[Phargo]

How real is this and how accurate can it be?

Pure conjecture here, but if retailers are getting in on this jig is it safe to assume that local, state, or federal governments are doing this with public wifi ports? If I walk into a courthouse and my phone is searching for wifi am I tagged as being in the building? Would it be possible for government agencies at any level to subpoena this sort of information from retailers?

[diydsp]

The newly-built, PV-covered stop&shop on the way home from my work has a flat, black board with the name "Motorola" on it hanging over the entrance. Presumably, it's full of antennas. Since Google acquired Motorola, I'm sure this data is being resold and who knows what kinds of restrictions there are.

It is unknown what signals it records. It would be nice if someone who knows cell phone signalling can chime in on how much is legible in this way.

As far as legal records, well, everyone on HN probably knows how easy it is to fake a WiFi MAC address and make it seem like someone was at the scene of a crime, or seem to be innocently hanging out somewhere else. So subpoena'ing this information might not lead to useful evidence, but probably to lots of confusion and prosecutorial mistakes and disasters. I would love to know how easy it is to fake a cell phone IMEI or other identifying info.

[fennecfoxen]

How accurate? Pretty sure the bit about "Combined with video surveillance, those stores also collect your gender and demographics" is total BS, and is probably based on someone's misinterpretation of something or someone saying it's theoretically possible that it could be done. Combining wi-fi tracking with video surveillance of any sort, even just computing the movements of simple shapes derived from background subtraction, is hard, and doubly so for general-purpose deployment. Now you want to do face-to-demographics? On a little tiny face from a MJPEG feed of a camera mounted to the ceiling? Of people who are wandering around the store, some of whom may be traveling in groups without a one-to-one face-to-phone mapping? Eh.

Give it another three to five years, maybe? At least? Until then, I strongly suspect shenanigans. If you did want to collect demographic data, you'd find a way to correlate a more high-quality source of demographic data with the phone MAC address (e.g. customer checkout data, possibly with attached loyalty program, which could be done on a purely statistical basis with just two or three visits for most cases). Or use a smartphone-based app connected through the in-store network (offer coupons as an incentive). Finally, even then, if you did want to do stuff based on faces, you'd put a camera at eye level in strategic locations to maximize your data quality.

Now, as for tracking in a courthouse: a high-quality wireless network NMS will in fact record general details about your connection times and dates, by MAC address. These NMSes, last I checked, generally do NOT record unconnected clients, though Euclid Analytics (mentioned in another post here) does. There may be legal issues if you do, doubly so since non-connected clients haven't accepted any guest-wifi terms of service pages - you'd have to ask Euclid what their theories are; this hasn't seen court yet.

Speaking of NMSes, here is one generally-available NMS that does detailed client-historical data, including general client location history: http://www.arubanetworks.com/products/management-security-so... -- see the VisualRF link: "Plays back a user’s location history over the past day to aid in troubleshooting and recovery of lost devices. Last known location of each tracked device is stored indefinitely to help find lost or stolen devices". In addition to that, detailed association history (MAC-to-AP without a computed geographic location) can be kept indefinitely. Again, this is mostly focused on connected clients for now. But the wireless network is capable of reporting non-connected clients, so this is subject to change.

More worrisome for government tracking, though: subpoena the cell phone company.