Now Corporate Drones are Spying on Cell Phones

The marketing firm Adnear is using drones to track cell phone users:

The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns.

"Let's say someone is walking near a coffee shop," Kataria said by way of example.

The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don't enter, as well as to frequent patrons when they are elsewhere. Adnear's client would be the coffee shop or other retailers who want to entice passersby.

[...]

The system identifies a given user through the device ID, and the location info is used to flesh out the user's physical traffic pattern in his profile. Although anonymous, the user is "identified" as a code. The company says that no name, phone number, router ID, or other personally identifiable information is captured, and there is no photography or video.

Does anyone except this company believe that device ID is not personally identifiable information?

Posted on March 5, 2015 at 6:33 AM • 56 Comments

Comments

.March 5, 2015 6:51 AM

Don't worry, the personal information is in an encrypted database that's accessible only by law enforcements that possess a Golden Key ;]

JMarch 5, 2015 7:00 AM

So this is basically like a flying Wi-Fi Pineapple? The example makes no sense though. If a coffee shop wanted to know nearby device IDs what benefit would a mobile drone provide over a statically positioned device?

Using a drone for wardriving (wardroning?) or creating a geopositioning database would make a lot more sense but that doesn't seem to be what they're doing here. This appears to be more of a PR stunt than a useful product.

qbMarch 5, 2015 7:35 AM

From the original article (and the AdNear's blog entry it links to) it seems that drones are used to map "wireless landscape" of the city, not track people.

This suggests that "victim's" RF measurement data is later matched against this map to determine their location w/o GPS.

However neither article explains how this measurement is obtained from every "victim". Does anybody know?

Dimitris AndrakakisMarch 5, 2015 7:37 AM

@keiner "NSA and related idiots?"

Oh, they're no idiots unfortunately.

ConfusedMarch 5, 2015 7:37 AM

So, if the coffee shop pushes ads to the phone that is passing by that seems pretty personally identifiable to me!

qbMarch 5, 2015 7:39 AM

@wiredog Namespace collision: Corporate drone, not drones operated by corporations.

In this case it's both :)

wiredogMarch 5, 2015 7:41 AM

@qb
That'll teach me to just go off of the summary.

(Well, probably not.)

Bernard March 5, 2015 7:44 AM

This corporate tracking is why I turn off WiFi every time I leave the house and only turn on Location Services when I need it.

If you want to track my location either get a warrant or mind your own business.

JMarch 5, 2015 7:50 AM

@qb As long as your wi-fi is enabled, your device is constantly sending out its MAC address (and often the list of all Wi-fi AP you have connected to) to visible Wi-Fi access points. The AP operator could use the timestamp of that sighting along with the coordinates of the AP and other technology such as CCTV to identify an individual or target them.

In this case it's unclear what value collecting a mobile device's MAC address would have for location services. MAC addresses from relatively static Wi-fi hotspots are routinely collected for that purpose (https://en.wikipedia.org/wiki/Wi-Fi_positioning_system) but mobile devices are constantly moving and would be useless for trying to determine a position without GPS.

Georg KokteMarch 5, 2015 7:50 AM

@ Bernard

If I'm reading the article correctly, turning off wifi and gps will not be enough, as they'll the cellphone towers themselves to locate the device.

What we'll need is a cellphone cover that acts a faraday cage. (I'd totally buy that, btw)

qbMarch 5, 2015 8:02 AM

@J re Wi-Fi

It would work, but it won't scale. They would have to issue a personal drone to follow each private person, which I hope is not feasible yet :).

Also it's not clear how WiFi MAC only can be used to push targeted ads.

So I think there is something else missing in the picture.

qbMarch 5, 2015 8:14 AM

After some thought, I think it can work like this:

  • Drones are used to map the "wireless landscape", not actually track anyone. In fact they are not much different from Google Street cars.
  • Regular people install ad-monetized apps on their smartphones. Ad SDKs make the apps poll cell tower identity and SSIDs of the surrounding WiFi networks. This data is sent to AdNear and matched against the map to produce actual user's location.
  • AdNear then uses this location information to choose targeted ads for each user.

Does it sound right?

If that's what is going on, then I think flying drones per se do not bring much evil to the story. Rather it's corporate drones in @wiredog's first sense, who feign to think that "numerical id is not personal data".

PatMarch 5, 2015 8:17 AM

Does anyone except this company believe that device ID is not personally identifiable information?

Unfortunately, I can see a case for this. The Device ID can be used to find out who you are fairly easily, they just don't care who is holding the phone. It's kind of depersonalizing to think that a company isn't trying to market to me anymore, they're just trying to get ads to pop up on a screen near a person that is walking by a business. The fact that I own the phone is tangential to them.

For security reasons, this should probably not happen, but it is how the infrastructure was built. If I want to be able to be contacted at anytime by anyone, then I'm going to have to accept that anyone can track me.

stvsMarch 5, 2015 8:19 AM

it seems that drones are used to map "wireless landscape" of the city, not track people

Stopping wifi tracking is why MAC address randomization is used in iOS 8. I've always assumed that tech/data savvy stores like Target that offer free wifi do so to track customers through their space.

Practically, there seems to be several questions about Apple's implementation.

With the coming iWatch, it's said that tracking will be possible using any of bluetooth, iBeacons, and NFC.

stevenMarch 5, 2015 8:20 AM

This is just a PR person at a marketing firm, being quoted in a tech blog. I wouldn't be misled by mention of "cellphone towers".

Receiving cellphone traffic and being able to correlate session keys to particular devices and serve ads to those people, sounds impossible without complicity of the cellphone networks (or co/subversion by an agency). That would be prohibitively expensive here, or otherwise make the drones unnecessary as the operator knows your location anyway.

Considering you can track phones by Wi-Fi probe requests as described above by J, using only $20 of hardware, I suspect their location tracking business venture is really just that simple. Adware running on the phone will know that device's BSSID, and can phone home with it to request targeted ads. Drones (or cars, or static antennae) can be deployed in areas to look for, and in a vaguely targeted way, try to track/follow as many enrolled devices as possible.

stevenMarch 5, 2015 8:44 AM

After some thought, we may be looking at the wrong issue.

The owner of a small, independent coffee shop could stand outside said store handing out the coupons, or free cake, or otherwise attracting customers inside.

If a coffee shop franchise can afford to pay a marketing company to pilot aerial drones over the city to track people's movements by the electronic devices they carry with them - those people are definitely paying too much money for their coffee. I think the consumer is to blame here.

It's unfortunate that innocent bystanders get caught up in the electronic surveillance, though.

SoWhatDidYouExpectMarch 5, 2015 8:56 AM

Regardless of what they are doing or their intentions, this is obviously overreach. It would be my observation that targeted marketing or broadcast marketing to mobile device users, would get the same result as ads in newspapers...ignored for all practical purposes. If the mobile device users don't want the ads and you annoy them with such stuff, or if it becomes invasive, they won't become customers anyway.

This may become much like email SPAM. Gee, 1000 messages didn't get any response, so try 10 thousand, then 100 thousand, eventually a million and finally tens or hundreds of millions. The targeted or broadcast messages to mobile devices will drive people away.

Maybe mobile device users should start carrying bricks...

qbMarch 5, 2015 9:35 AM

@silly

Yes, the world is ad-crazy. Imagine: in 2013, Earthlings spent on ads 1.5 times more money than on all space-related programs! And they still want to cut NASA budget.

Earl KillianMarch 5, 2015 9:53 AM

Perhaps we should start a betting pool on the number of months until their first subpoena?

@Georg Kokte Faraday cage covers for phones exist. Go get one! You should also consider an RFID blocking wallet.

ChelloveckMarch 5, 2015 9:55 AM

I worked for a cellular equipment manufacturer (infrastructure and handsets) back in the early 90s. Even then marketers were drooling over the prospect of being able to push location-based ads (in the form of text messages) to phones. I remember the exact example given at the time was a coffee shop enticing passers-by with discount coupons.

Turns out nobody wanted it back then, either.

d33tMarch 5, 2015 11:11 AM

"Does anyone except this company believe that device ID is not personally identifiable information?"

Like big spy agencies, they choose to frame reality or believe what ever gets them to their advertising goals (money). I still think the manufacturing of consent by way of a tuned understanding of the demographics is the real reason behind current, codified, mass surveillance by the US government. It's definitely not the "threat of terrorism". There doesn't appear to be much difference between product ads and state sponsored propaganda here in the US.

In a country that has rapidly exchanged civil rights for convenience, fake security, empty entitlements, instant gratification and lawlessness from the top down, I would expect no less than complete denial and delusion when it comes to advertising dollars. We live in a cult of ruthlessness pretty much.

I guess my feeling on being fed ads this way is, if I notice an ad popping up anywhere in my perceived personal space (public or not) that correlates to a business near by at that moment (within sight), I will not buy anything there again.

Next come billboards, that change (tune) when enough of a "group" are present to see them based upon cellular phone device ID tracking or license plate readers et al.

Nicholas WeaverMarch 5, 2015 12:09 PM

Almost certainly, the tracking is WiFi MAC and perhaps Bluetooth (no IMEI/IMSI), since those can be done easily and passively.

Also, almost certainly, this is a PR stunt for the company trying to get attention to their on-the-ground tracking service that they've already emplaced for a while now.

If they tried doing it with drones, the FAA would have kittens today (the drone rules aren't finalized). And even after the FAA issues rules which would allow it, the need to have line of sight to an operator, not over people, and daytime only operation would make it less useful than say a wart on a mapping car. And even excluding all other factors, it would probably attract birdshot like a magnet.

WaelMarch 5, 2015 12:24 PM

@Nicholas Weaver,

And even excluding all other factors, it would probably attract birdshot like a magnet.

First thought that came to my mind! The idea is a dud, or likely DOA, I think.

OmriMarch 5, 2015 12:52 PM

Makes me want to program a Raspberry Pi board to spam this thing with random device IDs.

Alexander HanffMarch 5, 2015 12:56 PM

Another thing people need to realise is that under US law the data this company is collecting is not protected by the 4th Amendment and they can be forced to hand it over with the lightest of legal requests.

WalksWithCrowsMarch 5, 2015 2:35 PM

"Minority Report" stuff (and is tech in many other sci-fi stories, made cinema, or otherwise). The way I had heard this was being implemented is simply in commercial, standalone advertisements. Such as the sort of standalone signs one typically walks by, though as it is expensive enough & small enough it can really go on just about any manner of poster.

Normally, Adnear collects these mobile signals on bikes, cars, trains, and, on occasion, stairs. It conducts this ground-based collection so it can readily map the strength of the signals against the nearby towers or Wi-Fi hotspots. Drones, of course, offer better coverage than ground-based methods, and can be used in areas inaccessible by vehicles or foot.

Trains, public transportation signs would be able to hold more sophisticated technology, though, of course, this tech could also be hidden in a variety of places where there is massive traffic flow (of cars or people).

Where this is useful because: everyday signs and such are much more easily broken into to scavenge the tech, physically. More proprietary and sophisticated systems you probably want to make much less physically accessible.

Great systems for burst sending & receiving, too. Quite a bit can be sent or received if using tech like forward error compression, in distributed, physical networks. Where, if data sent or received is incomplete, does not matter as long as the roads and walkways have enough nodes along enough potential pathways.

DBMarch 5, 2015 4:25 PM

lol... ok... so now everyone that walks past certain coffee shops might get drones following them around all day spying on where they go and what they do so they can be "properly" (i.e. targeted) advertised to next time they happen by the shop? But don't worry, nothing's personally identifiable... lol... right.

AnonMarch 5, 2015 5:09 PM

Mr. Schneier,

Is there any chance that the Potomac Mills B&N appearance will be rescheduled for Friday? I was (still am) hoping to see you there.

Safe travels in the snow!

AnonMarch 5, 2015 5:11 PM

Sorry, I meant Potomac Yard. There are too many things name Potomac here.

65535March 5, 2015 9:15 PM

@ Georg Kokte

“If I'm reading the article correctly, turning off wifi and gps will not be enough, as they'll the cellphone towers themselves to locate the device. What we'll need is a cellphone cover that acts a faraday cage. (I'd totally buy that, btw)” - Georg Kokte

As others have said there are not real laws against a foreign company collecting American cell phone data and selling to an unknown amount of international buyers. That is troubling.

I was thinking along the same lines as you to block cell phone transmissions while cell phones are on my property.

This would include all the kids that visit with their shiny new iphones. These kids tend to photograph everything.

I tried a stainless steel pot to conduct an RF blocking experiment. If you have any suggestions let me know. Below are the results:

[question]

“How thick should a low cost stainless steel cooking pot be to stop a mobile phone signal?” …The main idea of my experiment to find a low cost [cell phone] signal blocking item [cheap common item]. A pot seemed like a good idea – plus it conceals well with other pots. I am planning to institute a 'no-cell phone' policy at my place…the mic and camera on most cell phones can be turned on any time – which is not real privacy” -65535

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688271

[answers]

“The signal didn't penetrate the steel. It went through some "hole". Try the experiment with this variation: get your stainless steel pot, put a small non metallic plate inside it, put your cell phone on top of the plate, then get a piece of aluminum foil and cover the top of the pot with it. Make sure the aluminum foil isn't leaving any gaps and touching the rim of the pot everywhere.”- Wael

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688275

“You got to ground the pot.” -Herman

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688325

[and]

“Part of the problem is that aluminum isn't the best conductor of electricity. Copper is normally used for thin shielding enclosures.” –Wael

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688328

"The first is the sensitivity of the phones receiver, it almost certainly gets down to -90dBm and may be down past -120dBm when you take the inbuilt antenna design into account. A single layer of foil or aluminium is probably only good for between 20-70dB antenuation of the E field depending on the care of construction. Just "folding" aluminium foil around the phone which works in the low microwave bands is going to be nearer 20dB antenuation not 70dB of the E field thus if you are testing in an urban environment you are probably to close to the cell mast for the antenuation to be sufficient. This is why most RF cages have two carefully constructed layers seperated by a reasonable quality insulator" - Clive

https://www.schneier.com/blog/archives/2015/01/friday_squid_bl_463.html#c6688318

And, yes the idea of removing the battery is good as is the somewhat expensive RF shield bag.

65535March 5, 2015 11:49 PM

@ Wael

It appears that a thick metal boiling pot [about .25 inch thick] with heavy metal lid [not exactly sure of alloy – iron but feels lighter] works to totally stop cell phone signals. Once inside the pot not cell phones ring.

I did ground the pot via an electrical out let ground and wire clip. I am not sure if the ground is need. I also used a ceramic dish to hold the phones in bottom of pot.

It is not the most eye catching or high-tech device but it seems to work.

WaelMarch 6, 2015 12:43 AM

@65535,

0.25 inch thick? That's way too thick! You wouldn't happen to have a picture of it, would you? What would you boil in it, a buffalo?

georg kokteMarch 6, 2015 3:43 AM

@65535,

re. faraday cages and rfid-blocking, wouldn't one of those anti-static bags used for shipping electronic components such as motherboards work? I haven't got the slightest understanding of radio frequency and the like, but googling i found reports of people who succesfully blocked their cellphone signal by using those or similar isolating cloth.

I wouldn't go as far as blocking all cellphones on my property, as I'm more worried (pissed off, really) about companies ad-targeting me when I'm on the move. It this kind of campaign takes hold tough we might be forced to do as you suggest to keep some privacy.

agencyMarch 6, 2015 4:49 AM

@Georg Kokte: If I'm reading the article correctly, turning off wifi and gps will not be enough

And, sooner that you may anticipate, ad-based "Free" Apps will stop working
whether GPS and wifi were not 100% active in the last week, and instead they
will complain about your unactivation of GPS or Wifi.

@Earl Killian, @65535, @Wael, @Georg Kokte, about cellphone cover that acts a faraday cage.

In a farther future, some vendors of faraday cellphone covers will feature a fake wiki hotspot
and a fake GPS transmitters, included inside the cover.

MrPuckMarch 6, 2015 7:14 AM

If you're turning off Wi-Fi, Bluetooth, pulling the battery, etc. then you'll be attracting even more attention then the current level of mass surveillance.

America's PrideMarch 6, 2015 8:58 AM

Don't you support the troops? America needs these jobs for the drone cowards hiding in their forts, blowing the faces off little girls. When they get discharged, all psycho from watching their civilian victims squirm around and try to crawl toward mommy's severed head, they need a way to use their job skills on bugs that they don't have to splat yet. That's where you come in.

Mike AmlingMarch 6, 2015 2:12 PM

The material of a Faraday cage has to be electrically conductive. Signal should fall off exponentially with thickness, but the exponent depends on the material. The most effective material would be a superconductor, followed by silver, copper and, IIRC, aluminum. The greater the resistivity of the material, the thicker it would have to be to attenuate the signal by a given amount. Stainless steel is a poor conductor, so it should have to be thicker.

Also, conductivity at radio frequencies may not match DC conductivity. I don't really know anything about conductivity at RF, but since silver, copper and aluminum are reflective at optical frequencies, interpolating between DC and optical suggests they're good conductors at RF.

The cage doesn't have to be solid, but the holes should be much smaller than the wavelength.

If I've made a mistake here, I'm sure someone will post a polite correction.

65535March 6, 2015 4:16 PM

@ Wael

The pot looks like it was made by “Club” and is some sort of iron alloy boiling pot – no pictures and I looked on the net and similar pots are pictured – but not the same dark color.

@ Anura

Ha, not that big. It’s possibly for a commercial stove - but it could be used on a normal stove.

@ georg kokte

The pot is now holding four of five cell phones. The anti-RF bags start at 14 to 19 dollars for each phone so the pot suits my ‘no cell phone’ rules. It’s fairly easy to use.

The kids cannot yack, turn on lights, play annoying sounds or take unbecoming pictures with their shinny gadgets while in my “cell phone free” abode. If you follow the links in the above post it talks about why I desired a container for multiple cell phones and the related privacy.

@ agency

“If I'm reading the article correctly, turning off wifi and gps will not be enough” - agency

That is true.

I and don’t know every kid or person that comes in the place. Some of them are probably under surveillance and cause a “one-hop” connection to my family.

The camera or mic could be silently turned-on to collect information for ads or other purposes. As Bruce was noting, this huge amount of data is polluting and could be used for hostile purposes by any agency in the world [see SS7 discussion].

There are doctor’s and lawyer’s offices that don’t allow cell phone – and many other places.

My home is my space and I want it as private as possible. I am done with annoying kids and cell phones at my place – they can go back to their parent’s house and irritate their families.

WaelMarch 6, 2015 6:36 PM

@agency,

In a farther future, some vendors of faraday cellphone covers will feature a fake wiki hotspot and a fake GPS transmitters, included inside the cover.

In that case (ummmm, no pun intended,) you need to use a boiling pot ;)

Peter GalbavyMarch 9, 2015 9:37 AM

Not new, just a bit of PR spin. There were the rubbish bins that collected this data in London a few years ago.

We have some rather fragile and easily sidestepped personal data protection in the UK (and the EU) but this one was slapped down quickly once it leaked because of a public outcry: http://www.bbc.co.uk/news/technology-23665490

WaelSeptember 29, 2015 3:58 AM

@christina,

Wow! Spam + Plagiarism! Amazing (stupid) AI in bots these days. It took a sentence from a previous thread that said:

The cage doesn't have to be solid, but the holes should be much smaller than the wavelength.

And stuck it here. And no credits, whatsoever!

Clive RobinsonSeptember 29, 2015 4:49 AM

@ Wael,

You beat me to it, @Nick P will confirm I caught one some time ago that copied an entire paragraph of his words, not just a sentance. Maybe that was why I spotted it so quickly ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.