Hello friend. For those following this series, welcome back! For the newcomers, you can catch up here for the Project Warwalk articles and the glossary. Today we’ll be talking about something we’re calling Warmarketing, which we’ll define below, as well as big data, and surveillance issues with regard to wireless devices and IoT.
When we talk about Warmarketing, we’re defining it within the realm of wardialing, wardriving, and warwalking.
Out of the phone phreaking culture, wardialing emerged. Wardialing equipment was used to dial numbers in an area code sequentially in an attempt to find modems, computers, and servers. With wardriving the end goal is the same, to find open WiFi networks, and other network connected devices. Warwalking is the thing as wardriving, the only difference is someone one is on foot instead of in a car, it’s slower, but it also means that more devices are discoverable.
With Warmarketing, we are defining this as collecting SSIDs via programmatic ways and using this data to further market goods/services to people. It can also be used to promote causes and calls to action. We are also defining it as the mass collection of user data in such a way that it creates a disparate impact among communities and peoples, the digital divide, which we’ll talk about in a later post. This is Social Engineering on steroids.
To stay on topic with SSIDs and WiFi, how is this currently playing out and what do things look like for the future?
With each app you install on your phone, there are vendors who ask for permissions to view WiFi connections. Facebook is an example for this, as they also collect other data that builds a profile of who you are. See the screenshots below. We implore you to view the permissions your apps have to your devices as well as read the TOS and Privacy policies for them on what they collect.
With vendors such as Facebook, Google, Apple, Microsoft, your ISP, data brokers, and other companies collecting your data, it is easier for them to do it through an application. As the theme of this research is about WiFi and SSIDs our thinking turned to whether companies would use vehicles to wardrive, or warfly(collecting SSIDs using drones), a neighborhood to gather information for marketing purposes. While Google has done this in the past with their StreetView cars (see lawsuit against them here for the over-collection of data), it would be a resource intense operation and potentially cost prohibitive. Through informal polling and asking online communities, others have come to the same conclusion. There is one possibility for a company to do this that is plausible.
We talked with Phil Langin, owner of Connecticut Business Link, which provides digital marketing. (For full disclosure, we do have a relationship with the company.) Our conversation steered toward a hypothetical business that is a data broker that would provide hardware/software to businesses that already have employees that are frequently on the road. This could be food delivery drivers, logistics/shipping companies, sales people, livery (Uber, Lyft, taxis, limousines), bus companies, and nurses/doctors that travel to see patients. At the time of this writing, some of these types of businesses are greatly affected by the COVID-19 pandemic, which further adds to how effective this idea might be for a company to provide monetary compensation to these people that drive for work. The effectiveness of this hypothetical data broker’s efforts also depends on the reason they’re collecting the data and who they’re selling it to. If it’s costing this fictitious broker $10,000 to collect SSIDs from a neighborhood, pay the drivers their compensation, process the data, and sell it, it may not be profitable if the buyer of the data is a paper company looking to sell reams of paper to a neighborhood based on the number of SSIDs collected that are wireless printers. On the other hand, companies looking to buy data for high ticket items like luxury cars, this endeavor may be worth the investment.
More realistically, we can see app developers creating software that would interact with IoT devices like your smart TVs, smart fridges, and cars that would allow certain businesses an opportunity to observe your behavior which then leads to them creating targeted advertising or certain discounts. Another idea is a restaurant delivering to a customer in a certain neighborhood, and anyone else with an app installed on their TV, fridge, or even a mobile device could get an “alert” that this particular restaurant is delivering in this neighborhood and here are today’s menu specials,promotional offers, or discounts. The data collected would range from device type, to I.P. address, to browser type, along with what you’re purchasing. That purchase data would likely be email address, physical address, phone number, payment information, contacts, and transactions, to name a few.
Adding to this mountain of data, if you go to a physical store and use their WiFi, you’ll most likely be prompted to provide your email address to get access in return for allowing the store owner to send you advertisements. A few companies that already do this are GoZone, Spectrio, and SocialWiFi. Not only do these companies provide the hardware and software for this type of data collection, they also have the ability to measure foot traffic in a store to see where people gather.
This is a lot of data. To quote security guru Bruce Schneier in his book “Data and Goliath”, “data is the exhaust of the information age.” [Source: Schenier, Bruce. Data and Goliath. Published 2015. Page 17]. This is where Big Data comes in. Everything we do is increasingly being collected, sold, and used. Websites you visit are not only gathering data you provide them, but there are third party tracking sites collecting stuff about you. To see this, install one, or all, of the following web browser plugins: NoScript, Disconnect, uBlock Origin and visit websites you normally frequent. Once there, open up one of these plugins to see what else is loading behind the scenes. It can be a lot.
Every time you check in to a place on social media, that platform knows where you are. People in your network know where you are. If you frequently check into a place, a pattern emerges of where you travel and stores you encounter. Let’s also add the Internet of Things into the mix here and talk about Amazon’s Ring doorbell camera.
Ring has been linked to racial profiling in the name of “suspicious activity.” Vice’s Motherboard has a great article here, H.O.P.E conference has some great talks about Ring here and here
To sum up the issues with Ring, along with the increase in racial profiling, there’s also Amazon’s relationship with law enforcement, which includes these public servants selling Ring(a private product), and their ability to bypass the need of a search warrant. Law enforcement can now subpoena Amazon for the data from a Ring camera and the person whose camera they got the information from isn’t notified.
The Neighbors app increases paranoia by Ring users sharing footage to social media causing people without it to be frightened, thereby driving up more sales of the doorbell camera. This in turn erodes public trust.
With this type of surveillance, it’s only a matter of time before Amazon decides to go forth with their facial recognition program. This is also an opportune time to bring up the controversial company Clearview when talking about facial recognition. The company is already under a lot of scrutiny for their scraping of billions of peoples’ selfies on social media sites like Twitter, Facebook, and YouTube and selling access to this data to law enforcement. Department store giant Macy’s was recently sued for privacy violations by using Clearview and ICE (Immigration and Customs Enforcement) has recently signed on with Clearview This leads to questions such as where else is their technology being used, how is it being used, how accurate is the detection, and how biased is the algorithm?
While the point of this article illustrates how much data we’re all generating, even from something as simple as the name of your WiFi network, there’s a lot of stuff we’re giving up about ourselves. Some of this data we know we’re providing because we opted into it and then there’s the data that we don’t know we’re giving away that’s being used. For us, what’s contained in this article only brings up more questions than answers regarding privacy, security, and what’s to come in the arenas of digital marketing, Big Data, and surveillance.
For those reading this article please engage with us. How does this affect your everyday life? From your point of view, what are your thoughts on this subject matter? We want to hear from the business community too on this. Click here to contact us.
We’ll see you in the next post.