Nordstrom tracking customer movement via smartphones' WiFi sniffing

Filed Under: Featured, Mobile, Privacy

Wifi in shopping cart. Image from Shutterstock"You've spent quite some time in the lingerie department, but you haven't even peeked at our display of Bose® 'OE2' Audio Headphones, which were $149.95 but are now ONLY $134.96! Can we talk?"

OK, so that's not exactly what Nordstrom says it's planning to do with the information it gleans from tracking customers' movements throughout their stores.

But it certainly could market that aggressively, now that the department store - purveyor of apparel, shoes, jewelry, and the like - has implemented technology to track how much time you spend in specific departments within 17 stores in the US.

Tara Darrow, a company spokeswoman, told CBS DFW that sensors in the stores are collecting information from customers' smartphones as those phones automatically scan for WiFi service.

Darrow said that the sensors monitor which departments you visit and for how long, but the sensors don't actually follow your phone from department to department, and they don't identify personal information tied to a phone's owner:

"This is literally measuring a signal. You are not connected to the signal."

Nordstrom plugged in the technology in October but hasn't yet done anything with the data it's collected.

It's referring to that data as "anonymous aggregate reports that give us a better sense of customer foot traffic".

Nordstrom says it will eventually use these anonymous aggregate reports to enhance the shopping experience by, for example, increasing staffing during high-traffic times, keeping more registers open, or by tweaking a department's layout.

The store is posting signs to alert customers and to tell them that if they want to opt out they can turn off their phones.

CBS DFW spoke to John Fu, marketing director of Euclid, the company that provides the tracking service. Apparently, while the company provides technology to collect information about us, it's wary about disclosing information about its clients, citing, ironically enough, privacy concerns.

Fu did tell CBS DFW that Euclid serves a "variety of different kinds of retail stores, ranging from mom & pop stores and coffee shops to large department stores."

Fu said that Euclid doesn't collect names, addresses, phone numbers or email.

Well, I guess that's better than what Google was doing with WiSpy, when its StreetView cars were roaming neighborhoods worldwide, collecting emails, text messages, browsing histories and passwords from unsecured wireless networks.

If anything, this is a clear reminder regarding how much information our smartphones leak about us.

Smartphones constantly ping for WiFi service if you have WiFi turned on, whether you use it or not, as long as the phone isn't shut down.

Smartphone with wifi. Image from ShutterstockDo they stop pinging once they're powered down?

That depends, according to Tom Henderson, principal researcher at ExtremeLabs, who tells me that phones that come back on instantly after being shut down haven't actually been powered off; they're just in a very-low-power-consumption mode.

A fast start indicates standby mode and a possible periodic location beacon. For that fast-start type of phone, users need to take the battery out if they're worried about locational privacy.

As Julian Bhardwaj wrote about for Sophos last October, leaving WiFi turned on can let your phone leak all sorts of useful things for malicious actors to intercept and act upon.

One example: smartphones often broadcast the names (SSIDs) of your favorite networks for anyone to see.

That's enough for someone to figure out where you work, where you live or your favorite coffee shop.

Worse still, it could allow an attacker to set up a rogue WiFi with the same SSID as one of your preferred networks, so as to launch a man-in-the-middle attack and thereby intercept data sent between you and others.

There's no easy way to disable active wireless scanning on Androids or iPhones, but Bhardwaj did suggest two steps that can help keep your smartphone data safe:

  • Tell your phone to forget networks you no longer use, so as to minimise the amount of data leakage.
  • Configure your phone to automatically turn on/off wireless in certain places using a location-aware smartphone app.

In the meantime, if you like to shop at Nordstrom but don't like the idea of location tracking, turn your phone off and take the battery out if it's a fast-start phone before you head into one of the stores that are equipped with these sensors.

Image of WiFi, shopping cart, and smartphone courtesy of Shutterstock.

, ,

You might like

20 Responses to Nordstrom tracking customer movement via smartphones' WiFi sniffing

  1. Um, turning off the wifi would be a pretty good way of disabling active wireless scanning, would it not?

    • Paul Ducklin · 842 days ago

      I'd have thought that "Flight" or "Airplane" mode would do the trick. IIRC, that inhibits _all_ electromagnetic radiation emissions (except light from the screen :-) including GSM, 3G, Wi-Fi, Bluetooth, even IR.

      Good luck taking the battery out of modern mobile devices such as tablets and iDevices...

  2. mike · 843 days ago

    retailers are getting out of hand. I work fo a retailer (formally now) but once I was looking up a product for a cutomer not me. When I got home there was an email that said hey we noticed you were looking at this item, but did not buy-how can we get you to buy it?

    are you Effn kidding me this stalker BS has got to go, besides these companies could keep data secure if their lives depended on it nuff said.

  3. LonerVamp · 843 days ago

    Sensors near check-out lanes where you pay with a personally identifiable credit card are the next step. Sure, walking around the store may leave you as a relatively anonymous cell phone signal, but not when you willfully identify yourself at check-out.

    And if it generates profit, they'll do it.

  4. Vern · 843 days ago

    "There's no easy way to disable active wireless scanning on Androids or iPhones..."

    Doesn't turning off Wireless in the iPhone Settings menu do the job?

    • Dave · 842 days ago

      I know you can choose "Ask to join networks" to off on iPhone. That way it only joins a wi-Fi on your phone's saved SSID list.

  5. andy · 843 days ago

    cheaper that putting RF inside a basket or trolley and setting up the base stations I guess.

  6. Could you not just turn off your wifi instead of turning off your phone. That seems to be what you were alluding to with the location aware smartphone app, but wouldn't manually switching off wireless be just as effective as turning off your phone?

  7. Tony · 843 days ago

    Notice to Nordstrom Management from WiFi Data Department.

    Our new million dollar WiFi computer tracking system detected 27 customers hanging around a closed register between 4:55 and 5:33. Based on our proprietary computer tracking algorithms we may want to consider scheduling a sales clerk to be on the floor in the future.

    Notice to Nordstrom Security from WiFi Data Department.

    We noted that 1277 people entered the store today and 1276 left, we better analyze that data, we may have a lost customer around one of the closed registers?

  8. Brett Ogren · 843 days ago

    what is "fast start" and why do you have to take the battery out of your phone if it is turned off?

  9. Joe · 843 days ago

    Or just turn off WiFi if your phone has the setting, or wrap the phone in foil (which will prevent it from working at all, but will preserve the instant start once you take it out of the foil.

  10. Lee · 843 days ago

    How do you 'forget networks' you no longer use? At least on an iPhone, you can't see any network you aren't in the presence of. No?

  11. Kurt · 843 days ago

    Interesting. I suppose that there are a lot of people who just won't care at all that they are being tracked and targeted. For myself, it will be a pretty cold day in Hades before Nordstrom sees any business from YT. It's irritating enough to have nearly every vendor ask if you have our "Customer Loyalty" card so we can track your purchases. Now some one is going to track me while I shop? Horse pucky.

  12. GDR! · 843 days ago

    Also, install an app to randomize your MAC address every day or so. New day, new wifi identity.

    • Paul Ducklin · 842 days ago

      Not a bad idea. Sort of like clearing cookies every time you exit your browser. Of course if you're running a hotspot on your phone/table/portable Wi-Fi unit, you'll need to change the network name, too...

  13. Emir · 843 days ago

    Phones in airplane mode cannot be detected, right?

    • Paul Ducklin · 842 days ago

      Pretty sure you are right - perhaps even as a matter of law. (The idea of labelling it "flight mode" or "airplane mode" is to signify that it is obeying radio silence, is it not?)

  14. JohnJ · 842 days ago

    I leave WiFi off by default so I'm not that concerned today though the next step would be passive cellular radio detectors. And I would not consider this anonymous data. Tracking your WiFi signal to a register and correlating that with purchase info using a credit card means you're no longer anonymous. Gee, mister, I hope that lingerie is for your wife.

    It isn't just price that's driving consumers to online purchases.

    BTW, if you want to turn WiFi off make sure it stays off. Sprint in the US, for instance, by default deploys a "Connections Optimizer" that will turn WiFi on to hunt for access points to use instead of cellular data. So be sure any apps like this are also disabled.

  15. Cheryl · 842 days ago

    How about just leaving the phone in the car? They can't track what they can't find.

  16. Standard...

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.