Stop stores and airports from tracking your movements
By Kim Komando
Did you know that for several months Wal-Mart tested a facial recognition system that can pick an individual out of a crowd and track them automatically through a store? It's true. Wal-Mart was mainly using the system to spot known shoplifters, but I'm sure you can think of more worrying purposes.
Facial recognition is one of many technologies that brick-and-mortar retailers are testing to get real-time data on their customers. Online stores can see exactly what products and ads a user looks at, but offline retailers traditionally only know what people buy. They want to change that so they can maximize their marketing and profits.
HOW RETAILERS TRACK YOUWhile facial recognition is still in limited use, many retailers, and other locations with a lot of traffic like airports, are using Mobile Location Analytics to track your exact location. For example, an airport knows how much time you spent in a shop, moving through security or at the baggage claim. A store knows when you move from one department to another, or even linger in a certain aisle.
How do they do this?
MLA uses the Wi-Fi and Bluetooth in your smartphone or tablet. Every mobile gadget has a unique 12-digit hardware identifier called a MAC address that it broadcasts via Wi-Fi and Bluetooth. As your gadget comes in range of the various Wi-Fi routers and Bluetooth hubs scattered around a store or airport, the MLA system picks up your MAC address.
Companies collect this information over time and use it to track traffic flow, line wait times, popular products or aisles, tweak employee work schedule and more. But could they use the information to do something more?
The good news is that on its own, your gadget's MAC address tells the store nothing about you. Your name, email and phone number aren't transmitted. At most, it might be able to figure out what manufacturer made your phone.
Most of the companies that handle this tracking have also signed agreements that they won't try to tie your MAC address to any other information they might have about you. Of course, those agreements are voluntary and there are ways a company could identify you if it wanted.
HOW A COMPANY COULD LEARN YOUR IDENTITY
One way is by using in-store beacons. These beacons use Wi-Fi, Bluetooth or Near-Field Communication to connect with your phone and send you deals on products you're walking past. To receive these deals, however, you have to be running the store's app, or have signed up to receive them. So, there's no real privacy concern.
However, imagine if a store were to combine your MAC address location with a beacon pushing a deal to your phone. You likely signed up to receive the deals with your name and email address. It's a simple matter to link that information up with the company's records of your purchase history from your credit card or loyalty card. The store could have a full profile on you in seconds.
Then there's facial recognition, as we talked about earlier. If a company knows your gadget's location, it's a simple matter to point a camera at you. Granted, most facial recognition systems require a photo on file to make a match.
MLA uses the Wi-Fi and Bluetooth in your smartphone or tablet. Every mobile gadget has a unique 12-digit hardware identifier called a MAC address that it broadcasts via Wi-Fi and Bluetooth. As your gadget comes in range of the various Wi-Fi routers and Bluetooth hubs scattered around a store or airport, the MLA system picks up your MAC address.
Companies collect this information over time and use it to track traffic flow, line wait times, popular products or aisles, tweak employee work schedule and more. But could they use the information to do something more?
The good news is that on its own, your gadget's MAC address tells the store nothing about you. Your name, email and phone number aren't transmitted. At most, it might be able to figure out what manufacturer made your phone.
Most of the companies that handle this tracking have also signed agreements that they won't try to tie your MAC address to any other information they might have about you. Of course, those agreements are voluntary and there are ways a company could identify you if it wanted.
HOW A COMPANY COULD LEARN YOUR IDENTITY
One way is by using in-store beacons. These beacons use Wi-Fi, Bluetooth or Near-Field Communication to connect with your phone and send you deals on products you're walking past. To receive these deals, however, you have to be running the store's app, or have signed up to receive them. So, there's no real privacy concern.
However, imagine if a store were to combine your MAC address location with a beacon pushing a deal to your phone. You likely signed up to receive the deals with your name and email address. It's a simple matter to link that information up with the company's records of your purchase history from your credit card or loyalty card. The store could have a full profile on you in seconds.
Then there's facial recognition, as we talked about earlier. If a company knows your gadget's location, it's a simple matter to point a camera at you. Granted, most facial recognition systems require a photo on file to make a match.
However, if a company has your name and email address, it's a short leap to get your profile picture from Facebook and spot you as you walk into the store. Of course, that's unlikely for the foreseeable future because of the backlash it would cause.
However, it doesn't have to be the store that's tracking you. If law enforcement was doing an investigation and got your gadget, they could technically subpoena records from MLA companies for the gadget's MAC address and learn your movements. Or if the MAC address records were lost in a data breach, I'm sure hackers could find some use for them.
HOW TO STOP THE TRACKING
The Future of Privacy Forum has set up a site called Smart Store Privacy. If you go there, you can put in your Wi-Fi and Bluetooth MAC addresses and it will tell participating tracking companies (there are 12 signed on at the moment) not to track those addresses. You don't have to give any other information.
Finding your Wi-Fi and Bluetooth MAC addresses is a little tricky depending on your gadget. Here are some general instructions.
However, it doesn't have to be the store that's tracking you. If law enforcement was doing an investigation and got your gadget, they could technically subpoena records from MLA companies for the gadget's MAC address and learn your movements. Or if the MAC address records were lost in a data breach, I'm sure hackers could find some use for them.
HOW TO STOP THE TRACKING
The Future of Privacy Forum has set up a site called Smart Store Privacy. If you go there, you can put in your Wi-Fi and Bluetooth MAC addresses and it will tell participating tracking companies (there are 12 signed on at the moment) not to track those addresses. You don't have to give any other information.
Finding your Wi-Fi and Bluetooth MAC addresses is a little tricky depending on your gadget. Here are some general instructions.
APPLE
For Apple gadgets, go to Settings>>General>>About and look under Wi-Fi Address and Bluetooth. You're looking for a 12-digit number like 91:17:7B:82:C2:A5 or 91-17-7B-82-C2-A5. It should be clearly labeled. If you don't see an address, you should turn on Wi-Fi and Bluetooth and then check again.
Note: If you're using an Apple gadget running iOS 8 or higher, it changes its MAC address every time it connects to a Wi-Fi or Bluetooth hotspot. So, a store won't be able to track you because it will look like a new gadget every time.
For Apple gadgets, go to Settings>>General>>About and look under Wi-Fi Address and Bluetooth. You're looking for a 12-digit number like 91:17:7B:82:C2:A5 or 91-17-7B-82-C2-A5. It should be clearly labeled. If you don't see an address, you should turn on Wi-Fi and Bluetooth and then check again.
Note: If you're using an Apple gadget running iOS 8 or higher, it changes its MAC address every time it connects to a Wi-Fi or Bluetooth hotspot. So, a store won't be able to track you because it will look like a new gadget every time.
ANDROID
For Android gadgets, every phone manufacturer has things set up a little differently. First, make sure Wi-Fi and Bluetooth are turned on. Then go to Settings>>About Phone, or Settings>>About Tablet. It might be under Hardware Information or Status. If you can't find it, check your gadget's manual for the precise location.
WINDOWS PHONE
For Wi-Fi, go to Start>>Settings>>Connections>>Wireless LAN>>Advanced. Look in the MAC field. Wi-Fi needs to be on for this to work.
For Bluetooth, go to Start>>Settings>>Connections>>Bluetooth>>Accessibility and look under Address. Bluetooth needs to be on for the address to show up.
BLACKBERRY
For Wi-Fi, go to Setup>>Options>>Device>>Device and Status Information, and look under the WLAN MAC heading.
On Blackberry gadgets running OS 5 or earlier, go to Options>>Status and look under WLAN MAC.
For getting the Bluetooth address, go to Connections>>Bluetooth>>Properties to find the MAC address.
Of course, there are tracking companies out there not signed up with Smart Store Privacy. To totally avoid tracking, you'll have to turn off your Wi-Fi and Bluetooth before entering a store. That keeps your MAC address from broadcasting.
