Abstract

Wi-Fi-based tracking systems have recently appeared. By collecting radio signals emitted by Wi-Fi enabled devices, those systems are able to track individuals. They basically rely on the MAC address to uniquely identify each individual. If retailers and business have high expectations for physical tracking, it is also a threat for citizens privacy. We analyse the privacy policies used by the current tracking companies then we show the pitfalls of hash-based anonymization. More particularly we demonstrate that the hash-based anonymization of MAC address used in many Wi-Fi tracking systems can be easily defeated using of-the-shelf software and hardware. Finally we discuss possible solutions for MAC address anonymization in Wi-Fi tracking systems.