Thursday, when Ars detailed a distributed DIY Stalking network that spied on mobile Wi-Fi users, several readers said the article overstated the real-world threat. We disagreed then, but we’re even more convinced of the potential for abuse following reports of the deployment in London of trash cans that track the unique hardware identifier of every Wi-Fi enabled smartphone that passes by.
Renew, the London-based marketing firm behind the smart trash cans, bills the Wi-Fi tracking as being “like Internet cookies in the real world” (see the promotional video below). In a press release, it boasts of the data-collection prowess of the cans’ embedded Renew “ORB” technology, which captures the unique media access control (MAC) address of smartphones that belong to passersby. During a one-week period in June, just 12 cans, or about 10 percent of the company’s fleet, tracked more than 4 million devices and allowed company marketers to map the “footfall” of their owners within a 4-minute walking distance to various stores.
There’s no indication that Renew is observing anything more than the MAC address of the phones that pass by. But there’s little stopping someone else—working for his own creepy motives or for a more nefarious company or government agency—from building a similar network that collects the same MAC address data and combines it with any unencrypted traffic that may leak out. At a minimum, that might include the names of wireless networks a particular phone regularly connects to, and in the event the phone is connected to an open Wi-Fi service while in range of the stalker boxes, the information could also include e-mail addresses, personal pictures, first and last names, and whether the person uses a dating website or other online services.