really not that farfetched to assume they're also using beacons to track your phone as well.
And when you swipe your card to check out they have your name, even if you don't use a loyalty card. Name + Face, along with some bluetooth tracking data. They can now track you forever, even if you delete the app, stop using your credit cards, etc.
From your link, it looks like "Name" is in Track 1:
Start sentinel — one character (generally '%')
Format code="B" — one character (alpha only)
Primary account number (PAN) — up to 19 characters.
Field Separator — one character (generally '^')
Name — 2 to 26 characters
...
There is one store in my neigbourhod where the payment terminals show this field (my full name) on the screen during checkout. I was very surprised when I noticed this the first time.
But apparrently not all card issuers fill the field with correct data. One card, a prepaid Visa from a big fintech, has "N/A" programmed in the field.
Mobile devices (iPhones, probably most others?) randomize their MACs when looking for wireless networks, although that may not be enough to stop a determined snooper.
A company I worked for was interested in installing these WiFi locators in its buildings to study how people move through them - it turns out it doesn't work that well outside of fully clear spaces (so it can't be crowded, there can't bee too much furniture - although you might be able to deal with the latter if you spend a long time calibrating) + it requires dedicated devices (with faster clocks). Definitely doable though.
This is absolutely happening at scale in Chinese malls and even those small 7/11 style corner stores. Correlating profiles with Alipay/facial recognition/WiFi/Bluetooth tracking.
256 comments
[ 4.7 ms ] story [ 242 ms ] threadYeah, and pay cash before they get rid of it and make us all pay for everything with wechat bucks or whatever.
Location analytics are a built-in feature of many sub-$300 access points.
I would like to congratulate Google for such hard work. I mean, CyanogenMod 7 in 2010 could revoke any app permission at the user's will, but you know, computers are difficult
The first time this happens, I'm not going to buy the thing, but I'm going to jump through whatever hoops are necessary to disable this feature on my device. If that doesn't work, I'm going to get another device and then I'm never going to patronize whatever retailer did this.
I suspect eventually this will make people irate and these sorts of things will become opt-in.
https://www.theverge.com/2013/12/6/5181302/apple-store-ibeac...
Beacon Technology Arrives in 50 Target Stores (2015)
https://corporate.target.com/article/2015/08/beacon-technolo...
This will probably wreak havoc on traffic counters and other infrastructure that use bluetooth bacons to do things like monitor highway congestion and foot traffic
They've always done this. I think you have your threat model inverted. Beacons aren't tracking phones around stores.
3rd party SDKs installed in apps are tracking user's indoor location via beacon triangulation and uploading that data. A subtle, but important difference.
I actually implemented a nearly identical system for my senior design project, except we targeted the smart home ecosystem. Basic use cases would be automatically turning on/off lights or having a music stream/temperature preference/... follow you as you move throughout your house and enter/leave rooms. All implemented by an app on your phone detecting strategically placed beacons.
It began simply because Apple said "...iBEACON.." and everyone corporate wanted the new buzzword in their portfolio to let people know how hot/hip/tech they were (toys -r- us considered it for awhile) so they could pull the kids away from the internet and back into brick-and-mortar. How can we use these? What are they good for? No one really cared, they just wanted them in the store and we were there to sell them that (at a premium).
In 2015 - indoor location was bogus. Everyone in this forum seems confident that there are multiple ways you can determine location with Wifi (round trip packet time) or bluetooth (RSSI). A cacophony of radio in a catastrophically noisy environment does not work to provide reliable location information.
In fact - it was so bad, that there were a handful of other equally unrealistic solutions being pedaled by everyone from universities to light-bulb manufacturers. One such solution was to profile the accessible space of a building using a phone's compass, and then use the observations from a client device compass to identify how generated patterns correlated to the profile for the building.
The torrent of data you see pouring from your phone to the service via wireshark is real-time sensor data that is being used to feed a service side bayesian / markov-chain / monte carlo / kalman-particle filter / keyword soup monstrosity trying to generate some possible marginal confidence in a probable location. We found that this system was most effective in turning your phone into a pocket warmer, but sold like hot-cakes in a B2B setting wherein the intended end user had absolutely no voice.
Corporate wanted to buy it so they could sell advert-space (pop-up coupons) to affiliates. So we sold them something that worked barely well enough to provide a one-popup demo to potential interested parties. The affiliates bought the magic, corporate paid our company an arbitrarily large quantity of dollars for the service.
A deployment of thousands of coin-cell driven beacons per store, placed within reach of bored youths, maintained by an underpaid associate staff is of only questionable utility.
On a scale of things to worry about, ranging from nuclear holocaust to e. coli in your produce - this ranks a solid -3. In fact, in the 4 years since I've worked in this field I think the only advancement that has been made is that it's harder for third parties to sell because no one can do it well, so why not just do it in-house? It's cheaper and has the same garbage result.
If you think I'm wrong - go do it yourself. All these signals are easily grep-ed within any store (there's no way to make it proprietary), and you can create your own model and out-sell the proprietor. Surprise me. With an actual, viable client-oriented product (and assuming users actually want reliable indoor location) you'll make bundles selling it to the valley. Everyone is trying to do it (even cisco tried for awhile) - no one has.
Michael Kwet has read all the marketing copy, and rewritten it for popular consumption as a product. The insight/value provided by these systems is far more sparse than implied.
The more complex a method is at tracking someone, the less reliable it is.
People fear too much of what can be done with the fancy ways of tracking while overlooking simpler ways that are much more effective.
https://techcrunch.com/2017/09/20/target-rolls-out-bluetooth...
Kind of funny that Apple pushing privacy basically helped create this kind of tracking to begin with.
Edit: NYT article mentions other apps selling data to retailers. I think it's time apps start asking permission to use BTLE. No reason a weather app needs that kind of access.
In reality, I'm not comfortable with the amount of privacy violation getting that targeted ad requires.
This is what the ad industry exploiting the fear of missing out [1] looks like when they tout the virtues of "relevant ads". You might draw a comparison with casino marketing to gambling addicts, alcohol to alcoholics, etc -- it's rather slimy.
[1] https://en.wikipedia.org/wiki/Fear_of_missing_out
1. Set up a bluetooth beacon in the diary aisle that broadcasts as a connectable (nor not?) device with an "SSID" (or the bluetooth equivelant) that is a known GUID
2. apps on your phone can scan for available bluetooth devices, and see the presence of the GUID, which is enough for them to know you are in the dairy aisle of Store 1234.
if that's right, does this mean disabling bluetooth, or restricting a device's access to scan for devices, will preclude this?
You are right that disabling bluetooth or being aware of what apps your phone has is what is required.
What does bother me is the part where they can get lots of other data and use it to build a profile of me that spans far beyond their store. The fact that this Pulsate company encourages devs to include my email address, for example, seems really invasive, and probably would be illegal under the GDPR?
Malls can then see which stores have highest foot traffic on what days, etc. It's actually one of the things that justifies the expense for huge, expensive free wifi deployments. And it is used to more accurately price locations around malls.
The other alternatives to getting the same kind of data is security camera analytics. Sometimes literally someone just watching footage and taking notes on who they see and what kind of demographics, etc. Which is problematic in it's own right.
https://www.sentinelcv.com/
[1]https://www.tccrocks.com/
> These companies take their beacon tracking code and bundle it into a toolkit developers can use. The makers of many popular apps, such as those for news or weather updates, insert these toolkits into their apps. They might be paid by the beacon companies or receive other benefits...
Ban this, full stop, on both ends of this transaction. The Reveal Medias and the scummy app devs using their ~~SDKs~~ trojan horses. At the very least these apps need to be named and shamed, I find this fraudulent and extremely difficult for end users to police.
I have very minor hope that Apple at least will one day shine light on this or ban apps who are not transparent about the data they're sending and to whom, as it doesn't conflict with their business model and they seem to be moving there. For now I have to essentially disable bluetooth when I get out of my car.
https://9to5mac.com/2019/06/08/ios-13-location-permissions/
It would be naive to point the finger at Facebook listening to you, it would be more accurate to assume its EVERY OTHER app (including FB) gathering data about you and your surroundings - MAYBE ONE IS ACTUALLY LISTENING - but whether any individual app is or isn't, the data brokers have all the data as well as other people like you that have probably reacted to the same external stimulus and can be predicted to be thinking about a certain product around that point in time.
POOF - an ad about that thing you talked about, now on your Facebook feed.
Zuckerberg gets hauled in front of Congress, accurately says "what? no we don't do that", data brokers and software engineers laugh to the bank and let Zuckerberg get crucified for their sins.
It's particularly frustrating given how hard I try to disassociate myself and my family from "data brokers" and then I read another thing like this.
I helped my sister look at a new car an hour away in another town. Back home that evening YouTube was suddenly suggesting new car videos.
Not so much Bluetooth as my own fault for using Google products and tracking but still it was disturbing. I did not search for anything car related myself or for my sister all I did was visit a car dealership.
Imagine if using an app on your iPhone was regarded as more safe than visiting a Web page produced by the same organization, because Apple protected you more than Web standards do. It's a definite technical possibility, and I suppose it might make business sense for Apple.
Adtech industry needs to be torched. GDPR was a step in the right direction, but unfortunately isn't nearly enough (I'd start with more aggressive enforcement of it, though). Something to pressure your politicians for.
https://silent-pocket.com/collections/all-products
As for people using services subsidized by adtech - there's no rule of the universe that says you can either pay everything in cash, or have it free with ads. Those are only two particular business models out of space of many. Getting rid of adtech will only make ad-powered service providers switch to the next best model, hopefully a more ethical one.
The question you're posing is equivalent to "what about all the people who couldn't afford X if providing X wouldn't involve toxic chemicals poisoning their water supply?". Societies around the world consider many business models unacceptable; I'm only pleading that advertising as practiced be added to the list of such unacceptable business models.
My method delivered.
They've already banned these SDKs in the kids category. I'm sure the next step is to ban them everywhere.
Not being snarky, genuinely unsure what would need this. You’re definitely right that a single app with permissions and the sdks would be enough.
I work for but don't speak for Fitbit.
It's not even too big of a stretch to realize how many free WordPress frameworks out there collect and sell aggregated site visitor data. I mean... if you're using a free Google Analytics service, do you honestly think they're not doing something with all that access to your site info?
At least, that’s the situation to the best of my knowledge.
What annoys me is that weather is built into both popular phone OSes, so I am not sure why people install ad/tracking apps to get weather information. (What makes me sad is that I really like Weather Underground and subscribed for years... but now their website is super slow and bug-ridden, and I believe it's officially been canceled by their new corporate overlords. So I have no real good way to get "advanced" radar products except via GRLevel3.)
Make no mistake: the purpose of marketing is to maximize information asymmetry. The natural end point is totalitarian: they know everything about you, and you know nothing at all, blindly obeying.
At its best, marketing is a way to let people know the goods and services you have that can make their lives better.
This is marketing at its worst.
I really enjoy this explanation of why targeted advertising is such a horrible thing:
https://zgp.org/targeted-advertising-considered-harmful/
This is marketing at its real. As practiced.
> I don't think telling people the product you created to serve their need is inherently evil.
Of course it isn't evil, but this is not what marketing is doing - and claiming so amounts to a motte-and-bailey defense of an industry that's rotten to the core and quite openly malicious towards their fellow human beings.
I also think you are being unfair if you say there are zero companies that do marketing right.
And probably most of us, including me, would agree. The problem is when the market is saturated with goods compared to buyers so that more aggressive methods - read: lies and subtle psychological tactics - are used to convince those buyers they need this or that product when they actually don't. Which becomes even more evil when the product is something potentially harmful such as unneeded food, medicines, anything that will be soon thrown away creating more pollution, etc. The problem isn't marketing by itself, but the total disregard for moral issues that can and will make it harmful once overproduction and saturated markets get us to a point where lying is the only way to keep businesses alive.
It is the opposite of what GP is saying here, despite their doomsaying at their own revelation that retailers are listening to the broadcasting device consumers bring onto their property to better understand them.
When someone clearly lists the merits of a product without conflict of interest, then that does indeed lets people known what goods and services make their lives better. We have a different word for that - a "review". The purpose of an ad, by definition, is not to inform - the purpose is to persuade. They are opposites.
I'd be interested in a list of popular apps or SDKs that use beacons -- so I could uninstall them pronto.
https://www.vice.com/en_us/article/evpz7a/turn-off-wi-fi-and...
Sidenote, it behaves differently if you've enabled airplane mode (or at least so the UI would indicate). In airplane mode, it gives no message and the wifi/bt icon goes transparent. If you're not in airplane mode, the wifi/bt icon goes light gray and it says 'disconnecting <device type> devices until tomorrow' but the radio is still on as your article mentions.
Personally I miss the old behavior where it just turns it off, but I'm often in airplane mode so I get the old behavior anyway and great battery life :P
If you don't want to be tracked, you can either turn off your phone or put it in a protective sleeve when not in use: https://silent-pocket.com/products/faraday-cage-sleeves-for-...
instead, it should only maintain bluetooth connections to devices already connected (or better yet, trusted), while being invisible to everything else. i know with bluetooth this is technically difficult, if not impossible, but that would be the more customer-friendly implementation.
Anyone know? Occurs to me I could shut wifi fully off when leaving home, and turn bluetooth off with the toggle to still use my devices. Don’t know if that’s useful however.
Used to use airplane mode all the time, but modern convenience became too great.
or maybe it's a feature of the newer devices? my apple devices are older and have bluetooth 4.2 still.
When I turn it off, the bluetooth menu in settings says "new bluetooth connections have been turned off from control center"
The good news is that this technology does not tell the AP where you are, only the device knows. However an app on your device could share this information with advertisers.
https://www.crowdconnected.com/blog/testing-wifi-rtt-on-andr...
I don't see anything wrong with passively tracking people in a store, mall, shopping center, etc., as long as it is used to inform the owners of movement patterns in the area. To use the information to push notifications and determine purchasing habits of people is over the line.
1) Some random third-party app has to be running on your phone to detect beacons and send the data back... how viable/likely is this actually? It seems like this would only ever effectively detect a tiny percentage of users at best who just happen to have one of the apps open while walking around a store?
2) For an app to detect beacons, don't you have to give permission for the app to use Location Services? I've tried Googling it but can't seem to find a definite answer... I'd be surprised (and saddened) if Apple or Google are allowing apps to detect beacons without explicit location or Bluetooth permissions.
3) If the goal is to track as many users as possible... wouldn't it be far more efficient to look for Wi-Fi devices that are scanning, and identify them by their MAC address? I don't understand what Bluetooth beacons enable that Wi-Fi scanning doesn't.
4) The article lists companies that provide these third-party toolkits... but not a single name of an app that uses them, or what percentage of phones contain an app with them. Since this is the main accusation of the article... I don't understand why they wouldn't provide even a single instance of proof.
I've just seen a lot of very questionable reporting from the NYT in the past on tech/security/privacy, so I'd like to understand better how real this is or not.
1. Apps can be running in the background. I'd say its more common than you think 2. You need to provide location permissions (either the ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION). It seems like every app requests these permissions anyway, so not a red flag just on its own. 3. Something scanning for a WIFI devices has no way (easily) to coorelate those addresses back to a user. With this bluetooth low energy method, the users own phone is the one who reports the detection back to {company}'s servers, so it can pass along any/all other information it has about you. Their location accuracy is also pretty crazy (radius is within centimeters if they've done it well). 4. Bluetooth low energy is actually crazy easy to set up, see here for more... https://developer.android.com/guide/topics/connectivity/blue...
They don't have to be running. Here's my understanding (for iOS anyway):
1. Apps have the ability to subscribe to bluetooth callbacks from the OS, which is constantly scanning for them (about once a second, from memory). It will be something like, "wake me up when you detect that beacon with UUID ABCD123 is in range". ABCD123 would be the standard ID of a marketing company's beacons - there could be millions of them.
2. The beacon also have sub-IDs identifying the exact beacon being used. The marketing company will know which are where.
3. Whenever the beacon is in range, the OS pings the app with the data, which decides what to do with it in the same manner as a background data refresh. This could be something useful, like waking up to let you know your suitcase is nearby - but it could also be silently uploading that data to a server.
4. The software to do this is being bundled as a paid SDK in a great many seemingly-unrelated apps, such as weather apps.
5. This behaviour is not counted as location services in the OS, and may or may not be disabled even when bluetooth is "off" on the phone
Corrections welcome but I believe that's roughly what's going on.
I'd greatly appreciate something like Little Snitch on the iPhone so I could see which apps are doing this and delete them with extreme prejudice. Back in reality, I'm glad this is getting attention - at the very least Apple should be providing a list of apps requesting BT access, and indeed any network access over time.
I'm pretty shocked all this can go on in the background without permissions. With Apple adopting such a privacy-conscious stance, I really hope this gets their attention so beacon scanning requires explicit permission in the future (and separate from location services -- my weather app needs to know where I am, but certainly doesn't need to scan for beacons).
This is honestly pretty egregious.
It certainly is. I knew about the mechanics of it but hadn't realised it was being so widely abused. I would like to see Apple come down on this swift and hard.
Third party paid SDKs! Those cunning bastards. AdTech really is the dregs.
It would be trivial to do this if you can get your hands on an iphone with a jailbreakable OS version.
[0] https://qz.com/1169760/phone-data/
There are companies offering some basic functions like “wayfinding” so the retailer or mall wants to give wayfinding to the user in their app. Sounds good, in fact it’s cheap, and they will even handle the beacon deployment... hook up sdk to wireshark and find it sending lots of data, some of it comes to me (retailer api) but a metric ton of it is going back to the provider. Being able to see the installed solution in multiple retailers and seeing the app code you start to notice persistence between them... retailer and mall didn’t even ask for this. They just wanted wayfinding.
I did quite a bit of client work here too, specifically around using already existing surveillance camera networks to build user profiles.
At the end of the day the goal is to optimize for the intersection of "what the user wants" and "what we want to sell." So, a low collection system will give bad recommendations and a really good recommendation system will have an immense amount about the user.
Now that I talk with people on the other side of this, it's clear that most don't really care as long as they are getting good suggestions. I had this conversation just a few weeks ago with a young lady and her take was: "It's kind of creepy, but if it gives me good suggestions, I don't really care."
A large portion of it was actually focused around security and not product marketing, but the tech is the same.
Reminds me of an old Mac application from PowerPC days that would sense your phone's Bluetooth coming into the room and automatically unlock your computer.
I thought it was pretty cool.
Current Macs have that possibility built-in, but it only works with the Watch.
Maybe built-in to the OS. You can definitely do this with any Bluetooth device and any Mac with both free and paid software.
This is an Unpopular Opinion, but IMHO thats kind of a reasonable stance to take.
I disagree. The recommendation is immediate and apparent to the end-user. The negative potential uses/consequences of all the other data collection are not.
It's funny, but when an unsuspecting person gets a home loan they can't possibly afford pushed on them by a shifty mortgage broker, people here cry bloody murder. But when people ignorantly consent to having their data harvested for the pleasure of better targeted advertising, the tech community happily says "but they asked for it!"
What? I feel like the only topic the tech community gets worked up about that nobody else cares about is digital privacy. There are always people on hacker news condemning a lack of privacy and targeted ads - I'd venture it's the majority of people on this site that feel that way.
Also, point out that you're going to sell that data to anyone who asks, link it to your facebook profile and CC data and people start to get a little uneasy. The reason people tend to view these things as OK, is that they see it as a 2 sided transaction and don't realize the implications of unregulated data. If we had clear laws around data, and consent of use of data like GDPR in the EU, it's a completely reasonable stance to take. (even with GDPR, there's a lot of data in things like tracking beacons and video recognition in public that are difficult to consent too or have data removed . . ..)
That’s a really weirdly specific issue, and hard to imaging a similar scenario that would affect my life in some equally horrible way.
Am I missing something? Why should I be so afraid of Home Depot or whatever knowing a little bit about me?
I imagine it being available and cheaply for sale is also a boon for various financial crimes/fraud.
It's not home depot specifically to be worried about knowing a little about you, but about them not being competent to control that data and everyone's little bit becoming a lot more significant and dangerous when combined.
edit: Also, the same type of information can easily be used later by government. I imagine if Uyghurs were not being specifically targeted by the Chinese government for cultural extermination there would be little trouble in their cultural identity being discernible from certain purchasing profiles. Once they are rounded up into camps, the last 15 years of detailed surveillance about them becomes very troublesome for them.
They knew this because marketers get near real-time access to prescriptions, hospital admissions and other things.
You should care because your information will be sold or traded, and behaviors can be correlated against medical and other outcomes.
Are you a divorced dad who has moved within 90 days and play daily fantasy sports? I can buy a list that will find you for $250. You are a risk for opioid addiction and may get denied service in the future for medical issues. Or you may attract advertising tailored to get you to gamble or drink more, when you are at your most vulnerable.
I try to maintain a "lite" internet footprint (no facebook, only social media is LinkedIn, I use a VPN when I can) ... it's a little disturbing to think that someone can just purchase my buying history and use it as, essentially, an attack vector to serve me ads or gaslight me into buying stuff I don't really want or need.
Am I'm being naive?
In our case, I found out the marketing list from Enfamil and bought it for my zip code. I complained to the hospitals’ privacy officer and the state regulator and found that everything was legal.
There is a lot of data on the topic...
Prescriptions: https://www.theguardian.com/technology/2017/jan/10/medical-d... Linkage to lifestyle data: https://www.statnews.com/2018/07/18/health-insurers-personal...
In our case, the hospital pharmacy issued drugs to her indicative of a pregnancy. The pharmacy or insurer provides that information in real time to data brokers. The pharmaceutical companies assign quotas and send salespeople for certain drugs. There are other ways for data to get out that we’re not certain of. Perhaps the insurer “anonymizes” and sells subrogation information. Or the lab. In any case, they knew that my wife was admitted to an OB floor of a hospital, but didn’t know the outcome.
It’s not going away. The US government uses these same techniques with companies like Google to combat extremism or terrorist conversions — they actually use factors like this to target potential recruits with counter-information via ads.
Would you mind sharing more information about how you found that list (esp for a given zip), and how you think they tied that information to an address? My email is in my profile, if you wouldn't mind reaching out.
I don’t have ready access to it now, but it had all sorts of stuff, probably about 150 columns. Stuff ranging from likely medical conditions to car owned, to stores frequently shopped to specific consumer products used.
How the hell was trading individually identifiable hospital admittance and treatment information not a HIPAA violation?
I went to a Norton Hospital Immediate Care Center and paid cash because I didn't have insurance at the time. Because I paid cash, Norton turned all of my contact information over to a company that sells health insurance and gives loans to pay for medical services. They bugged the everlovin' shit out of me with automated phone calls until I decided enough is enough.
The Immediate Care Center denied giving any information out and were shocked this was happening, but Norton central billing knew about it, said they would remove me, but the 3rd party already had my info so it was too late.
The 3rd party were complete assholes, and when I got fired up because I wouldn't give them even MORE personal info to be removed from their call list, they said it was my fault: if I had just called them back and given them the 15-digit code, an agent would have removed me. That's also a lie, because I eventually did try that.
To protect my privacy, I told Norton my phone number had changed, and my new number was 812-555-1212, which is the 812 area code directory assistance number.
They did the same thing to my sister when she paid with cash because her husband had just changed jobs and she didn't have the new insurance info yet.
HIPPA is a joke.
Both of those are the wrong venue for complaint on this issue; the hospital privacy officer exist to protect the hospital from liability and will never confirm to an outside party, especially a complaining party, that an act is a violation of the hospital’s legal duty, and the state regulator isn't responsible for enforcing federal law.
The right place for complaint is the federal Department of Health and Human Services Office or Civil Rights, which is actually responsible for enforcing the privacy provisions of HIPAA. Or getting your own attorney.
What will employers find when they use this for background checks? If you regularly buy alcohol a drinks_alcohol flag could be set or a health_indicator could increase.
If the Bluetooth beacon configures itself as a master, and enters inquiry mode, phones that pass nearby will happily respond with their Bluetooth ID (see https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?d..., section 8.4).
You can also do the same with Wifi access points: Phones are constantly broadcasting their MAC address during active scanning for networks. The location from signal strength isn't as good (a Bluetooth beacon can pin you down near the Yoplait yogurt, a Wifi beacon and signal strength measurement just put you in dairy) but it's getting better (worse?). See: https://www.crc.id.au/tracking-people-via-wifi-even-when-not...
I imagine it would not be perfect but would be acceptably easy to use these "anonymous" MAC addresses to connect you to a name and address on a debit card. If your MAC and 20 other people left the store Friday at 2PM, and you and 20 other people went through checkout, and then your MAC and checkout are seen with 20 different people next week it's pretty trivial to identify you.
The cynic in me, though, says that even a minor loss of fidelity in tracking data weighed against the minimal risk and cost of building the spyware makes it worth building both.
Without these trojans the store would have on its hands a major networking infrastructure project. With these trojans, all they have to do is drop a few battery-powered beacons in their venue and store their IDs along with coordinates in a database.
If the beacons increased Wal-Mart's revenue by 1%, the "major networking infrastructure" project could be a $5 billion department, larger than Google's entire R&D operating expenses.
Walmart has been adding cameras on high shrink isles that are almost eye level. At some point they might add even more cameras for "security" that are also used for eye tracking. Think of all the opportunities to optimize product and ad placement.
I thought the name’s embossed on the card, but not on the magstripe/EMV chip data?
https://www.emvlab.org/emvtags/show/t5F20/
There is one store in my neigbourhod where the payment terminals show this field (my full name) on the screen during checkout. I was very surprised when I noticed this the first time.
But apparrently not all card issuers fill the field with correct data. One card, a prepaid Visa from a big fintech, has "N/A" programmed in the field.