The London Underground thinks it can sell travelers' attention and wifi data for £322m

Originally published at:

It is now in consultation about tracking passengers on a permanent basis. The only way to opt out of the scheme would be to turn your Wi-Fi or phone off.

Or make sure that the MAC your phone uses when pinging hotspots is properly randomized.

(Or swipe someone else’s MAC when you are solemnly up to no good.)


Yet another timely reminder that if someone is providing you with an Internet service at no charge, you are the product.


Just connecting two series of tubes. Nothing to see here.


I wonder what would happen to their collection system if there were many people carrying “chaff boxes” that continually pinged with random MAC addresses? (A Pi ZeroW with a battery could do the job.)

Alternately, rather than random MACs, listen for phones checking for APs and add those MACs to a list, then use that list to spoof AP checks. As soon as the phone and chaff box parted ways, the tube tracking system would see the phone in multiple locations, rendering their data fuzzy.

I mean, if people actively connect to the tube wifi, then game over, but people just traveling with wifi on shouldn’t be tracked.

1 Like

There are about 5 millions commuters using the London underground regularly, which means the average price of that data per user is about 60£.

As the buyers presumably wants to make a profit, someone thinks that he or she can sell 60£ worth of extra goods to each user (or 60 items each costing 1£ more than average retail, etc…). For example, they know that Mr Jones travels each day from station A to station B to go to work and then back in the evening… that will make him spend 60£ more on stuff.

Quite frankly, I am at loss as to how this can work. What could Mr Jones possibly buy extra on the basis of that data? It is a serious question, I really wonder how the advertising industry really finances itself.


Indeed, that looks like another incarnation of the ad-tech bubble, a term which I first encountered in a talk by Maciej Cegłowski:

(You need to scroll down until you see a silhouette of a kangaroo.)


Fascinating page and I am not only talking about the kangaroo section. Thank you.


If I recall correctly that is also the yearly price the average user earns in advertising revenue with all his “free” accounts at Facebook, Hotmail, Google, etc.

I remember thinking I would be willing to fork this amount of money over if that meant not having my privacy invaded so thoroughly.

If that really is the case, either the price has gone up since I read this (2 - 4 years ago?) or they are massively over valued.

This article gave average revenue per user for google facebook and twitter in 2014. Google earned $45 per quarter year, which is $180 per year. The others earned 6 times less, which is still about $30 per year:

That other article gave an average revenue per user per quarter for Facebook of 9$ in 2015, which is somewhat similar to the other one, but also specifies that the figures are only for the USA. Europe earnings are a third of that.

London being in Europe, one would understand that google earned about 70$ per user, Facebook and Twitter each about 12$, so more than your figure of 60$ and that was in 2014. Basically, the London underground data is about as valuable as google’s, expensive but that only selects londoners of course and therefore not the poorest parts of the UK.

The more I read about it, the more I wonder what I have been overcharged 100$ for last year.

1 Like

As a bonus, when two chaff boxes meet, they would tend to exchange lists of MAC addresses through each other’s spoofs, causing spreading false location reporting.

1 Like

Nice, accurate data! Maybe it is a realistic number then and not that over valued.

Still a low price for losing our collective privacy :frowning:

That sounds like a nice way to throw sand in the works! Could this be implemented as a (Android) app? I think carrying a extra device will not make this scalable enough that it will actually obfuscate it enough that the data will become less valuable.

1 Like

Yes, indeed, but what should also worry us are the consequences of losing our privacy. Somebody is paying that much money to know where one commutes every day. They certainly expect to recoup their investment. How? I really would like to know.

1 Like

Yes, an app would be be a much cleaner way of doing it in the long run than special hardware.

I haven’t been down that way on Android yet, so I’m not sure. The wifi hardware would have to support monitor mode to listen for the AP polling packets to grab the MACs. Then you’d need to be able to generate your own AP polling packets with a spoofed MAC. That should be do-able without rooting the phone.

I’ll make some notes and think about it. I’m sure that not just the London Underground has dancing pound signs in their eyes over monetized surveillance.

Prediction: The app would be a battery-killer.


This topic was automatically closed after 5 days. New replies are no longer allowed.