Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Well, I won't be using "Nomi" or recommending them to my friends anytime soon, so good luck to them and their business model.


Um ... it doesn't work exactly like that. If you leave your phone's WiFi turned on, you and your friends will be using Nomi sometime soon (so exciting, amiright?)! You see, the store/eatery/prison/airline/casino/whatever just puts the Nomi WiFi access point on their premises, and when you come in your phone tries to connect to it, and BLAMO, it harvests your MAC address. Now they have a unique identifier for 'you' (your phone's MAC), and they can keep track of how many times you go into the place, where else you like to go, what sections you like to browse (just a few more of the gadgets scattered in the store), if you've been to their marketing events, etc. etc. etc. Oh hey, since it harvests your MAC address, they can also tell who manufactured your phone. 'you' have an apple phone? Sweet! We've got ourselves a (probably) high-end customer.

Welcome to the future :(


Also, because no one gives a damn, your phone will also shout out the names and MACs of access points it's connected to before. I have no idea why Android/iOS hasn't disabled / geofenced that yet.


Phones do this to authenticate faster to known access points.

Instead of waiting for an SSID beacon, they just broadcast their known networks and if one of them is in range, the AP will reply. It's all driven by user demand to connect to their WiFi network faster.

Also, AFIAK, this is required behaviour to join networks that don't broadcast their SSID (e.g. "hidden" networks).

I see two solutions to this problem, but neither are really tenable from a user perspective:

1) run the GPS all the time and geotag known APs[1]

2) leave the WiFi radio on all the time and passively listen for SSID broadcasts[2]

[1] doesn't work indoors, or if the location of an AP is changed (e.g. 4G hotspot). Will also have significant impact on battery runtime, and likely to be abused by ad companies

[2] will have significant impact on battery runtime


It's hard to solve this part of the problem using current wifi protocols. I think this is closely related to other problems that people have studied and I'm sure protocol improvements could be made using public-key crypto or HMAC. As an off-the-cuff example, when you join an encrypted network, it could tell you (over the encrypted channel) a shared secret to use when reconnecting. Then you could broadcast HMAC(secret, current time) or (nonce, HMAC(secret time, nonce)) and if the wifi network recognizes one of those broadcasts as directed to it, it could reply. An eavesdropper who doesn't know the secret wouldn't be able to determine which base station the mobile device was trying to contact.


From the description above, they probably don't interact with users in a way that the users can see or control.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: