Density.io

Risky. MAC address tracking is definitely a legal 'grey area' at the moment. I can imagine mining/fingerprinting in this way could easily become illegal in the not-to-distant future.

In the UK, City of London already banned the wifi-enabled bins that were tracking MAC addresses.

It would be really easy to tie a name to MAC address (from point of purchase with a credit card), then see exactly where that person went via the 'sharing' of data with other retailers. This is certainly something you would expect to need 'opt in' to.

This idea is cool, but there are some issues with their privacy claim.

They say they are hashing the MAC address (presumably on the device). However, they can't be salting the hash (else they wouldn't be able to match across different stores).

Since there is no salt (or a fixed salt), it is trivial to de-anonymise a specific MAC address (just hash it and see if any server has it).

Worse, there are only 46 bits that are variable in a MAC address, and there is structure in there (3 bytes manufacturer, 3 bytes serial), so a complete mapping from MACs to the hashed MAC is very doable.

A secret per-device key for a HMAC would preserve privacy much better, but would stop them doing the cool stuff they plan — the usual trade off.

This is a privacy nightmare.

Perhaps wifi devices should no longer provide constant MAC addresses....

This is really clever. So it's like Google Analytics (or any analytics) for your brick and mortar business. This is the kind of stuff I love to read about and see being developed, it makes a refreshing change from yet another javascript framework or social network for your pets.

Before you say more, check euclidanalytics.com. The creator of Google Analytics has been working on this, with funding, for a number of years already.

I had seen news about this recently and am surprised that more people didn't notice how it is essentially the same, without funding, and less developed.

I hadn't realized how trackable cell phones were until I was experimenting on a wifi project and saw both MAC addresses and Preferred Network List of devices within the area that had not joined my network. Cell phone wifi is a privacy nightmare. Even the most technical people don't realize this, so projects that popularize it are going to kick up huge amounts of mud. Think of how easy it is to identify "whale" clients, if not by direct tracking, then by revenue correlation (these N people were present for $N,NNN,NNN in revenue events). They're valuable to track because when they show up you want your sales people to be at their best, but a service that starts tracking those people is going to make real enemies quickly.

Without wishing to belittle the privacy concerns of my fellow HNers, I wonder how long it will take for people to just be ok with being tracked in this way? This seems like one of those social changes that feels strange and uncomfortable at first, but over time becomes the accepted norm.

Has there been any work on developing and commercializing personal RF "firewalls?" I'd buy one in an instant to block intrusive tech like this.

Keep in mind that these "anonymous" data points aren't. Your phones MAC address exposes your home wifi network thanks to Google's databases. They also expose where you work, where your friends houses are, what your favorite coffee shop is. This is beyond dangerous, it's completely unacceptable.

Apparently Nordstrom did an experiment with this for a while - http://www.nytimes.com/2013/07/15/business/attention-shopper... - even going as far as monitoring passing traffic so you could monitor the percentage of people passing who actually come into the store. This could be pretty fascinating in the context of running certain types of window displays, sales/offers, etc, and lead to ecommerce-style split testing and the like. It says they stopped the experiment partly due to people whining though, but I imagine it'll just go 'under the radar' in future since it could be too valuable not to try.

Everyone here seems to be complaining about the anonymous tracking, which isn't really an issue for "normals". Its a relatively useless complaint too as that data already exists in the credit card network.

The real issue with this is that most SMBs are unsophisticated when it comes to the technology stack they use. I saw this firsthand in many ways working at Swipely (swipely.com) as we figured out product market fit. While things like 'see where else your customers shop' might seem like an interesting feature from an outsiders perspective, the businesses don't actually care. They often barely have the bandwidth to worry about their own customers.

Don't surveil your customers. It's creepy.

This is creepy. I will actively avoid stores that use this.

Where's their opt out?

Great execution, completely unethical

The funny part to me is that people think this is new. Companies like Euclid have literally been doing this for a couple of years(and quite successfully I might add) http://euclidanalytics.com/

Not only is it not new, its probably not going away.

I've actually seen a crude version of something like this on a trip to Taiwan a couple of years ago. I was at a mall and I noticed a wifi network called "People Counter." I wasn't entirely sure what they were doing with it, but I assumed it was counting MAC addresses.

Am I correct to assume that the hardware/device piece is similar to a Pineapple (https://hakshop.myshopify.com/products/wifi-pineapple)?

As I understand it, the device is like a WiFi Router looking for nearby clients broadcasting their MAC. Since phones have the ability of turning themselves into WiFi Hotspots, could a phone/app offer this same capability, or is it missing a hardware piece that lives in Density/Pineapple?

Now that's cool!

If anyone knows or can say: What physical principle(s) is the sensor operating on? There doesn't seem to be much information on that (possibly deliberately).

Did I miss something with the video? It plays an interview between pg and Calacanis that's 2 hours long.