I guess we really shouldn't be surprised at this point, but what many don't understand is just how easy it is to track devices, and by extension people, in this manner.
You don't even have to connect to an open WiFi AP, or any AP. As Glenn Wilkinson demonstrated some time ago [1], the probe requests your device sends out can in many cases, identify you or at least the important locations you've been to. Basically, if WiFi is enabled on your device and it's not associated with an AP, it's constantly sending out requests asking for the [E]SSID of AP's it's previously connected to.
> I guess we really shouldn't be surprised at this point
Yes, we shouldn't stop at being surprised. We should put our actions where our surprise/shock is and do something about it.
For example: leave your mobile phone permanently in flight mode and just all the other features, like agenda, clock, etc (or leave it always at home, if you don't have a landline anymore).
It's to really hard for me to take this article seriously without the release of said PowerPoint documents. All we have to go on, is that CSEC had access to device IDs and was capable of tracking their locations across airports. And while it's true that metadata can be used to create a graph and hence a wealth of information, ISPs generally are suppose to collect that info. The question is whether the contents of the messages were intercepted.
Even then, this article seems to provide a lot of reactions from professors and commissioners without really getting into the details. It's really not that difficult for anyone, yet alone the government, to track MAC addresses on Wifi networks and then start geolocating them.
You could easily jam Wi-Fi signals or even collect MAC addresses. Collect enough of them from different places, and you can locate people's travelling habits.
No worries, your phone's use/support of ad networks means both companies and governments know as much about your habits already as you don't want them to know. ;-) No fancy iBeacons or trashcans necessary.
Yeah, I'm cool with it too. It'd be good to know if someone connected to a terrorist organization wanders into Pearson, and no one expects privacy at the airport, anyway. You go there knowing it's a secure zone and that your luggage will be gone through and your body scanned. Tracking your Internet usage seems like less of an invasion of privacy than that.
This is a bit of a "well, duh!" thing. Pretty much every large WiFi deployment has this capability. It is common enough that Cisco has a mainline product family to do it (Cisco Unified Wireless Location-Based Services).
This is commonly used to track carts in hospitals, etc.
You technically don't even have to be "actively tracking" users. You just keep the diagnostic logs of client registrations & signal strength for a while and map it when you care. I'd be more worried about a non-government entity using the data to survey people for blackmail or other gain (e.g. politicians: who is commonly located near the state capital, campaign headquarters, and strip club?)
[+] [-] stygiansonic|12 years ago|reply
You don't even have to connect to an open WiFi AP, or any AP. As Glenn Wilkinson demonstrated some time ago [1], the probe requests your device sends out can in many cases, identify you or at least the important locations you've been to. Basically, if WiFi is enabled on your device and it's not associated with an AP, it's constantly sending out requests asking for the [E]SSID of AP's it's previously connected to.
I also recommend this video: http://www.youtube.com/watch?v=03iEaKPRb9A
[+] [-] f_salmon|12 years ago|reply
Yes, we shouldn't stop at being surprised. We should put our actions where our surprise/shock is and do something about it.
For example: leave your mobile phone permanently in flight mode and just all the other features, like agenda, clock, etc (or leave it always at home, if you don't have a landline anymore).
[+] [-] stygiansonic|12 years ago|reply
1. http://research.sensepost.com/tools/footprinting/snoopy
[+] [-] canistr|12 years ago|reply
It's to really hard for me to take this article seriously without the release of said PowerPoint documents. All we have to go on, is that CSEC had access to device IDs and was capable of tracking their locations across airports. And while it's true that metadata can be used to create a graph and hence a wealth of information, ISPs generally are suppose to collect that info. The question is whether the contents of the messages were intercepted.
Even then, this article seems to provide a lot of reactions from professors and commissioners without really getting into the details. It's really not that difficult for anyone, yet alone the government, to track MAC addresses on Wifi networks and then start geolocating them.
Take for instance this GitHub project: https://github.com/DanMcInerney/wifijammer
You could easily jam Wi-Fi signals or even collect MAC addresses. Collect enough of them from different places, and you can locate people's travelling habits.
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] throwwit|12 years ago|reply
edit: I guess it all boils down to the extent of the use-cases, which tends to be anybody's guess.
[+] [-] lstamour|12 years ago|reply
[+] [-] redthrowaway|12 years ago|reply
[+] [-] jauer|12 years ago|reply
This is commonly used to track carts in hospitals, etc.
You technically don't even have to be "actively tracking" users. You just keep the diagnostic logs of client registrations & signal strength for a while and map it when you care. I'd be more worried about a non-government entity using the data to survey people for blackmail or other gain (e.g. politicians: who is commonly located near the state capital, campaign headquarters, and strip club?)
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] clockworkelf|12 years ago|reply
[deleted]
[+] [-] ryanobjc|12 years ago|reply
[+] [-] clockworkelf|12 years ago|reply
[deleted]