Thread
🧵A story about a time I accidentally helped track everyone in the financial center of London using very similar techniques to ElonJet. Sort of.

The implications matter deeply to the free speech debate at hand.

Imagine being in the middle of this:
So, back in 2011 I started doing some contracting for the people building this network of blast-resistant smart bins in the City of London. www.standard.co.uk/hp/front/the-ps18-000-bombproof-litter-bins-6693530.html
As the project got closer to launch, more and more things turned into a mess and I was forced to take on more work, eventually building up a team to do most of the software work for this, as it had been greatly underestimated.

This is me applying some last minute engineering:
Yes, that's the original Android phone there, I'm not even ashamed to admit it. en.wikipedia.org/wiki/HTC_Dream
The problem is that despite our hard work, nobody really wanted to buy ads on bins. Even in the city of London. So the company that was running these bins was getting desperate to find a business model.
So the CEO of Renew struck a deal with the people from @presenceOrb to integrate their hardware into all the bins. While my company built all the cloud infrastructure for the bins, including VPN, this happened completely separately.

@PresenceOrb (full transparency - I think we were asked to provide them with VPN access into the boxes at some point so they could avoid having to travel to the bins themselves -- which is why we had built the VPN in the first place)
What the PresenceOrb did at the time was to track the MAC addresses of the phones that would walk by the bins and had WiFi networking enabled. That number used to be unique for every phone, for the lifetime of the phone.
Now, these MAC addresses are what you might call "publicly available information". Very similar to the ADS-B signals that aeroplanes have to emit according to FAA rules.

These are still anonymous... unless of course you can somehow combine a person's name and face with their presence near a data collection device.. like CCTV for instance.

Likewise, ElonJet has figured out which is the ADS-B code of Elon's jet. In fact, it combines a 3rd piece of information, from an FAA "anonymized" flight plan database, to figure out not just where the Jet is, but where it is going. In other words, Elon's likely future location.
In case you're interested in more details of the tech, see here, Quartz did a pretty in-depth piece on it. In fact, they found out because Renew was pretty open with what it was doing. qz.com/112873/this-recycling-bin-is-following-you
Effectively, by combining 100 spots in pretty dense positioning, all in the square mile of the city of London, they could track almost every person on the street. This being what it is, it obviously didn't last very long.
But the real conundrum is this -- was this company doing something wrong? Even though they were technically using "publicly available information"?
My instinct is strongly yes, they were doing something wrong. I will be shocked if most people disagree. But then I don't know how one can defend what ElonJet is doing.

At the same time, while the tech was pretty quickly shut down, it was still technically possible for a while.
It was only really stopped when Apple (and eventually everyone else) rolled out MAC address randomization, so that having a MAC address told you very very little about the device. support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web
And I think this is the key here. While Elon can try to shut them down, and I don't think it's unreasonable (though it could have been communicated a lot better), this is a technical issue that has to be solved the same way. The information is there and will make its way out.
I genuinely think this is an unsolvable problem in the general case. We all emit a huge amount of data everywhere we go and everything we do.

Hell, even the way each person walks is unique (and publicly available information!) and can be used to uniquely identify a person. recfaces.com/articles/what-is-gait-recognition
So on the one hand I am on the side of @jack that all moderation has to be on the client-side. That is the true, architectural free speech. On the other, I don't know how we can navigate the world where the most well known people are mobbed wherever they go, at any point in time.
Ultimately, I understand the pragmatic nature of the policy enacted for the moment. The emphasis should be on the amount of friction required to get the information, even if it is publicly available. Making it easier to find and broadcasting it is a form of harassment.
And yet I don't think any of this solves the fundamental issue. Either with free speech, or with real-time location tracking of high-value targets.
P.S. I don't think I broke any NDAs with sharing the above, but in case I did, well, these guys with the screens went bankrupt shortly afterwards, owing my company about $60k, so they can, uh, charge my account.
Mentions
See All
Peter Todd @PeterTodd · Dec 16, 2022
  • Post
  • From Twitter
Good read.