This has some interesting legal implications. The UK has a Data Protection Act that requires organisations to register with the ICO (Information Commissioners Office) and comply with a number of requirements.<p>Renew London is not registered with the ICO, nor is any company with a similar name at their postcode [1].<p>So either they believe that they're exempt, or that it's under a different name.<p>The ICO has a self-assessment tool [2] to work out whether an organisation is required to register. I'd suggest that the big question is: "Are you processing personal information?". The definition is:<p><i></i>‘Processing’ means doing any of the following with the information:<p><pre><code> obtaining it
recording it
storing it
updating it
sharing it
</code></pre>
‘Personal information’ means any detail about a living individual that can be used on its own, or with other data, to identify them.<i></i><p>So based on that, they're processing personal information and are legally required to register and comply. The ICO is not seen as an overly strong regulator, but they might be convinced to investigate after the inevitable headlines in the papers.<p>[1] <a href="http://www.ico.org.uk/esdwebpages/search" rel="nofollow">http://www.ico.org.uk/esdwebpages/search</a>. Postcode is E1 6DY from their website in the press release
[2] <a href="http://www.ico.org.uk/for_organisations/data_protection/registration/self-assessment" rel="nofollow">http://www.ico.org.uk/for_organisations/data_protection/regi...</a>
There is further discussion over here:<p><a href="https://news.ycombinator.com/item?id=6194160" rel="nofollow">https://news.ycombinator.com/item?id=6194160</a> (arstechnica.com)<p>In addition, here are some other sources for the same story:<p><a href="https://news.ycombinator.com/item?id=6181893" rel="nofollow">https://news.ycombinator.com/item?id=6181893</a> (qz.com)<p><a href="https://news.ycombinator.com/item?id=6183485" rel="nofollow">https://news.ycombinator.com/item?id=6183485</a> (qz.com)<p><a href="https://news.ycombinator.com/item?id=6184423" rel="nofollow">https://news.ycombinator.com/item?id=6184423</a> (theatlanticcities.com)<p><a href="https://news.ycombinator.com/item?id=6187750" rel="nofollow">https://news.ycombinator.com/item?id=6187750</a> (vice.com)
On one of the forums I am on, the debate has moved to whether a MAC address is an identifying piece of information. Especially given the high likelihood that a phone is not a shared device.<p>They're also using the MAC address to identify the device, and I suspect from that to estimate the demographic: <a href="http://new.pitchengine.com/pitches/60f7865a-f3ac-4167-920c-52faeea0564a" rel="nofollow">http://new.pitchengine.com/pitches/60f7865a-f3ac-4167-920c-5...</a><p>This seems to be echoed by some legal people:
<a href="http://www.huntonprivacyblog.com/2011/05/articles/article-29-working-party-opines-on-geolocation-services/" rel="nofollow">http://www.huntonprivacyblog.com/2011/05/articles/article-29...</a><p>> Unique identifiers (such as MAC addresses) should only be stored for a maximum period of 24 hours, and should subsequently be deleted or anonymized.<p>And they have an opt-out page:
<a href="http://www.presenceorb.com/optout.aspx" rel="nofollow">http://www.presenceorb.com/optout.aspx</a><p>But how many people would opt-out of something they didn't know was tracking them?
As someone living and working in London, I pass more than a couple of these 'bins' every single day.<p>These bins are quite strategically placed (1) in the heart of the square mile - the prime financial district and tourist hub of London city (2) especially around bus stops and city squares in this area - which have some form or other of free city wide wifi networks - where one would be waiting for enough time (consuming lunch, waiting for bus, meeting a friend, shopping...) to be an ideal consumer for targeted advertisement.<p>They also have an extremely amusing design which makes them look slick - but extremely unlike waste bins - infact you have to look at them closely to find where you need to dispose off your waste. This was one thing that amused me extremely when I first saw them - the strange inconspicuous design - but things make much more sense in the light of this article.<p>As someone who's targeted more than once a day by these things, I see this as a breach of privacy and expect to be informed that data about me is being collected and stored and maybe used for commercial purposes in the future (irrespective of the ICO technicalities and loop holes).<p>As a human, its a fundamental breach of trust and I would personally not see these things with the same inconspicuousness they have been designed with to deceptively integrate and blend into our daily environment.
Update 18:15 09/08/2013-- "[We collect anonymised and aggregated MAC data -- we don't track individuals or individual MACs. The ORBs aggregate all footfall around a pod for three minutes and send back one annonymised aggregated report from each site so the idea that we are tracking individuals again is more style than substance," says Memari in an email. "There are applications in the future which Quartz focused on but during the trial period we are only looking at anonymised and aggregated MAC data".<p>He adds, "as some of the technology we will be testing will be on the boundaries of what is regulated and discussed it is our intention to discuss it publicly and especially collaborate with privacy groups like EFF to make sure we lead the charge on [adding necessary protections] as we are with the implementation of the technology"
Low tech solution: fire.<p>When a couple have gone up, it will no longer be cost effective.<p>I really don't like the idea of tracking such things. It's bad enough in the internet but being stalked outside is not acceptable.
You can just imagine a future press release from those involved, citing an 'enhanced...experience' - which is general marketing speak for "we're going to try and squeeze more money from you with targeted advertising". What a shitty way to contribute to society.
This is very interesting.<p>So I never was much of a network analyst, forgive me - is there any way to guard against this while still leaving your wifi on, without something like cycling MACs? I wasn't aware that when you scan for Networks, that you're actually exchanging some packets with those networks - I thought you were just picking up on a broadcast one way. Shouldn't there be some sort of "stealth mode" where you're not leaking packets everywhere?<p>It actually seems like if this was the case, I'm surprised it hasn't been used in other ways. Say a burglar breaks into my house with his iPhone in his pocket. Could I later prove it was him by pulling up some log on my router that was picking up MAC addresses going by? And why isn't there some software (to my knowledge) that does the same thing for surveillance - logging all the MAC addresses and creating alerts if a new one comes into the area?
GreenPower for Android turns off your wifi when you're not using it. It's meant for battery life. Now it's also good for privacy.<p><a href="https://play.google.com/store/apps/details?id=org.gpo.greenpower&hl=en" rel="nofollow">https://play.google.com/store/apps/details?id=org.gpo.greenp...</a>
I had a little start-up idea a while ago .. albeit only tangentially related to this one.<p>Make a deal with JC Decaux, or some similar out-of-home advertising company to place cameras (strategically) around the City of London.<p>Nominally to provide personally tailored advertising, the significant secondary purpose is to use face recognition to identify individuals-of-interest: specific traders, fund managers and so on.<p>This enables us to analyse facial expression, gait, maybe body temperature to determine mood, then look for correlations in the stocks and markets that these individuals trade.<p>I think that this will be legal, since all the information that you are using is (nominally, at least) legal, and gained in a public place.<p>After all, if it is OK for the authorities to place the whole population under close surveillance, they cannot possibly object if we turn around and do the same thing to their paymasters, can they?
I'm no fan of fighting these things with technology and workarounds as I believe these issues need to be addressed at the legal level and the technology battle is just an arms race that you can never win.<p>However, might be a good idea to write a mobile app that changes your MAC address periodically (not sure how hard it is)
People have been waiting for this technology infrastructure to get in place for years.<p>It's a shame the recent NSA fiasco will scare people away now and set this back another 5 years.<p>There are some phenomenal experiences possible.
Hilariously, all 3 "unique" MAC addresses in that marketing image are identical: 00-14-22-01-23-45<p>They changed the font colour of the word "Mac", but not the actual address. Plus, Mac should be MAC.<p>McFail.
I think I even took a picture of one of those when I was in London last Fall: <a href="https://twitter.com/marshray/status/321038712735690754" rel="nofollow">https://twitter.com/marshray/status/321038712735690754</a><p>EDIT: That may not have been my own picture in that tweet. But still ISTR having snapped a similar one.