And anyone with a smartphone (or any other reasonably general purpose device with a 802.11 radio) can "understand" (read: pick MAC addresses out of a WiFi ping). This isn't some hidden, elite, arcane black-arts knowledge as you imply, this is standard stuff.

The idea that MACs should be somehow private because someone found a novel use for them doesn't even pass the laugh test. IP addresses are not "private". Your face out in a public area is not "private". Why is this different? How is this somehow worse than the CCTV cameras in most public places anyways? How is a MAC address PII by any stretch of the word?

I'm starting to really think "privacy" has joined the heap along with "patriotism", "socialism", and "terrorist", words which are being abused so badly they've lost all meaning and and as a result mean whatever their speaker wishes them to.

>That position is not only elitist as a technophile

One shouldn't hold strong opinions about things they don't understand even on a remedial level. This hand wringing is pure and simple fear mongering.

> The idea that MACs should be somehow private because someone found a novel use for them doesn't even pass the laugh test. IP addresses are not "private". Your face out in a public area is not "private"

I think you might be misunderstanding the part of this I have a problem with, or perhaps my language wasn't explanatory enough. I have a problem with the company linking back this info to a specific person, not the information itself.

MACs shouldn't be "somehow" private. MACs are not private. But when you use them to tie back to a specific person who is in your shop (with the credit card purchase info), you are essentially tracking a person. I think this activity should be regulated and should be an opt-in thing for users. (Enforcing this regulation could be admittedly a challenge, but it will at least be a step in the direction of strongly discouraging businesses to implement such 'features'.)

Similarly, your face out in a public place is not private. But if I have a startup that sets up CCTVs in participating businesses' premises and then track the movement of specific customers from shop to shop and generate data like "Okay -- the same face that was tracked shopping at Nordstrom then went on to have lunch at the Whole Foods next door; and from the credit card that was used, we can see that it was Mr. Karunamon", it's going to run up against major privacy concerns. I think this is very similar, but not that controversial because it is not so visible.

>I think this activity should be regulated and should be an opt-in thing for users.

I think any possible regulatory hurdles that could be imagined will make life for anyone who does anything neat with wifi or some other combination of information miserable. The credit card thing makes me wonder.. like what exactly are they grabbing? Just the fact that a card swipe was recorded at the same time that X wifi radio was in front of the register?

Somehow I'm still not bothered by this. As long as there's no "hidden" information being exposed (say, my CC#), my response is a big fat "meh". Combining different kinds of public information (as in, things that any person could just walk by and see) doesn't somehow combine to become private information.

I mean, let's see what pieces of data we're dealing with here:

    * Entry to the store. Public. Via CCTV, door sensor, etc.
    * Items selected. Public-ish. (Recorded after checkout, some stores use RFID tagging)
    * Location in the store. Public. (Anyone can see.)
    * Time card was swiped. Public. (Anyone in line can see)
    * Basic WiFi information (Mac address, SSID, etc). Public. (Anyone with a smartphone can see.)

Given the fact that all of these pieces of information are freely available, I find it impossible to call for someone's head or feel even vagely "creeped out" by simply combining that info.

Put yet another way, the information's always been there in the open, but now that someone decides to collect it, there's a problem??

To be clear, we're not collecting credit card data / swipes. Just anonymous movement. There's been some discussion about eventually using in-store payment systems with open API's to marry purchasing behavior to foot traffic >> but this wouldn't be tied to the individual.

The goal is not individual (person) tracking. The goal is identifying and operationalizing trends at an location-specific and network level.

We encourage users worried about privacy to opt out. But realistically, they're not individuals to the system. They're part of a trend.

As long as we get a statistically relevant percentage of movement (15-20%) we believe we can still be useful to the business. Worst case: a lot of people opt out, we drop from our current 60-70% capture to 20-30% capture and we simply extrapolate the remainder.

It's an inexact science but, we believe, very useful.

Thank you for the clarification. I think the NSA shenanigans and everything surrounding them have people hypersensitive with regard to any kind of "tracking", no matter how innocuous.

Best of luck!

> that every human must have complete technological and implementation knowledge

Or they could use software produced by people with that knowledge and who had users' interests in mind, which would automate the appropriate way to handle these concerns. And if they're unable to judge softwares' merits, they should rely on the opinion of more knowledgeable friends.

In this case, the device could easily generate a new MAC for every connection attempt, and give you an option to make that identifier more persistent per-network.

But instead people listen to the TV (et al) as it tells them to keep buying new closed Androids and iDevices, and then act incredulous (or Stockholm syndromed) when for-profit companies end up betraying them.