This morning while at Woolies I tried to browse OzBargain using Woolies free WiFi and got an SSL error. Other https sites were not affected and I could access OzBargain fine using mobile data. Has anybody had the same experience? Is Woolies blocking OzBargain I wonder?
You'll find that many retailers are offering free wifi these days. Essentially it is the cheapest way for them to count and track customers. Larger stores like woolies, target etc can even see the route of customer, time per section and most popular sections.
I deliberately avoid connecting to public wifi as a matter of course, but especially so with retailers for this reason. This said, I'm curious about the OzBargain block and might have to break the rule to test.
They're welcome to the metadata (but not data) from seeing my https URLs. Just the usual, gmail, WhatsApp, etc. Even the http URLs are boring, e.g. www.abc.net.au.
Where they try to take advantage is presenting you with their homepage on login, hoping you'll explore the deals. There's even a Priceline free AP nearby that provides no Internet connectivity, just serves ads.
The "data" they are looking for is your MAC address [good luck ever changing that], then how long you spent in each section, what section you went to first, whether you returned to each section, how many times you had been, whether it was your usual pattern, whether it was your usual branch - and how your visit, behaviour and the time compared to your visit to any other branch of the Woolies empire….
No biggy - and as others have pointed out, that if you have your wi-fi on, they will only have your e-mail /name if you have ever logged in at any time using that device, or given your name and address for warranty, layby and/or returns while having the device on and with you while at the counter…
@terrys: Connecting to the AP doesn't require any ID, just acceptance of the T&C, so there is no link between my session and my EDR profile. And anyway I don't care because I normally go straight to the section and buy what I want. As I have pointed out before they use the WiFi in a more straightforward way, to show you ads once you have connected. Sometimes the simpler explanation suffices.
The "data" they are looking for is your MAC address [good luck ever changing that]
Apple implemented MAC address randomisation in the Wifi scanning phase from iOS 8 onwards (and I believe in their later desktop OSs too) to specifically counteract this behaviour, and I believe that some of the more privacy minded Android ROMs do similar.
The credit they deserve for this important privacy move is almost completely invalidated, given their development of the iBeacon tracking setup (and MAC randomisation probably merely to increases iBeacon's utility). Still, while iBeacon is less prevalent in Australia the Apple block probably helps a bit.
As a Nexus 5 user, I'm interested to know if anyone here has experience in getting Android phones to behave similarly in randomising MAC while WiFi scanning.
@terrys: Good luck to them. I'm one tough customer. I have a small list of things I buy from Coolies and the rest I get a produce markets or Aldi.
I've seen retailers do that with heat cameras installed alongside security cameras.
Which has been around for a while, more reliable since they don't have to rely on people connecting to the net, it also works for people without smart phones.
So I highly doubt the WiFi is the means of tracking customer movement I have store when it's so unreliable compared to other proven techniques.
I Disagree!
You don't even need to log onto thier WiFi.. Just tracking mac addressess..
they can then work out how long you have been in the store and how long in each corner and back..
Great Idea
@woodwa: Yes but who is the "you" associated with a MAC address if you don't have to provide an ID to use the AP?
The "you" probably doesn't matter so much if they're getting metrics like "the average Apple iPhone user visits x times per week, stays ~y minutes, and inside|outside business hours" (plus similar metric for other devices).
Second, if you do indeed scan an Everyday Rewards card or pay by card with enough regularity, it should be relatively straightforward for a computer to guess correlations between MAC disappearance (post purchase) at specific stores and scan events by card carrying customers just beforehand.
@tplen1: They already know what I buy when I do scan my EDR card. Good luck to them if they want to guess what I'm interested in when I walk around. I can tell them here and now: the yellow bargain price tags in case there is a bargain. BTW they need to make their analysis software handle more variations. Coles assumes that I have a favourite store. I just go to whichever one is handy at that day of week. So the store promoted in their marketing emails flaps between different stores, depending on which one I visited last.
If they want to see general analytics, sure MACs would help but this misses the people who don't have smartphones or have WiFi enabled at the time.
It's a cat and mouse game. I'd be more concerned about the proposed data retention laws than this.
Someone has been smart enough to down-vote this?;)
my tpg/optus reception goes dead inside most woolies stores so free wifi would be good
How convenient for Woolies that your internet goes dead…
funny that. I get terrible/no service inside my local woolies too. Dont have this issue at coles though
I'm not complaining, there are other free APs, including Telstra's free Wifi trial within a minute's walk of Woolies even if I didn't have mobile data. I'm just curious that somehow OzB was targetted while other https sites weren't. Seems people are habituated to reading complaints in forums now.
Wow I knew Target offered free wifi but didn't know woolworths did!
It's always worth a look - Westfield Marion also has many others, tho David Jones seems to go nowhere, McDonalds makes 1990 dial-up look like Dan Simmon's Allthing but KFC and Target are useable - Target with e-mail verification, and KFC offering e-mail subscription for 1 hour/100Meg as opposed to a 15 min session.
Those are definitely more intrusive and they want to collect email addresses to spam. However I have often managed to get in with something like [email protected]. I know of one sneaky one where they have an email box near the submit button suggesting that you need to fill it in, but lets you in anyway even if you don't.
Then there are those that want FB logins. For those I feed them my friendless Fakebook account.
SSL uses port 443 by default, perhaps Woolies only allows port 80 connections.
No, if you read my post other https sites worked fine. A lot would break if they blocked all 443 connections, email, instant messaging, etc. That would prevent people from contacting others to communicate re shopping in Woolies.
Note that retailers don't even have to give you internet access via public wifi as they can track your handset by watching bluetooth and wifi emissions. Your handset watches for wifi/bluetooth to do location tracking and pairing up.
If they give you internet, it's because they want to watch what you are doing for data analytics.
Some phones can do randomised MAC addresses to try and defeat this kind of tracking.
I believe some of the later Apple devices give out fake MAC addresses on a contact. They only give up the correct MAC address if you actually make a connection, not just a contact.
Yeah Apple tried but their implementation failed unfortunately.
Be very careful of public wifi access points and SSL website errors. The SSL certificate is there to ensure the corret server is colleting your data. If there is a SSL error on a websit when connected to a public wifi access point, it can be an indication that a man in the middle attack is taking place.
previous posters have this mostly right- those who say the data isn't important are wrong however. If you'd like to know more, have a look at youtube and search 'Meraki presence'
Oh yes and Meraki has been swallowed by Cisco, so not valuable at all then……
I didn't even know our supermarkets provide free WiFi!
That in itself is a bargain. I wouldn't complain about any free WiFi blocking any websites it wants. There is certainly no obligation for them to provide it, period