Wifi and/or bluetooth media addresses, which are unique. I've heard that wifi tracks you to the store, bluetooth to the aisle in the store. A lot of people have all this enabled on their phones, right? Then there's the apps installed on so many phones that are built using facebook sdk's and similar that include a lot of spyware.
I have the impression that stores doing this are working with data aggregator to associate this information with other sources of info, like credit card purchases, facial recognition, phone number and imei, etc.
I read up on this [0]. It looks like it helps to have a newer phone, and even then this feature is inconsistent across models, with some phones spewing non-random frames even when wifi is off and/or depending on how location services is configured. Although I would assume the feature will continue to be better implemented as time goes on, it doesn't look like something that is protecting most people yet.
I read a bit about bluetooth tracking [1]. Apple and Google both apparently support this kind of tracking via apps, and a lot of apps use toolkits made by advertisers that do this. Apple has been selling their iBeacon devices that can be located in stores to track people. Here's [2] something about google tracking via bluetooth even when bluetooth is turned off.
I heard it's a lot more than the specific store app tracking people in that store. I've heard that there are tons of toolkits and sdks used to build apps that have this kind of tracking built into them, for example [0]: 79 out of 123 manually tested educational apps tested were sending data to 140 advertising companies. Another article [1] saying that Apple has done nothing to stop this, either.
I'd assume that anyone with location services enabled and/or more than a few very well chosen apps is being tracked via these methods. I assume that most popular apps include this stuff, and most people are being tracked. The more I look into it the more pervasive it seems to be.
Good luck keeping a blowjob in the Oval Office a secret.
There’s far too many people involved in such an operation to keep a blatant criminal offence secret for a prolonged amount of time.
Tracking like this is, for now at least, not possible in the EU.
I have the impression that stores doing this are working with data aggregator to associate this information with other sources of info, like credit card purchases, facial recognition, phone number and imei, etc.