Beacons are Bluetooth devices that emit simple signals that smartphones can pick up.
A beacon in a New York City phone booth ad would need to recognize a corresponding app to push beacon-linked content to that phone.
From what I can see from reading the article this isn't the scary "things that watch you without your knowledge" but more like "things you can connect to if you're nearby" - and given that there's WiFi hotspots and other things in this category too, it doesn't seem all that frightening. In other words you'd have to have allow your phone to connect to them for them to gather any info, and in that case it's not much worse than connecting to a WiFi hotspot setup for marketing purposes (e.g. http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/19... ).
(The fact that the majority of people leave their phones in a "promiscuous" mode with all the radios enabled and constantly looking for things to connect to, and submissively install apps without reading their privacy policies/terms of use carefully, is a different although related issue - but this is something you can educate yourself and protect against.)
"In its current iteration, a Gimbal beacon requires a third-party app to trigger advertisements, and requires those apps to receive 'opt-in' permission from users in order to collect data and send notifications. (Users, of course, also need to have Bluetooth enabled.) ... Gimbal-powered apps may collect your current location, the time of day you passed the beacon, and details about your device."
If the beacons are doing anything more, it is not reported in this article.
If you turn on wifi tether mode, you are broadcasting your unique Mac address. Not sure if you have just BT headset running, can they sniff an unique address from the air way.
> (The fact that the majority of people leave their phones in a "promiscuous" mode ... )
Not everyone really understands what's going on with their phones or real intent of others (i.e the stores who provide wifi) so I think it unfair to lay blame on consumers for being 'uneducated'. There is a lot more overlap between 'things that watch you' and 'things you can connect to' than people realise. I'm reminded of the London bin tracking of last summer [1].
I hate all these FUD headlines that claim iBeacons can track you or send you adverts - everything to do with beacons is (at present) mediated by an app, and therefore subject to a user installing it and granting permissions. Sure, you can get people to install stuff that they don't understand and which will allow snooping etc. but that's by no means constrained to anything using the (Apple-owned) iBeacon standard.
I'll be more interested in keeping an eye on the URL-centric 'physical Web" experimental project recently revealed by Google (https://github.com/google/physical-web) as that potentially removes the need for app-based mediation of beacon (without the "i" prefix) interactions, uses the universality of http and URLs for content identification, and could make for a much lower-friction way of implementing beacon integration across different platforms.
It makes total sense to make beacons broadcast something that devices can interpret / interact with directly.
iBeacons are an interesting "first move" for the technology thanks to the weight Apple / iOS puts behind the potential for adoption, but the current model of interaction is just too convoluted / clumsy:
iBeacon broadcasts UUID/major/minor > subscribed app listens > app checks internal database or more probably fetches some data from a web-based API > decides what to do with that data / response.
vs
beacon broadcasts a URL > OS (or subscribed app) pulls data from URL > user (or app) decides what to do with that data / response
The abstraction provided by the iBeacon model is interesting but arguably too abstract, whereas the simple use of a URL is decidedly simple and logical by comparison, and (potentially) cuts out the app mediation.
If you combine the simplicity of using a URL with the idea that either the OS interacts with it directly or an app with a URL- or domain-specific mapped intent takes over that interaction then you get a simpler and more transparent journey as a result.
I think it's very early days for the Physical Web project, but it should definitely be one to watch!
The intention is that the client (whether that's the OS itself or an app as in the current Android proof-of-concept) visiting the broadcast URL will return specific metadata that will allow the user to know what the target content / action is, rather than content itself - https://github.com/google/physical-web/blob/master/documenta...
There is obviously some potential for data snooping and privacy issues, but if the experiment becomes a full standard then it will likely be fleshed out much more to avoid this issue.
Pulling metadata from a publicly broadcast (and therefore inspectable) URL still feels more transparent than the iBeacons implementation, which mediates all beacon interactivity through the "black box" of an app with unknown configuration (with regard to exactly which beacons it listens for - it could be a single UUID, or it could be all beacons) which could be phoning home with all kinds of data without the user knowing.
And if a vulnerability is found in the client's HTTP header parser or other part of the client?
What about these URLs recording client IP addresses and locations (based on the known beacon location)?
Is there no way to put everything in the beacon? Will users be prompted before their devices perform actions dictated by a third party? Will beacons be featured in future pwn2own contests?
Even if the actual interaction with people is mediated by an app, that doesn't mean data that is valuable to marketers(at the least) isn't being collected.
If it's valuable and technically possible, it's happening. Witness the use of phony cell towers and "free" wifi hotspots to track customers in shopping centers.
Apple was mentioned because the current dominant beacon technology, and the technology being used by some (if not all) of the cited organisations (such as Major League Baseball) is iBeacon, which is an Apple-trademarked property.
According to the Gimbal website, "Gimbal proximity beacons communicate over Bluetooth Smart and are built and configured to Apple's iBeacon specifications..."
What about all of the bloatware that I get from the carriers? Those come installed by default and they can't simply be removed.
If apps like that take advantage of beacons, do you still think this is FUD?
Also - what's wrong with Fear, Uncertainty and Doubt in general? It's not being used by one competitor here to knock down another one - so, I just don't see the problem with worrying about what will become of these beacons.
For me the FUD is more on the "Ermagherd! iBeacons can track you!" or "iBeacons will send you adverts!" level - most of it is down to bad journalism spreading fundamentally faulty information about how iBeacons actually work and what data is involved.
It would be much more powerful if tech journalists could actually convey in a "man on the street" friendly way what beacons actually do (i.e. basically sit there in a corner repeating their name over and over again) versus what appscould do and what kinds of data could be stealthily gathered as a result of beacon proximity (or lack thereof).
Also, I don't disagree that creating an infrastructure for the potential to gather data via a suitable app down the line without any real oversight is a bad thing.
Wifi beacons were deployed in London[1][2] as part of advertising systems on waste bins. These logged your MAC address as you passed by and allowed targeted advertising. I believe they were removed once the rollout was publicised and people rightly kicked up a stink about it. It was an opt-out system because if wifi on your smartphone was switched on (which most people probably do) then it would automatically log your phone's presence. Users would have had to switch off wifi to avoid being tracked.
Do people normally have wifi enabled when they're out-and-about? I turn it on when I'm at home/at a friend's house, but otherwise turn it off since there's no wifi to be had, and it's just an extra drain on the battery.
I do what you do, but I strongly suspect that most people never think about this, and don't know how to turn it off. The same people who don't know how to turn the flash off on their cameras and leave it on to take pictures of fireworks.
I switch WiFi off when I leave places with WiFi connection but sometimes I forget to do it.
I know people that think that the phone they bought "has Internet" and they must pay a monthly fee for that. They don't ask themselves how that happens so I guess that some people never turn their WiFi off unless they must learn to maximize battery life.
While I was using "GPS" as shorthand for "automatically determined location", technically doesn't the GPS receiver work better/faster when your phone already has a rough idea where you are?
Yes, most people I know, certainly. For example, since my phone uses Wifi at work and at home, my phone uses it most of the time.
I'm not going to turn off Wifi when I leave work and then turn it on again when I get home... I've never even heard of anyone doing that, it sounds pretty annoying to have to keep track of...
You can get apps that do it by using cell IDs (Smarter Wifi manager is one that I'm trailing but its terrible). It means not having to have GPS switched on for Geofencing.
So now I need to have my phone ping GPS periodically (which takes longer without wifi for guidance) to check my position so it knows whether it can scan for access points it knows?
Personally, I think I'd rather just have it scan for access points. Apple's MAC randomization has the right idea (if perhaps an imperfect implementation)
I purchased a Virgin Mobile handset and associated activation card. The phone is not tied to my name at all since I paid cash for it and I pay cash for the $35 top-up cards monthly. I activated the phone as "Prepaid Caller". I use no apps, only text and phone. My needs are basic. I have unlimited data for $35, so I never use Wi-Fi, and when I'm home, I use a laptop.
This article is cheap sensationalism to foster Luddite paranoia. The beacons will only track those that want to be tracked. And there a lot of valid situations where people would want to share geographical information in order to be guided, notified or rescued.
Sometimes I feel that valid concerns on privacy are doing to IT what pollution did to chemistry: people got so panicked that blindly reject any valid contribution that technology might give.
The main point is that the beacons were installed in secret, without any public notice or consultation. And that, time after time, many "opt-in" services prove to be not so "opt-in" after all (thanks to technical backdooring and/or murky service agreements).
It isn't Luddite paranoid, or cheap sensationalism to point this out; it's good journalism, coming from a surprising source (BuzzFeed, which for years seemed to have cheap sensationalism written into its very DNA).
There are users here who do some really fine commenting. But they got "deaded" for one reason or another. I would love to see buzzfeed and similar sites punished for their wrongdoings even if sometimes they might provide something good. The worse clearly overweighs the good to me.
"In its current iteration, a Gimbal beacon requires a third-party app to trigger advertisements, and requires those apps to receive “opt-in” permission from users in order to collect data and send notifications. (Users, of course, also need to have Bluetooth enabled.)"
FFS, Buzzfeed. This is buried practically at the end, AFTER the giant infographic and 10+ grafs of scare text. It's like running the headline:
YOUR BREAKFAST MAY CONTAIN POISON
and then at the end of the article:
"Well, if you bought the cereal that said 'CONTAINS POISON' on the box and decided to eat it right now, that might be true."
Why is this exaggerated journalism even on here? These aren't tracking everyone in NYC within range, only those who have bluetooth enabled, downloaded a very specific application, and then allow the app to track you in the background. Now this is all for IOS, android on the other hand does have potential to be troublesome.
Several commenters here have stated that Bluetooth beacon interactions are mediated by apps and they are therefore not surveillance devices.
That's just not correct. Bluetooth beacons can log and report information about devices that come within range of those beacons with active Bluetooth radios. Only interactive-time applications of a beacon need the cooperation of an app on a wide-area connected device.
Beacons that don't have external power generally can't use WiFi or mobile networks to do it, but this information can be uploaded on demand. For example, this information could be collected when coins from pay phones are collected.
Moreover, these beacons are reportedly installed in pay phone kiosks that do have wired connectivity. It's possible, even likely, that they "phone home."
There are still phone booths in NYC? Without reading the article, just seeing the headline above, my first thought was that a reporter discovered strange, long-forgotten devices with handsets and number pads and coin slots, collecting dust in the booths.
People should not be tracked. Full stop. Even with their permission. We are headed for worse than Orwell ever imagined. I cannot believe some people consent to this.
There will come a time and soon whereby people will not be able to do a thing without someone tracking it.
I recommend watching Person of Interest. The TV show has started long before the NSA scandal, but it's like a Hollywood post interpretation of some major event. Except it was a premonition.
It's one of my favorite shows because it's at least plausible, and felt that way even before the 2013 revelations. A lot of the tech and storylines in the show are of course fictionalized and a bit "out there", but the core concepts it presents are at least within the bounds of possibility. I tend to view it both as suspension-of-disbelief popcorn entertainment, and as a telling allegory on today's surveillance state.
Ah Gimbal, the HaaS company... the beacons that require you to register them on-line to be able to reconfigure them. Also, iBeacon compatibility doesn't work well in Series 10, i.e. those you can order a dev-kit of for free.
I'm waiting for someone to figure out how to force all those various beacons to talk the same language. Right now, everyone is trying to lock users in to a particular brand. It's incredibly annoying (and the same thing goes for the entire IoT and home automation market).
Out of interest does anyone have any statistic on how often phone booths are used? I'd have thought that with most people owning mobile phones the need to ever use a pay phone is very rare
I was wondering that too. I very rarely see public phones anywhere except airports nowadays, and they're pretty thin on the ground even there (sometimes you see the dedicated lines that connect directly to (e.g.) a cab company). It's not like the old days when there was a phone booth every few blocks, and massive banks of pay phones in airports.
There are a lot of phone stalls still around though - a number of which have been sites for experimental improvements for some time now, including a Google initiative to outfit some with public wifi:
http://www.nyc.gov/html/doitt/html/business/future-of-public...
A beacon in a New York City phone booth ad would need to recognize a corresponding app to push beacon-linked content to that phone.
From what I can see from reading the article this isn't the scary "things that watch you without your knowledge" but more like "things you can connect to if you're nearby" - and given that there's WiFi hotspots and other things in this category too, it doesn't seem all that frightening. In other words you'd have to have allow your phone to connect to them for them to gather any info, and in that case it's not much worse than connecting to a WiFi hotspot setup for marketing purposes (e.g. http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/19... ).
(The fact that the majority of people leave their phones in a "promiscuous" mode with all the radios enabled and constantly looking for things to connect to, and submissively install apps without reading their privacy policies/terms of use carefully, is a different although related issue - but this is something you can educate yourself and protect against.)