Silent Shout

Wi-fi is outdated and makes users vulnerable to data capture. Why do we still depend on it?

Is the data that flows across the internet liquid, like a stream? Or is it more like a superhighway, but with surfers? The hackneyed similes we use to make sense of our lives online obscure as much as they reveal. This is partly a problem of form. The invisible networks that govern our digital “traffic” — a cross of fiber-optics, copper cables, and electromagnetic frequencies — do not lend themselves easily to the imagination.

Most of us are familiar with the extent to which we are tracked while browsing the web and using our phones — or, for that matter, whenever we walk past cameras in any major city. But the promiscuous design of the wi-fi networks has escaped the attention of all but the savviest privacy hounds. Rather than connecting directly to another machine, wi-fi devices continuously emit signals that include personally identifiable information in every direction, with few protections on offer for security or encryption.

Unlike, say, the confessional architecture of Facebook’s platform, the leakiness of wi-fi is not by design; it’s more a function of neglect

These perpetual and indiscriminate emissions are great if you’ve just entered your home and you want to connect to your personal network without having to think about it. But they’re unfortunate when you’re commuting, since it means that you’re essentially leaving a digital fingerprint of your location history wherever you go with anybody who has the cheap hardware and basic skills to grab it.

Unlike, say, the confessional architecture of Facebook’s platform, the leakiness of wi-fi is not by design; it’s more a function of neglect. Wi-fi has aged extremely poorly. The protocol was established in 1997, when no one could have anticipated that about a third of the world’s population would one day be walking around with at least one, if not several, prosthetic wireless devices attached to their bodies. The number of internet-connected devices is expected to reach 75 billion by 2025. That makes for a staggering number of people vulnerable to what mostly seems to be an imperceptible problem.

Perhaps that’s why some artists and educators have been drawn to trying to represent it. Three years ago, Brannon Dorsey and Nick Briz set out to illustrate all the data that anyone — marketers, governments, malefactors — can learn to pick up from the wi-fi radio ether. In their installation, the artists visualize the wi-fi landscape as a kind of habitat: Butterflies (representing unique phones, laptops, tablets, and smart speakers) hover around flowers, which stand for a unique wi-fi networks. “We were thinking of this metaphor of butterfly collection as a nice entry point that could show people what we had already been doing, which was collecting data that was out in the open, flying freely around in downtown Chicago,” Dorsey told me.

They’re far from the only ones searching for metaphors to make sense of this privacy nightmare. At Astro Noise, Laura Poitras’s 2016 show at the Whitney Museum, the artist and journalist Surya Mattu built a stark display to list when the unencrypted transmissions of visitors to the exhibition were “last seen.” With the artist Kyle McDonald, he developed the cheeky “Wi-fi Whisperer,” a text-to-speech robot that talks about all the wi-fi activity it’s listening into in a low whisper. “Snoopi” is a wi-fi sniffing dog, equipped with a vest that allows him to gather the wi-fi traffic of anyone he might walk up to and sniff. As its creator Jiashan Wu has explained, the goal of the canine installation to make people aware that “seemingly simple and harmless, maybe even cute, things” may be collecting our data on open wi-fi networks.

The privacy flaws of wi-fi are nearly universal — and yet most of us like to think of ourselves as exempt from its violations. Even when we’re made aware of the problem, we have trouble understanding that it’s actually happening to us. By implicating nearly every viewer who walks past them, these works are a clever attempt to challenge our delusional attitudes about being the exceptions to the rule of mass surveillance. They make it obvious that it’s now possible to paint the portrait of anyone who carries a wi-fi-enabled device — and that the better the advertising firm or surveillance agency is, the more detailed those portraits will be.

When I met Briz and Dorsey in July, they were about to lead what they call their Wi-fi Data Safari workshop at New York’s largest annual hacker conference, Hackers on Planet Earth, or HOPE. The workshop, which invites participants to capture data across any given city, extends the metaphor of their butterfly collection installations, the latest version of which fluttered on a large projection screen behind us. Dorsey was holding a Dell computer augmented by a monitor that allowed him to populate the animated habitat with the signals broadcast from nearby wi-fi-enabled devices.

“Every device has a MAC address,” Briz explained. “It’s kind of like your social security number for that device. It’s a unique number, a unique fingerprint.” Anytime we have wi-fi on but are not connected to the internet, our devices emit this fingerprint to look for any networks that we have previously linked up to. They do this by basically shouting out all the names of networks they have already seen. These are called probe requests.

“Our phone is going around the city asking, ‘Are you ‘Home Wi-fi’? Are you ‘Home Wi-fi’?’ Your phone does that one network at a time but it always sends out its MAC address and the name of the network,” Briz continued. “So then it might be like, ‘Hey, it’s me. Here’s my MAC address again. Now I’m looking for ‘Work Wi-fi’, now that cafe I connected to once, now ‘Mom’s House’, and so on.’” The protocol is structured like a Greek tragedy, with recurrent choral interjections and a relentless quest for home.

Probe requests are convenient. Sent out every couple of minutes, they’re what allows our devices to automatically connect to our home networks without re-entering our passwords. But they’re also incredibly inefficient, spewing out personally identifiable information into the wi-fi ether for anyone to capture and use. Dorsey and Briz’s visualization reveals how much can be gleaned. Every time they clicked on one of the hundreds of butterflies in their installation, a pop-up window used the information generated by these probe requests to reveal what kind of device it was, where it had previously been based on its other networks, and even some of its unencrypted internet traffic. With a little more elementary sleuthing, they explained, it would not be difficult to use these probe requests to determine a person’s travel history (“Paris Airport Wi-fi”), social network (a map that revealed overlap between devices that shouted out similar networks), and frequent hangout spots (Starbucks on Fourth, Russian Baths).

It’s hard enough trying to rally people into pressuring or boycotting giant tech companies. It’s even harder to imagine an uprising against wi-fi

This demographic information can be incredibly valuable to advertisers. Where we’ve been —as indicated by wi-fi networks named after the hotels we’ve stayed in, the universities we affiliate with, the conferences we’ve attended, the office buildings we visit — says a lot about who we are and what we might like. It can also be valuable to someone with even more unpleasant motives. As the European Union Agency for Network and Information Security warns, simply by collecting probe requests, “extensive networks of human relations can be compiled using mass surveillance in points where many people pass through, such as train stations or airports. This relation data can be very useful for phishing, targeted attacks, or even blackmail.” Targeted attacks might include man-in-the-middle techniques to gain access to the user’s private data if they’re browsing on public wi-fi. Or stalking. It’s not hard to write a script that will alert someone when a certain MAC address is spotted in a given area.

Even an amateur technologist can use probe requests and the known signal strength of a network to estimate the location of devices within a few feet. At a mall this would allow a person to track someone else’s movements more precisely than with GPS. You can see where and when someone exits or leaves, what shops they visit, the paths they take to get there, if they go to the bathroom, and even — by measuring point-to-point travel time — whether they walked or drove to get there. Many retailers, including Nordstrom, have already piloted programs to track their shoppers in a similar fashion. Some companies even sell wi-fi and Bluetooth scanners that can be snugly fit to street lamps and traffic signals, purportedly to collect transportation data.

“Because of this project we actually got reached out to by a government agency, a particular office,” Briz said during their presentation. “And they were like, ‘We’ve been using probe addresses to see if there’s somebody new in the building, someone we don’t recognize.’”

“Basically person detection,” Dorsey said. “And the software they were using stopped working, so they asked if our art could work.” The artists declined.

During the workshop, Briz and Dorsey led participants out into the streets to collect the migration patterns of butterflies in the wild. To passersby, we would have looked like just another group of tourists looking down at our phones in Midtown, but we were using software to register all the devices shouting at us from the gift shops, bodegas, banks, and chain cafes that line Seventh Avenue. We could see that many phones, for instance, were connected to LinkNYC sidewalk kiosks, first installed in 2015 to blanket the city with free wi-fi.

In London, Dorsey explained, a marketing agency had installed wi-fi tracking cards like the one he put into his computer in “smart” trashcans to track people’s movement throughout the city. When privacy advocates cried foul, the company argued that device IDs aren’t technically associated with people’s names, since they are simply random strings of numbers.

Yet all it would take to link a device ID (known as a MAC address) to a particular person’s identity, Dorsey pointed out, was to know that the person in question had been in several of the locations where that MAC address had popped up. Once a MAC address has been associated with a person’s name, any intelligence agency or advertiser can use it to track a person anywhere. (“I can cross-reference logs from many places and track you in any places that I can listen — and you will never know,” explains one blogger. “I can drive past your house, listen for any probe requests and log those. If I see your MAC address anywhere else, I know exactly where you live — as well as the data about what you do while in my buildings.”) Researchers have shown that where we move is so unique that it’s possible to identify 95 percent of individuals in a population of 1.5 million people with only four spatio-temporal points. As Mattu has emphasized, “Anonymous data is a myth.”

After an afternoon of butterfly collecting, it’s difficult not to conclude that the way wi-fi functions precludes privacy as it is traditionally conceived. The Supreme Court’s recent decision in Carpenter v. United States, for instance, was hailed as a win for civil liberties for stipulating that police obtain a warrant before obtaining someone’s cell-site records to track their location. That victory is severely diminished, however, when considered alongside all the information our phones already freely give up through the wi-fi ether.

Dorsey and Briz like to think of their workshop as an exercise in consciousness raising. “People just aren’t aware of how the technology works, so no one thinks to demand a better way of connecting,” Briz told me. Probe requests are in many ways emblematic of the broader compromise that underwrites digital life: namely, the endless forfeiture of privacy for a little bit of convenience. It’s not that Apple and Google, not to mention the modem makers and cable companies, need to keep this security vulnerability in place. Yet absent public pressure, there are few incentives to put in the effort to configure our networks otherwise.

But what would public pressure look like? It’s hard enough trying to rally people into boycotting giant tech companies. It’s even harder to imagine an uprising against wi-fi, which isn’t governed by a single profit-seeking company but by a set of protocols. Some tracking companies offer a way for users to opt-out of their capture systems — either through a formal process or through a notice that tells them not to enter the store if they don’t want to be tracked. But probe requests know no walls. Passerby are bound to get swept up into these systems. What’s more, it’s not possible to opt-out of necessary infrastructure. If privacy, as it’s often defined, is the ability to control the personal information we share with others, then the current set-up of wi-fi precludes this choice.

It’s clear that simply securing our own home networks is not a full solution. This has led to some experts to call for wi-fi to be redesigned by the principle of “privacy by design” — that is, a system where privacy is considered as a primary feature rather than as an afterthought. Among the most popular proposals is MAC address randomization, which, as it sounds, involves the frequent generation of new and random identifiers for a device. Device vendors have been working on this idea, but as the wi-fi expert Célestin Matte argues in a thesis on wi-fi tracking, current implementations of randomization are still subject to several security shortcomings. “Our results show that there still is a long way to go before MAC address randomization is correctly implemented in consumer devices,” he writes.

In the meantime, artists and technologists have devised tools to generate “privacy by obfuscation.” These include fake probe requests that would add noise into the ether. The artist David Rueter has created Shenanigans to add “information entropy” into the probe-request ecosystem—in part, by deploying a community-powered network of small battery-powered wireless routers that scatter a given MAC address to multiple locations around the world.

“We should be able to make privacy convenient rather than making it inconvenient, which has been the norm,” Briz said at the workshop. “So that’s kind of the long-term goal.” In the meantime, the short-term goal is simple: encouraging people to turn off their wi-fi when they’re not connected to a known network. At the workshop I dutifully took my device off of the conference’s open network. For a few more weeks, I remembered to switch my wi-fi off whenever I left the house. Then, like nearly everybody else, I forgot.

Ava Kofman is a journalist based in Brooklyn. Her reporting on technology has appeared in the Atlantic, the Intercept, the New Republic, and elsewhere.