[AliAdams]

That is a pretty misleading headline - this isn't asking to see their text messages or something like that; It's just tracking when and where a MAC address is seen in order to work out traffic trends. In fact some of the data looks really interesting: https://imgur.com/Hx6mDSm.jpg (credit to bcraven for the link)

Most large public WiFi deploys come with this capability already included (albeit normally with an additional license required), whether or not the owners of the system are aware of the capability / are utilising it. Punishing TFL with sensationalist journalism for being open about this application will only make such use in future more hidden and isn't constructive.

[ptero]

The article does seem to be blowing up a relatively small issue.

However, if the intent is to work out traffic trends, it can be done much cleaner. For example, one can only track addresses within a single commute (it should not be difficult to guess from data). That is, use different hashes for the same MAC at different trips.

Also, IMO any general purpose data the government collects for the public benefit that it does not declare sensitive should be public. That is, quickly posted for public to see, use, check, etc. My 2c.

[m3rc]

100% agree. And it's unfortunate that articles like this end up being the ones discussed, it actually hurts privacy discussions by moving the conversation away from your "This data could be better anonymized and published" to "the transportation bureau is tracking your every movement".

[criddell]

Don't Android and iOS randomize the MAC addr these days? Are they investing in something that's going to have a very short life?

[tinus_hn]

At least on iOS it is only randomized while scanning, not while connecting to networks you have used before. Which is kind of obvious because otherwise your login won't persist.

[benbristow]

You need to login to the TFL WiFi using your Virgin Media or supported phone network's login, so they can identify you by that instead.

[uniformlyrandom]

Yes, but this is easy to opt-out from. Naturally, this is not what they are doing:

> At the end of 2016, TfL ran a pilot which tracked the Wi-Fi signals from 5.6 million phones as people moved around the London Underground, even if they weren't connected to a Wi-Fi network.

[criddell]

Is that just if you want signal under ground, or is having WiFi turned on a requirement for riding Tfl?

[Angostura]

If you want to use their wifi :)

[akvadrako]

Another way to think about it is as taking advantage of a window of opportunity to gather the data before it disappears.

[corobo]

I can't imagine people getting as mad at it as the news article wants them to be. I'm picturing a world where the super aggregate data* is available via an API so I can have an app that says something like "For a faster journey today use line xyz via station abc"

* in the image's case, those percentages would do it

[s0rce]

Doesn't google maps already do that if you request transit directions? It will route you the fastest predicted way. Worked for me on my trip to London.

[corobo]

Have no idea, I'll have to give it a go. Honestly being from a small town who commutes to London sometimes I'd never even considered maps for that sort of thing - Here it works as basically just a map

[johansch]

Having a state run public transport utility track everyone's mobile devices' unique IDs. Huh. You're seriously asking why this might be sensitive?

Wow, I guess you guys in the UK are seriously desensitized to data invasions like that.

[eterm]

All this stuff is tracked all the time anyway through cell towers, it's way past where the regularization point is for "state intrusion" in the UK.

That might seem weird to an outsider but that's just a culture difference. We're just as weirded out that anyone can own even a handgun in the US, let alone walk down the street with one.

I'm personally far more weirded out by the idea that a private company can track and use this data than the fact the state can.

[johansch]

My two major turnoffs for living in the London area (which otherwise, based on my multiple visits so far, seems lovely) are:

a) the pervasive surveillance (i don't think it's by chance that "black mirror" is written by someone - charlie brooker- living there)

b) the stupidly high housing costs

(in that order, actually)

[eterm]

While London does have a lot more surveillance than the rest of the UK, anywhere in the UK has a lot more surveillance than most other comparable countries.

It was 13 years ago that the UK's then information commissioner warned we were sleep-walking into a surveillance state: https://www.theguardian.com/uk/2004/aug/16/britishidentity.f...

The worries seem positively quaint now in comparison to the data that Facebook, Google and the state now collect.

[IneffablePigeon]

Except they’re not storing any device IDs at all, they’re hashing the IDs with a salt that they rotate and dispose of daily. They can only infer movement of a device through the system, they can’t tie that back to any device after the fact, and can’t even tie the same device’s movements together over the course of more than one day.

[QAPereo]

The people who choose to spend their lives on cctv? Yep...

[ballenf]

I understood them to offer wifi service and track its use, but maybe I was reading too much into it.

The revenue was discussed as coming from targeted advertising implying tracking of data usage.

I'm skeptical for a different reason: all they're going to see is a bunch of connections to facebook servers which will all look alike. /s

[matthewmacleod]

"Targeted advertising" in the sense of real-world, physical targeting. Like, where should adverts be placed in the station to maximise exposure.

That doesn't require and collection of data, and they have explicitly ruled out doing such collection.

[gsnedders]

They already have, e.g. adverts that run in parts down escalators. If you know plenty of people go from one corridor to another, you could extend such segmentation across corridors.

I imagine they can also do differential pricing of adverts across more of the stations with a better idea of footfall (though simple point footfall figures can be got in simpler ways), and indeed that is apparently part of what they're doing.

[iicc]

The 'sensationalism' is not at the technical detail, but TFL being opaque about their motives.

TFL's intention to "dynamically trade advertising space" is far more interesting though. Once that's in place it doesn't matter if TFL track you or not - Facebook and Google will just repurpose their existing technology, making things a step closer to the advertising in minority report.

This will likely result in a strong pressure to reduce the friction of everyone using the wifi - expect the 'paywall' to drop.