Linger Keeps You Around After You’ve Gone

We’re not sure if this is art, anti-snooping guerilla warfare, or just a cheeky hack, but we do know that we like it! [Jasper van Loenen]’s Linger keeps the SSIDs that your cell phone (for example) spits out whenever it’s not connected to a WiFi network, and replays them after you’re gone.

Some retail stores and other shady characters use MAC addresses and/or the unique collection of SSIDs that your phone submits in probe requests to fingerprint you and track your movement, either through their particular store or across stores that share a tracking provider. Did you know that you were buying into this when you enabled “location services”? Did the tracking firms ask you if that was ok? Of course not. What are you going to do about it?

Linger replays the probe requests of people who have already moved on, making it appear to these systems as if nobody ever leaves. Under the hood, it’s a Raspberry Pi Zero, two WiFi dongles, and some simple Python software that stores probe requests in a database. There’s also a seven-segment display to indicate how many different probe-request profiles Linger has seen. We’re not sure the price point on this device is quite down to “throwie” level, but we’d love to see some of these installed in the local mall. 

The fact that your smartphone leaks data that’s able to fingerprint and track you should be old news to our crowd. But don’t just take our word for it, try it out yourself! With one Raspberry Pi in your backpack, you could log all the signals around you.  Add a few more nodes and you could even try to triangulate your phone within your own home. Just because it’s a creepy invasion of privacy doesn’t mean it’s out of the realm of the DIY hacker.

40 thoughts on “Linger Keeps You Around After You’ve Gone

  1. >>>Did you know that you were buying into this when you enabled “location services”? Did the tracking firms ask you if that was ok? Of course not. What are you going to do about it?

    They did ask, most people just don’t read EULAs (not that there’s enough time in the day to read them all).
    What am I going to do about it? Turn off WiFi when I’m not using it & disable location services whenever possible.

    I suppose this is a way to help the unaware, but without making the problem more visible they won’t change their habits or realize the privacy they’re giving up.

        1. I agree that privacy is a spectrum. Your “upskirt” example is in the context of personal space vs the larger public space one inhabits, otherwise CCTVs could never be used. The problem is most aren’t cognitive of what those boundaries are and often complain about their privacy being violated when no such thing has happened.

      1. Like [Elliot] said people have the expectation not to be stalked every time their WiFi probes leave their property line. If the police want to surveil someone they need a warrant, but Jamba juice just needs a couple lines of script on their router. We shouldn’t accept this as the status quo.

        1. You gotta be kidding me.
          This isn’t some magic script that tracks you throughout town…
          It’s no different than someone taking notes. “That irritating blonde guy came in today again around noon”
          Put a few stores together who cooperate and you have tracking which shows them metrics. This requires cooperation by the varying companies. Jamba Juice may not know when/where you go to WalMart. (But the WiFi hotspot provider might if they’re in both locations)
          btw, without personal ID attached to you MAC, they can figure out trends which helps them sell product. Once they tie you as a person to the MAC you’ll start seeing ads in Facebook for stores you’ve recently physically attended.

  2. I just keep my WiFi turned off most of the time. And if I do turn it on in the store, I understand they ‘know’ me and their website is much more helpful.

    That said, cool idea!

      1. Which is exactly what Linger does ;)
        It records all probe requests it can see and replays them. So when I walk around with the device, I appear as a large crowd to trackers.

        1. Many (all?) places have a maximum number of occupants for safety reasons (?) ..I wonder if such tracking systems are aware of this / if you caused the limit to be reached and actions were taken, would you be responsible? Also I should have been more specific when I said ‘valid’: people who have actually been to the location before- which would have different effects than just ‘random’ people showing up. Both have merit.

          1. I doubt most marketing schemes for stores are tied to any real world head count — for example, how do you determine who is caring multiple devices and how many devices?
            At different point in my career, I had been know to have up to 4 or 5 wifi devices on me at any given time — more if I was working on someone elses equipment for them. So do you count me as 1 or 5 — well if there are a bunch of IT/techies/nerds in the space your count could easily be WAY off.

          2. Marketing data is ballpark at best. No marketer would ever stand by their numbers in a court of law, thought they will stand by them when money is on the line.

            When we setup analytics systems we’re constantly notifying our marketing team of boundary conditions and other short comings to the systems and they don’t care because bad data is better than no data in their mind.

        2. If you had a Linger device within range of one of Mike’s hypothetical random-spoof devices, would Linger learn the bogus entries and replay them too?

          If you had two Linger devices walk within range of each other, would they learn each other’s swarms and now everyone is being replayed by two devices and appears in two places at once?

  3. I leave wifi default off outside of my home and friendly APs. But what I really want is a mobile phone with a passive POCSAG pager module as the aware of the world listening radio. POCSAG just spams the whole reception area over VHF or UHF and combined with aware answering software in the phone and carrier side the user may choose to either call back or even possibly catch the call if they choose to activate their radio-modem and come up onto the phone network where they are then trackable. It is all about making the mobile device user friendly in a way unlike anything since the old live operator radio telephones the wealthy used before automated station pinging cellular services like AMPS. Even old testament wilderness prophets like RMS endorse the idea in principle if combined with a user respecting open OS and software. Linger is cute and is a real try hard which helps for the little snoops but doesn’t fix the bigger and more dangerous big snoops problem which we can’t seem to fix through public education and our few tech issue aware votes.

    1. True, this is also done at festivals for instance to track visitor flow. This device’s focus is on the wifi signals but I think you should be able to do something similar with Bluetooth.

  4. Just to clearify, the device is not meant to be stationary and make people think you (the owner) is still there. Instead, you take the device with you. When it sees probe requests from other devices it will save those and start replaying them. This means that people that pass in the street seem to come with you. So when I walk into a shop with Linger in my bag, it seems as if 1000+ people just came in. It allows to hide your own device by creating a large virtual crowd.
    Shop owners can either decide to use the false metrics, or remove them (including your real data, as they have no way of knowing which member of the virtual group is the real one.

      1. or 1499 of those devices are only ever probe requests, and only 1 ever tries to connect or passes any traffic of any sort…

        But the arms-race of countermeasures, to collect ever more data about each device and try to ascertain whether it’s real, would require development effort and raise the cost of collecting the data, so Linger is definitely a step towards throwing a wrench in their gears. I love it.

    1. An online database of previously harvested requests would allow you to bring in a large crowd of people from all around the world. The Linger community could share their harvested data, thus blowing the mind of Mr Google and friends.

      1. I really like the idea of sharing the gathered data. In the past I have used PryFi on android but it needs to be much faster. Does anyone know how many ‘probe requests’ could be sent in a given time?

  5. I was always under the impression ‘location services’ meant apps on YOUR PHONE have access to where you are, not wifi sniffers and public wifi’s in stores/shops etc..

    1. Correct. Turning off location services won’t do anything to stop wifi or bluetooth snooping as they’re looking for nearby phones not asking your phone where it is.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s