July 28, 2014
by Neil Turner
If you go back in time to around 10 years ago, it used to be that the few places which offered free wifi did so as a way of encouraging people to visit and spend time – coffee shops and the like. Nowadays, many more places offer free wifi, but whilst connecting may not cost you any money, it’s arguable that connecting isn’t completely ‘free’. As the saying goes, if you’re not paying for it, then you’re the product.
This video from the BBC Click programme explains. Every wifi-connecting device, whether it’s a computer, tablet, smartphone or whatever, has a unique Media Access Control (MAC) address. This is broadcast when your device is looking for a wifi access point to connect to, and because it’s unique, it can be used to track your device.
For example, many Tesco stores now offer free wifi to their Clubcard customers – Clubcard is their loyalty card. When you connect for the first time, you enter your Clubcard number. Tesco can then track your movement around their store, and link that to your personal details and purchase history from your Clubcard account. Even if you don’t connect, Tesco can track your location within the store and how long you spend in each area, albeit in a pseudonymous way.
Although this pseudonymous tracking is done without explicit permission, when you connect to Tesco’s wifi permission to track you is buried away in the terms and conditions, so Tesco is within their rights to do this. After all, Tesco is offering you this service free of charge – you’re just paying for it in terms of data rather than money. And Tesco isn’t the only company out there – I’m just using them as an example I’m familiar with.
BBC Click also mentions a much larger scale project being set up in York, when I grew up. York already has a number of free wifi hotspots in key areas, provided by the local council, but this looks to be expanded right across the city centre. Again, same deal applies – they’ll give you free wireless internet access, in return for knowing a bit about you and where you’re from, and being able to track your movements across the city. Of course, as before, the latter happens anyway for anyone who has a wifi device that’s turned on.
York gets a lot of tourism, particularly from the USA. Phones designed for the US market frequently don’t work in the UK – here, all of our networks use GSM and UMTS. Any Sprint or Verizon phones which use CDMA2000 usually don’t work in Europe, so for American visitors free wifi is a major benefit.
If you’re worried about your location being tracked in this way, you can opt out – but only by turning off wifi altogether. Which isn’t too bad if you have a smartphone with a generous data allowance, but a bit of a pain if you’re a pay-as-you-go user or have a tablet which doesn’t offer cellular access, for example.
Thankfully, Apple have a solution, of sorts, coming in iOS 8. When not connected to a wireless network, the MAC address that your device broadcasts will be randomised, so it will be harder for networks to track your location and movements. Of course, if you do connect to a wifi hotpsot, then your MAC address will remain consistent and you can be tracked, but then you’ll have agreed to this as part of the terms and conditions when you connected. So it won’t stop your device from being tracked altogether, but at least if it is being tracked it will have been on an opt-in basis. Hopefully, other manufacturers will follow suit and make this available on their devices too.
I don’t know about you, but having my location tracked in this way does make me feel uneasy. I often have wifi off when out and about, although this is mainly to reduce battery drain and not for privacy-related reasons, and I’m fortunate to be on a phone tariff with unlimited data. I do wonder what the implications are for data protection – should any premises that track users’ locations using wifi without their permission display warning notices? We already insist on notices where CCTV recording takes place, so should this be expanded to wifi tracking?