While still in college, one my senior papers involved analysis of patterns of movement in a large local bar/nightclub. The owners had changed the layout of the club several times and were losing money every weekend. After spending time doing some simple observations, I made a few suggestions and after a two week period of implementation, they were making 8-10% more per weekend.
I'm always surprised when I see people who are convinced technology can solve their woes when all you need to do is make some observations. No wi-fi tracking will tell you there's a huge clearance rack blocking your view of several other items. It also won't tell you if a merchandise row is so narrow only one person can stand in front of a display.
Technology is great, but in most retail or commercial environment's, you still need feet on the ground.
It doesn't make sense for Nordstrom to hire a consultant for each underperforming store -- they can save money and make better decisions by using data collection technology. Anyone could go to a retailer on a slow afternoon, see open registers with no one in line, and determine that they could save money by having fewer cashiers. But having the data allows the company make those decisions with much more confidence.
Exactly. Wifi tracking is built into enterprise wifi systems like meraki or aerohive. It's basically already there, so it's going to be way cheaper to implement than having dedicated people eyeballing every store constantly.
The TLDR is its risk avoidance. If it doesn't work, and decisions were made by people, then people, and the people who hired their services are to blame. On the other hand, if decisions were made by numbers, and it doesn't work, no one is to blame, what are you going to do, fire the number 7.356 ?
There's a TON of intangibles that this data absolutely cannot tell you. Watch people's facial expressions as they look at the end of aisle displays. Watch where the kids go, and you can probably sell to their parents there too. Everyone wants to automate around here, and sometimes the other way is actually better.
There's a business opportunity. Rent-a-shopper. Anonymize your purchases by having another person do your shopping. Pick up your purchases at a rent-a-shopper pick up point near you.
I wonder what percentage of the population cares about being profiled though. Less than 5%?
But while consumers seem to have no problem with cookies, profiles and other online tools that let e-commerce sites know who they are and how they shop, some bristle at the physical version
That is a profoundly ignorant statement to make - the vast majority of web users have no concept of the scope at which they are being tracked online.
If there was a sign spelling out all the trackers on every web page like there was a sign in the store, you can be sure a whole lot more people would be "bristling."
I wonder why they're using WiFi signals instead of just analyzing the video feeds from their surveillance systems. It would probably glean the same information.
Either way, I don't have a problem with this as long as they aren't intercepting communications or anything private like my name and recognizing me every time I enter the store. If it's information that they can obtain without identifying me, there isn't much I can complain about. It's their store and as long as my rights are intact I'm cool with it.
(Until recently I was the co-founder/CTO at RetailNext - we analyze shopper behavior in retail stores, primarily using computer vision but also using WiFi signals and other methods.)
WiFi signals contain a device MAC, which gives us a unique ID on the customer. This allows us to track repeat visits to a store, and even visits to different stores within the same retail chain. We can also track the WiFi "pings" from your device to see approximately how long you were in the store, whether you passed by the store without walking in, etc. Essentially the physical-world equivalent of data that google analytics provides you for your website.
The type of data described above is not quite possible to obtain via video as face recognition is nowhere near as robust, certainly not when it needs to be done non-intrusively as in a retail environment.
Video is still very useful however as it gives us 100% customer coverage - many customers still don't have smartphones, many that do keep WiFi turned off, many stores don't have WiFi APs, etc.
I'm not an expert, but I have looked into some of the basics before and computer vision is really freaking hard to do very well. It's relatively easy to get a basic proof of concept up and running, but in a store you have people carrying shopping bags, people moving products and things around, employees going about their business, people pushing shopping carts around, and have kids running around. I'm sure this presents a considerable challenge to accurately track what's going on just by relying on analyzing video feeds without human intervention. In contrast, it's pretty much easier to just track WiFi signals.
As long as no personally identifying information such as a phone number or some sort of phone ID is gathered without a customer deliberately giving it to the company and tracking cookies aren't used without permission, I wouldn't think there's much of an issue here. I might even appreciate, with some kind of deliberate opt-in, seeing some coupons or sales info showing up on my phone when I'm spending 5-10 minutes in one single section of the store.
This is still a potential privacy issue if they're somehow using cookies or some other information to track people without their consent, but as it's presumably on private property this is a different kind of privacy issue than government spying.
> or some sort of phone ID is gathered without a customer deliberately giving it to the company
Chances are better than good that they're capturing your MAC address. While not necessarily unique, on cell phones, it's probably as good as in the vast majority of cases.
> I wonder why they're using WiFi signals instead of just analyzing the video feeds from their surveillance systems. It would probably glean the same information.
With WiFi signals they can uniquely identify a single customer (by MAC) without having to rely on facial recognition or complex image processing. I'm guessing that's the reason.
Ah, that makes sense. Don't know how I feel about being uniquely identified though. I thought they were just gathering things like movements and gender.
Only your device MAC is collected though, to track things like repeat visits, so I think it's similar to how websites track your IP. There is no "database" today to associate the device MAC back to any personal information.
"There is no "database" today to associate the device MAC back to any personal information."
You can _say_ that, but the marketing-hacker in me is already thinking about how to hook the wifi MAC address to the credit card payment database, and how to run in-store specials "Like us on Facebook via our free wifi to get $super-special-deal!"
I think saying "There is no "database" today … " is disingenuous at best. I would bet with 100% certainty that someone, somewhere, has been collecting and correlating MAC addresses and individual's identities, and is almost certainly selling access to exactly that database.
(Cynical thought, what're the chances that Apple aren't, right now, already doing realtime lookups on the purchase histories of the original owners of wifi capable iOS device that arrive in their stores with the wifi switched on?)
I should've clarified - there is no database today that is accessible to retailers and/or tracking software vendors. Device vendors like Apple certainly have a database that maps device UDID/MAC to your personal information, but they are very serious about protecting it. Today :)
In the better retail video systems, video is time-synced with the registers. I'm not sure how many are doing it right now, but indoor tracking and indoor mapping people would be foolish to not sync their data with the registers as well.
Put another way...
It is a trivial matter to know that it was your phone at the register when your debit card was used.
But they would still only have MAC address and charge, credit or debit card info.
Electronic payments are an entirely separate issue and there ought to be strong legal requirements preventing retailers and credit card companies from sharing data about people's purchases. Or, better yet, anonymous electronic cash like BitCoin.
While the invasiveness of a database of purchases linked to identities by credit card is substantial, it is orthogonal to the collection of how the user walked through the store. That hardly adds any additional value for anyone when it's just one datapoint. It's completely useless to insurance companies, maybe useful in aggregate to other stores. The point is to more effectively lay out displays to drive impulse purchases from people in aggregate. It would not be in Target's interest to let Wal-Mart know what the traffic pattern is in a Target.
If you are not already disclosing the fact that you shopped at the store by using a credit card, then there is nothing to tie your MAC address to your identity.
iOS and Android devices send a WiFi "ping" every so often - I believe this is done to improve locationing accuracy, by augmenting GPS data with WiFi signal strength data. You can read these pings from any AP, even if the device is not associated with the AP. You'll only get the device MAC, but that's enough to tell you the device make and get a unique ID on the customer.
And remember to turn off Bluetooth as well - the wifi and bluetooth MAC addresses are sequential - if you see one you know the other.
More paranoidly… A femtocell could fool your phone into revealing your phone number over the GSM/CDMA transmitter's channel. If I were involved in some extremely high value sale where the identity of potential purchasers was not always known, and where knowing it earlier might help close a sale (perhaps real estate or luxury cars?) - it'd be _so_ tempting to at least trial soemthing borderline-evil like that. (And now I'm inventing a small network of femtocells with directional antennas in white vans parked outside competitors - to track which of your potential customers are visiting which competitors…)
It seems like it would be trivial to tie in the location tracking with the products someone purchases and if you are using a rewards card (like most grocery stores have) then the store has all of your information tied to your MAC address.
It's not just stores, any place could have these systems set up. Malls, airports, stadiums, schools, or even your workplace.
Is it possible to obscure or modify a phones wifi strength when not connected to a network to prevent this tracking?
I just watched the video. They mention that they use equipment from http://www.aerohive.com/, which just seem to be normal wifi infrastructure.
It seems like only people who actually connect to the wifi can be tracked. There's no way to harvest the MAC address of a wifi device that hasn't connected to your network, is there?
As a store, this seems to be not that valuable to me. I can't imagine that very many shoppers actually take the time from shopping to decide to connect to your wifi. I get that they only need to do this once, and after that, it will auto-reconnect. I'm still not buying it as an effective tracking method.
(I've evaluated several wifi tracking systems) - your device doesn't have to connect to the network to be tracked; wifi just has to be on. While searching for nearby networks, devices constantly chirp their MAC address.
There's no way to harvest the MAC address of a wifi device that hasn't connected to your network, is there?
Yes, there is. If you set your WLAN interface to monitor mode and run tcpdump or similar, you can look at packets passing by, even if you're not connected to a network at all. I built a Wifi tracking system this way when I was in school.
Thanks for that. I wanted to understand how this was working.
This seems like a pretty powerful data source to use for all sorts of things, if it's always accessible like that. A world readable cookie for every yuppie and hipster on the planet!
I don't particularly see an issue with this, but I welcome any insights to convince me otherwise.
You have no expectation of privacy when in public. My question is whether there is any difference to someone following you around a mall as you go through your shopping journey (whether with cameras or in person even), as compared to someone following your phone?
"You have no expectation of privacy when in public."
I'm seeing this objection a lot lately, and perhaps I'm showing my age here, but I've certainly got an "expectation of being largely individually anonymous when in public". While there's nothing to stop people looking for me and possibly finding me in public - I _don't_ expect people(/corporations/tlagencies) to be recording everybody in public spaces and archiving them permanently in ways that allow all archived recordings of me to eventually be crossreferenced and de-anonymised.
These days though, the technology exists to do just that - and people/companies/agencies are doing it on smaller or larger scales, without societies discussion or approval, and without the laws regarding that collection being brought up-to-date regarding the citizenry's wishes.
The genie is probably a long way out of he bottle now, face detection, face recognition, ubiquitous cellphones with their wifi, bluetooth, and GSM/CDMA transmitters - we are all, in a lot of circumstances, uniquely identifiable in crowds - and probably a startlingly large amount of the time, fairly trivially trackable across spaces till we get to places where things like credit card transactions can tie all recorded surveillance back to our legal identities.
But acknowledging that all that's _possible_, doesn't mean we need to accept that it's open season on personal tracking data. Your health care providers are under heavy regulation about what data they're permitted to collect and the standards they're required to secure that data too(HIPPA, in the US). Anybody collecting credit card payments needs to comply with the PCI standards.
Instead of saying "you have no expectation of privacy in public … ", shouldn't we at least consider having the discussion about "now that ubiquitous surveillance is technically possible, what are the community expectations of privacy in public, and should we choose to regulate the collection, storage, and use of personal data collected in public spaces?"
Times change. Peoples opinions and expectations change. Laws change - slower than public opinion, but they _eventually_ catch up (hopefully with the right "lag" to avoid fashion/fad law changes, but quickly enough to stop people revolting against law enforcement and the legal system).
Speeding used to be "legal", back before we passed laws recognizing the "danger to society" these new-fangled horseless carriages represent. Cocaine, ecstacy, and LSD were all once unregulated and "legal". It used to be OK to take pocketknives and drinks on airplanes. It used to be against the law to export strong crypto from the US. It used to be legal to own slaves.
I'm not suggesting society or the law have settled on ideal solutions or reactions to those examples - but I am suggesting it's time to at least start talking about whether there is a difference between a "shopping researcher following someone around a mall", and an automated system tracking and recording everything every visitor to a mall does - and tying that back to "unique identifiers" (phone's wifi/bluetooth MACs, face recognition, cc details at cash registers), then being able to track that all across multiple visits or visits across multiple locations.
Personally, I'm of the opinion that "public space personally identifiable data collection" should be regulated similarly to HIPPA. There needs to be accountability, transparency, up-front notification, and ability for an individual to opt out without suffering any repercussions. I think shopping mall operators should be asking them selves serious questions about whether their ongoing responsibility to secure any personally identifying data (camera feeds, facial recognition output, skeletal geometrics, personal electronics identifiers, etc) - and the legal penalties they'd be responsible for if that data ever gets misused or exposed - is worth the benefit of collecting and storing it in the first place. I think police departments and towtruck/repo cpllectives doing widespread ANPR should all be shitting themselves at the legal/financial consequences of their databases of time/location of individual's vehicles being stolen, and ensuring they've got auditable/provable policies in place to minimise the storage of that data to very short timeframes to demonstrate "reasonable care" of people's privacy in any future court cases.
I might be wrong - and perhaps most of society thinks that's all unnecessary government regulation (and hell, I'm perhaps hypocritically all for "small government" and fewer rather than more laws) - but I'm pretty sure nobody has actually _asked_ "the public" whether it's OK with them while explaining what "it" is and the consequences (either positive or negative) to them. I'd at least like that discussion to happen.
Banning efficiency, of all things, seems counterproductive. If someone (or a government) really cares, they can simply spend the resources to do full-scale surveillance and tracking the old-fashioned way. It's not like we'll refuse to pay for it, given budgets what they are today. Lack of technology didn't stop the surveillance apparatuses of the USSR or East Germany. They just had larger staffs than we do.
Either something is okay, in which case it's okay to do with a machine, or it's not, in which case it's not okay to do at all. If it's okay to tail someone with a police car, it's okay to follow them with a drone. You stop mass surveillance not by making it cost the taxpayer more, but by outlawing mass surveillance and requiring some sort of suspicion or probable cause for each individual case.
People who want to track and surveil others like efficiency, but are in general still capable of hard work. Raising the effort required stops only the most pedestrian violators.
I'm basically writing in agreement with bigiain. I want to specifically look at this quote:
> Either something is okay, in which case it's okay to do with a machine, or it's not, in which case it's not okay to do at all.
Let's reflect that it's fairly easy, in the grand scheme of things, to bring explosives on board an airplane and take it down. The reason that doesn't happen more often isn't because screening procedures are so effective -- it's because very few people want to do that.
Now, people generally don't like the idea that the government, or stores, or unfriendly neighbors, or their daughter's boyfriend, might track their every movement day and night without end. And if you proposed that it should be allowed, you'd poll a lot of "it's not okay to do at all". The reason it's happening now is because it was "okay" before, which led people to do it as soon as it became possible. But, and this is where the cost structure becomes relevant, the reason it was "okay" before is not that society made a considered judgment that this sort of thing should probably be allowed. The issue was never considered at all, because the practice was impossible and therefore considering the issue was pointless. All kinds of things are legal right now only because they can't actually be done, but that's not a compelling argument for letting people do them even if they could be done.
Automated methods of surveillance also allows for a level of surveillance that might not be possible even with a very large staff. As technologies enable and lower the barrier, more and more businesses and governments are likely to spy/check on people without reason. So it simply isn't true that without technology to aid the would be spies, that surveillance would remain the same or even at a similar level simply due to their diligence.
Banning efficiency, of all things, seems counterproductive."
Counter-argument: For many thing the efficiency of enforceability is built into the penalty structure. "The public" accepts - more or less - the current penalties for speeding/parking/general traffic offences. This is in spite of the fact that most of us "speed" when we consider it safe/appropriate, that most of us will stop in a no parking zone briefly if we think we aren't going to inconvenience anybody, that we'll use our better judgement at stop signs or merge lanes or double lines and obstructed roads.
If someone proposed a "better 'cause it's _more efficient_" means of enforcing road rules, where every single infraction was immediately deducted from your bank account - we (the people) would rightly push back and demand a reconsideration of what an "infraction" is, and how much the penalty for an infraction cost. And, indeed, whether implementing such a "super efficient" system is what anybody wants.
Super efficient surveillance is similar. It's now possible in ways that it never was when we wrote the laws regulating it. If you take out a camera and shoot a few shots in a park, you might get a few odd glances, but you're unlikely to get asked to stop unless you're being creepy. If you stand outside schools and take photographs of every child arriving and leaving you'd rightly expect to get asked to explain who you are, what you're doing, and where those photos are going to end up. Even if you're a cop or FBI/NSA operative, I'd expect you to get asked about what case you're working on, who's supervising it, and what probable cause you have to justify invading the privacy of every schoolchild at this school.
These days, it's clear that shopping mall and store security cameras, and wifi base stations sniffing phone wifi IDs, are capable of collecting - and with very little doubt actually collecting right now - much more detailed and accurate data about individuals (including the "think of the children" example earlier - these systems don't discriminate about all the kids hanging out in shopping malls).
Who's being held responsible for that data? Who's tapping the guy with the harddrives full of images and cellphone ID's on the shoulder and saying "Hang on, who are you? On who's authority are you collecting all these images and IDs? Where are they going to end up? Who's signed up to accept legal/financial responsibility if this data is misused or stolen?" Why isn't he being treated with the same suspicion as the guy outside the school with the camera?
Whoa. Once the code is written and so long as the rest of the infrastructure is in place, it can be done wholesale. Cheaply. In perpetuity. To anyone.
To do so sans technology requires an undue amount of resource. Ie the energy required to surveil 1x1 personally vs algorithmically is substantial and one is much more feasible than the other (especially if you don't read the TOS - and who does?)
All that said, though, I think we are mostly on the same page: you have to accept responsibility for your actions in public. I think where we differ though is that the majority of people don't have a clue wtf is actually going on.
PS the argument doesn't hate you. It's willing to take any and all input, process it, and maybe come out changed. It loves, respects, and thrives on you.
If the U.S. Government wants to know who is communicating with whom in a world without modern technology, it can hire n government workers to sit at a desk and write down the address information on all the envelopes passing through USPS in a day. Expensive? Yes. Impossible - to the entity that fought WWII, landed on the moon, and continues to maintain a pretty much stable country of 300 million people? No. Our government may suck at cost-efficiency, but it is great at throwing resources at things that scale O(n), like the number of postal workers required to handle n letters.
There are good arguments to be made that it's not the government's place to know who is communicating with whom anyway, so it shouldn't be allowed to. If this is the case, than it shouldn't be allowed to by any means.
But how does a shopping mall not have the right to watch people move through its store? If it's wrong to watch the EM signals people emit as the move through, then is it also wrong to watch the light they reflect? I've seen employees doing traffic analysis in museums pretty frequently - in fact art museum security guards do it all the time. They could do the same in a mall. They could even park an employee with a clipboard on the second level and map out people's movements between stores below. Focus on one store at a time, find out where all the people leaving that store go. You'd still get the same result - the general trends of how people move around the stores, based on our evolutionary "tracking" ability - the Orwellian step of correlating neural impulses from the eye as belonging to the same object in different positions. Which is exactly what this cell phone tracking system does, except with MAC addresses instead of faces and hairstyles.
I say this to emphasize that not all tracking is bad. Correlating different sensory input with past and future inputs is a large part of being human. Hell, in a small town 50 years ago, the general store owner probably knew you and what you've bought before and who your friends are. The post office worker could recognize a scandalous pattern of letters are tell your family about it. That's way more invasive than this. Involvement of machinery is not the difference between good and bad tracking.
"I've seen employees doing traffic analysis in museums pretty frequently - in fact art museum security guards do it all the time. They could do the same in a mall. "
Fundamental difference though: a security guard with a clipboard jotting something down as I go past is one thing. I can come back tomorrow or next week, and he can jot something down again - but it's very difficult to correlate the two. If you're capable of grabbing my phone's wifi MAC address though, you know (with a reasonably high degree of certainty) that both visits were me. And you can share that data with the other museum across town without me knowing (and they can share it with my insurance company, and my insurance company can be targeted by hackers working for art thieves… Not _super_ plausable, but what if we subsistute "museum" with "bike shop" and "art thieves" with "criminal bike gangs"? Or substitute "museums" with "gun shows" and "art thieves" with "gun thieves"? http://www.themercury.com.au/article/2013/05/17/379402_tasma...
No, they can't share it with your insurance company, because your MAC address is never correlated to other personally identifying information. Best they can do is the brand of your smartphone.
Yeah, but he whole "pervasive surveillance" thing means there's no meatspace equivalent of Perfect Forward Security here. It only takes _one_ instance where someone can map my MAC address to an identity for the entire recorded chain to lose it's anonymity - one venue "in the system" where I make a credit card purchase or divulge my identity. Hell - if we're being paranoid, a sufficiently determined wifi access point operator has a _lot_ at their disposal to attempt to de-anonymise a specific phone. iOS for example under some conditions transmits the MAC addresses of the last 3 access points its connected to. There's a reasonably high chance on of them's my home and/or work wifi - use some tool that'll sniff all those ARP requests and geolocate them[1] to get partial address data. A determined enough attacker might be snooping any traffic that the phone puts through the network. Using non SSL protected POP3 or IMAP - guess who's got your email address (and password!)? Does your Twitter/InstaGram/Pintrest/4Square/SnapChat/whatever client always use SSL? Are ay of them vulnerable to sslstrip or MITM-able with unsigned certs? How many websites does your phone browser happily send unencrypted cookies to that're capable of providing strong hints to your identity? (Even HN did this up to a few months ago. "superuser2" doesn't reveal much about you, but knowing I'm "bigiain" in HN is enough to uniquely identify me.)
Now you've got me wondering just how many of the widespread free wifi rollouts are relying on this as part of their monetisation. McDonalds free wifi would be a great network to do this on. My local shopping center free wifi is almost certainly run by the same company as all of the othe AMP Capital shopping centers in Australia. And now that I think about it, they're pushing the center wifi hard, with things like Pinterest promotions and "like us on Facebook" and "download our iPhone app" - all things that could easily deanonymise my MAC address...
Agreed (and sorry for the edit confusion). My qualm is that people aren't intricately aware that it's happening. Because technology makes it so efficient it can happen wholesale, at little (compared to physical 1 on 1) expense.
I also agree that tracking could be beneficial. But, if there were an inflatable robot that popped up over everyone's shoulder when they were being tracked for this convenience, there would be a different opinion, IMO. Right now - likely because it's so new - the general populous has no clue what they are trading for such convenience. That - to me - is the problem.
>Either something is okay, in which case it's okay to do with a machine, or it's not
Actually, if you follow someone around everywhere they go, even in public, unless they've famous and you're a paparazzi you're likely to get charged with stalking.
So the problem people have with this is the lower cost to the store? They'd be happy with the tracking if the store had to spend more resources to do it? I doubt it.
Security personnel undercover as shoppers already exist and are widely deployed to surreptitiously follow suspicious people. We can and do and will continue to stand for it.
There is a difference between security personnel (who may be responsible for observing hundreds or thousands of people per shift) and wholesale aggregation, analyzing, and collection of data.
We stand for it only because the people being tracked are likely to be criminals. We understand that if we do not engage in criminal activity we will very likely not be followed. If my local store started tracking me for no good reason I would go elsewhere.
>If my local store started tracking me for no good reason
You can know that the store uses secret shoppers in general but unless the secret shoppers are terrible at their jobs, you wouldn't know whether or not you're being tracked.
Also, doing traffic analysis and strategically placing displays in retail stores has been happening since long before cell phones. Just put someone behind one-way glass, on the mezzanie level of a mall, or even right on the floor with a clipboard.
I do not disagree that tracking happens. What I disagree with is your implication that the scale at which it happens is irrelevant. It isn't. A security officer tracking me in a mall or a secret shopper recording my actions constitutes a single data point. Mechanically recording of all my movements within the store by tracking my cell-phone removes entirely all of my anonymity.
This kind of stuff is creepy, Orwellian and it can fuck right off.
Which is cheap compared to, say, a private investigator. Not to mention that it scales a lot more easily -- and such data is a lot more fine-grained and more easily manipulated than any report you'd get from a P.I. trailing someone.
I'm not so bothered by them tracking movements around the shop.
But they keep that data, and use it to recognise repeat visitors.
In general when people keep data about me there should be a few minimal protections: keep that data secure, use it for what they say they're going to use it for, offer me the option to opt out[1], don't keep the data too long, let me know that you're doing it.
In the UK this is covered by Data Protection law.
To answer your question: I'd much rather they tracked my phone than a person followed me with a camera.
[1] I prefer "don't do it unless I've opted in" but it feels like I lost that argument.
So you'd be fine if somenoe would follow you in a car with dark windows and park outside the building when you spend time at home/work/etc.? If there is no expectation of privacy, there should not be a problem with that. How about drones? In a few years it should be possible to have anyone be followed by one all the time. Would you be fine with that? I think at a distinct point it becomes really creepy, especially if you don't know who is actually following you.
The car with dark windows example is how police surveillance has worked for decades. So while it would be uncomfortable, society is pretty clearly in agreement that that's an allowable investigative tool.
That's true - within the bounds of expected police resource usage. We all expect enough "probable cause" for a police officer's superior to approve dedicating sufficient manpower to do that.
I'm less certain that "society is in agreement" with police ANPR systems hoovering up ~1000 number plate records per shift without any "probably cause" and archiving that time/location data permanently. I know it's happening - but mostly because people don't know about it, rather than because most people think it's OK…
APBs existed before ANPR. It's pretty well known that police who are driving around also have their eyes open for known fugitives, stolen cars, etc. There has to be a reason for an ANPR read of your car to actually do anything.
Making that electronic lets the cop focus on driving and increases the maximum number of cars he can be looking for.
I think it has something to do with the power relationship: they can see you, but you can't see them. You might be able to see a camera pointed at you, but the phone locator operates over a passive mechanism that you can't see. Not unfair when you're on their turf--or much different from the online reality, as some have stated--but I could see how it might be disconcerting nonetheless.
Agreed, they could achieve the same thing with security cameras and facial recognition (though way more expensive I imagine). People aren't up in arms about security cameras in store.
Who's going to build the mobile application that monitors the user's location (via GPS) and automatically sets the wireless NIC's MAC address to a specific value whenever the user is near one of these stores (and isn't connected to a real wireless network)?
Surely having a handful of shoppers who all have the same MAC address in one store at one time would screw up their analysis a little bit, no? It would certainly make it much more difficult to track a specific individual.
I'm not as disturbed by them tracking their customers (I mean they've always had cameras in stores and recorded all your purchases anyways), as I am to the amount of effort and efficiency that goes into maximizing the amount of stuff they sell people. Like putting the milk in the back of the store so you see 50 other things on the way that you also might want to get, or putting ".99" at the end of the price tag to abuse our inability to estimate numbers.
It's the same tricks basically, just far more efficient. Making the optimal store layouts so customers spend as much time inside as possible or get exposed to as many other items as possible. Use machine learning algorithms to set the prices so every price is as high as it can be before people stop buying it entirely.
Yes, they've been placing food/beverages at the back since years ago.
This also means that customers that are in a hurry to buy bread/food/milk/whatever are more likely to go to their local grocery store. As we, the customers, may be stupid enough to buy into their .99 tricks, but we aren't so stupid as to not notice that it took 3 hours to buy milk or bread, as many times you're really not in the mood to gape at useless shit. It's interesting though that local grocery stores are not so common in the U.S., compared to Europe. To get food, I only need to cross the street.
Also, setting the prices dynamically will not work in an online world. What if customers had a mobile app with which they could compare prices with other retailers just by scanning the bar code? Again, customers aren't so stupid - they may not notice that the price of individual items has gone up, but they do notice fluctuations in their monthly spending.
I can testify that the milk trick does work, at least with my own family. They say they will promise to only spend a minute getting milk and end up buying a bunch of other groceries as well.
Dynamic price setting works because people are not perfect rational actors that compare every single item they look at to the lowest price in town. I don't know if anyone does that actually.
People might notice a bigger shopping bill, but they are more likely to attribute it to buying more than slightly higher prices on every single item, which they might not even notice.
In any case they wouldn't be doing this if it didn't make them more money.
So at the cost of usability (for the cell user), wouldn't a product (or homemade solution: Hello, tin foil!) that blocks RFID/wifi signals wrapped around the phone also foil (ouch) this tracking? I'm thinking something like Blokket (http://howsyourrobot.com/2012/09/26/blokket-blocks-rfid-wifi... - I have no direct knowledge of this product, BTW; just googled RFID/wifi blocking).
Obviously this won't work for facial recognition, but I see that's discussed in other comments.
Were it not for their name, "Cookies" would not be generally accepted. We should have named them "Roaches", then no one would say, well it's just a roach.
You don't need a super-dense AP deployment for location tracking of clients to work.
A client that's actively looking for networks to join will occasionally broadcast a probe request frame on all of the channels it can transmit on, trying to get nearby access points to respond. If you have at least three access points that "hear" the same probe request and you know where those access points are located, you can use the position information of the access points combined with the received signal strength of the probe request frame at each access point to compute that client's position.
just a quick follow up - I noticed that "is sounds unlikely" is doubting your statement - I am sure the directional / location of wifi is pretty accurate - its just my intuition about such things is so wildly off I would need to do some cacls on signal strength over metres of distance.
I'm always surprised when I see people who are convinced technology can solve their woes when all you need to do is make some observations. No wi-fi tracking will tell you there's a huge clearance rack blocking your view of several other items. It also won't tell you if a merchandise row is so narrow only one person can stand in front of a display.
Technology is great, but in most retail or commercial environment's, you still need feet on the ground.