Hacker News new | ask | show | jobs
by lowglow 3118 days ago
Good move for Yelp. Probably bad news for data privacy advocates.

They could track you from venue to venue, without your even connecting to the wifi. They could see how busy a restaurant is at any time based on number of smart devices with wifi, they could infer demographic data based on device id, etc. etc.

They could probably correlate this with other data sources to 100% identify who you are and target you.

It's good for business owners if they surface this insight to their audience. It's bad for business owners because previously Yelp has been notoriously a bad actor in the space and can't be trusted.

It's good for business owners that want a great interface and offer wifi that might also better the experience for their customers.
2 comments
dawnerd 3118 days ago
Also looks like you have to sign in with a social network? Double nope. Also looks like its an app instead of the normal connect screen, but since it's a mockup I'll give that a pass.

Thinking about it - not really all that different than the google wifi at Starbucks. Google definitely is mining some data there... how long you're connected, locations visited...

link
username223 3118 days ago
What's the full extent of the Google Wifi surveillance at Starbucks? Browser fingerprinting? Some MITM technique? It seems to bounce you through appspot.com, i.e. GAE, but I can't figure out the tracking mechanism there.
link
dawnerd 3118 days ago
Just a thought: custom software on the ap/router that logs your mac address and anything else useful for fingerprinting that they might not get through a browser.
link
gruez 3118 days ago
you can use email, so there's nothing preventing you from using fuck@you.lol
link
quadrangle 3118 days ago
except if they actually verify the email doesn't bounce and you don't have a cell-data device, then you need the wifi in order to get your 10minutemail address…
link
un_montagnard 3118 days ago
A year ago, I was at Montreal Trudeau Airport waiting for my flight. I tried to connect to the Wifi, it asked for an email address and as usual I entered something in the like of dksqjd@skqdhqsd.com Problem is you first get 10 minutes of wifi to go check your email. Once the email is confirmed, you get unlimited wifi.
link
Operyl 3118 days ago
support@theirdomain.com is always a good bet.
link
realusername 3118 days ago
I generally use webmaster@their-domain.com or alternatively root@localhost.
link
presto8 3118 days ago
Some operating systems use a "fake" MAC address when not associated and scanning for networks. In theory, this would prevent tracking when a user is not connected to the SSID.
link