I created an account while in the store with an email of fuckyou@thisisstupid.com and a basic password and surprisingly didn't have to verify the email. Then turned on a VPN to my house.
I plan on just creating a new account every time I go in just to fill up their database with nonsense.
GIGO (Garbage in, garbage out) is the correct way to deal with the surveillance system.
This makes me feel a lot better about ChatGPT garbage corrupting Google search results.
Fun fact: Android developer options has a Disabled Persistent Mac address randomization toggle. Or at least Pixel phones do
Cool, is samwaltoncaneatabagofdicks@inhell.com still available?
It is not. You need to add a number at the end.
You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.
The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there's a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.
Bogus email only helps for spam but doesn't do anything about tracking.
EDIT: For Android when there's a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.
Pretty much all modern phones randomize the MAC address everytime they connect to a network unless the user explicitly says not to do that.
randomize the MAC address everytime they connect to a network
+1, had issues using Android devices for presence detection because of this very useful privacy feature. Even on your home network, the MAC address and device hostname get randomized, unless disabled in the settings
Edit: typo
When there's a Captive Portal like the screenshot, many devices use a random but persistent mac for that network avoid reauthorization after any network drop. This will make your access to the specific network trackable.
But can't you go manually forget the network in your device network options to circumvent this?
GrapheneOS let's me do a per-connection randomized MAC.
I'm sure they do collect a lot more about my device, but there's not much I can do about it short of wrapping my phone in tin foil.
This is the way. Fuck them.
Don't forget to spoof your MAC address so they cant see who is making the fake accounts ;D
That's done automatically on mobile devices
Not Walmart, not wifi but my default is <randomstring>@gfy.com
Should've clicked to have it reevaluated.
NB4 VPN
I think the point of this post is all the stuff below the email field. Yikes.
That data isn't nothing, either. Over ten years ago, Target was able to use shoppers habits to determine when women were pregnant, sometimes even before the women knew.
https://www.nytimes.com/2012/02/19/magazine/shopping-habits.html
Imagine how much more robust this has gotten 10 years later.
Exactly, a damn good reason to avoid the Wi-Fi in stores altogether. So many wifi access points are super weak in security and super sketchy.
I try sticking to my home where I can manage it like a nervous hawk.
Now they can tell when women are pregnant before they even have sex.
Would using a VPN remedy this?
Not really. With https luckily being the default, at most they could get the sites you were going to (I don't think dnss is dead, but it's been very slow to grow unfortunately).
They could probably see if you're checking Amazon or Google, but wouldn't be able to see what you're looking at exactly. Theoretically they could use cameras and or triangulation to see what you're in front of when you use the Internet, but a VPN would still show traffic so they'd know you're looking up something.
The big thing this would do is act like a loyalty card… They give you some amount of benefit in exchange for tracking your purchases in ever higher detail. Mostly it's just like that, except they'd also be able to see how long you are in the store, and ideally they can link it to your purchases so they can infer more about it
FWIW, I wouldn't only consider giving them a disposable email
Bub, they always did this.
They just tell you that they're doing it now.
I was responding to all the people who said "just use a fake email," bub…
In the EU they already had a complaint, because it violates GDPR, but in any case I would never use a public WiFi without a VPN, and even less in places with these conditions, there is also free WiFi in some Rstaurants (even in most McDonalds), public Libraries and others. Fuck surveillance advertising
There's just no reason to unless you are really skimping on phone data. Random wifi hotspots are one of the most dangerous things for an average joe in terms of infosec.
Agreed. My iPhone connects to my home VPN via Wireguard as soon as I leave my home WiFi. Has the added benefit of pihole ad filtering everywhere.
Have you experienced any downsides to using pi hole? Does anything stop working?
I used to before but my family was extremely bothered that they couldn't click on ad links. If I remember correctly, it's pretty easy to set up if you want to just try it.
Obviously the first ad links in google don’t work any more, which drives the wife crazy ;-) Also nowadays more and more websites complain about me using an adblocker.
But technically, not really any problems at all.
In the 6 years I've ran mine, I've not had any issues and I run a blocklist with over 1 million domains on it.
If I was to run into something that's blocked that I do want loaded, I can just open the pihole interface and either whitelist the blocked domain or disable blocking for a short time, each with just a couple clicks.
Wireguard and PiHole combo is such a blessing.
So the first thing you give any sketchy WiFi is your home address?
Yup. What are they gonna do that every other portscanning bad actor isn’t doing 24/7 already?
Also, how would they distinguish between my private VPN and that of a commercial provider?
Went to a Walmart the other day and my phone automatically connected to a wifi that was apparently hosted by my cell carrier. Immediately turned on my VPN because wtf. I disconnected at first then realized I didn't have any service at all which was probably why it existed. Thankfully didn't need to log in but that's why I have Firefox relay.
They seem to explain pretty well how your data will be used, why would this violate GDPR?
No way to opt out?
I might be wrong but i think it is because they don't give you the option to opt out and use the wifi.
Should they? I would simply not connect to their Wi-Fi and move on, it's not like they are obligated to provide you internet.
I was about to say… Isn't using public wifi's extremely dangerous?
Yes, because of this using an public WiFi without VPN is a no-go
I have seen it on Europe… maybe there was some way to circumvent it hidden away, not sure. But you could type a random email and that's it, like they don't send anything to confirm the email or anything once you submit you have access to internet.
Better to send a disposable mail, where yo can receive the log data before it expired.
eg
- https://maildrop.cc
- https://altmails.com
- https://www.disposablemail.com
- https://www.lazyinbox.com/#/
- https://www.guerrillamail.com
etc
anonbox from ccc
Right, and this Walmart in Europe would be where exactly?
https://storelocator.asda.com/directory
Asda is Walmart
That's England so no gdpr anyway
UK gdpr not withstanding, the question asked was: where in Europe. UK remains a part of Europe post brexit.
The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. It's ok to not know this stuff but it only takes like 10 seconds to google before you comment about something you don't know.
AFAIK it does not exist in Europe, but I meant that these conditions in the EU would not be tolerated. Maybe because of this there isn't a Walmart in the EU, there are a lot of Malls from other companies and none of these use this practices in their restaurants, mostly with free WiFi for their visitors. Offering free WiFi is already enough of a benefit for them, because it attracts customers, they do not need to intrude on their privacy with an obvious attempt to spam them and make money with their data.
At least they're telling you. There's also a lot of hidden surveillance in stores - they've done it with Bluetooth and cameras for some time. Things like monitoring how long you look at products and evaluating your reactions to displays.
That's why I always introduce a good bit of entropy to my shopping patterns:
-Enter and go straight to produce
-Spend 20 minutes examining eggplants
-Walk up and down 5 aisles pausing exactly the square of the aisle number in seconds.
-Grab a box of tampons
-Grab what I need as quickly as possible
-Return tampons
-Checkout and leaveSomewhere a marketing team is spending hours trying to figure out how to improve the conversion rates for tampons and eggplants for customers in my demo.
This is even more hilarious if you read it in Dale Gribble's (from King of the Hill) voice
Then throw some pocketsand at the end
Shaaahhhhhh
Don't forget to flick and knock on various fruits and vegetables. Randomize how many flicks/knocks per item, and throw in a few on produce items that normally don't get that kind of test e.g. grapes or potatoes.
Wait, there are fruits/veggies that get this kind of treatment by typical customers? Please list a few.
Melons and squashes (inc. pumpkins).
I believe the idea is to allow you to roughly evaluate the density of the produce, to avoid e.g. mushy grainy watermelon or weird squashes that don’t have their expected hollowness.
isn't that why Kramer was bowling watermelons down the aisle (dating myself a bit here)
Don't forget to be visibly revolted by any ads you happen to glance at
At least they're telling you.
Now there telling you. They just didn't ask for consent before.
That's what I mean.
More like "we were doing this before, but now we have to tell you we are doing it".
Not sure about this Walmart case but most you can write any email like random letters a@gmail.com or not even the Gmail part as long as it's a valid looking mail and then works like you don't even have to confirm the email or anything.
my goto is go.fuckyourself@leavemealone.net
I like steve@yahoo.com
If he was lucky or early enough to get a single name email then I'm sure they can handle some spam emails or get an email full of numbers like the rest of us
this is incorrect for the walmart case, next step is the password for the account, so you need to login or create a Walmart account for access
Oh yeah I see I mis read the prompt, I thought it was going with a enter you mail as alternative to using an account.
For the email, you can use an email alias service like Addy or SimpleLogin. They're both open-source and offer free tiers. I never give out my real email to anyone now except actual contacts.
After that, I think a VPN would probably still work to disguise what you're doing from Walmart, but I'm not a 100% certain on that so I won't link any.
But yeah, definitely use email alias wherever you can.
Do you do that with utility companies and bills?
I do.
I use SimpleLogin and ProtonMail.
Some sites have I’ll actually know you’re using SimpleLogin though and just say no, but they’re few and far between.
You could also use your own domain if you have one or buy a cheap one.
Then you can create as many as you like and just kill them as and when you need.
SimpleLogin has plugins for all browsers and phones so it’s not too difficult to create new addresses.
I do it with everything. The only people who have my real email address are my family. Everything else is a masked email. It's especially nice because if I start getting spam on one email I can immediately tell which site sold my info and I never use that site again.
I do and it works great! I mostly did this to limit the blast radius of breaches, but aliases also provide an easy way to send those kinds of things to both me and my spouse.
Expecting privacy on someone else's network is absurd.
Why are all you mother fuckers shopping at Walmart. They are a welfare corporation offloading their costs to tax payers because despite making tons of money they pay shit and skirt employee benefits laws by keeping worker hours low and give new employees info on how to get financial aid such as food stamps.
This is the most privileged thing you could say.
"Hey, why isn't everyone eating sustainably sourced GMO-free, organic, locally-grown food all the time?"
Spoiler alert: it costs more
Yeah, this is the thing. Does literally anyone want to go to Walmart? No. Is it the place I can afford? Increasingly, still no. Not sure I can even afford to walk past whatever the good version of a Whole Foods is today, though.
Dollar tree is looking expensive these days
At least dollar tree is significantly easier to shoplift from.
Haha exactly. People shop at Walmart because they work at target and don't make enough money to shop at Whole Foods.
Cause WinCo doesn't always have what I need, but most importantly:
I'm poor.
A lot of people in rural areas find themselves in situations like being 10 minutes from a walmart and an hour from any other option. So then anything besides walmart costs gas and time, on top of the product cost difference to begin with.
Nobody wants to drive extra after 8 hours of shitty minimum wage work and/or taking care of children.
Not like other grocery stores are any good for workers, either.
Because all of the other retailers do the same shit only with higher prices. Here in Canada they don't pay their employees any less than the competition, yet their prices are 30-40% cheaper on average.
That extra 40% doesn't result in better working conditions for the employees, it goes directly to the shareholders and bonuses for the C-suite.
I respect the hell out of Walmart because they actually keep their price increases tied to inflation and aren't out there trying to sell a loaf of poverty white bread for $5 or a pack of 4 chicken breasts for $37.
I got some insight from a friend who works at a major supplier for these retail stores in Canada. He said how they manage prices is that when they anticipate a rise in cost they'll jack the price all the way to a future projected target instead of following the current inflationary rate so that they won't need to constantly quote their customers different prices. They don't care because they know it will get passed downstream.
I needed a job, alright. I usually shop at hannaford although it's expensive. I wanna farm someday.
I always give some bs emails in those authentication forms. Mainly because as a client who tries to connect, I do not have internet access, so I cannot verify my email before they give me the access. And when they gave me access, there is no power in the world to make me do that 🤷
I used to spoof my MAC to connect to Xfinity Wifi hot spots. I would give them emails like "eet4dickComcrap@gmail.com"
I found a script for bypassing captive portals on Linux back in the day…
The full functionality of how it works escapes me at the moment, but essentially it searches the network for a host that possibly already connected through the captive portal and spoofs their MAC address.
This isn't the one I originally found, but its the same principal and a Kali tool, so it may be considered more secure than the original bash script I copied back in the day:
I used to use an android app that shared log ins for public Wi-Fi even with a password to connwct. It was great as it automated the log in screen too, so was usually seamless.
Android automatically spoofs your MAC for every network and regularly changes it for each one too unless you explicitly disable that after connecting.
Makes static DHCP leases a PITA.
Yup.
unless you explicitly disable that after connecting.
You do realize they were almost certainly doing this before, right?
More of shock value of them announcing it and requiring an email now.
Damn now I have to put in my real email! noooooo I don't know how to avoid this only real emails work?
I've never had this happen before so I didn't know. I just thought it was interesting how they're requiring this now though.
It’s a good thing they don’t have high resolution cameras tracking everything you look at, or they might know what you were thinking about buying
It's a good thing I don't have any socials for them to trace me back to. And since I work there, I'm always looking at shit that will prolly throw them off.
Never trust an open network. Even if the company providing isn't doing anything shady, the easy at which MITM (man in the middle) attacked, can be performed means that many insecure (and some secure) networks can be spoofed with a small amount of know-how.
Always make sure your connecting to a safe, secure wifi network, in a place where you expect that network to exist at.
If your phone connects in a place you wouldn't expect it to connect, double check what it's connecting to, and if necessary, disable your wifi.
How would they do man in the middle attacks? Don't you need to trust their certificate first?
That mechanism only happens after you connect to it, you have to connect to the wifi in order to download the certificate to connect. And it doesn't apply to all open WI-FI. A someone can still spoof the wifi. The fun part is when they set up their own false "I agree to the usage" pop up page that just steals your data - standardised systems like this are easily spoofed, especially when it comes to open and insecure wifi. They could even send you a bogus certificate that routes all the traffic through their gateway, allowing them to spy on the secure connections.
They can track you even if you dont accept. Turn Wifi off. If you connect, use VPN home.
They can use your wifi signal as a beacon by triangulating the signal strength from at least 3 different points. Then they can figure out in which departments you spend the most time, how long you spend in store, heatmaps, which aisles you skip and generic info like what time you visit, which locations you also shop at.
A quick google for "Retail Wifi tracking" brings up mirame.net , where you can see some of the features.
I would suggest to set your phone to flight mode if you see a "free wifi" sign in your shopping mall.
I fucking hate technology, man. I want to go to the 1800's and give the luddites C4.
Blow up the power looms taking away our home weaving jobs!
fuck yeah
Your phone simply being in the store with Wi-Fi enabled makes you personally identifiable. A request for your email when they have your location, shopping habits, taste in electronics, estimated address, browsing habits, and your full appearance isn't shocking. That no one has pointed this out yet is a bit eye opening.
Mac address randomization has been enabled by default since Android 10. I would assume iPhone does something similar.
Oh, ok. Thanks for linking it! :)
iOS requires each network to individually be randomized, there’s no singular setting, unfortunately.
“If you are an angry man of 30, and it is Friday evening, it may offer you a bottle of whiskey,” said Ekaterina Savchenko, the company’s head of > marketing.
I feel personally attacked.
I've started using a faraday pouch for everything, from my phone to my car key fob. if you use a device with a masked MAC address in a privacy protecting OS, and don't auto connect to networks otherwise, perhaps it's better.
Buy RFID/NFC shields for all your tap cards in your wallet, these can be used to track your presence
yeah I just switched my wallet and that is why I never used that feature. I literally just found out maybe 3 days ago I have a tap card when the cashier told me. I was horrified. I feel like the time you save tapping as opposed to swiping or inserting isn't worth the security and privacy risks.
these engineers keep making new stuff that's kind of interesting at best but we don't even need that we end up being inconvenienced by. tap cards save .07 seconds but you end up having to protect your card from thieves and extreme tracking by retailers, and it's disgusting. it's time to go back to cash.
That was an interesting read. Didn't know stores were doing that.
