Responeded to your comment pre-edit.

If the U.S. Government wants to know who is communicating with whom in a world without modern technology, it can hire n government workers to sit at a desk and write down the address information on all the envelopes passing through USPS in a day. Expensive? Yes. Impossible - to the entity that fought WWII, landed on the moon, and continues to maintain a pretty much stable country of 300 million people? No. Our government may suck at cost-efficiency, but it is great at throwing resources at things that scale O(n), like the number of postal workers required to handle n letters.

There are good arguments to be made that it's not the government's place to know who is communicating with whom anyway, so it shouldn't be allowed to. If this is the case, than it shouldn't be allowed to by any means.

But how does a shopping mall not have the right to watch people move through its store? If it's wrong to watch the EM signals people emit as the move through, then is it also wrong to watch the light they reflect? I've seen employees doing traffic analysis in museums pretty frequently - in fact art museum security guards do it all the time. They could do the same in a mall. They could even park an employee with a clipboard on the second level and map out people's movements between stores below. Focus on one store at a time, find out where all the people leaving that store go. You'd still get the same result - the general trends of how people move around the stores, based on our evolutionary "tracking" ability - the Orwellian step of correlating neural impulses from the eye as belonging to the same object in different positions. Which is exactly what this cell phone tracking system does, except with MAC addresses instead of faces and hairstyles.

I say this to emphasize that not all tracking is bad. Correlating different sensory input with past and future inputs is a large part of being human. Hell, in a small town 50 years ago, the general store owner probably knew you and what you've bought before and who your friends are. The post office worker could recognize a scandalous pattern of letters are tell your family about it. That's way more invasive than this. Involvement of machinery is not the difference between good and bad tracking.

"I've seen employees doing traffic analysis in museums pretty frequently - in fact art museum security guards do it all the time. They could do the same in a mall. "

Fundamental difference though: a security guard with a clipboard jotting something down as I go past is one thing. I can come back tomorrow or next week, and he can jot something down again - but it's very difficult to correlate the two. If you're capable of grabbing my phone's wifi MAC address though, you know (with a reasonably high degree of certainty) that both visits were me. And you can share that data with the other museum across town without me knowing (and they can share it with my insurance company, and my insurance company can be targeted by hackers working for art thieves… Not _super_ plausable, but what if we subsistute "museum" with "bike shop" and "art thieves" with "criminal bike gangs"? Or substitute "museums" with "gun shows" and "art thieves" with "gun thieves"? http://www.themercury.com.au/article/2013/05/17/379402_tasma...

No, they can't share it with your insurance company, because your MAC address is never correlated to other personally identifying information. Best they can do is the brand of your smartphone.

Yeah, but he whole "pervasive surveillance" thing means there's no meatspace equivalent of Perfect Forward Security here. It only takes _one_ instance where someone can map my MAC address to an identity for the entire recorded chain to lose it's anonymity - one venue "in the system" where I make a credit card purchase or divulge my identity. Hell - if we're being paranoid, a sufficiently determined wifi access point operator has a _lot_ at their disposal to attempt to de-anonymise a specific phone. iOS for example under some conditions transmits the MAC addresses of the last 3 access points its connected to. There's a reasonably high chance on of them's my home and/or work wifi - use some tool that'll sniff all those ARP requests and geolocate them[1] to get partial address data. A determined enough attacker might be snooping any traffic that the phone puts through the network. Using non SSL protected POP3 or IMAP - guess who's got your email address (and password!)? Does your Twitter/InstaGram/Pintrest/4Square/SnapChat/whatever client always use SSL? Are ay of them vulnerable to sslstrip or MITM-able with unsigned certs? How many websites does your phone browser happily send unencrypted cookies to that're capable of providing strong hints to your identity? (Even HN did this up to a few months ago. "superuser2" doesn't reveal much about you, but knowing I'm "bigiain" in HN is enough to uniquely identify me.)

Now you've got me wondering just how many of the widespread free wifi rollouts are relying on this as part of their monetisation. McDonalds free wifi would be a great network to do this on. My local shopping center free wifi is almost certainly run by the same company as all of the othe AMP Capital shopping centers in Australia. And now that I think about it, they're pushing the center wifi hard, with things like Pinterest promotions and "like us on Facebook" and "download our iPhone app" - all things that could easily deanonymise my MAC address...

[1] https://github.com/hubert3/iSniff-GPS

Agreed (and sorry for the edit confusion). My qualm is that people aren't intricately aware that it's happening. Because technology makes it so efficient it can happen wholesale, at little (compared to physical 1 on 1) expense.

I also agree that tracking could be beneficial. But, if there were an inflatable robot that popped up over everyone's shoulder when they were being tracked for this convenience, there would be a different opinion, IMO. Right now - likely because it's so new - the general populous has no clue what they are trading for such convenience. That - to me - is the problem.