Feeds

back to article Mobe-slurping Wi-Fi SPY BINS banned from London's streets

Electronic BINS in the heart of London must stop tracking hundreds of thousands of passing smartphones, officials have demanded. A dozen or so high-tech rubbish cans - which display adverts and information on built-in flat-screens and are dotted around the capital's financial district's pavements - were set up to collect data …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

If wishes were fishes

"...capabilities that could be developed and none of which are workable right now."

I bet they were working hard to develop those capabilities and working out how best to 'monetise' them.

11
0
Silver badge
Meh

Re: If wishes were fishes

Sure they are; and they'll think the headlines promoting their technologies will deserve big attention when they try to sell it or the data they collect. Jackasses.

1
0
Anonymous Coward

'working out how best to monetise them'

This reminds me of the secret BT Phorm Trials. I wouldn't be surprised if the usual suspects were behind this... 'capabilities that could be developed'... Pathetic defence!

5
0
Anonymous Coward

It is really the NSA!

By detecting certain MAC addresses, the bins can track all sorts of bad guys. It is important to know which bins they frequent, since all sorts of secret rubbish might be thrown in them.

Plans to add facial recognition are however on hold

6
0
Silver badge
Joke

@ AC 1541h GMT - Re: It is really the NSA!

>. . .

Plans to add facial recognition are however on hold

<

While GCHQ's plans for faecal recognition incorporated within the Surveillance of Hitherto Inacessible Terrain/ Toilet Advanced Counter Terrorism Information Camera (SHIT-TACTIC) system go ahead as planned.

3
0
Bronze badge

Re: It is really the NSA!

I can imagine the declassified documents to be released in forty or fifty years time ...

ITEM: PHONE OWNER [redacted] DEPOSITS A FALAFEL WRAPPER IN BIN rl0021 ON A DAILY BASIS.

ITEM: CROSS REFERENCED WITH SUPERMARKET CLUBCARD, [redacted] DOES NOT BUY RAZORBLADES.

CONCLUSION: [redacted] IS BEARDED MIDDLE EASTERN TERRORIST.

ACTION: BIN rl0021 WILL PERFORM LOCALIZED EXPLOSION ON NEXT ATTENDANCE BY [redacted].

13
0
WTF?

Re: It is really the NSA!

It would be sheer coincidence that when Apple bring out their latest phone (the one with fingerprint recognition) that they (whoever "they" are) would then have been able to tie your location, speed, content, and something that would identify you to high degree of accuracy together.

Actually, this site needs a tinfoil hat icon.

2
0
Anonymous Coward

Re: It is really the NSA!

Only if you are a typical (read: Luddite techno-fool) iPhone user.

Really. I my (very small) BYOD office, I have to administer access for the iPhone users here. Who ALL, read that again every single one, leave their WiFi running 24/7.

And I completely and utterly blame Apple for this.

Most iPhone users do not bother to look at the (very small) WiFi status indicator and worse, do not wish to go into their Settings / WiFi menu to turn the functionality on and off. Most iPhone users do not want that level of interaction - they believe their devices "Just Work (tm)" and going into the Settings menu to change the way the device operates is against their paradigm of 'lowest user interaction'.

So Apple did not create a home screen control for WiFi / did not make the WiFi icon functionally interactive. So most users leave it alone and just put it out of their mind, another thing the phone 'takes care of by itself'. So technically undereducated users leaving a security hole running with no incentive to learn / do otherwise, from the user standpoint, or educate / change, from the manufacturer standpoint.

I will bet you that the greatest majority of MAC slurps from this experiment were iPhones. The users get what they deserve.

0
1
Megaphone

Rah Rah Rah

I think the ICO should fine them the maximum permissible. A stiff letter with the promise of slapped wristies should do it. That'll show the blighters.

3
1
Bronze badge

Re: Rah Rah Rah

I'm struggling to see that they've broken any laws so the ICO can't do very much. The DPA doesn't apply as capturing MAC addresses doesn't let you identify individuals (though trying to match those MAC addresses with a person list would be illegal). RIPA might apply, but again - there's no information about individuals here.

3
0
Silver badge

Re: Rah Rah Rah

For what?

You were walking down the street and your phone was screaming out "I'm 0a:1b:2c:3d:4f:5g" and they listened

Since your phone was probably also checking for open wifi they would probably fine you for attempted hacking.

1
0
Anonymous Coward

Re: Rah Rah Rah

"I'm struggling to see that they've broken any laws so the ICO can't do very much. The DPA doesn't apply as capturing MAC addresses doesn't let you identify individuals (though trying to match those MAC addresses with a person list would be illegal)."

Let's be crystal clear - The MAC address, associated with the device serial number that YOU bought, and as associated with the sales purchase transaction (and the likely plastic card YOU used to purchase said item) would most definitely identify YOU. Then there's the MSISDN and ICCID and....

2
0

Re: Rah Rah Rah

As a personal identifier, the MAC address of your phone is more globally unique than your name.

4
0
Silver badge

Re: Rah Rah Rah

"The DPA doesn't apply as capturing MAC addresses doesn't let you identify individuals"

Yes it does, as phones seldom change MACs(*) or owners..

(*) I'm hoping "there's an app for that" very soon. The fastest way to dissuade this kind of shite is not to run silent but to run very very noisily with thousands of randomzed MACs.

0
0
Silver badge

At least they'll have the mac address of the yoofs who through them through the windows of a McDonalds now.

On a less silly note, have they ever heard of the data protection act? Hear about google getting hauled over hot coals for slurping wi-fi data? Sooner or a business that does this is going to have to be given a massive fine, possibly shut down in order to make spying on the public like this stop.

7
0
Silver badge

I'm not sure that the DPA applies to MAC addresses as constituting data about an identifiable individual. Google got into trouble for slurping (they have always claimed 'accidentally') not just MAC addresses, but also part of the data content of the packets.

MAC addresses are (necessarily) public information - if you want to keep yours secret, don't turn Wi-Fi on (and don't connect to any public networks).

0
0
Bronze badge

What has it got in its pocketsess?

The guidance I have seen is that phone numbers should be handled as if it were personal data, because you don't know how many people are associated with the phone number.

And a phone number has to be known to the network in order to deliver calls.

So an MAC doesn't sound so different to a phone number.

You might be able to claim that some always-visible MAC is a fixed piece of hardware but that means that all the rest is associated with an individual. I can't see how you can get away with not being careful.

4
0
Silver badge

Re: What has it got in its pocketsess?

Fair point, Dave, and I'd always advocate being careful when handling personal data. Phone numbers are different from MAC addresses (they're more like IP addresses, but the analogy quickly breaks down) in that there exist (not public) directories that can link a phone number to an individual or a physical location. This is not possible for a MAC address (which, in any case, can easily be changed by the user).

Most devices will retain tables of recently 'seen' MAC addresses: arp -a will usually give you a list.

0
0
Silver badge

Re: What has it got in its pocketsess?(@ Chris Miller)

" there exist (not public) directories that can link a phone number to an individual or a physical location. This is not possible for a MAC address (which, in any case, can easily be changed by the user)."

I understand that there also exist such directories for MAC addresses, at least in the telcos, so they can recognize phones. And there are probably lots of apps -IOS, Android or whatever- that slurp MAC data and link them to other personal information, e.g. mail accounts and phone numbers.

0
0
Bronze badge

Re: What has it got in its pocketsess?

"So an MAC doesn't sound so different to a phone number."

The point being I think that it's trivial to engineer a reverse search to find an individual from a telephone number. Depending on how and why that's done, that can be legal or illegal.

With a MAC address - much harder. You'd need the co-operation of the mobile operators and they won't co-operate because they're complying with the DPA.

A mobile's telephone number is only used by the network you are taking service from and its transmission to that network is encrypted. A MAC address is transmitted in the clear to any device that asks to see it.

I can't see a way that the MAC address of a mobile phone could be used, in isolation, as a piece of useful data about an identifiable individual. Now, if the bins had cameras in them.....

2
0
Silver badge

Re: What has it got in its pocketsess?

Until you do a deal with a car park that has pay-by-phone, a shopping mall or a supermarket that takes credit cards or Oyster - then you have the same phone tied to credit card a name and address and a CCTV picture

3
0
Childcatcher

Re: What has it got in its pocketsess?(@ Chris Miller)

The telco certainly has the serial number of your SIM, and the IMEI(s) it's been inserted in, but given the ease of a MAC address being modified (compared to those other two) I can't see the utility of hanging on to it. And when you put the SIM into another phone, the MAC address will change. And, as I noted earlier, the association with the device is by IMEI.

OTOH, public WI-FI providers apparently do - Virgin Media on the tube, f'rinstance. But you voluntarily trigger that association when you sign-in to an AP.

0
0
Silver badge
Black Helicopters

I do turn mine off but what happens when all the dots here and there start to get joined up. It's not just what the system is now, it's what it will grow into.

2
0
Anonymous Coward

Re: What has it got in its pocketsess?(@ Mike Pellatt)

The MAC address is a handset resident identifier not a SIM artefact - You DO NOT need a SIM inserted to use your (smart)phone on a WiFi network.

If you disable WiFi access and you have Mobile Data enabled (i.e. 3G/HSPA(+) 'on'), other SIM-related identifiers will (eventually) allow your phone to adopted a (mobile network provider supplied) IP address... In mobile data mode, 3gPP and ietf methods of identifier and location extraction can be used (LIS function, et al, as per ietf HTTP-Enabled Location Delivery (geopriv)...)

Either way, mobile data or WiFi connected, your device and service identifiers are extractable using published and readily availble methods.

0
0
Anonymous Coward

Re: What has it got in its pocketsess?

"Most devices will retain tables of recently 'seen' MAC addresses: arp -a will usually give you a list."

Yes, for 2 minutes by default - long enough to maintain a data connection (arp tables are a mapping of IP to MAC address.). $orkplace sniffs for rogue MACs on the wire and that required a thorough inspection of the DPA rules to make sure we weren't breaching any of 'em by snapshotting and cataloging ARP tables at the firewall

Being able to tie a MAC to an individual is a DPA breach even if you don't know WHO the individual is. On top of that, it's proven to be extremely easy to take stuff like "anonymised" hospital data and tie that to specific individuals, which has significant DPA ramifications for publication of such studies.

0
0
Anonymous Coward

As always

"it was a 'limited' test and we've stopped and we will consult privacy organisations"

You should consult first scumbag.

I hope they are programmed to phone home when people 'forget' to put out their cigarettes before putting them in a bin full of flammable materials and burn your shit up, hope it costs you a fortune.

10
0
Bronze badge

Re: As always

Unfortunately it's far easier to say sorry afterwards than to ask permission before.

2
0
JDX
Gold badge

Forget the privacy implications

It would just be hilarious watching people getting freaked out when a bin shouts "Hi Dave, bored of your iPhone?"

4
0
Anonymous Coward

Re: Forget the privacy implications

Naturally it could be,

"Hi Dave, bored with giving all your google phone data to an Ad Agency?"

Smug git here laughs as he carries his phone switched off and in an RF protective case because he realises that he can be disconnected and actually have a life without the phone/tablet being on an umbilical to his hand.

Downvoting in 3..2..1...0

3
4
Silver badge
Holmes

Re: Forget the privacy implications

Do you make a big show out of taking it out of its case and powering it on? Sounds suspiciously like you might...

8
0
Silver badge

Re: Forget the privacy implications

phone switched off and in an RF protective case

Have you considered that it might be easier not to have a mobile phone at all?

11
0
Anonymous Coward

Re: Forget the privacy implications

I use the phone when I want to and in approporate places. I do NOT want to be tracked by my mobile. If I could do without it when in places like London then yes I would leave it at home but most of the time it is switched off.

I've been doing this since when I lived in the US they made it mandatory for all phones to have GPS and 'tracking' built in.

Yeah, the NSA/CGHQ probably think I have something to hide. I don't but that matters little these days. If they try hard enough, they can always find some law that we have all broken and use that to put us away.

3
4
Silver badge
Happy

@ AC 1930h GMT - Re: Forget the privacy implications

>. . .

I've been doing this since when I lived in the US they made it mandatory for all phones to have GPS and 'tracking' built in.

. . .<

You what? Illegal for a cellphone to not have a GPS? How's that enforceable?

Don't worry, they won't put you away any more than other alien abduction victims and Area51 witnesses.

You're too entertaining.

4
1
Silver badge

Re: @ AC 1930h GMT - Forget the privacy implications

I believe he's confused about the 911 Emergency Location Service, which is required on all phones here. But it only transmits your location if you call 911 and even then there's no requirement for the 911 center to have the equipment to receive the signal. The 911 center here sure doesn't have it.

Otherwise you can turn off the location services and GPS like with any other phone in any other place.

2
0
Silver badge
Paris Hilton

@ Don Jefe - Re: @ AC 1930h GMT - Forget the privacy implications

AFAIK ILS != GPS

but some kind of triangulation. Or am I mistaken?

1
0
Silver badge
FAIL

Oops

That should have been ELS, as in Emergency Location Services.

My bad.

0
0
Alert

ROTM

I, for one, welcome our new rubbish bin overlords

1
0
Facepalm

"these can be disabled. Unlike the tracking in the bins."

*turns off wifi* *walks away*

3
0
Bronze badge

Re: "these can be disabled. Unlike the tracking in the bins."

"*turns off wifi* *walks away*"

....or, if you have a rooted Android phone, you could set a new MAC address every day.

2
0
Silver badge
Happy

Re: "these can be disabled. Unlike the tracking in the bins."

That'd be the thing to do. Get inexpensive rooted phones that run software to constantly change the MAC then just toss them in the bins. If you got a club together you could spread the costs across the group and do it cheaply. It would be fun just knowing that somewhere marketing analysts were being driven mad.

6
0
Silver badge

Chuck 'em ALL in jail.

It's about time we enforced an "ask then do" policy instead of an "oh crap we got found out" one, and we need some stiff sentencing to dissuade other outfits from trying similar things - especially when tracking (anonymously or not) is done without consent, option to request not to be tracked, and in some cases informed consent could not be given anyway due to the owner of the device not being an adult...

5
0
Bronze badge

How does this contravene the DPA? You can't give informed consent because there's no way the data that has been collected could be used to identify an individual. It's hard to throw people in jail when they've broken no laws.

1
1
Silver badge
Black Helicopters

"there's no way the data that has been collected could be used to identify an individual."

Well the interesting thing is what is actually necessary to identify an individual. I posted on my blog a while back about how Android's prompt of "Will collect anonymous data while using GPS" could very easily be a big lie. For a start, the data will not be completely anonymous as there is no point in collecting random totally anonymous reports. It will be tied to something, like the phone ID, so multiple reports from this phone will be collected together. If the GPS system reports location when turned on or off, over time there may be enough reports in the same place to take a guess as to one of them being a home location. If, like me, you live in the back of nowhere, then it's a very very simple matter to look at the location and determine the address. If you live in a town, it may be harder depending on the type of property, however this can be tied in with other locational data such as "phone with this ID connects to WiFi router with this SSID", and so on.

There is no actual necessity to know your name up front in order to determine exactly who you are, and while it may fail in urban sprawls, it's good for many many individuals.

Now, read again what was said in the article: "Renew, which said the collected data was "anonymised" before it was analysed, hoped to use this technology to track footfall in shopping areas and perhaps even show tailored adverts to people as they walked by the bins."

Ask yourself at which stage the data was actually "anonymised" (and has it been proven to be so by independent audit?). I ask you this because tracking where people walk requires a continuity from point to point. Likewise, displaying adverts to people (adverts, from a bin?!?) requires not only maintaining a continuity but also retaining that information so that relevant advertising can be shown in the future. I am making a leap by suggesting advertising relevance, but this is surely what is meant as there is no point tracking a person to show non-relevant advertising, you get that all over the place already. So how anonymous is anonymous? If it can remain connected to your phone, possibly not so much. And, then, while the data itself may be fairly innocuous (a MAC address is basically a bunch of random-looking numbers), when coupled with other technologies it can start to be a little less anonymous. Cameras, for instance. However, even without that, if data is retained from session to session, guesses can be made about you based upon your travelling speed, where you stop and start, the time of day, and if you linger in any particular places. One or two sessions might be seemingly random. More might start to look like a pattern. Patterns can give insights into people's lives. There is a difference between a person who runs in to Mothercare at half one in the afternoon, and a person who regularly slouches into Ladbrookes at eleven in the morning.

Remember - being anonymous doesn't mean "they don't know your name"...

6
0
Silver badge

@ heyrick

Exactly what I noticed.

I actually laughed at the inherent self-contradiction when I read: "...the collected data was "anonymised" before it was analysed, hoped to use this technology to... show tailored adverts to people as they walked by the bins." The "anonymised" part is the most sickeningly obvious attempt at damage control spin I have ever read; in the very same breath they reveal the lie and their true intentions.

By definition, if they're showing me "tailored" advertising, they must know who they are showing the adverts to, ergo I am not anonymous. Whether or not they know the name on my birth certificate is irrelevant; to tailor advertising means they must know my comings and goings, likes and dislikes, lifestyle choices, associations, occupation, hobbies, interests - in short, everything that makes me who I am. What price a name if you have all that? Anonymised my fucking arse.

5
1
Mushroom

> How does this contravene the DPA? You can't give informed consent because there's no way the data that has been collected could be used to identify an individual.

Well it ought to contravene Data Protection legislation because public targeted advertising could get very personal and damaging to reputation, fairly or unfairly. Consider this scenario - Extracts from log file in hypothetical trial:

07:05, Bin 001 (M junction at Town-on-Sea), Read 55.5A.B1.00.A5.55, speed 65, south.

07:05, Bin 001 (M junction at Town-on-Sea), Display "Lunch at Lenny's", 5 seconds.

13:00, Bin 007 (Lenny's), Read 55.5A.B1.00.A5.55, speed 4, west.

13:00, Bin 007 (Lenny's), Read 55.5A.B1.00.A5.55, speed 15, east.

22:51, Bin 013 (Parliament), Read 55.5A.B1.00.A5.55, speed 2, south.

22:51, Bin 013 (Parliament), Display "Before driving to Town-on-Sea, relax at The Kinkdom (2 doors down from Lenny's). Parties welcome. Bring your own Whip", 60 seconds.

22:51, Bin 013 (Parliament), Error 90023 - display jammed.

22:53, Bin 013 (Parliament), Read 55.5A.B1.00.A5.55, speed 15, south.

A reputation ruined in a day despite best efforts. Worse if your browsing history was ever tied in. Worse even if you try to ignore the ads but passers-by draw conclusions about you. What do you do if an undesirable ad is displayed for someone else but you're afraid passers-by are associating it with you? This could make cities and towns no-go areas. Could this commence the decline of cities?

0
0
Bronze badge

...high-tech rubbish cans - which *display adverts*...

Oh god, please shoot all marketing subhumanoids.

Starting yesterday.

14
0
Childcatcher

Re: ...high-tech rubbish cans - which *display adverts*...

Why waste the bullets?

Just wait till somebody hacks into a bin getting it to display smut and let the lynch mob do the rest.

5
0
Silver badge

Re: ...high-tech rubbish cans - which *display adverts*...

This 'video advertising everywhere' is going to prove a boon to muggers!

It's already been shown that people quickly learn to 'tune out' advertisements blaring at them.

So in the near future, you won't even notice that guy coming at you with the lead pipe because he's announcing something like, "Tired of high food bills? MegaStore has low, low prices everyday!">THWAP<

It'll be the ultimate urban camoflage!

5
0
Silver badge

Re: ...high-tech rubbish cans - which *display adverts*...

What happens when you are observed walking past a bin and it displays an advert :-

You're iPhone OS is a version out of date, get an upgrade now and get access to lots of new shit.

Only you've been keeping your phone in your pocket because there a couple of guys eyeing people up as they walk past the bins for some reason. Oh, and they're partially hidden in an alley.

5
0
Bronze badge

Caught a tadpole - leave the tracking to the experts.

Is that Apple IOS 'last 400 visitors' still available then?.

They got rid of your lifetime tracking but their crowd sourced router database was still free last time I knew.

Google vans also slurped the data too, Clever Appke never even had to get out of their US bed.

0
1

Page:

This topic is closed for new posts.