Wi-Fi Tracking: When Sniffing Becomes Snooping

Imagine that your daily activities are being recorded and collected: your early morning jog in the park, your daily trip to the local coffee shop, your commute to work. No, I am not talking about the NSA here. I am referencing an emerging class of location-based marketing companies that rely on a cell phone's Wi-Fi signal and a sensor to track customer habits so they can better market and sell to them. These companies call the technology location-based marketing -- we call it Wi-Fi Sniffing.

Here is how it works. Your Wi-Fi enabled phone continuously sends out pings searching for Wi-Fi networks. This feature lets your phone automatically connect with familiar networks, like your home or work network, when they come into range. Some location-based marketing companies are taking advantage of this feature and are contracting with companies to install Wi-Fi sniffers throughout their stores. These Wi-Fi sniffers are able to pick up and record the unique ping a phone sends out when searching for a Wi-Fi network and use that information to track a customer through an area and build a profile around their shopping habits. For example, a profile can tell a storeowner how long a customer has waited in line, what areas of the store they visit and how long they stay in each area.

As Wi-Fi sniffers are installed in more retail stores and other types of locations like gyms and restaurants, a more accurate profile can be built around an individual. Marketing companies could conceivably know things like how often you go out to eat, how often you go to the gym, what you typically do after you visit the gym or more worrisome how often you visit a doctor or private counselor. The possibilities for tracking an individual with Wi-Fi sniffers are only limited by the number of sniffers out there and whether or not a person has their Wi-Fi enabled.

As the location-based marketing industry grows, it is natural that privacy concerns arise. The Wi-Fi ping your phone sends out does not hold any descriptive information about you. However, this changes when you connect with a store's Wi-Fi network. For example, if you connect with a store's Wi-Fi network and log in to Facebook, that store could collect data about you including name, gender and age via the social network. These tactics are eerily similar to how cyber criminals collect personal information to exploit their victims.

If Wi-Fi sniffing is causing your skin to crawl, you're not alone. There are a number of initiatives and pieces of legislation being developed to protect consumer privacy against Wi-Fi sniffing. For example the Location Privacy Protection Act would require companies to obtain permission from consumers before collecting location data from their phones.

If you want to take a more proactive stance to protect yourself against Wi-Fi sniffing, there are a couple of simple things you can do. The easiest is to turn off your Wi-Fi when you are not at home or at work. If your phone isn't searching for Wi-Fi signals, then Wi-Fi sniffers won't be able to track you. The second thing you should do is visit smartstoreprivacy.org and register for their Mobile Location Analytics Opt-out. Some of the major location-based marketing companies have agreed to honor individuals opting out and not track them in store.

The practice of Wi-Fi Sniffing is something we expect to see more of in the coming years. It will be interesting to see how legal and ethical privacy issues develop around this practice and whether companies and consumers will find a balance between honoring privacy and the benefits associated with knowing what a consumer wants.