For this paper, you will be writing a summary and synthesis of 3 articles all focused on internet privacy.  A summary and synthesis is about relating the main idea of a text in a shortened form and then offering an overall picture of the situation.

The paper must include:

• An introduction that…

  Presents a summary statement explaining one or two issues facing internet privacy; what’s the problem?
  Gives some information explaining how big the issue is
  Offers an answer to the question, “so what?” or why should the issue matter to people?
  Provides a statement preparing reader for synthesis

• A synthesis/analysis

  Brings all of the information together and presents readers with a clear picture of an issue all articles discuss
  Provides inferences and conclusions about the issue in the articles so that readers have an idea about solutions, effects, and the future of the issue
  Uses evidence from the articles to reinforce the importance of the issue you have chosen to focus on

• A conclusion that restates the thesis and offers something new for the reader based on your understanding of the topic

Guidelines:

The paper should be formatted as follows:

• Include name, class, and assignment in upper left-hand corner
• Include a title centered at the top of the page
• Times New Roman font
• 12 point font
• Double spaced
• 1 inch margins
• 1.5 – 2 pages

A1  

On internet privacy, be very afraid

 

D O E

S

F A C E B O O K

K N O W T O O M U C H ?
dcebook, Google, an d o ther tech com panies a re track ing you
every move. Should Congress step in to protect your privacy?

BY JOE BUBAR

henever Phoebe
Companion-Racicot,
15, downloads an app
on her phone and sees
the option to log in

with Facebook, she does it. After all,
it’s easier than creating a whole new
account for the app. But it does make
Phoebe a little suspicious.

“It worries me that someone is
getting a hold of my information and I
don’t know what they are doing with
it,” says the llth-grader at Colchester
High School in Vermont.

She’s not alone. Earlier this year, it
was revealed that the detailed personal
information of up to 87 million Facebook
users wound up in the hands of a

voter-profiling firm called Cambridge
Analytica. The company obtained the
data when users logged into a quiz £
app with their Facebook accounts.
The information—including location s
data, private messages, and lists of |
every Facebook page users had ever 1
liked—was later used to build profiles £
of potential voters for Donald Trump’s i

14 eljcjS ‘cUtllorkSuites u p f r o n t ■4 Watch a video about Facebook at UPFRONTMAGAZINE.COM

P
A

IS
IT

T
E

E
R

A
P

H
A

T
S

A
K

O
O

L/
S

H
U

T
T

E
R

S
T

O
C

K
.C

O
M

2016 presidential campaign.
The revelation that so much

private Facebook data had been
harvested without users’ knowledge
or consent sparked outrage and led
many to question whether big tech
companies know too much about us.
Some lawmakers are now calling for
regulations that would require companies
to be more transparent about how much
of our data they’re collecting, who that
information could be shared with, and
for what purposes it could be used.

“Facebook can learn almost anything
about you by using artificial intelligence
to analyze your behavior,” says Peter
Eckersley, the chief computer scientist
for the Electronic Frontier Foundation,
a digital rights group. “That knowledge
turns out to be perfect both for
advertising and propaganda.”

‘Data Crunchers’

Practically everything you do online can
be tracked, and much of it is. Facebook,
as well as Instagram, which Facebook
acquired in 2012, monitors users’ every
action on the sites: everything they like
and post, their conversations, locations,
and much more (see “What Facebook
Knows About Me,” p. 17). In fact,
the company is so adept at gathering
users’ information that it can pinpoint
when they’re feeling “stressed,”
“overwhelmed,” “anxious,” and like
“a failure.”

Google, with its range of products
including Gmail, Maps, Chrome,
YouTube, and the Android operating
system, is able to gather even more
user information on people—everything
from your entire search history on
the web and where you live to the
destination of your last vacation. Google
Home, the smart speaker and voice
assistant, has recordings of everything
you’ve ever said to it, including all the
times you’ve asked it to turn on or off
your lights and how many times you’ve
asked to listen to Rihanna’s newest
track (as does Amazon’s Alexa).

Collecting this data is a big part
of how Google, Facebook, and other

Social MediaBY THE NUMBERS
2.2 billion

NUMBER of monthly
active Facebook users

SOURCE: STATISTA

79%
PERCENTAGE of teens

who use Snapchat—the most
popular social media site among

young people
SOURCE: STATISTA

95 million
NUMBER of photos and
videos shared per day,

on average, on Instagram
SOURCE: INSTAGRAM

200
NUMBER of apps suspended

by Facebook in May for
possible data “misuse”

SOURCE: REUTERS

big tech companies make money.
Though Facebook and Google don’t sell
your data, they do sell access to you.
Companies pay Facebook and Google
to place ads on those sites, using the
data that’s been gathered to target
consumers who may be interested in
their products. For example, a company
that sells athletic gear may post an ad
on Facebook that gets shown to people
whose interests include sports. Last
year, Facebook generated $40 billion
in online ad revenue—second only to
Google’s $95 billion.

Countless more companies use web
cookies and other trackers that load
in people’s web browsers to collect
information about their browsing
activities. That’s why you might see
an advertisement show up on websites
for the exact product you had just been
searching for online.

“It’s not just companies like Facebook
and Google,” says Jamie Winterton, a
cybersecurity expert at Arizona State
University. “There’s a whole other slew
of trackers and data crunchers that also
sit in the back of the room, so to speak,
and watch everything that’s going on

S E P T E M B E R 3 , 2 0 1 8 15

and build these data profiles
not only of individuals but of
populations of people.”

Facebook, for its part, notes
that when users sign up for an
account, they must agree to the
company’s data policy. Still,
many of Facebook’s 2.2 billion
users have no idea how much
data it and other companies
collect about them and how
these companies use or share
that data. Media watchdog
groups say the information is
typically buried in the terms
and conditions, which people
often accept without reading.

S e n a to rs W e ig h In

In April, Senators Amy Klobuchar, a
Democrat from Minnesota, and John
Kennedy, a Republican from Louisiana,
introduced a bill that would help address
this issue. It would require websites to
provide users a copy of the data that’s
being collected on them, as well as a list
of who has had access to their data.

Two other senators, Richard
Blumenthal of Connecticut and
Edward Markey of Massachusetts,
both Democrats, introduced a separate
bill that would force companies to get
consent to share or sell personal data.

In Europe, strict regulations already
went into effect in May. The European
Union passed new laws that require
companies to explain in simple
language how they plan to use and

share people’s personal information.
And tech companies must ask for users’
consent for their data.

While some U.S. lawmakers have
cautioned against moving too quickly to
adopt regulations before understanding
how they would affect American tech
companies, many privacy experts say
such regulations are necessary to keep
internet users’ privacy secure. They
argue that the Cambridge Analytica
scandal makes it clear that if people’s
data ends up in certain hands, it could
be used not just for targeting ads but
also for more questionable purposes,
such as trying to sway an election.

“The Cambridge Analytica story is
an example of why it can matter,” says
Jay Stanley, a senior policy analyst at
the American Civil Liberties Union.

“This data can be used to manipulate
us, it can be used in a discriminatory
fashion, it can be abused if it’s very
personal information.”

Of course, political campaigns,
government agencies such as the
Census Bureau, and advertisers
have always tried to gather data on
people. But the information they were
previously able to collect was in broad
statistical categories—things like
age, sex, and race. Using Facebook,
Cambridge Analytica was able to gain a
far deeper understanding of individuals
through what’s called psychographic
data, which includes interests, hobbies,
and even people’s opinions. And experts
say companies will only get better at
analyzing all of this data in the future.

“There’s no question that political

TAKING CONTROL O F YOUR DATA
Here are some steps you can take to limit the data you share with companies

DENY ACCESS
When you install an app on your phone,

you ‘re asked to allow th a t app certa in
perm issions, such as access to your

photos or m icrophone. Som e of these
perm issions are necessary fo r an app

to function . For exam ple, S napchat

w ouldn’t be useful w ith o u t access to
your cam era. But som e apps ask for

perm issions th ey don’t really need.

OPT OUT
You can see w hich apps have access

to your Facebook d ata by going to th e
“apps” option in yo u r “setting s.” You

can cut off apps fro m gaining your

d ata by tapp ing th e “X ” butto n next
to th e app. You can also contro l which

apps have access to yo u r Google
account by going to th e “Apps w ith

access to your account” page.

CRUNCH COOKIES
T h ird -p a rty cookies allow com panies

to dig up d ata on in te rn e t users.
M ost in te rn e t browsers allow you to

d e le te o r lim it cookies. Search under

“Tools” or “S e ttin g s ” fo r a “P riv acy ”
ca teg ory . B locking all cookies

m ay m ake it d ifficu lt to use som e
w ebsites , so look fo r a se ttin g th a t

blocks th ird -p a rty cookies.

16 E I)cjN ‘rtttyorkSim cs u p f r o n t • u p f r o n t m a g a z i n e .com

M
IK

E
K

E
E

FE
/S

A
N

M
IG

U
EL

D
E

A
LL

E
N

D
E

,
M

E
XI

C
O

/C
AG

LE
C

AR
TO

O
N

S

EA SPORTS MADDEN
Games/Toys

J . . Ike a ‘ * *SPORTS

. . . 5a fUke
Taylor Swift
Mus/cian/Band
A Like * Follow

Washington Wizards
Sports Team

Like kt Fniu…

WHAT FACEBOOK
KNOWS ABOUT ME
An Upfront staffer downloaded the information that
Facebook has on him. The results were frightening.
BY GREG GOTTFRIED

If you want to find out
what Facebook knows about
you, the company has now
made it easy, providing a tool
on its site. But be forewarned:
It might creep you out, as
it did me when I recently
downloaded my data.

Starting when I created
my account on July 28,
2009, Facebook has been
keeping track of every one
of my likes, posts, photos,
and searches. It knows
what ads have appeared
on my page and whether
I’ve clicked on them. It
knows all of the contacts
on my phone—names and
numbers. It knows that I’m
a runner (because of my
connected app Runkeeper),
some of my television habits
(I liked Conan O’Brien’s
page), and some of my
favorite restaurants and
stores (I’ve clicked on an ad
for Chick-fil-A and searched

for Nike). That’s impressive,
but also terrifying.

It knows more intimate
details too. If I searched
for someone—perhaps a
crush, dozens of times too
many—Facebook has kept
count, and it knows whether
she ever searched for me.
Luckily, I never connected
my Location Services to the
app, so Facebook doesn’t
know my location every
second of every day. But it
does have a record of every
city I’ve ever logged in from.

By joining Facebook,
I know that every move
I make has the possibility
of being tracked. But
seeing everything laid out
in front of me is jarring,
to say the least. All of my
information—including the
unigue numerical code that
Facebook assigned to me,
which enables it to recognize
my face in photos—is right

Fortnite ©
Video Game

m Like m Follow

there for Big Brother. It feels
as though I gave up a good
chunk of my identity just to
view videos of puppies and
argue with family members
about politics.

To see what Facebook has
on you, go to the desktop
version of the site and click
“Settings” in the drop-down
menu on the right side of
the screen. Underneath
“General Account

Settings,” choose the link
to “Download a copy of
your Facebook data.” From
there, you just need to click
“Create File,” and after a
bit of downloading, you can
cringe at posts Facebook has
archived from your first day
on the site. Good luck—and
brace yourself.
(Greg, an intern at Upfront, is studying
for his master’s degree in journalism
at Columbia University.)

campaigns and a lot of other people
want to gather as much information as
they can and want to track us,” says
Stanley, “but now they increasingly
have the ability.”

‘A Right to Privacy’
All that tracking can provide benefits
to consumers. For example, it allows
Instagram to suggest memes and
videos users might be interested
in, based on photos they’ve liked.
It enables sites like Facebook and
Snapchat to be free to use, since

| they’re able to make money from
g ads. Plus, advertisers argue, wouldn’te>
s you prefer to see an ad for somethingo
fe you’re interested in rather than for a
r totally random product?
8 “The data that people give is

extremely helpful in order for you
to get more-relevant offers, deals,
opportunities that you potentially
want,” says Ben LeDonni, CEO of
the digital marketing agency Creative
Multimedia Solutions. But he adds

‘With power com es
great responsibility,
and data is power.’

that “with power comes great
responsibility, and data is power.”

In testimony before Congress in
April, Facebook CEO Mark Zuckerberg
said it’s “inevitable” that there will be
some regulations and agreed that the
company needs to “step up and do
more” to protect people’s information.
And Facebook has taken measures

to do this. It’s banning apps from
accessing personal information, like
a user’s religious or political views.
And it’s launching a new “privacy
dashboard” to give users more control
over their privacy settings.

Regardless of what steps companies
and lawmakers take to safeguard
information, experts say, everyone
should gain a better understanding
of how they can control their privacy
settings [see “Taking Control of Your
Data, ” facing page).

“People have a right to privacy,”
says Winterton, the cybersecurity
expert, “and people have a right to
decide what that means for them.” •

With reporting by Natasha Singer of The
New York Times.

S E P T E M B E R 3, Z 0 1 8 17

Copyright of New York Times Upfront is the property of Scholastic Inc. and its content may
not be copied or emailed to multiple sites or posted to a listserv without the copyright holder’s
express written permission. However, users may print, download, or email articles for
individual use.

96 PCWorld DECEMBER 2018

HOW ‘FREE’
WI-FI HOT
SPOTS CAN
TRACK YOUR
LOCATION
EVEN WHEN
YOU AREN’T
CONNECTED
Simple steps can protect your privacy and location data.
BY DIETER HOLGER ILLUSTR ATION BY DANIEL DOWNEY

FEATURE

DECEMBER 2018 PCWorld 97DECEMBER 2018 PCWorld 97

98 PCWorld DECEMBER 2018

H O W ‘ F R E E’ W I – F I H OT S P OT S C A N T R AC K YO U R LO C AT I O NFEATURE

That’s probably not a surprise to most
Wi-Fi hotspot users. But what might surprise
you is that some hotspot providers are taking
data collection a step further, and quietly
tracking millions of users’ whereabouts even
after they’ve left an establishment. These
hotspots are part of America’s burgeoning
location-based Wi-Fi marketing industry.

PCWorld spoke to privacy experts and
Wi-Fi location-analytics companies to learn
more about how this technology works, and
what you can do to avoid being tracked.

WI-FI LOCATION TRACKING
AND YOU
PCWorld reviewed the privacy policies (go.
pcworld.com/pvdc) of a dozen Wi-Fi hotspot
providers and found that they commonly ask
users to agree to location tracking when they
sign on. Some phrases that tip off this practice
are “location data,” “location history,” “your

B
efore you join the Wi-Fi hotspot at
your local cafe, you might want to
make sure it won’t follow your
footsteps—literally—after you leave.

Ostensibly “free” Wi-Fi hotspots are in
hundreds of thousands of businesses and
public spaces across the United States.
They’re in shopping malls. In airports. In chain
restaurants. In local cafes. As a result, it’s
easier than ever to get online. If your
notebook or phone lacks a reliable data
connection, you can still connect to a
hotspot. But this convenience often comes at
a price: your personal data and privacy.

When you use “free” Wi-Fi, there’s a good
chance it’s managed by a third-party
provider—which gets you online in exchange
for your valuable sign-on data. The sign-on
information that hotspots require will vary, but
often includes your email address, phone
number, social media profile, and other
personal information. All can
be used to target you with
advertising and gain insights on
your habits.

As Emory Roane, policy
counsel at Privacy Rights
Clearinghouse (go.pcworld.
com/pvrt), told PCWorld:
“Read through the Wi-Fi Terms
of Use for any of these
businesses and you’ll almost
certainly realize that there’s still
no such thing as a free lunch.”

Euclid tells businesses the location a customer visits the most and
how likely they are to visit again.

DECEMBER 2018 PCWorld 99

location,” “device identifiers,”
and “MAC address” (more on
this later).

We reached out to all of
the Wi-Fi companies, but only
two with major operations in
the United States responded
to questions about tracking
hotspot users. These
networks, Zenreach (go.
pcworld.com/zenr) and
Euclid (go.pcworld.com/
ecld), log the locations of
millions of smartphone and laptop owners
who pass within range of their hotspots—
even when these people don’t sign on.

According to Zenreach’s privacy policy,
“Later, when the user’s device returns to this
client location or enters the Wi-Fi range of
another Zenreach router (of any Zenreach
client), we automatically recognize the
device and record the visit in our record for
that device.”

According to Euclid’s privacy policy,
“General Visit Information is collected as your
mobile device moves across different
Locations that use our technology.”

To give you an idea of a hotspot network’s
scope, Zenreach counts Peet’s Coffee, Five
Guys, IHOP, and KFC among its larger clients,
according to its website (go.pcworld.com/
znwb). KFC has nearly 4,500 locations
nationwide, so these networks can span
broad swaths of urban areas.

HOW IT WORKS: DATA
COLLECTION BEGINS AT
THE CAPTIVE PORTAL
When you connect to public Wi-Fi, you’ll
usually be greeted with a sign-in form, also
known as a “captive portal.” This is where you
provide personal information and consent to
terms of service to get online.

In the case of Zenreach, “by clicking ‘go
online,’ you agree to our terms of use and
privacy policy,” allowing them to track your
location over time. Euclid is more explicit,
saying, “you agree to provide this device’s
location” next to where you can tick a box
to consent.

What distinguishes location-based
marketing hotspot providers like Zenreach and
Euclid from standard third-party hotspot
providers is that the personal information you
enter in the captive portal—like your email
address, phone number, or social media

These templates from Zenreach’s captive portal builder show you
how a Wi-Fi hotspot’s sign-in form can appear.

100 PCWorld DECEMBER 2018

H O W ‘ F R E E’ W I – F I H OT S P OT S C A N T R AC K YO U R LO C AT I O NFEATURE

profile—can be linked to your laptop or
smartphone’s Media Access Control (MAC)
address. That’s the unique alphanumeric ID that
devices broadcast when Wi-Fi is switched on.

As Euclid explains in its privacy policy, “… if
you bring your mobile device to your favorite
clothing store today that is a Location—and
then a popular local restaurant a few days later
that is also a Location—we may know that a
mobile device was in both locations based on
seeing the same MAC Address.”

MAC addresses alone don’t contain
identifying information besides the make of a
device, such as whether a smartphone is an
iPhone or a Samsung Galaxy. But as long as a
device’s MAC address is linked to someone’s
profile, and the device’s Wi-Fi is turned on,
the movements of its owner can be followed
by any hotspot from the same provider.

“After a user signs up, we associate their email
address and other personal information with their

device’s MAC address and with
any location history we may
previously have gathered (or
later gather) for that device’s
MAC address,” according to
Zenreach’s privacy policy.

This can reveal a detailed
profile of someone’s daily
habits. Where they shop,
where they live, and what
places they frequent at certain
times could be laid bare by
this data.

Stacey Gray, policy counsel at the Future
of Privacy Forum (go.pcworld.com/ftpf), told

Euclid’s captive portal notes they track location.

How Wi-Fi hotspots can
track your location
1. You connect to Wi-Fi
at an establishment
and hand over contact
details or other
identifying info.

2. The unique MAC
address that your
device broadcasts is
associated with your
personal info.

3. If Wi-Fi is enabled on
your device after you
leave, a router running
the same Wi-Fi hotspot
provider’s tech can log
your location when you
pass in range—even if
you don’t connect.

DECEMBER 2018 PCWorld 101

PCWorld that associating a MAC address with
someone’s movements between locations
reveals “highly sensitive” information.

“Analyzing MAC signals from mobile
phones can be valuable for retailers and
others to calculate wait times, understand
peak versus off-hours, or assign staff,” Gray
said. “However, location data is highly
sensitive when linked to an individual over
time and across venues.”

Neither Euclid or Zenreach would provide
PCWorld with exact figures on how many
people’s data they’re collecting. But Euclid
claims more than 120 million monthly active
devices (go.pcworld.com/m120) globally and
told PCWorld that the majority of its users are in
the United States. Zenreach also told PCWorld
that most of its hotspots are in the United States.
It’s also the most well-funded of the location
analytics companies, having raised $80 million

for a $210 million valuation as of
March 2017, according to
Crunchbase (go.pcworld.com/crnc).

When asked to respond to
people who might find Wi-Fi
location tracking invasive, Zenreach
cofounder Kai Umezawa
highlighted the convenience,
pointing out how his company
makes it easy to get online.

“After customers log in to the
Wi-Fi at a merchant location, we can
recognize that device at any
Zenreach network location,”

Umezawa said. “The benefit for users is one-
click access to Wi-Fi in any of these locations.”

All the hotspot providers PCWorld
reviewed say they take data security seriously.
A Euclid spokesperson said the company
immediately anonymizes collected location
data by “de-personalizing” or “hashing” it in
non-human readable format when stored.
That said, Euclid still processes and provides
identifiable data to businesses on someone’s
visits between various locations they own.

Zenreach didn’t respond to multiple
emails asking if they anonymize personal data
collected over Wi-Fi, and the company’s
privacy policy makes no mention of doing so.

How the data is used differs from provider
to provider, and where it might end up is
another question entirely. Many promise
never to share it. Others have more opaque
policies, or, in the case of Zenreach, may

This panel from Euclid shows some of the data available to
businesses on a customer traveling between their venues.

102 PCWorld DECEMBER 2018

H O W ‘ F R E E’ W I – F I H OT S P OT S C A N T R AC K YO U R LO C AT I O NFEATURE

outright share data with clients, affiliates, and
other third parties. Euclid may also share data
with advertisers, but only in “hashed” form.

HOW TO PROTECT
YOURSELF FROM BEING
TRACKED BY ‘FREE’ WI-FI
If you’re concerned about data being
collected by free Wi-Fi hotspots, there are
some simple steps you can take to protect
your personal information.

Don’t use “free” Wi-Fi: The most obvious
solution to protecting your data from free
Wi-Fi networks is not to use them at all.
Alternatives include using the data services
from your cellular provider, or signing up for a
more secure hotspot service like Boingo (go.
pcworld.com/bngo).

Disable Wi-Fi when you’re not using it:

Enabling Wi-Fi lets these hotspots track you

(and also drains your battery
faster). There’s really no
reason to keep your Wi-Fi on
unless you need to connect.

Read the privacy policy:
It’s tempting to skip reading
the privacy policy, but if you
take a few minutes to do so,
you can learn how the Wi-Fi
service is collecting your
data and where it might end
up. Keywords to look for are
“MAC address,” “location,”
“collect,” and “share.”

Opt-out of location tracking and delete

your data: Location analytics companies let
you opt-out of location tracking and delete
your data, though some opt-outs are easier
than others. How to opt out can be found in a
privacy policy. You’ll be given a chance to
review the policy before you sign in to a
captive portal, or you can find it on the
hotspot provider’s website.

You’ll need to get your MAC address to
opt out of any location tracking. On an
iPhone, you can find it under Settings >
General > About, where it’s listed as your
Wi-Fi Address. On Android, tap the menu key
and go to Settings > Wireless & Networks or
About Device. Press the menu key again and
hit Advanced, and then you should see your
device’s MAC address.

You can then provide your MAC address
to opt out of many, but not all,

Zenreach lets businesses send automated emails based upon how
many times a customer has visited.

DECEMBER 2018 PCWorld 103

location-tracking services through the Future
of Privacy Forum’s Smart Places web portal
(go.pcworld.com/smpv). This is a one-stop
shop many location analytics companies work
with voluntarily. (Companies should say in
their privacy policies if they’re associated with
the Future of Privacy Forum.)

Not all location analytics companies are
associated with the Smart Places web portal,
including Zenreach. In these cases, you’ll
need to find a Wi-Fi hotspot provider’s email
in its privacy policy and contact the company
directly with your MAC address on hand. You
should be able to request to opt out, receive
the data they have on you, and have it
deleted. See the screenshot below from

Zenreach’s policy:
Randomize your MAC address on

Android: Since version P, Android has added
a feature that allows you to randomize your
smartphone’s MAC address to improve
privacy. This lets you generate a new MAC
address for every Wi-Fi hotspot you connect
to, effectively stopping these companies from
tracking you. You can switch on MAC
randomization under Developer Options.

There’s no need to go through a similar
process on iPhones and iPads running iOS 11
and up, which automatically randomize their
MAC address when scanning for Wi-Fi.

“Because a device’s MAC address now
changes when disconnected from a Wi-Fi

network, it can’t be used to
persistently track a device
by passive observers of
Wi-Fi traffic, even when the
device is connected to a
cellular network,”
according to Apple’s iOS
Security Guide (go.
pcworld.com/apsg).

However, Apple also
says “Wi-Fi scans that
happen while trying to
connect to a preferred
Wi-Fi Network aren’t
randomized,” meaning a
hotspot a device has
connected to previously
will be able to detect the

Like in the case of Zenreach’s privacy policy, you can usually find the
email address for opting out of location data collection at the end of a
company’s privacy policy.

104 PCWorld DECEMBER 2018

H O W ‘ F R E E’ W I – F I H OT S P OT S C A N T R AC K YO U R LO C AT I O NFEATURE

device’s actual MAC address.
Don’t sign in with social media: It may

be convenient and quicker to sign in with
Facebook, Twitter, or LinkedIn, but it’s also
ideal for data harvesters. Your social profile,
especially your Facebook “likes,” reveals a
wealth of information about you.

A study published in 2015 by the
National Academy of Sciences (go.pcworld.
com/nasc) found that it takes just 10
Facebook “likes” for a computer model to
know your personality better than a
colleague does. In a previous 2013 study by
the same researchers, also published by the
NAS (go.pcworld.com/pnas), the scientists
used Facebook “likes” to predict whether
someone was black or white with 95-percent
accuracy, male or female with 93-percent
accuracy, gay or straight with 88-percent
accuracy, and Democrat or Republican with
88-percent accuracy.

WI-FI REGULATIONS ON THE
HORIZON?
Unlike the United States, the European Union
restricts individual, profile-based location
tracking via Wi-Fi hotspots under the General
Data Protection Regulation (GDPR;
go.pcworld.com/gdpr), which went into
effect in May, 2018.

GDPR considers device identifiers like MAC
addresses “individually identifiable information,”
entitling people with rights to have their
personal data processed securely and deleted,
and requiring explicit user consent in the captive
portal for location tracking.

“Exact location is considered as very
sensitive information across Europe.
Companies tracking user location need to,
among others, provide easily understandable
notice and obtain explicit user consent,” Alja
Poler De Zwart (go.pcworld.com/zwrt),
EU-based privacy and data attorney at law

firm Morrison Foerster,
told PCWorld.

“Companies who do
not abide by these
rules, risk regulatory
enforcement action,
including the GDPR-
style fines,” Poler De
Zwart added.

Netherlands-based
SpotOn (go.pcworld.
com/sp0t) Wi-Fi, a
hotspot provider You can take steps to protect your data while using ‘free’ Wi-Fi hotspots.

DECEMBER 2018 PCWorld 105

operating mostly in
Europe, with some
business in the United
States, immediately
anonymizes MAC
addresses it
associates with
personal info to
comply with GDPR.

“Without
associating a MAC
address to a social
profile we wouldn’t
be able to provide
seamless roaming
between cloud-
based access points or create email
campaigns that target guests with more
than X visits,” Niek Giavedoni, founding
director of SpotOn Wi-Fi, told PCWorld.

Giavedoni confirmed that the ability to
track identified users via their devices is
present in SpotOn Wi-Fi’s systems and other
Wi-Fi networks, but he said it would be a
privacy violation to track the locations of
individual profiles through Wi-Fi in the EU.

“We are very much aware of the
technical possibilities, the competitors that
use it, and privacy concerns that come
along with it,” he said.

Similar restrictions could make their way
to the United States.

Government officials are grappling with
how to safeguard personal data in the wake of

Facebook’s Cambridge Analytica scandal (go.
pcworld.com/cmbr), creating an opportunity
for EU-like constraints on Wi-Fi location
tracking to enter law. U.S. Senators Richard
Blumenthal (D-CT) and Edward Markey
(D-MA) are working on a federal “privacy bill
of rights” to provide people with more
protections and controls over data given over
the web. Their offices didn’t respond to
questions about their positions on Wi-Fi
location tracking in time for publication.

States are taking action, too. California
passed a sweeping privacy bill (go.pcworld.
com/b375) in June that goes into full effect in
2020. The bill guarantees Californians the
right to know what data is being collected
about them and whether it’s being sold or
disclosed, and to refuse the sale of their

Since 2018, the 28 members of the EU have tightened their data and privacy
laws.

106 PCWorld DECEMBER 2018

H O W ‘ F R E E’ W I – F I H OT S P OT S C A N T R AC K YO U R LO C AT I O NFEATURE

personal information.
“Unique personal identifiers” are

among the data types the bill covers, which
include MAC addresses. But the rights the
bill guarantees Californians are often
already offered by companies voluntarily,
and the bill still doesn’t restrict the location
tracking that companies like Zenreach and
Euclid employ.

Wi-Fi privacy regulations have actually
taken a step backward at the federal level
since the election of president Donald Trump,
former Federal Communications Commission
(FCC) staffer Marc S. Martin told PCWorld.

“One of the first acts by the Republican-
controlled Congress and the Trump

administration shortly after the president was
inaugurated was to rely on the Congressional
Review Act to repeal the FCC’s Broadband
Privacy Rules,” said Martin, currently a partner at
law firm Perkins Coie (go.pcworld.com/perk).

“Following that step, the Trump
administration FCC repealed the FCC’s 2015
net neutrality rules,” he added.

Martin said because of these two repeals,
there are currently “no prescriptive federal
privacy rules or regulations governing Wi-Fi
service providers in the United States.”

“It will take a new act of Congress, signed
by the President, to adopt any new federal
privacy rules governing public Wi-Fi service
providers,” Martin said.

California is the first state to pass its own data privacy bill, which will go into full effect in 2020.

Copyright of PCWorld is the property of IDG Communications, Inc. and its content may not
be copied or emailed to multiple sites or posted to a listserv without the copyright holder’s
express written permission. However, users may print, download, or email articles for
individual use.