Watch your back — and your coffee mug. Innocent-seeming objects are tracking us everywhere
So-called smart items like coffee mugs that keep your brew at the perfect temperature or voice assistants that can play your favorite song on demand, are marketed as innovations in the name of convenience. But they are almost always collecting — and monetizing — a whole lot of information about you. In more cases than we’d like to think about, this can leave people vulnerable to security breaches and other kinds of exposure.
At Coda, we’ve covered stories of law enforcement and other state agencies using surveillance technology that leaves people and their data vulnerable. Here are some examples of seemingly innocuous monitoring tools and techniques that can nevertheless put people’s privacy at risk, along with one example of how nature can fight back — and win.
1. Bluetooth headphones: Plenty of people use these — we see them everywhere. But convenient as they are, they also have a tendency to expose our data. A few months ago, I spoke with Bjorn Martin Hegnes, an IT researcher at Norof University in Oslo, Norway. He built a kit for detecting Bluetooth signals and took a long bicycle ride around Oslo. Over the course of 12 days, he tapped into roughly 1.7 million Bluetooth signals and collected corresponding metadata from 129 headsets belonging to people in close proximity to him as he rode along.
With this data in hand, he was able to identify the locations of headset owners, their everyday routes and sometimes even their names, since people often name their devices after themselves. He concluded that devices using static, non-changing MAC addresses — a type of device address that never changes — were easily detectable.
“I showed in my project that when you have enough data points, you can find where the person goes to school, where he lives. You can get a lot of information from a person that has a static MAC address on their device,” he told me.
2. Smart coffee mugs and other household ‘things’: Everyday objects and electronic devices that are connected to the internet, part of the so-called “Internet of Things,” have become increasingly popular. But how smart are they really? Devices like smart fridges or connected coffee mugs don’t have the same security mechanisms as our computers or phones do, leaving users vulnerable to security breaches like hacking. While it’s hard to imagine what harms could come from a fridge hack, this kind of maneuver can lead to scarier outcomes than you might think.
“Someone who finds a vulnerability in your refrigerator and then uses it to get onto your network, they’re not trying to spoil your food by changing the temperature in your refrigerator,” said security expert Window Snyder, who spoke on “How to fix the Internet,” a podcast hosted by the Electronic Frontier Foundation. “They’re using your refrigerator as a launch point to see if there are any other interesting devices on your network.” At that point, devices that do contain sensitive data about you are suddenly more vulnerable to compromise.
3. Exercise apps: Strava, a popular GPS-powered app that maps your workout, also has a social network feature where people can follow each other, upload and share their exercises and leave “kudos” after a successful run. In 2017, when Strava released so-called “heat maps” that showed the activities of every single user who had ever uploaded their GPS points, military analysts were quick to express concern. The published map included workout routes of US military personnel, making it easy to identify military bases abroad.
“Strava’s default settings mean your data is automatically broadcast to other users. Fail to hide yourself on FlyBys (which allows users to see other athletes’ full names, times and pictures) … or forget to activate Privacy Zones (which block out areas where workouts frequently begin and end) and you’re essentially slapping a big ‘come find me’ sticker on yourself, 24/7,” Katie O’Malley wrote for Elle in 2020, in a confessional essay on becoming a “Strava stalker” during Covid lockdown.
4. Fake pill bottles: In 2013, New York City police tried to crack down on pharmacy robberies of prescription painkillers by attaching tracking devices to several pill bottles. They filled the bottles with placebo pills, labeled them with the names of popular opioids like OxyContin and then stocked them on pharmacy shelves. The idea was that if a person tried to steal a bottle, police would be able to track and identify the thief in short order. In at least a few cases, the scheme actually worked.
5. Australian magpies: We end with a story of nature outsmarting GPS trackers. Earlier this year, behavioral ecologist Dominique Potvin and her team of researchers at the University of the Sunshine Coast in Australia attached tiny tracking devices to the several Australian magpies (a common local bird), to monitor their flight patterns and other behavior. But the birds refused to comply. They started pecking at each others’ tracking devices, and ultimately succeeded at removing all of them. The researchers debated whether the magpies were trying to help one another break free of the restrictive technology, or if they were simply interested in the shiny objects. Ultimately, Potvin’s team decided the magpies were too smart to be tracked by GPS. They will not be using it on the birds again.
The story you just read is a small piece of a complex and an ever-changing storyline that Coda covers relentlessly and with singular focus. But we can’t do it without your help. Show your support for journalism that stays on the story by becoming a member today. Coda Story is a 501(c)3 U.S. non-profit. Your contribution to Coda Story is tax deductible.