June 26, 2014

The End of Permissionless Location Tracking

5 minute read

shoppingApple sent a collective shudder through location-tracking and mobile marketing companies earlier this month when it announced that its upcoming iOS 8 release will include a feature that will dynamically generate a MAC address for the device when it’s looking for, but not connected to, a WiFi network. The MAC (media access control) address is unique to every device and is broadcast as part of the scan for a WiFi network, so it’s a convenient way for companies (Inpixon included) to identify a device and track its movements without the owner’s explicit knowledge or permission. In some situations, such as in dangerous areas or high security zones, permissionless tracking is understandable. But when it’s used to collect data on your travels for the purposes of advertising or marketing, many consider it an invasion of privacy. Apple obviously does, and so it’s taking steps to minimize the practice with built-in MAC address spoofing.

Since Apple revealed the feature at its 2014 Worldwide Developer Conference, there’s been quite a few conversations about how it will affect the mobile locationing industry (Inpixon included). Is it a good thing or a bad thing? Will Android and Windows mobile follow suit? How are developers going to respond?

From our perspective here at Inpixon, this is nothing but good news for a number of reasons. First, our mobiles are way more than merely phones these days and carry vast amounts of personal information that you have a right to keep private and secure -- even a notoriously divided Supreme Court is unanimous on that one. A mobile OS with a privacy first posture is a step in the right direction. We can only hope that Android and Windows phones follow suit (in fact, Google is in some ways with the changes in Kit Kat.)

Second, and perhaps just as important, these new privacy moves are going to force many in our industry to be far more open with consumers if they want to succeed.

Walk into any shopping center, building or public space and you’ll see signs noting closed circuit cameras are in use. Store personnel are identified by name badges and uniforms. Your credit card receipts say what you bought, where and when. In other words, it’s all out in the open and you’re free to grant permission to be monitored, identified, and engaged in a transaction or not

By contrast, few are made aware that the mere act of carrying their phone with them while shopping gives a nameless 3rd party the ability to identify them and track their movements there, around town, and even across the internet. No notification, no permission, just secret stalking of people via their phone.

Sorry, but that’s creepy.

Yes, our industry likes to tout privacy policies that state “no personally identifiable information” is gathered, but it’s a hollow claim designed to re-assure the stalked that their name remains unknown. But when you know where a person goes, when they go, how long and how often, that person is already unique and identifiable; a name is a formality. The truth is people are still being surreptitiously tagged, tracked and profiled without their consent like caribou in Alaska. It’s still got an ick factor no matter what spin is put on it.

And so Apple is forcing the industry to up its game and come clean with consumers. “You want to track people? Get their permission,” the company is saying. “Give them a reason to connect to your WiFi or install your app, and engage them, because the unsanctioned snooping thing -- at least for iOS users -- is about to end.” (And the other guys may soon follow.)

Yes, for the locationing industry it’s a pain. It’s going to force some companies to change the way they work and operate more in the open. But ultimately, this is a good thing. When you’ve got consent and a respect for privacy, you not only build trust and get better information, but you pave the way for a context and location-aware future where everyone -- both developer and consumer -- benefits.

Permissionless tracking is dead. And that’s a good thing for everyone.

Topic(s): Security

Subscribe to Blog Updates