Disclaimer: I work at Density (https://www.density.io) building an anonymous people counter.
MAC address tracking is a good simple way to get an approximate number of people: it's very easy to install, it requires only a WiFi antenna, and the data is easy to translate into a count. However, there are privacy and legal concerns which have prompted phone vendors to obfuscate this data. And there can easily be zero (or more than one) broadcasted MAC address per human, even when filtering by OUI.
Retailers have been using specialized "people count" technology like infrared break-beams, thermal cameras, and CCTV+CV systems for a long time. CCTV is the most accurate by far, but it's also commonly considered to be an invasive level of surveillance (and rightly so). It's also not particularly accurate in adverse situations. At Density, we looked at (and tried) many of these technologies - but ultimately found them lacking because they were either too invasive or too inaccurate. The device we've built uses a lower-resolution depth-only sensor because it can return extremely accurate results, without having the capability for facial recognition or other analysis techniques that are harmful to privacy. So far the technology is working very well - with an algorithm based on a deep-learning "human classifier" we're seeing accuracy above 99% in many of our deployments.
Here's a cool (and in-progress, excuse our dust) summary of some issues that the technology has to navigate: https://faq.density.io/algo/
The concerns you raise are true in corner cases, but the general use case should be good enough. Your solution also seems to require mounting one of your devices at the entryway of every room for which you wish to monitor occupancy. Seems like it could be costly, especially if doing so requires wiring power up to it.
We've switched from a mobile phone MAC address based location analytics people counter system(I believe founded by someone who worked on Google Analytics) to a stereo camera based system(bellwether).
We switched as our original provider's business model shifted(I believe in part due to the change in MAC addressing by telecom providers?).
We believe strongly in personal freedom and personal data security.
But we are scratching our head as far as what we can do to ethically and affordably better understand and serve our customers in an integrated(digital & meatspace) way.
Without knowing what specific depth sensor you're using, most of them are essentially B/W IR cameras so it seems a bit disingenuous to say that is better for privacy.
The depth map you provide doesn't contain the full output of the sensor, but how is that any different than using cameras but not passing the data up any higher?
If you look at this video:
https://www.youtube.com/watch?v=YOKMx7EDVys you can see the kind of image that Density has access to, though their depth map they show is only what's on the left side.
Looks cool!
I’m wondering how you would deal with cumulative errors. Lets say you have a meeting room with one door with one sensor, and the sensors has a 99% accuracy. If 100+ people walk through the door, the sensor could still report 1 or 2 persona in meeting room, while nobody is there.
Do you have work arounds for this problem?
Really interesting. What sort of limits/constraints do you have? For example, I've seen older methods have trouble maintaining tracking accurately at 12-24+ people in an room size area.
guscost correctly describes the limitations of MAC address tracking. In my experience building Aura Vision [1], we've also discovered MAC tracking is no longer GDPR compliant, because an identifier about a person is stored indefinitely. This gives retailers the ability to measure the same identifier returning. The same goes for Bluetooth/BLE tracking.
We are a CCTV/deep learning system that uses existing infrastructure (think old school grainy security cameras), and we're are also able to capture additional information like age and gender of a person. Unlike other invasive/HD CCTV systems, we don't use facial recognition, and we also work over very wide areas, not just over restricted doorways.
It's commonly used by some retail and shopping malls to "estimate" traffic and conversion. It's great for determining peak times and visit duration. This kind of technology has been commercialized for some time now.
People counters for retail stores or airports are commonplace, true. Recently, humanitarian aid organisations began to show interest in using them, as well. They could use them for instance to manage refugee camps better or to understand migration routes.
So we built a tool for the NGOs in this sector, with a very similar technology used by OP as basis:
One key difference is that each Aileen box is a client, which will upload its findings to a server, so that NGO management staff can review it.
Now that the basis is there (and being piloted), we hope to make it into a product tailored to the humanitarian aid sector. One key aspect is taking privacy seriously, others will drill down into the features that refugee camp managers tell us they'd need (for instance alerts if populations seem to be on a rapid move).
My wife manages a retail store and they use this tech to track sales conversions by the hour. Gross sales / Number of people walking in the store broken out by hour. Each conversion rate for each hour is tied back to the manager on duty for that hour so they can see how effectively the store is managed. They also take weather into account since that has a strong effect on foot traffic for an outdoor mall.
> It may be illegal to monitor networks for MAC addresses
I use promiscuous mode to monitor and send alerts about everybody with a wifi active phone that comes onto my property. I also have cameras and motion sensors. It's not illegal and if it's made illegal I'll keep doing it because I have an intrinsic fundamental human right to protect my property.
Our research group also had a similar idea to this back in 2006, though looking at laptops (since this was before smartphones really took off). This was also before MAC randomization, as many other posters have pointed out. Here's our research paper if you're interested:
http://cmuchimps.org/uploads/publication/paper/86/putting_pe...
Two ideas to consider for next steps, if you're interested. One is to crowdsource the data, to build out a map of places and how busy those places are. You would need to add in a lot of privacy mechanisms though, e.g. only sharing data of mostly public places vs homes. You could also build out a map of interesting places based on this (e.g. we used foursquare data in our past research to build out clusters of places, see http://livehoods.org/)
Another is to estimate how busy a place really is based on traffic, in terms of #people, and #seats or #tables available. This could be especially useful for campuses (where is a good place to study?) or cafes. You might need some crowd-based approach to label ground truth, and it's unclear what the incentive would be.
We did consider commercialization back in the day, but never came up with a plausible business model. It's not clear why business owners would want this, and they might even have an incentive to cheat. Though I would definitely say that cities would be interested in this data, e.g. urban planners or depts of public works. They have so little data about what is actually going on in a city. For example, we spoke with people who wanted to know the effects of closing a bridge or closing off a street.
My university still has people count by hand twice a shift, a dozen floors of tables. It's hard to beat the benefits of how cheap it is to hand a minimum wage undergrad a $5 mechanical counter and have them get a more precise count in the 20 minutes it takes to do a lap of the building, especially when said undergrad would just be idling at the front desk, on their phone, and still on the clock for those 20 minutes anyway.
> Another is to estimate how busy a place really is based on traffic, in terms of #people, and #seats or #tables available. This could be especially useful for campuses (where is a good place to study?) or cafes. You might need some crowd-based approach to label ground truth, and it's unclear what the incentive would be.
Google Maps does that. Search for a popular cafe on your area and you should see the "Popular times" graph with live data.
I did something similar for macOS, my aim was to see how effective deauthing a router is (turns out it's incredibly effective, the readme has more details) and as a side effect the app shows a list of all WiFi traffic. It was a pretty fun project.
Thought about this too a while back. If I remember correctly the "issue" (actually I consider it a feature) with most modern smartphones is that they will randomly change their MAC address in order to prevent exactly this kind of tracking.
Do you have any idea how often they change? Like if you were only looking counts of distinct MAC addresses, could you shorten the listening window so that an individual phone would have the same address?
However, if your wifi is on and not connected to an AP, then you will broadcast mgmt frame pings with the correct MAC for all the networks you've been connected to.
An enterprising hacker could submit those to wigle and figure out not only uniques, but also tell what geographical part of the world you're from.
Nicer hackers share this for public knowledge on HN :-D
(edit: really? -1'ed? How is this wrong? Would love to hear from detractors, as this technique is how malls and supermarkets track individual users.)
I thought I remembered schollz (the GitHub user that this is under) from something else, and sure enough, I did! They did another interesting thing with wifi that I believe I discovered from hackernews years ago (appears to have evolved somewhat since then):
I did something similar using my jobs open network, a raspberry and nmap. I was able to correlate devices to people, and depending on which floor they were on they had different DHCP IP ranges. I then made a webpage out of it that let me see who was where. People changed devices too often and I was lazy, but if I could have figured out how to get people's hostnames I could probably make the process a lot simpler.
I did something similar[1] in C++ (on Windows - I know, I know...) but I feared that the rate of the scan requests could inadvertently cause me to be "interesting": even though I was only storing the IDs in memory - due to GDPR - which, from the wording of another comment[2], sounds like could still land me in trouble.
It's interesting (and a bit frightening) to see just how many devices (e.g.: APs, mobile phones, dash cams, etc.) there are discoverable out in the wild.
I wonder if there are any studies on how reliable this is, especially in a crowd. This can be very useful, but I see many ways how the assumption of "MAC addresses" = "people" can be broken:
* As stated in the docs, not everyone has a phone, they estimate it being 70%, but I wonder how accurate this is in different regions for different crowd sizes and applications (cafe visitors vs a parade)
* As stated in the comments, some individuals carry multiple WiFi capable devices and it can be much more than 1 per person
* How large can a crowd get, before signals get jammed to a point this method stops being useful?
* Many people prefer mobile data and sometimes even don't turn WiFi on
So, I mean, it obviously can be used practically, but I struggle to estimate, how much should I believe what the device reads w/o actually seeing the crowd.
I've been researching and working with this for some years now. There's a lot of stuff that can interfere with the quality/accuracy of the numbers (e.g. MAC randomization). I found out that there's also various ways to circumvent and improve upon those problems.
The arpa-e SENSOR [1] program is working on several technologies for people counting for sake of doing Demand Controlled Ventilation (DCV)[2]. People counting is part of the ASHRAE 62.1 calculation [3] for demand controlled ventilation. Also, simple N>0 occupancy counting is useful for home HVAC system setbacks.
I sat in an ASHRAE technical session presentation the other day about the program. All of the technology goals intend for the people count results to be anonymous, and for the technology to be "open source."
Cost goals are <$0.06/ft^2 for residential and <0.08$/ft^2 for commercial systems.
I've long been curious why McDonalds (and the like) don't have automated license plate readers, similar in concept to people counters (though more invasive I suppose) on their drive-throughs.
I'd think they could very quickly & automatically begin collecting data about income, repeat vs new customer, even streamlining the order process by recalling past orders or upselling, etc.
It seems like an area that is incredibly ripe for data collection & analysis; I almost wonder if there isn't a business in here, selling this feature-set as as B2B service.
For the record, I prefer not to be 'tracked' -- I don't know that I can realistically say it would actually impact my fast-food selections though. The concept does intrigue me nonetheless.
Many people are apprehensive about being linked to their plates, even going as far as blacking them out in selfies etc. Given this apprehension (founded or unfounded), I doubt the increase in business would be worth the trade off in negative PR. I can't begin to imagine what the Wendy's twitter timeline would look like if the news broke that McD was storing your license plate in a database and correlating it with your income.
Many of the ideas you suggested (recalling past orders, upselling) can easily be accomplished with existing smartphone technology. I've never used the McD app so I don't know if they utilize location tracking but if they do I can almost guarantee they are already checking to see which locations you visit the most, what you order, when you usually come in, whether you use the drive thru or not, etc. Even without location tracking they can still do all of that if you order online.
tl;dr In my opinion they don't do this because they can already collect the data through less invasive means.
Thats cool. I wanted to do something similar with ESP-8266 to track visitors in a tourist attraction I worked for. But as it turned out it was illegal by law because a law forbids to track people through "electromagnetism". As it turned out it the reason for the law was to not make it possible to track people in their apartments by registering wherever they where watching TV and similar stuff.
We never wanted to track an individual person and would have hashed the MAC, nor did we want to get any data from them (phone brand or whatever). We wanted to be sure to not have more than 1000 people in the building (another law) and for security reasons we did not have turnstiles at the exit.
At the end we had to use cameras that counted heads...
[+] [-] guscost|7 years ago|reply
MAC address tracking is a good simple way to get an approximate number of people: it's very easy to install, it requires only a WiFi antenna, and the data is easy to translate into a count. However, there are privacy and legal concerns which have prompted phone vendors to obfuscate this data. And there can easily be zero (or more than one) broadcasted MAC address per human, even when filtering by OUI.
Retailers have been using specialized "people count" technology like infrared break-beams, thermal cameras, and CCTV+CV systems for a long time. CCTV is the most accurate by far, but it's also commonly considered to be an invasive level of surveillance (and rightly so). It's also not particularly accurate in adverse situations. At Density, we looked at (and tried) many of these technologies - but ultimately found them lacking because they were either too invasive or too inaccurate. The device we've built uses a lower-resolution depth-only sensor because it can return extremely accurate results, without having the capability for facial recognition or other analysis techniques that are harmful to privacy. So far the technology is working very well - with an algorithm based on a deep-learning "human classifier" we're seeing accuracy above 99% in many of our deployments.
Here's a cool (and in-progress, excuse our dust) summary of some issues that the technology has to navigate: https://faq.density.io/algo/
[+] [-] andonisus|7 years ago|reply
[+] [-] chriselles|7 years ago|reply
Very interesting.
We've switched from a mobile phone MAC address based location analytics people counter system(I believe founded by someone who worked on Google Analytics) to a stereo camera based system(bellwether).
We switched as our original provider's business model shifted(I believe in part due to the change in MAC addressing by telecom providers?).
We believe strongly in personal freedom and personal data security.
But we are scratching our head as far as what we can do to ethically and affordably better understand and serve our customers in an integrated(digital & meatspace) way.
Good Luck!
[+] [-] naitbs|7 years ago|reply
The depth map you provide doesn't contain the full output of the sensor, but how is that any different than using cameras but not passing the data up any higher? If you look at this video: https://www.youtube.com/watch?v=YOKMx7EDVys you can see the kind of image that Density has access to, though their depth map they show is only what's on the left side.
[+] [-] giancarlostoro|7 years ago|reply
https://www.youtube.com/watch?v=WY_s6-WNZFU
https://www.youtube.com/watch?v=OBRFr1kkKkY
Hint: You need more than just 1 antenna ;)
Also the MAC address is obfuscated until a device fully connects to an access point.
Disclaimer: I may or may not have worked on such a system before.
Edit:
Fully open source MIT Licensed project that does it nicely by the look of it:
https://anyplace.cs.ucy.ac.cy/
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] bueoko|7 years ago|reply
[+] [-] politician|7 years ago|reply
[+] [-] triggercut|7 years ago|reply
[+] [-] debt|7 years ago|reply
[+] [-] jblok|7 years ago|reply
We are a CCTV/deep learning system that uses existing infrastructure (think old school grainy security cameras), and we're are also able to capture additional information like age and gender of a person. Unlike other invasive/HD CCTV systems, we don't use facial recognition, and we also work over very wide areas, not just over restricted doorways.
[1] https://auravision.ai
[+] [-] arayh|7 years ago|reply
https://en.wikipedia.org/wiki/People_counter
It's commonly used by some retail and shopping malls to "estimate" traffic and conversion. It's great for determining peak times and visit duration. This kind of technology has been commercialized for some time now.
[+] [-] Nic56|7 years ago|reply
So we built a tool for the NGOs in this sector, with a very similar technology used by OP as basis:
https://www.aileenproject.org/
One key difference is that each Aileen box is a client, which will upload its findings to a server, so that NGO management staff can review it.
Now that the basis is there (and being piloted), we hope to make it into a product tailored to the humanitarian aid sector. One key aspect is taking privacy seriously, others will drill down into the features that refugee camp managers tell us they'd need (for instance alerts if populations seem to be on a rapid move).
[+] [-] dpods|7 years ago|reply
[+] [-] bduerst|7 years ago|reply
[+] [-] jimmychangas|7 years ago|reply
Isn't it odd that you can't read electromagnetic signals penetrating your walls without your consent?
[+] [-] rhacker|7 years ago|reply
[+] [-] mehrdadn|7 years ago|reply
[+] [-] droithomme|7 years ago|reply
I use promiscuous mode to monitor and send alerts about everybody with a wifi active phone that comes onto my property. I also have cameras and motion sensors. It's not illegal and if it's made illegal I'll keep doing it because I have an intrinsic fundamental human right to protect my property.
[+] [-] adtac|7 years ago|reply
[+] [-] gsich|7 years ago|reply
[+] [-] jasonhong|7 years ago|reply
Two ideas to consider for next steps, if you're interested. One is to crowdsource the data, to build out a map of places and how busy those places are. You would need to add in a lot of privacy mechanisms though, e.g. only sharing data of mostly public places vs homes. You could also build out a map of interesting places based on this (e.g. we used foursquare data in our past research to build out clusters of places, see http://livehoods.org/)
Another is to estimate how busy a place really is based on traffic, in terms of #people, and #seats or #tables available. This could be especially useful for campuses (where is a good place to study?) or cafes. You might need some crowd-based approach to label ground truth, and it's unclear what the incentive would be.
We did consider commercialization back in the day, but never came up with a plausible business model. It's not clear why business owners would want this, and they might even have an incentive to cheat. Though I would definitely say that cities would be interested in this data, e.g. urban planners or depts of public works. They have so little data about what is actually going on in a city. For example, we spoke with people who wanted to know the effects of closing a bridge or closing off a street.
[+] [-] asdff|7 years ago|reply
[+] [-] slig|7 years ago|reply
Google Maps does that. Search for a popular cafe on your area and you should see the "Popular times" graph with live data.
[+] [-] xyproto|7 years ago|reply
[+] [-] dom96|7 years ago|reply
1 - https://github.com/dom96/deauther
[+] [-] io_io|7 years ago|reply
[+] [-] jcfrei|7 years ago|reply
[+] [-] gkfasdfasdf|7 years ago|reply
[+] [-] diminoten|7 years ago|reply
That sounds intuitively and anecdotally incorrect.
[+] [-] crankylinuxuser|7 years ago|reply
An enterprising hacker could submit those to wigle and figure out not only uniques, but also tell what geographical part of the world you're from.
Nicer hackers share this for public knowledge on HN :-D
(edit: really? -1'ed? How is this wrong? Would love to hear from detractors, as this technique is how malls and supermarkets track individual users.)
[+] [-] markovbot|7 years ago|reply
https://github.com/schollz/find3
[+] [-] bjoli|7 years ago|reply
[+] [-] electriclove|7 years ago|reply
[+] [-] jedberg|7 years ago|reply
[+] [-] komali2|7 years ago|reply
[+] [-] renholder|7 years ago|reply
It's interesting (and a bit frightening) to see just how many devices (e.g.: APs, mobile phones, dash cams, etc.) there are discoverable out in the wild.
[1] - https://github.com/felsokning/Cpp/blob/master/Public.Cpp.Res...
[2] - https://news.ycombinator.com/item?id=18932906
[+] [-] krick|7 years ago|reply
* As stated in the docs, not everyone has a phone, they estimate it being 70%, but I wonder how accurate this is in different regions for different crowd sizes and applications (cafe visitors vs a parade)
* As stated in the comments, some individuals carry multiple WiFi capable devices and it can be much more than 1 per person
* How large can a crowd get, before signals get jammed to a point this method stops being useful?
* Many people prefer mobile data and sometimes even don't turn WiFi on
So, I mean, it obviously can be used practically, but I struggle to estimate, how much should I believe what the device reads w/o actually seeing the crowd.
[+] [-] macthrow|7 years ago|reply
[+] [-] justsomeguy1981|7 years ago|reply
[+] [-] sorenjan|7 years ago|reply
[+] [-] jaimex2|7 years ago|reply
https://play.google.com/store/apps/details?id=eu.chainfire.p...
Basically just blasts thousands of MAC addresses into the air flooding their counters and ruining their data.
[+] [-] rainbowzootsuit|7 years ago|reply
I sat in an ASHRAE technical session presentation the other day about the program. All of the technology goals intend for the people count results to be anonymous, and for the technology to be "open source."
Cost goals are <$0.06/ft^2 for residential and <0.08$/ft^2 for commercial systems.
[1] https://arpa-e.energy.gov/?q=programs/sensor
[2] https://en.wikipedia.org/wiki/Demand_controlled_ventilation
[3] https://ashrae.iwrapper.com/ViewOnline/Standard_62.1-2016
[+] [-] gregod|7 years ago|reply
"Wifi & Bluetooth driven, LoRaWAN enabled, battery powered mini Paxcounter built on cheap ESP32 LoRa IoT boards"
[+] [-] adanto6840|7 years ago|reply
I'd think they could very quickly & automatically begin collecting data about income, repeat vs new customer, even streamlining the order process by recalling past orders or upselling, etc.
It seems like an area that is incredibly ripe for data collection & analysis; I almost wonder if there isn't a business in here, selling this feature-set as as B2B service.
For the record, I prefer not to be 'tracked' -- I don't know that I can realistically say it would actually impact my fast-food selections though. The concept does intrigue me nonetheless.
[+] [-] maxerickson|7 years ago|reply
Those factors should completely swamp anything that can get teased out of reams of data.
[+] [-] mattthebaker|7 years ago|reply
[+] [-] nexuist|7 years ago|reply
Many of the ideas you suggested (recalling past orders, upselling) can easily be accomplished with existing smartphone technology. I've never used the McD app so I don't know if they utilize location tracking but if they do I can almost guarantee they are already checking to see which locations you visit the most, what you order, when you usually come in, whether you use the drive thru or not, etc. Even without location tracking they can still do all of that if you order online.
tl;dr In my opinion they don't do this because they can already collect the data through less invasive means.
[+] [-] zwarag|7 years ago|reply
We never wanted to track an individual person and would have hashed the MAC, nor did we want to get any data from them (phone brand or whatever). We wanted to be sure to not have more than 1000 people in the building (another law) and for security reasons we did not have turnstiles at the exit.
At the end we had to use cameras that counted heads...