back to article TfL to track Tube users in stations by their MAC addresses

Transport for London is to start a four week trial of reading Wi-Fi connection request data from London Underground passengers’ mobile phones. The trial, which will last four weeks from 21 November, “will help give TfL a more accurate understanding of how people move through stations, interchange between services and how …


  1. Vimes

    Even if you take out of the equation the fuzziness of detail of what goes on within a station, doesn't the fact that they won't be tracking everybody reduce the whole thing to a pointless exercise in futility?

    Not only will a lot of phones have Wi-Fi switched off but it's entirely possible some people won't even have Wi-Fi enabled devices with them in the first place.

    1. Anonymous Coward
      Anonymous Coward

      And some might have more than one!

    2. Dave Harvey

      No - tracking a proportion of users is perfectly reasonable statistics - done every day in just about every statistical scenario, and with well-established means to estimate the error, based on the size of the sample.

      Of course, if the sampling is "biased" then the biases need special consideration, but even that is not impossible or unreasonable. e.g. if 90% of passengers from one area have a smartphone with WiFi switched on, and only 10% from another area of London, then this would need correction, but that's still simpler than manual counting of individual journeys, so by-and-large this seems sensible to me.

      Of course there is the "tracking/privacy" issue, but IF done properly, then the WiFi MAC address is a reasonably good, pre-anonymised means to use - certainly less traceable than our faces on CCTV!

      1. Adam 52 Silver badge

        "is a reasonably good, pre-anonymised means to use"

        It's nothing of the sort. It's not anonymous at all, being tied to your network traffic and location.

        1. Captain DaFt

          "It's nothing of the sort. It's not anonymous at all, being tied to your network traffic and location."

          So you're saying that:

          "XXXX XXXXX who owns an iPhone 7, mac address 00:1a:c2:7b:00:47 takes the 7:15 commuter bus from Tally Ho subdivision station to downtown Abes and Stalping junction station near the Cremel Building weekdays.

          Normally sending emails related to business with Cremel industry's IT dept., or surfing under the username "Boo-dah" in route.

          Then normally uses the same station to return to the Tally Ho subdivision at 21:15 mon-thur, normally texting Mrs. XXXXX at 121 Foxing St.

          On Fridays the 23:00 from Kipling station is used to return to Tally Ho Subdivision station after receiving two or more texts from Mrs. XXXX at 121 Foxing St.

          Might actually be used to figure out XXXX XXXXX's real identity?

          Surely not!

      2. Doctor Syntax Silver badge

        Upvoted for the statistical point but "IF done properly, then the WiFi MAC address is a reasonably good, pre-anonymised means to use"

        Note that the company collecting the stats is also the company running the WiFi service so can potentially identify the user from any use they may make of that service.

        A better option would be to take the MAC, hash it and save that. If that's what they mean be anonymising then that might be OK but as the report stands it should be a bit worrying.

        1. patrickstar

          Hashing it wouldn't do much in itself. It's easy to just bruteforce all possibilities - it's only 48 bits long, and the first part of it is the vendor ID which has a limited amount of likely candidates to try.

          One option would be a keyed hash, but then you better keep the key in a HSM with rate limiting of the hashing operations.

          Another option would be to deliberately make the hash so small there will be a lot of collisions if you search the entire space, but this might affect accuracy of the data collection to some extent if it's too small. You could probably tune the length if you have a good idea of the number of unique devices encountered beforehand.

      3. Dave Bell

        Each MAC is supposed to be unique, so it's going to be hard for this not to be Personal Data.

        It's possible that a different number could be assigned each time an MAC enters a station, and used in the tracking records, so that the tracking data for a device can't be combined across multiple visits. That might work and be legal without having to get permission.

        As a very occasional visitor to London, I'm not that bothered. But anyone thinking an MAC address isn't personal isn't thinking this through. And that's what worries me. Just a hand-wave about de-personalising the data isn't enough. Did the people planning this know enough?

        (I know enough about law and technology and stats to ask awkward questions around the intersection. It's a little worrying that I might know more about MAC addresses than the lawyer, and more about the law than the techie.)

    3. allthecoolshortnamesweretaken

      "... it's entirely possible some people won't even have Wi-Fi enabled devices with them in the first place."

      Totally incredible.

  2. Vimes

    which is expensive, time consuming and limited in detail and reliability

    Whereas this still costs money, and is probably just as limited in detail and reliability. 'Time consuming' appears to be the only issue this trial deals with and even that is debatable.

  3. J. R. Hartley


    This is only the beginning.

    1. boltar Silver badge

      Re: Bollocks

      "This is only the beginning."

      Yup. This whole monitoring user flow is BS since they already do - there are probably more cameras in a tube station that in your average TV studio and they've had years to figure out how crowding occurs and frankly on a transport system its not hard to figure out why if there are delayed trains or mulitple trains arrive at the same time. It really isn't rocket science.

      I'd be rather surprised it this DIDN'T turn out to be a way to monitor potential criminals/terrorists/fare dodgers etc as they move through the system. At least until facial recognision technology is advanced enough that it can be done via the CCTV.

      1. Doctor Syntax Silver badge

        Re: Bollocks

        "its not hard to figure out why if there are delayed trains or mulitple trains arrive at the same time"

        Or if there simply aren't enough trains. Thank goodness my days of commuting on the tube are long gone.

  4. Vimes

    ...will enable us to provide customers with even better information for journey planning...

    If that truly is one of their aims then why have they been busy closing ticket offices, where people could get that information?

    1. boltar Silver badge

      "If that truly is one of their aims then why have they been busy closing ticket offices, where people could get that information?"

      To be fair that was Bozo Johnsons idea. I doubt many in TfL actually wanted to do it but if the mayor says jump they have to ask how high. I was hoping Kahn might have reversed at least some of the closures but its looking unlikely and the longer they stay closed the less chance there is of them re-opening IMO.

  5. allthecoolshortnamesweretaken

    I think what they're really trying to do is take Mornington Crescent to the next level.

    Elephant & Castle.

    1. Anonymous C0ward

      Interesting starter.


      1. BoldMan

        Hmm, in that case The Angel Islington...

        1. Ivan Headache

          I'll take Barry's favourite, Fairlop.

          1. Anonymous Coward
            Anonymous Coward

            Liverpool Street.

            Hah, didn't see that coming did you?

            1. BoldMan

              Nah, that was totally predicable as a transverse loop slide.

              The obvious counter would be... oh no I'm not going to fall for that one... I'll go Whitechapel instead!

              1. allthecoolshortnamesweretaken

                Hmm... Shadwell?

                1. Ivan Headache

                  You're not thinking this through are you?

  6. Neil Barnes Silver badge

    switch off your Wi-Fi...

    Can someone a bit more au-fait with the technology than I am point me to a primer for the handshake/negotiation that takes place between a device with wifi turned on but only connecting to known hotspots - i.e. not the open spot on the underground?

    Does the connection request start from a device which notices a live network or does the network poll? Or...?

    1. Criminny Rickets

      Re: switch off your Wi-Fi...

      I normally keep my mobile data turned off. I run an app called Smart WIFI Toggle. It automatically disables my WIFI, and only enables it at hotspots that I have specifically indicated (such as at home or a coffee shop that I frequent). Not only does it protect me from errant hotspots and scanning of my phone when I am not specifically using it, it also cuts down on the battery drain. In addition. I use an app called Autosync. It keeps the Sync disabled unless my data or wifi is enabled, then Autosync will automatically turn on Sync and automatically disable it again when my data or WIFI is disabled..

      1. Trigonoceps occipitalis

        Re: switch off your Wi-Fi...

        So you plan to stop TfL tracking you using Smart WIFI Toggle, an app that sends what to who? Or can you say categorically that it is not data slurping?

    2. Adam 1

      Re: switch off your Wi-Fi...

      Device initiates. If you want your device to be untrackable*, you need to switch off WiFi. I think there are some ways to randomise the MAC address periodically to reduce the problem but you can bet lots of places do this.

      *By WiFi traffic analysis I mean. It's still going to be broadcasting on its 4G frequency.

      1. Neil Barnes Silver badge

        Re: switch off your Wi-Fi...

        I thought that it would start from the device end. So presumably, by the time the device has noticed a network and talked to it to decide it's not one it wants to connect to, the MAC address is already logged.


      2. david 12 Silver badge

        Re: switch off your Wi-Fi...

        Yes, by design Apple IOS 8 devices randomise the MAC under some conditions to defeat this kind of identifaction. Note: by default it's fairly poor protection: it only works if you aren't using the device.

        Also, this is the second time I've seen claims that London is using WiFi tracking. Most of the traffic tracking in the world is done using Bluetooth, so I'm wondering what the attraction is for WiFi here.

    3. paulf Silver badge
      Big Brother

      Re: switch off your Wi-Fi...

      "For the privacy-conscious Londoner, the easiest way to not be tracked is to switch off your Wi-Fi."

      And switch off Bluetooth while you're at it as that can be tracked too, although the shorter range makes it a bit more difficult. Switch them on when you need them, and leave them off at other times to save battery as well as avoid tracking. It's not just Tube stations, shopping centres are another that like to track "Footfall" offer free Wifi and ping you with targeted advertising into the bargain.

      I use Wifi at home then turn off Wifi and stick to cellular when out and about then it's only your mobile operator and the Gubbermint that's tracking you.

      1. Anonymous Coward
        Anonymous Coward

        Re: switch off your Wi-Fi...

        I use an app called LLama which uses the cell ID to work out where you are. So, in my case, I use it to turn off WiFi when I leave home (an are of about 500m around my home in practice) and turn it on again when I get to work (again, a 500m or so radius of my work).

        Not a perfect system but good enough for me.

        It runs on Android, I don't know if other versions exist.

        1. Anonymous Coward

          Re: switch off your Wi-Fi...

          Not sure how the built in Windows phone setup works, but you can have it turned off until at favourite place, at which point it will turn back on.

          Not sure if based on cell or gps.

        2. Adam 1

          Re: switch off your Wi-Fi...

          That is brilliant AC. Thanks

  7. Adam 52 Silver badge


    Wasn't this very illegal when Google did it?

    1. toby mills

      Re: Streetview

      That was home Wi-Fi AP's not mobile devices.

    2. Anonymous Coward
      Anonymous Coward

      Re: Streetview

      What Google did was to capture packets being sent by Wifi access points and not just the Mac Address.

    3. Dr Paul Taylor

      Re: Streetview

      Wasn't this very illegal when Google did it?

      Yes, but that was because Google isn't

      Yet another reason for not having a "smart"phone.

    4. Incredulous gambit

      Re: Streetview

      No, slurping WiFi announcements is perfectly legal. It happens everywhere - lookup "purple WiFi" in York - you are tracked across the whole city. Supermarkets also do it to track your visits to the store

      What Google did which was illegal was also slurp up the comms data from WiFi networks which is against the law

  8. mark 120

    GDPR to the rescue

    Recording the MAC address means it can be tied back to an individual, and is therefore personal data. They'll therefore need to gain consent for processing it.

    1. Mark 110

      Re: GDPR to the rescue

      Only iif they do tie it back. The MAC address on its own is noot personally identifiable. IIts its in a table with their name, address, and phone number I agree. But its not.

      If you don't want anyone to have access to the MAC address on your phone then turn wifi off.

    2. G Watty What?
      Big Brother

      Re: GDPR to the rescue

      "Recording the MAC address means it can be tied back to an individual"

      Does it? If my home wifi router collects your MAC address as you walk by my house and I check the logs every day, how have I identified you and how do I hold any information about you?

      You issue your GDPR request, what response should I give you? I have no information to do the lookup.

      Now if I capture your MAC address and at the same time interview you and get your name, age, sexual preference and store it all in my SnoopingDB, then I'd agree with your point but in this case that doesn't appear to be what's happening.

      Happy to be corrected.

      1. Anonymous Coward
        Anonymous Coward

        Re: GDPR to the rescue

        Hmm. Let's see. You probably have an Oyster card, and the incentive to hand over your details starts there because that's the only way you can cover its loss.

        So, you have an identity ping straight on entry. Collect a WiFi/Bluetooth hash at that point and you're in business. You clock a user in, you track his/her every movement in the station and you clock them out at the other end. As a side effect of making mobile phones on the Underground you also have some picocells around. They will clock phone data, even if the phone is of a different network (they won't be able to log on, but there's still first an ident processed).

        Your best but is to consider flight mode before you even go near the entrance. Oh, and don't use an NFC enabled credit card unless you really want to give them this data on a platter before you have even set foot in the station.

        I don't quite know how personal you want to get, but you really should keep in mind that there are multiple data sources at work concurrently, and that's exactly why governments are so dead keen on Big Data: it becomes harder and harder to avoid surveillance.

        Unless, of course, you have a high end government position...

        1. Anonymous Coward
          Anonymous Coward

          Re: GDPR to the rescue

          They already had big data 8 years ago.. and knew way more than that. I know it firsthand, hence the Anon.

  9. JanCeuleers

    What about MAC address randomisation of the kind first introduced by Apple but that has now also been implemented in wpa_supplicant?

    1. phuzz Silver badge

      Unless the MAC is changing halfway through a journey, they'll probably still be able to get the data they're after.

      If they know that (for example) between 08:35 and 08:40 at Liverpool St. a lot of people who've travelled in from affluent neighbourhoods are passing between the Circle line and the Hammersmith and City, they can sell premium advertising at that time, on that junction.

  10. Detective Emil
    Black Helicopters

    Determine routes of users of old Android versions

    Isn't the Wi-Fi probe MAC address randomization introduced in iOS 8 supposed to defeat this kind of caper? (It got off to a shaky and ineffectual start, but reportedly was much improved in iOS 9.) Android got around to introducing the same feature earlier this year. So TfL is likely to be tracking only users of old Android versions. They'll just have to hope that these punters take the same routes as those with pricier phones, who are probably the people that interest advertisers most.

    1. kryptylomese

      Re: Determine routes of users of old Android versions

      You are correct!

    2. Dan 55 Silver badge

      Re: Determine routes of users of old Android versions

      But for previous versions of Android, unless you go to Settings > Google > Location, change to device only, choose Menu > Scanning and turn off WiFi Scanning, you'll probably leak your WiFi MAC address anyway.

      These settings seem to move around with each version. Wonder why.

  11. Anonymous Coward
    Anonymous Coward


    And if they don't have WiFi enabled, what then?

    1. Anonymous Coward
      Anonymous Coward

      Re: No

      "if they don't have WiFi enabled"

      Ikea do this (or at least say that may do this) sort of tracking as their privacy policy advises that if you do not want them tracking your wifi or bluetooth address then you should turn off wireless connections when "in or near Ikea stores".


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020