back to article TfL to track Tube users in stations by their MAC addresses

Transport for London is to start a four week trial of reading Wi-Fi connection request data from London Underground passengers’ mobile phones. The trial, which will last four weeks from 21 November, “will help give TfL a more accurate understanding of how people move through stations, interchange between services and how …

  1. Vimes

    Even if you take out of the equation the fuzziness of detail of what goes on within a station, doesn't the fact that they won't be tracking everybody reduce the whole thing to a pointless exercise in futility?

    Not only will a lot of phones have Wi-Fi switched off but it's entirely possible some people won't even have Wi-Fi enabled devices with them in the first place.

    1. Anonymous Coward
      Anonymous Coward

      And some might have more than one!

    2. Dave Harvey

      No - tracking a proportion of users is perfectly reasonable statistics - done every day in just about every statistical scenario, and with well-established means to estimate the error, based on the size of the sample.

      Of course, if the sampling is "biased" then the biases need special consideration, but even that is not impossible or unreasonable. e.g. if 90% of passengers from one area have a smartphone with WiFi switched on, and only 10% from another area of London, then this would need correction, but that's still simpler than manual counting of individual journeys, so by-and-large this seems sensible to me.

      Of course there is the "tracking/privacy" issue, but IF done properly, then the WiFi MAC address is a reasonably good, pre-anonymised means to use - certainly less traceable than our faces on CCTV!

      1. Adam 52 Silver badge

        "is a reasonably good, pre-anonymised means to use"

        It's nothing of the sort. It's not anonymous at all, being tied to your network traffic and location.

        1. Captain DaFt

          "It's nothing of the sort. It's not anonymous at all, being tied to your network traffic and location."

          So you're saying that:

          "XXXX XXXXX who owns an iPhone 7, mac address 00:1a:c2:7b:00:47 takes the 7:15 commuter bus from Tally Ho subdivision station to downtown Abes and Stalping junction station near the Cremel Building weekdays.

          Normally sending emails related to business with Cremel industry's IT dept., or surfing theregister.co.uk under the username "Boo-dah" in route.

          Then normally uses the same station to return to the Tally Ho subdivision at 21:15 mon-thur, normally texting Mrs. XXXXX at 121 Foxing St.

          On Fridays the 23:00 from Kipling station is used to return to Tally Ho Subdivision station after receiving two or more texts from Mrs. XXXX at 121 Foxing St.

          Might actually be used to figure out XXXX XXXXX's real identity?

          Surely not!

      2. Doctor Syntax Silver badge

        Upvoted for the statistical point but "IF done properly, then the WiFi MAC address is a reasonably good, pre-anonymised means to use"

        Note that the company collecting the stats is also the company running the WiFi service so can potentially identify the user from any use they may make of that service.

        A better option would be to take the MAC, hash it and save that. If that's what they mean be anonymising then that might be OK but as the report stands it should be a bit worrying.

        1. patrickstar

          Hashing it wouldn't do much in itself. It's easy to just bruteforce all possibilities - it's only 48 bits long, and the first part of it is the vendor ID which has a limited amount of likely candidates to try.

          One option would be a keyed hash, but then you better keep the key in a HSM with rate limiting of the hashing operations.

          Another option would be to deliberately make the hash so small there will be a lot of collisions if you search the entire space, but this might affect accuracy of the data collection to some extent if it's too small. You could probably tune the length if you have a good idea of the number of unique devices encountered beforehand.

      3. Dave Bell

        Each MAC is supposed to be unique, so it's going to be hard for this not to be Personal Data.

        It's possible that a different number could be assigned each time an MAC enters a station, and used in the tracking records, so that the tracking data for a device can't be combined across multiple visits. That might work and be legal without having to get permission.

        As a very occasional visitor to London, I'm not that bothered. But anyone thinking an MAC address isn't personal isn't thinking this through. And that's what worries me. Just a hand-wave about de-personalising the data isn't enough. Did the people planning this know enough?

        (I know enough about law and technology and stats to ask awkward questions around the intersection. It's a little worrying that I might know more about MAC addresses than the lawyer, and more about the law than the techie.)

    3. allthecoolshortnamesweretaken

      "... it's entirely possible some people won't even have Wi-Fi enabled devices with them in the first place."

      Totally incredible.

  2. Vimes

    which is expensive, time consuming and limited in detail and reliability

    Whereas this still costs money, and is probably just as limited in detail and reliability. 'Time consuming' appears to be the only issue this trial deals with and even that is debatable.

  3. J. R. Hartley

    Bollocks

    This is only the beginning.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bollocks

      "This is only the beginning."

      Yup. This whole monitoring user flow is BS since they already do - there are probably more cameras in a tube station that in your average TV studio and they've had years to figure out how crowding occurs and frankly on a transport system its not hard to figure out why if there are delayed trains or mulitple trains arrive at the same time. It really isn't rocket science.

      I'd be rather surprised it this DIDN'T turn out to be a way to monitor potential criminals/terrorists/fare dodgers etc as they move through the system. At least until facial recognision technology is advanced enough that it can be done via the CCTV.

      1. Doctor Syntax Silver badge

        Re: Bollocks

        "its not hard to figure out why if there are delayed trains or mulitple trains arrive at the same time"

        Or if there simply aren't enough trains. Thank goodness my days of commuting on the tube are long gone.

  4. Vimes

    ...will enable us to provide customers with even better information for journey planning...

    If that truly is one of their aims then why have they been busy closing ticket offices, where people could get that information?

    1. Anonymous Coward
      Anonymous Coward

      "If that truly is one of their aims then why have they been busy closing ticket offices, where people could get that information?"

      To be fair that was Bozo Johnsons idea. I doubt many in TfL actually wanted to do it but if the mayor says jump they have to ask how high. I was hoping Kahn might have reversed at least some of the closures but its looking unlikely and the longer they stay closed the less chance there is of them re-opening IMO.

  5. allthecoolshortnamesweretaken

    I think what they're really trying to do is take Mornington Crescent to the next level.

    Elephant & Castle.

    1. Anonymous C0ward

      Interesting starter.

      Pimlico

      1. BoldMan

        Hmm, in that case The Angel Islington...

        1. Ivan Headache

          I'll take Barry's favourite, Fairlop.

          1. Anonymous Coward
            Anonymous Coward

            Liverpool Street.

            Hah, didn't see that coming did you?

            1. BoldMan

              Nah, that was totally predicable as a transverse loop slide.

              The obvious counter would be... oh no I'm not going to fall for that one... I'll go Whitechapel instead!

              1. allthecoolshortnamesweretaken

                Hmm... Shadwell?

                1. Ivan Headache

                  You're not thinking this through are you?

  6. Neil Barnes Silver badge

    switch off your Wi-Fi...

    Can someone a bit more au-fait with the technology than I am point me to a primer for the handshake/negotiation that takes place between a device with wifi turned on but only connecting to known hotspots - i.e. not the open spot on the underground?

    Does the connection request start from a device which notices a live network or does the network poll? Or...?

    1. Criminny Rickets

      Re: switch off your Wi-Fi...

      I normally keep my mobile data turned off. I run an app called Smart WIFI Toggle. It automatically disables my WIFI, and only enables it at hotspots that I have specifically indicated (such as at home or a coffee shop that I frequent). Not only does it protect me from errant hotspots and scanning of my phone when I am not specifically using it, it also cuts down on the battery drain. In addition. I use an app called Autosync. It keeps the Sync disabled unless my data or wifi is enabled, then Autosync will automatically turn on Sync and automatically disable it again when my data or WIFI is disabled..

      1. Trigonoceps occipitalis

        Re: switch off your Wi-Fi...

        So you plan to stop TfL tracking you using Smart WIFI Toggle, an app that sends what to who? Or can you say categorically that it is not data slurping?

    2. Adam 1

      Re: switch off your Wi-Fi...

      Device initiates. If you want your device to be untrackable*, you need to switch off WiFi. I think there are some ways to randomise the MAC address periodically to reduce the problem but you can bet lots of places do this.

      *By WiFi traffic analysis I mean. It's still going to be broadcasting on its 4G frequency.

      1. Neil Barnes Silver badge

        Re: switch off your Wi-Fi...

        I thought that it would start from the device end. So presumably, by the time the device has noticed a network and talked to it to decide it's not one it wants to connect to, the MAC address is already logged.

        Bugger.

      2. david 12 Silver badge

        Re: switch off your Wi-Fi...

        Yes, by design Apple IOS 8 devices randomise the MAC under some conditions to defeat this kind of identifaction. Note: by default it's fairly poor protection: it only works if you aren't using the device.

        Also, this is the second time I've seen claims that London is using WiFi tracking. Most of the traffic tracking in the world is done using Bluetooth, so I'm wondering what the attraction is for WiFi here.

    3. paulf
      Big Brother

      Re: switch off your Wi-Fi...

      "For the privacy-conscious Londoner, the easiest way to not be tracked is to switch off your Wi-Fi."

      And switch off Bluetooth while you're at it as that can be tracked too, although the shorter range makes it a bit more difficult. Switch them on when you need them, and leave them off at other times to save battery as well as avoid tracking. It's not just Tube stations, shopping centres are another that like to track "Footfall" offer free Wifi and ping you with targeted advertising into the bargain.

      I use Wifi at home then turn off Wifi and stick to cellular when out and about then it's only your mobile operator and the Gubbermint that's tracking you.

      1. Anonymous Coward
        Anonymous Coward

        Re: switch off your Wi-Fi...

        I use an app called LLama which uses the cell ID to work out where you are. So, in my case, I use it to turn off WiFi when I leave home (an are of about 500m around my home in practice) and turn it on again when I get to work (again, a 500m or so radius of my work).

        Not a perfect system but good enough for me.

        It runs on Android, I don't know if other versions exist.

        1. Anonymous Coward
          Happy

          Re: switch off your Wi-Fi...

          Not sure how the built in Windows phone setup works, but you can have it turned off until at favourite place, at which point it will turn back on.

          Not sure if based on cell or gps.

        2. Adam 1

          Re: switch off your Wi-Fi...

          That is brilliant AC. Thanks

  7. Adam 52 Silver badge

    Streetview

    Wasn't this very illegal when Google did it?

    1. toby mills

      Re: Streetview

      That was home Wi-Fi AP's not mobile devices.

    2. Anonymous Coward
      Anonymous Coward

      Re: Streetview

      What Google did was to capture packets being sent by Wifi access points and not just the Mac Address.

    3. Dr Paul Taylor

      Re: Streetview

      Wasn't this very illegal when Google did it?

      Yes, but that was because Google isn't google.gov.uk

      Yet another reason for not having a "smart"phone.

    4. Incredulous gambit

      Re: Streetview

      No, slurping WiFi announcements is perfectly legal. It happens everywhere - lookup "purple WiFi" in York - you are tracked across the whole city. Supermarkets also do it to track your visits to the store

      What Google did which was illegal was also slurp up the comms data from WiFi networks which is against the law

  8. mark 120

    GDPR to the rescue

    Recording the MAC address means it can be tied back to an individual, and is therefore personal data. They'll therefore need to gain consent for processing it.

    1. Mark 110

      Re: GDPR to the rescue

      Only iif they do tie it back. The MAC address on its own is noot personally identifiable. IIts its in a table with their name, address, and phone number I agree. But its not.

      If you don't want anyone to have access to the MAC address on your phone then turn wifi off.

    2. G Watty What?
      Big Brother

      Re: GDPR to the rescue

      "Recording the MAC address means it can be tied back to an individual"

      Does it? If my home wifi router collects your MAC address as you walk by my house and I check the logs every day, how have I identified you and how do I hold any information about you?

      You issue your GDPR request, what response should I give you? I have no information to do the lookup.

      Now if I capture your MAC address and at the same time interview you and get your name, age, sexual preference and store it all in my SnoopingDB, then I'd agree with your point but in this case that doesn't appear to be what's happening.

      Happy to be corrected.

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR to the rescue

        Hmm. Let's see. You probably have an Oyster card, and the incentive to hand over your details starts there because that's the only way you can cover its loss.

        So, you have an identity ping straight on entry. Collect a WiFi/Bluetooth hash at that point and you're in business. You clock a user in, you track his/her every movement in the station and you clock them out at the other end. As a side effect of making mobile phones on the Underground you also have some picocells around. They will clock phone data, even if the phone is of a different network (they won't be able to log on, but there's still first an ident processed).

        Your best but is to consider flight mode before you even go near the entrance. Oh, and don't use an NFC enabled credit card unless you really want to give them this data on a platter before you have even set foot in the station.

        I don't quite know how personal you want to get, but you really should keep in mind that there are multiple data sources at work concurrently, and that's exactly why governments are so dead keen on Big Data: it becomes harder and harder to avoid surveillance.

        Unless, of course, you have a high end government position...

        1. Anonymous Coward
          Anonymous Coward

          Re: GDPR to the rescue

          They already had big data 8 years ago.. and knew way more than that. I know it firsthand, hence the Anon.

  9. JanCeuleers

    What about MAC address randomisation of the kind first introduced by Apple but that has now also been implemented in wpa_supplicant?

    1. phuzz Silver badge

      Unless the MAC is changing halfway through a journey, they'll probably still be able to get the data they're after.

      If they know that (for example) between 08:35 and 08:40 at Liverpool St. a lot of people who've travelled in from affluent neighbourhoods are passing between the Circle line and the Hammersmith and City, they can sell premium advertising at that time, on that junction.

  10. Detective Emil
    Black Helicopters

    Determine routes of users of old Android versions

    Isn't the Wi-Fi probe MAC address randomization introduced in iOS 8 supposed to defeat this kind of caper? (It got off to a shaky and ineffectual start, but reportedly was much improved in iOS 9.) Android got around to introducing the same feature earlier this year. So TfL is likely to be tracking only users of old Android versions. They'll just have to hope that these punters take the same routes as those with pricier phones, who are probably the people that interest advertisers most.

    1. kryptylomese

      Re: Determine routes of users of old Android versions

      You are correct!

    2. Dan 55 Silver badge

      Re: Determine routes of users of old Android versions

      But for previous versions of Android, unless you go to Settings > Google > Location, change to device only, choose Menu > Scanning and turn off WiFi Scanning, you'll probably leak your WiFi MAC address anyway.

      These settings seem to move around with each version. Wonder why.

  11. Anonymous Coward
    Anonymous Coward

    No

    And if they don't have WiFi enabled, what then?

    1. Anonymous Coward
      Anonymous Coward

      Re: No

      "if they don't have WiFi enabled"

      Ikea do this (or at least say that may do this) sort of tracking as their privacy policy advises that if you do not want them tracking your wifi or bluetooth address then you should turn off wireless connections when "in or near Ikea stores".

  12. Scott 26

    Have WiFi turned on as you enter the Tube station, and then turn it off in the middle of your journey - enough people do this and it'll look like commuters have simply disappeared into the rail network somewhere.....

    1. Anonymous Coward
      Anonymous Coward

      Have WiFi turned on as you enter the Tube station, and then turn it off in the middle of your journey - enough people do this and it'll look like commuters have simply disappeared into the rail network somewhere.....

      Until the Oyster ID or Underground ticket ID that was logged at the same time as the WiFi MAC address shows up at another exit, of course, at which point they'll have a nice video of the individual who has by then been marked as suspicious.

      That's the second problem: you don't really know what ELSE they will use this data for because the last time a government department decided to break the law regarding data collection they simply retrospectively changed the law. Now they've gotten away with it once there's every reason to suspect they will do that again..

      1. John Brown (no body) Silver badge

        "Until the Oyster ID or Underground ticket ID that was logged at the same time as the WiFi MAC address shows up at another exit,"

        Unless they are going to add special, very short range WiFi APs at each turnstile, then is simply not going to happen other than those rare times when you are alone in the station. Or do you think VM provided multiple clever WAPs which can triangulate your position and "see" when you pass through the turnstiles rather than the cheapest kit available?

        1. Anonymous Coward
          Anonymous Coward

          Unless they are going to add special, very short range WiFi APs at each turnstile, then is simply not going to happen other than those rare times when you are alone in the station. Or do you think VM provided multiple clever WAPs which can triangulate your position and "see" when you pass through the turnstiles rather than the cheapest kit available?

          There are only two barriers to implementing a full surveillance network: budget, and anyone leaking that it is happening. Budget isn't a problem if you look at just how much money is absorbed by agencies, and anyone leaking that this is happening is now alleviated by the fact that these technologies are built publicly, so it's hiding in plain sight - after all, you don't know exactly what ELSE they do with the technology.

          So yes, I can see turnstiles being "upgraded" over time, ostensibly to offer new ways of paying but also quite capable of other things less talked about.

          Am I paranoid? Well, yes - that's the unfortunate price of knowing how technology as well as governments work..

  13. toby mills

    Nothing new

    This isn't anything new or unique. Lots of places do it, mainly shopping centres etc. to track footfall and use it to calc rates, congestion and more. Cisco, HP, Huawei all offer this out the box.

    Without logging into a Wi-Fi you can be tracked down to 9 metres. When logged in that drops to around 1 metre.

    And no, most people don't turn their Wi-Fi off.

    1. Anonymous Coward
      Anonymous Coward

      Re: Nothing new

      I do. I turn WIFI, mobile data and bluetooth off. Bluetooth never gets turned on and the other 2 only get turned on when I want to use them, then get turned off again.

      The primary reason is so that my phone will last for days on a battery charge. A nice side effect is that I can be less concerned about apps doing sneaky things and shit like this.

  14. Anonymous Coward
    Anonymous Coward

    Airplane mode underground....

    I switch my phone into that when going down the tube (Deep level lines) just to save the battery.

    Sod TfL. There is no way that they are going to track me on the tube. They already get enough of my data via the Oyster Card.

  15. kryptylomese

    WiFi tracking is possibly a bit too invasive and not accurate

    The offering from the company below does not reduce privacy and is far more accurate at detailing where people, are and in what numbers, and how quickly they are moving through an area (it is what a lot of airports are using and this technology was used at the Hajj to reduce the risk of injury to the huge number of people there):-

    http://www.crowdvision.co.uk/

    1. Anonymous Coward
      Anonymous Coward

      Re: WiFi tracking is possibly a bit too invasive and not accurate

      The offering from the company below does not reduce privacy

      Well, they use Google. That's your red line, right there.

  16. Eeep !

    Why are they measuring?

    Whenever I'm in the metropolis there are shed loads of Oyster card users. They are giving up info about entry and entrance to the underground system. And if you have an Oyster card I'm guessing you are fairly knowledgeable about the optimal routes through complex stations.

    I don't know if 1 day travel/capital type and normal (single / return) type tickets can be tracked in some way so perhaps they are are only indicating general numbers through stations, not station to station journeys.

    Perhaps this helping with measuring flow around large stations once you are outside the actual barriers.

    Wonder if they are considering having coffee and sandwich shops inside the system (barriers) for those that are waiting, but only know they are waiting after passing through the barriers. That would suggest the possibility of trains being delayed until enough mocha-latte had been purchased.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why are they measuring?

      What they are measuring is how you move through the station and which stations you change at by following the MAC address via which Access Points it connects to.

      The Oyster card/ticket is only logged when you enter one station and leave another so they don't know what route you actually took to get there.

      1. Tom 38

        Re: Why are they measuring?

        What they want to know is how users are transiting the network. Currently, they could see a user got in to the underground in Liverpool St and got out at Paddington, but they have no idea whether they took "Circle Line clockwise", "Circle Line anti-clockwise", "Hammersmith and City", "Central to Oxford Circus, then Bakerloo", "Central to Notting Hill Gate then District", "Circle to KX, Piccadily to Earls Court, Circle to Paddington" (wouldn't recommend that one)...

  17. Anonymous Coward
    Anonymous Coward

    Wouldn't the tracking be better off by using the Oyster/Contactless payment of entering and leaving the station??

    1. edge_e
      Holmes

      Re:Wouldn't the tracking be better off by using the Oyster...

      That tells them where you joined and left the network.

      It doesn't tell them which route you took, whether you missed your stop or if you met up with a mate in Richmond as you made your way from Euston to Victoria

  18. Anonymous Coward
    Anonymous Coward

    What a complete load of bull.

    You buy a ticket at point A and go to point B with a start time.

    You use your card and start at point A and go to point B with a start and end time.

    They already have all this information. You can quite easily combine the above with train and tube times to work out the route take.

    This is neither necessary or useful, in fact I would say it would confuse things because of the strength of WiFi signal and whether the device gets registered at each point.

    Now if I put my patented tin foil sailors hat on I would surmise that this along with free WiFi on busses is another way for the guberment to track people and where they go before they enact the 1984 protocols and enslave mankind to a bleak totalitarian future where everywhere you go and everything you see is recorded and analysed for purposes of submission to our lizard overlords. You have been warned citizen.

    1. Tom 38

      You use your card and start at point A and go to point B with a start and end time. [...] You can quite easily combine the above with train and tube times to work out the route take.

      Utter bollocks.

      1. Anonymous Coward
        Anonymous Coward

        Really? So you don't understand basic analysis.

        Point A 10am

        Point B 10:30am

        Options

        Train 1 10:05 to point A1 at 10:15

        Train 2 10:20 to point B at 10:25

        Train 1 10:15 to Point A1 at 10:25

        Train 2 10:30 to Point B at 10:35

        So which option did I use? Obviously the first one as I would not have made it out of the station at 10:30.

        Combine the above with the actual times of the trains and there you go, a nice easy way to get this information.

        I will concede that within London Underground there are sometimes many options for a journey on different lines and if you don't know what you are doing you could potentially end up with a longer journey (though as an analyst it rarely happens to me).

        So again the question remains, how useful is this data and why do they want it?

        I also questioned free-WiFi on busses, nothing is free so whats the cost? Am I to believe the bus companies are on an altruistic mission to connect their customers to the internet? Most people have mobile data anyway but are stupid enough to see the big "Free" sign and take it.

        1. Tom 38

          I understand basic analysis just fine, but I also understand that people do not all move at the same speed, urgency or efficiency. Nor can you always get on the first available train.

          The error bars on transit time through the stations are sufficient to make it mostly not possible to identify the route a user takes. With your simplistic basic analysis, you cannot tell if someone took a slower route, had to wait for a train with enough space to board, requires assistance walking...

  19. Anonymous Coward
    Anonymous Coward

    On the face of it I have no problem with this, but the analysis performed would be limited to fairly mundane pathing around a station. I visited London and some of the stations were less than straight forward to navigate.

    But the real juice would be being able to map this data to demographic data, that's where some real valuable marketing analysis could happen. If I were running this system I'd be looking for every way I could (legally) get clues about who you are - not as an individual but as a marketing target.

    E.G. if your device checks in with an access point in the men's room, thanks now I have your gender :)

    1. John Brown (no body) Silver badge

      "E.G. if your device checks in with an access point in the men's room, thanks now I have your gender :)"

      What about trans{various types}? Isn't that making assumptions and probably discriminatory? Sue someone!! Profit!!

  20. alain williams Silver badge

    It will be tapped by GCHQ

    Theresa May's snoopers' charter is now well on the way to being law by Xmas. It TfL is providing Wifi then it will be deemed an ISP and thus the data collected must be kept for a year. Web site addresses at first, but expect 'feature creep' in this law (or just plain - share it with us: you have a nice tube network there ...) and they will get the lot.

    1. John Brown (no body) Silver badge

      Re: It will be tapped by GCHQ

      "It TfL is providing Wifi then it will be deemed an ISP"

      It's run run by Virginmedia, so the WiFi system is already an ISP and all the data goes via the GCHQ black boxes on the VM network.

  21. Clive Galway

    Anyone care to explain how a MAC can be "de-personalised"?

    Yeah, right, hash the MACs and call it "de-personalised", that's not gonna help you if the spooks already know your MAC and the algo it was hash with.

  22. Anonymous Coward
    Anonymous Coward

    Underground tours

    WFT takes a scenic tour of the tube on a daily basis? Tourists and the like take all kinds of routes, but when I travel from Paddington to Charing X, I'm not going via South Ken, unless TFL have made a horlicks - again. As for Charing X, I really enjoy the walk up and down to Trafalgar Sqr, in the cold and pissing rain, to get on the tube.

    This is a data grab, probably sponsored by Goggle.

  23. Gecko

    Anonymous mac

    It is my understanding that most modern phones now Amanda's their mac addresses when negotiating with access points - specifically to stop shopping malls etc from tracking them. This will also apply to the underground network. They won't see the same device id entering and exiting. They'd better check this before they invest too much.

  24. Anonymous Coward
    Anonymous Coward

    Realty bites

    What I'd really like to be thinking is "Excellent use of data to improve the transport network", but of course this isn't la-la land, so what I'm actually thinking is "yeah, yeah, when do we get to the bit about '... share with trusted 3rd party partners to provide more relevant advertising'". But wait...

    ".. TfL also hopes to use this data to get higher prices for advertising spots at busy areas inside Tube stations."

    Not quite, but doubtless they'll get there in the end. How long before turning wifi on at all is a bad idea?

    Utterly depressing.

  25. Anonymous Coward
    Anonymous Coward

    THX1138

    Citizen, you have disabled your wifi....come with us.

  26. Anonymous Coward
    Anonymous Coward

    That's not how it works

    Tracking a device by slurping up the beacons it makes whilst looking for WiFi hotspots does not expose any data being transmitted by said device. As such, no you cannot identify the user, their emails, their web browsing habits, their home address, etc.

    If however the device data is sold/passed to others who do happen to have such data, then yes de-anonymisation can happen.

    1. Doctor Syntax Silver badge

      Re: That's not how it works

      "Tracking a device by slurping up the beacons it makes whilst looking for WiFi hotspots does not expose any data being transmitted by said device. As such, no you cannot identify the user, their emails, their web browsing habits, their home address, etc."

      You missed the bit where the data is being collected by the company running the WiFi service so if you use that service, yes they can identify emails, browsing habits etc and work their way to the rest of it.

  27. Anonymous Coward
    Anonymous Coward

    Changing MAC address

    What happens if I change my MAC address every second?

  28. Jonathan Richards 1

    My usual question...

    ...when I read stories like this. Has anyone done a Privacy Impact Assessment [ico.org.uk] for this project? And then the followup questions: If so, then may we read it, please? Alternatively, if not, then why not?

    At the very least, a PIA would indicate some detail around the otherwise hand-waving assertions about achieving anonymity.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like