Risky. MAC address tracking is definitely a legal 'grey area' at the moment. I can imagine mining/fingerprinting in this way could easily become illegal in the not-to-distant future.

In the UK, City of London already banned the wifi-enabled bins that were tracking MAC addresses.

It would be really easy to tie a name to MAC address (from point of purchase with a credit card), then see exactly where that person went via the 'sharing' of data with other retailers. This is certainly something you would expect to need 'opt in' to.

This idea is cool, but there are some issues with their privacy claim.

They say they are hashing the MAC address (presumably on the device). However, they can't be salting the hash (else they wouldn't be able to match across different stores).

Since there is no salt (or a fixed salt), it is trivial to de-anonymise a specific MAC address (just hash it and see if any server has it).

Worse, there are only 46 bits that are variable in a MAC address, and there is structure in there (3 bytes manufacturer, 3 bytes serial), so a complete mapping from MACs to the hashed MAC is very doable.

A secret per-device key for a HMAC would preserve privacy much better, but would stop them doing the cool stuff they plan — the usual trade off.

This is a privacy nightmare.

Perhaps wifi devices should no longer provide constant MAC addresses....

This is really clever. So it's like Google Analytics (or any analytics) for your brick and mortar business. This is the kind of stuff I love to read about and see being developed, it makes a refreshing change from yet another javascript framework or social network for your pets.

Before you say more, check euclidanalytics.com. The creator of Google Analytics has been working on this, with funding, for a number of years already.

I had seen news about this recently and am surprised that more people didn't notice how it is essentially the same, without funding, and less developed.

I hadn't realized how trackable cell phones were until I was experimenting on a wifi project and saw both MAC addresses and Preferred Network List of devices within the area that had not joined my network. Cell phone wifi is a privacy nightmare. Even the most technical people don't realize this, so projects that popularize it are going to kick up huge amounts of mud. Think of how easy it is to identify "whale" clients, if not by direct tracking, then by revenue correlation (these N people were present for $N,NNN,NNN in revenue events). They're valuable to track because when they show up you want your sales people to be at their best, but a service that starts tracking those people is going to make real enemies quickly.

Without wishing to belittle the privacy concerns of my fellow HNers, I wonder how long it will take for people to just be ok with being tracked in this way? This seems like one of those social changes that feels strange and uncomfortable at first, but over time becomes the accepted norm.

Has there been any work on developing and commercializing personal RF "firewalls?" I'd buy one in an instant to block intrusive tech like this.

Keep in mind that these "anonymous" data points aren't. Your phones MAC address exposes your home wifi network thanks to Google's databases. They also expose where you work, where your friends houses are, what your favorite coffee shop is. This is beyond dangerous, it's completely unacceptable.

Apparently Nordstrom did an experiment with this for a while - http://www.nytimes.com/2013/07/15/business/attention-shopper... - even going as far as monitoring passing traffic so you could monitor the percentage of people passing who actually come into the store. This could be pretty fascinating in the context of running certain types of window displays, sales/offers, etc, and lead to ecommerce-style split testing and the like. It says they stopped the experiment partly due to people whining though, but I imagine it'll just go 'under the radar' in future since it could be too valuable not to try.

Everyone here seems to be complaining about the anonymous tracking, which isn't really an issue for "normals". Its a relatively useless complaint too as that data already exists in the credit card network.

The real issue with this is that most SMBs are unsophisticated when it comes to the technology stack they use. I saw this firsthand in many ways working at Swipely (swipely.com) as we figured out product market fit. While things like 'see where else your customers shop' might seem like an interesting feature from an outsiders perspective, the businesses don't actually care. They often barely have the bandwidth to worry about their own customers.

Don't surveil your customers. It's creepy.

This is creepy. I will actively avoid stores that use this.

Where's their opt out?

Great execution, completely unethical

The funny part to me is that people think this is new. Companies like Euclid have literally been doing this for a couple of years(and quite successfully I might add) http://euclidanalytics.com/

Not only is it not new, its probably not going away.

I've actually seen a crude version of something like this on a trip to Taiwan a couple of years ago. I was at a mall and I noticed a wifi network called "People Counter." I wasn't entirely sure what they were doing with it, but I assumed it was counting MAC addresses.

Am I correct to assume that the hardware/device piece is similar to a Pineapple (https://hakshop.myshopify.com/products/wifi-pineapple)?

As I understand it, the device is like a WiFi Router looking for nearby clients broadcasting their MAC. Since phones have the ability of turning themselves into WiFi Hotspots, could a phone/app offer this same capability, or is it missing a hardware piece that lives in Density/Pineapple?

Now that's cool!

If anyone knows or can say: What physical principle(s) is the sensor operating on? There doesn't seem to be much information on that (possibly deliberately).

Did I miss something with the video? It plays an interview between pg and Calacanis that's 2 hours long.

By the way, I'd love something like this for the gym.

I'd like to check if it's too crowded before I decide to go or not.

I guess for any kind of business with lines or waiting rooms, (banks, ATMS, restaurants) customers might appreciate a way to quickly gauge the crowd level before going.

I'm seeing people talking about MAC address issues.

But how does this device work exactly? Is every phone throwing around a mac address, even if it's not trying to connect to wifi?

For example I have my phone set to use 3G expect on my home network. Would I count?

Met these this last week, they're absolutely incredible and they understand their market really well. They take privacy incredibly seriously and they've built a product that can change the industry.

Pretty good execution. We recently build something pretty similar for keeping track of who was in our office and where they were (partial write-up here: http://matthewmacleod.co.uk/blog/passive-wifi-tracking.html) - strictly opt-in, but we still had to wrestle with the privacy implications.

Problem is, this is a really effective and totally passive system with great benefits. But privacy-wise, it's scary.

Do devices broadcast their MAC adress when looking for an AP? Do devices encytpt their MAC when they are connected to an AP?

I want a phone that randomizes the MAC every time it connects to an AP.

Are there any good apps for location-aware WiFi toggling? I rarely use WiFi outside of home or work so I'd like it to turn itself off to avoid stuff like this.

Placemeter offers a substantially similar product that works based on strategically placed small cameras and machine intelligence. It recognizes individuals coming in and out of a retail location based on what they look like. Pretty cool technology and the founders were part of my Techstars class.

http://placemeter.com

I'm OK with the measuring traffic volumes using this method but I'm uncomfortable with the identifying information being stored without permission.

If they provided incentives to install an app/visit a website to register for rewards or be entered into a prize in return for allowing density.io to track you that would be acceptable.

Could a device like this use bluetooth instead of wifi / mac address?

Or for that matter could it somehow look at cell signals?

Ok so this system works by tracking MAC addresses. I assume the same sort of system using cameras and facial recognition would work too, and you can't turn off your face. I assume this must be already happening somewhere.

The amount of privacy we think we have must be a small fraction of what we actually have.

What is the percentage of people who always leave wifi enabled? I turn mine off every time I finish using it.

I wonder if the market for 'dumbphones' will increase as/if this sort of thing becomes more common? Probably not, but it's fun to think about. I know Nokia are still making bare-bones, extra-long-life models aimed at developing countries (eg the 105, 220).

Density's worst enemy is this app: https://play.google.com/store/apps/details?id=eu.chainfire.p... :)

Why are posts allowed that just have the site's URL as the entire post title?

Mental note : before your next hold up, remember to turn off your smartphone ...

Interesting idea, but wouldn't you get better coverage of people using GSM addresses, rather than Wifi MAC addresses?

Also it could be rather easily tricked by competitors, by constantly switching the MAC address.

Anyone else thinking this looks a bit like Brendan O'Connor's CreepyDOL?

http://www.youtube.com/watch?v=LFA6lew2tcE

While I understand the concern about tracking peoples presence with phones, I don't feel like this is new. The cellular companies can track location, and it's already happening.

Time to build a device that pollutes the databases with useless data.

If you want to build one of these, check out this library: http://www.secdev.org/projects/scapy

I thought this was a SaaS for dentistry (somehow) and I was going to be excited since it's been a while since I've gone to the dentist.

Definitely creepy.

Shouldn't something like Leap Motion be able to do this (for one store at least) and without the privacy concerns?

What do I need to do to build my own version of this device? Can I do it with any router? A Raspberry Pi?

In this flat, rectangular world, I have liked your flat, but curvy rectangles in common card UI.

If you have Wifi disabled on your device will they still be able to pull your MAC?

I gotta try this out when I'm wearing my wearable Hadoop cluster ;-)

sounds very similar to this http://www.bbc.co.uk/news/technology-23665490 which was shut down.

Awesome product.

my density has bought me to you

are .io domains still so hipster, that you just drop em somewhere and people klick on it?

To everyone screaming about privacy, RELAX, this is opt-in.