We’re not sure if this is art, anti-snooping guerilla warfare, or just a cheeky hack, but we do know that we like it! [Jasper van Loenen]’s Linger keeps the SSIDs that your cell phone (for example) spits out whenever it’s not connected to a WiFi network, and replays them after you’re gone.
Some retail stores and other shady characters use MAC addresses and/or the unique collection of SSIDs that your phone submits in probe requests to fingerprint you and track your movement, either through their particular store or across stores that share a tracking provider. Did you know that you were buying into this when you enabled “location services”? Did the tracking firms ask you if that was ok? Of course not. What are you going to do about it?
Linger replays the probe requests of people who have already moved on, making it appear to these systems as if nobody ever leaves. Under the hood, it’s a Raspberry Pi Zero, two WiFi dongles, and some simple Python software that stores probe requests in a database. There’s also a seven-segment display to indicate how many different probe-request profiles Linger has seen. We’re not sure the price point on this device is quite down to “throwie” level, but we’d love to see some of these installed in the local mall.
The fact that your smartphone leaks data that’s able to fingerprint and track you should be old news to our crowd. But don’t just take our word for it, try it out yourself! With one Raspberry Pi in your backpack, you could log all the signals around you. Add a few more nodes and you could even try to triangulate your phone within your own home. Just because it’s a creepy invasion of privacy doesn’t mean it’s out of the realm of the DIY hacker.
>>>Did you know that you were buying into this when you enabled “location services”? Did the tracking firms ask you if that was ok? Of course not. What are you going to do about it?
They did ask, most people just don’t read EULAs (not that there’s enough time in the day to read them all).
What am I going to do about it? Turn off WiFi when I’m not using it & disable location services whenever possible.
I suppose this is a way to help the unaware, but without making the problem more visible they won’t change their habits or realize the privacy they’re giving up.
Can one have an expectation of “privacy” in a public space?
To put it crudely, do you agree with ‘upskirt’ photography in a public space?
I agree that privacy is a spectrum. Your “upskirt” example is in the context of personal space vs the larger public space one inhabits, otherwise CCTVs could never be used. The problem is most aren’t cognitive of what those boundaries are and often complain about their privacy being violated when no such thing has happened.
Are you OK with having someone follow you around all day, noting where you go and when? Most people would find that creepy.
@ Elliot Williams: Then they better ditch their cellphones because part of their normal operations reveals time and location.
Like [Elliot] said people have the expectation not to be stalked every time their WiFi probes leave their property line. If the police want to surveil someone they need a warrant, but Jamba juice just needs a couple lines of script on their router. We shouldn’t accept this as the status quo.
You gotta be kidding me.
This isn’t some magic script that tracks you throughout town…
It’s no different than someone taking notes. “That irritating blonde guy came in today again around noon”
Put a few stores together who cooperate and you have tracking which shows them metrics. This requires cooperation by the varying companies. Jamba Juice may not know when/where you go to WalMart. (But the WiFi hotspot provider might if they’re in both locations)
btw, without personal ID attached to you MAC, they can figure out trends which helps them sell product. Once they tie you as a person to the MAC you’ll start seeing ads in Facebook for stores you’ve recently physically attended.
I just keep my WiFi turned off most of the time. And if I do turn it on in the store, I understand they ‘know’ me and their website is much more helpful.
That said, cool idea!
Doesn’t android and iOS randomise the MAC address for probes anyway?
Nope.
Wrong. Algorithms which randomly change MAC address _are_ already in iPhones and Android phones. But they don’t work (as good) as they should.
Source (isn’t so credible, but has links to relevant papers): https://www.theregister.co.uk/2017/03/10/mac_address_randomization/
I’ll have to test out my device. Makes me feel a little better.
new versions of network-manager do this, however. Very nice feature. Have to switch over from my homegrown scripts+plain wpa_supplicant these days
now only there was a way to find out who actually tracks their clients! I suppose with tracking providers, there’d be a chance to find out.
Or emulate hundreds, even thousands of devices appearing and disappearing over the course of a day. That would add a lot of noise to the tracking data.
Even better than noise, would be to replay valid entries…but that would require you to collect valid data. Just a thought.
Better in some ways* ..your idea better in other ways.
A little or a lot of both would be the best of all.
Which is exactly what Linger does ;)
It records all probe requests it can see and replays them. So when I walk around with the device, I appear as a large crowd to trackers.
Many (all?) places have a maximum number of occupants for safety reasons (?) ..I wonder if such tracking systems are aware of this / if you caused the limit to be reached and actions were taken, would you be responsible? Also I should have been more specific when I said ‘valid’: people who have actually been to the location before- which would have different effects than just ‘random’ people showing up. Both have merit.
I doubt most marketing schemes for stores are tied to any real world head count — for example, how do you determine who is caring multiple devices and how many devices?
At different point in my career, I had been know to have up to 4 or 5 wifi devices on me at any given time — more if I was working on someone elses equipment for them. So do you count me as 1 or 5 — well if there are a bunch of IT/techies/nerds in the space your count could easily be WAY off.
Marketing data is ballpark at best. No marketer would ever stand by their numbers in a court of law, thought they will stand by them when money is on the line.
When we setup analytics systems we’re constantly notifying our marketing team of boundary conditions and other short comings to the systems and they don’t care because bad data is better than no data in their mind.
If you had a Linger device within range of one of Mike’s hypothetical random-spoof devices, would Linger learn the bogus entries and replay them too?
If you had two Linger devices walk within range of each other, would they learn each other’s swarms and now everyone is being replayed by two devices and appears in two places at once?
A kind of (LoRa) range test, documentation and source code: http://www.absolutelyautomation.com/articles/2015/12/30/internet-things-iot-using-nicerf-lora1276
I leave wifi default off outside of my home and friendly APs. But what I really want is a mobile phone with a passive POCSAG pager module as the aware of the world listening radio. POCSAG just spams the whole reception area over VHF or UHF and combined with aware answering software in the phone and carrier side the user may choose to either call back or even possibly catch the call if they choose to activate their radio-modem and come up onto the phone network where they are then trackable. It is all about making the mobile device user friendly in a way unlike anything since the old live operator radio telephones the wealthy used before automated station pinging cellular services like AMPS. Even old testament wilderness prophets like RMS endorse the idea in principle if combined with a user respecting open OS and software. Linger is cute and is a real try hard which helps for the little snoops but doesn’t fix the bigger and more dangerous big snoops problem which we can’t seem to fix through public education and our few tech issue aware votes.
Cool, I’ve been thinking of doing just that!
Unfortunately all pager networks have been decommissioned where I live.
Not just WiFi. Car dealerships log Bluetooth devices that come by, too.
True, this is also done at festivals for instance to track visitor flow. This device’s focus is on the wifi signals but I think you should be able to do something similar with Bluetooth.
Just to clearify, the device is not meant to be stationary and make people think you (the owner) is still there. Instead, you take the device with you. When it sees probe requests from other devices it will save those and start replaying them. This means that people that pass in the street seem to come with you. So when I walk into a shop with Linger in my bag, it seems as if 1000+ people just came in. It allows to hide your own device by creating a large virtual crowd.
Shop owners can either decide to use the false metrics, or remove them (including your real data, as they have no way of knowing which member of the virtual group is the real one.
I think someone would be able to figure it out through that “crowd” resolving to a point source.
Only if they considered the datum to be worth the work of discerning it.
or 1499 of those devices are only ever probe requests, and only 1 ever tries to connect or passes any traffic of any sort…
But the arms-race of countermeasures, to collect ever more data about each device and try to ascertain whether it’s real, would require development effort and raise the cost of collecting the data, so Linger is definitely a step towards throwing a wrench in their gears. I love it.
An online database of previously harvested requests would allow you to bring in a large crowd of people from all around the world. The Linger community could share their harvested data, thus blowing the mind of Mr Google and friends.
I really like the idea of sharing the gathered data. In the past I have used PryFi on android but it needs to be much faster. Does anyone know how many ‘probe requests’ could be sent in a given time?
Great idea. I wish this could be done with an app, so it’s more accessible to people. If even 5% of shoppers would do this, all data would be useless.
It’s a really cool project, I love this sort of subversion.
I was always under the impression ‘location services’ meant apps on YOUR PHONE have access to where you are, not wifi sniffers and public wifi’s in stores/shops etc..
Correct. Turning off location services won’t do anything to stop wifi or bluetooth snooping as they’re looking for nearby phones not asking your phone where it is.
This might just give me a reason to actually go to the Mall…