Posted on Apr 8, 2017 by Rick Falkvinge

Airport: “We’re tracking every single footstep you take and can connect it to your mail address, but your privacy is safe because we say so”

A sign on the revolving entrance to a European airport, one sign among many, says “the airport employs wi-fi and bluetooth tracking; your privacy is ensured”. The vast majority of people have no idea what this is, and just see it as one sign among many like “no smoking”. But this cryptic term is an indoor mass real-time positioning for every individual in the area at the sub-footstep level, and the airport knows who many of the individuals are.




When your mobile phone has wifi activated, it transmits a network identity signal – a MAC address – continuously in asking its environment for which Wi-Fi networks are available in the area, looking for known networks to connect to. It is possible to use a network of wi-fi base stations in a limited area to pinpoint the exact physical location of your phone in that physical area – by comparing the signal strength of your phone’s identity ping from multiple stations receiving it, and knowing where those stations are, your phone’s location can be calculated in microseconds with sub-footstep accuracy. And as your phone keps pinging its environment to search for wi-fi networks, the end effect is that your movements are tracked basically down to the footstep level in physical space and the second level on the timeline.

We know this because it caught some rare attention when the sub-footstep individual realtime tracking was rolled out citywide in a mid-size town in Europe, and was cracked down on by that state’s Privacy Board (thankfully).

Let’s take that again: sub-footstep-level identified realtime tracking has already been in place in major cities at the city level.

That’s why it’s positively infuriating to see this vague statement on an airport door, and knowing what it means, but also knowing that it has been deliberately worded to make 99% of people even reading it not understand what it means. And most people won’t even read it.

“This terminal uses a Wi-Fi and Bluetooth-based tracking system. Your privacy is ensured.”

Your privacy is ensured “because we say so”, apparently.

It gets worse. Your phone is continuously broadcasting its MAC address, right? But the airport has no way of knowing which MAC address belongs to which person, right? So even though this is bad, the airport doesn’t know how you moved, when, and where, and how fast, and with whom… right?

Except, the tracking is done with a Wi-Fi network, remember? Which you can and will connect to, because it broadcasts the name “Free Airport Wi-Fi”. And the only thing you need to provide this network in order to get free and fast net access, thereby connecting with the very MAC address which has been tracked, is your email address.

…and suddenly the airport can connect your physical movements to your email address, and therefore most likely to your identity. It now has the ability to know how you moved through the airport, where you ate, whom you met with, for how long, the list that goes on, a list that shouldn’t be there. The only safeguard against it not doing so and using it against you is a vague “trust us”.

It’s not a random small countryside airport, either. It is Amsterdam-Schiphol, which is the 12th largest airport in the world, and the third largest in Europe after London-Heathrow and Paris-Charles-de-Gaulle.

Your privacy remains your own responsibility.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.


VPN Service

Leave a Reply

Your email address will not be published. Required fields are marked *

5 Comments

  1. ALEFTINA1995

    Are you even serious? Airports can and must do anything they need to protect us from possible terrorist attacks. I do not see anything wrong in such tracking.

    7 months ago
    Reply
    1. Not so common sense

      Any terrorist worth their salt would turn their wifi off to avoid such tracking. Care to explain how knowing that cutebears556@example.com spent two minutes looking at a specific product in the alcohol shop “protect[s] us from possible terrorist attacks”?

      7 months ago
      Reply
    2. Ken Ben

      I agree that this is not to protect us in the long run. The idea of privacy is becoming a fiction, and we are entering an Orwellian world where nothing is private, and we all must take action to stop this practice before it becomes like any other rule in our societies, like traffic signs.

      7 months ago
      Reply
  2. Frans van der Reep

    I love my old nokia.

    7 months ago
    Reply
  3. punk

    Does anybody know if it is forbidden to use a WiFi jammer? With a cheap NodeMCU board you can make a WiFi Jammer.
    And the new v1.1 software has also a function to spam the tracking software with random ID’s.

    The same functionality has an iPhone since iOS8.
    https://twitter.com/FredericJacobs/status/475601665836744704
    But the bad thing about this iOS feature is that it only works when you turn off Mobile Data en Location services.

    https://www.youtube.com/watch?v=oQQhBdCQOTM
    https://www.youtube.com/watch?v=r5aoV5AolNo

    7 months ago
    Reply