I created an account while in the store with an email of [email protected] and a basic password and surprisingly didn’t have to verify the email. Then turned on a VPN to my house.
I plan on just creating a new account every time I go in just to fill up their database with nonsense.
You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.
The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there’s a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.
Bogus email only helps for spam but doesn’t do anything about tracking.
EDIT: For Android when there’s a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.
randomize the MAC address everytime they connect to a network
+1, had issues using Android devices for presence detection because of this very useful privacy feature. Even on your home network, the MAC address and device hostname get randomized, unless disabled in the settings
When there’s a Captive Portal like the screenshot, many devices use a random but persistent mac for that network avoid reauthorization after any network drop. This will make your access to the specific network trackable.
It’s not at the packet level - by default on gOS (and a dev option on stock pixels), every time you connect to a network, even ones you have connected to prior, you get a new random MAC. The standard aosp/pixels do one random but persistent MAC randomization. This only helps marginally from a privacy standpoint. Per-connection makes this data point useless, thereby increasing privacy.
I created an account while in the store with an email of [email protected] and a basic password and surprisingly didn’t have to verify the email. Then turned on a VPN to my house.
I plan on just creating a new account every time I go in just to fill up their database with nonsense.
Cool, is [email protected] still available?
It is not. You need to add a number at the end.
inhell.info is available and Postfix is a thing.
You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.
The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there’s a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.
Bogus email only helps for spam but doesn’t do anything about tracking.
EDIT: For Android when there’s a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.
Pretty much all modern phones randomize the MAC address everytime they connect to a network unless the user explicitly says not to do that.
+1, had issues using Android devices for presence detection because of this very useful privacy feature. Even on your home network, the MAC address and device hostname get randomized, unless disabled in the settings
Edit: typo
When there’s a Captive Portal like the screenshot, many devices use a random but persistent mac for that network avoid reauthorization after any network drop. This will make your access to the specific network trackable.
chuckles in GrapheneOS
(per-connection random MAC, for all networks, by default)
This is actually just part of stock Android. My Pixel 5 has MAC randomization on by default for new Wi-Fi networks.
It’s per-network, not per-connection. Though that option does exist but is hidden away under developer settings.
Oh you mean like per TCP connection?
It’s not at the packet level - by default on gOS (and a dev option on stock pixels), every time you connect to a network, even ones you have connected to prior, you get a new random MAC. The standard aosp/pixels do one random but persistent MAC randomization. This only helps marginally from a privacy standpoint. Per-connection makes this data point useless, thereby increasing privacy.
But can’t you go manually forget the network in your device network options to circumvent this?
I’d assume after a certain amount of time or after moving far enough away from the network it “forgets” the last randomized MAC address?
It doesn’t really make sense to store these things long term.
GrapheneOS let’s me do a per-connection randomized MAC.
I’m sure they do collect a lot more about my device, but there’s not much I can do about it short of wrapping my phone in tin foil.
Don’t forget to disable wifi and bluetooth before approaching the store, as those give off unique identifiers too.
Don’t forget to spoof your MAC address so they cant see who is making the fake accounts ;D
That’s done automatically on mobile devices
This is the way. Fuck them.
Not Walmart, not wifi but my default is @gfy.com