this post was submitted on 29 Sep 2023
654 points (97.0% liked)
Privacy
32159 readers
427 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I created an account while in the store with an email of fuckyou@thisisstupid.com and a basic password and surprisingly didn't have to verify the email. Then turned on a VPN to my house.
I plan on just creating a new account every time I go in just to fill up their database with nonsense.
Cool, is samwaltoncaneatabagofdicks@inhell.com still available?
It is not. You need to add a number at the end.
inhell.info is available and Postfix is a thing.
You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.
The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there's a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.
Bogus email only helps for spam but doesn't do anything about tracking.
EDIT: For Android when there's a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.
Pretty much all modern phones randomize the MAC address everytime they connect to a network unless the user explicitly says not to do that.
+1, had issues using Android devices for presence detection because of this very useful privacy feature. Even on your home network, the MAC address and device hostname get randomized, unless disabled in the settings
Edit: typo
When there's a Captive Portal like the screenshot, many devices use a random but persistent mac for that network avoid reauthorization after any network drop. This will make your access to the specific network trackable.
chuckles in GrapheneOS
(per-connection random MAC, for all networks, by default)
This is actually just part of stock Android. My Pixel 5 has MAC randomization on by default for new Wi-Fi networks.
It's per-network, not per-connection. Though that option does exist but is hidden away under developer settings.
Oh you mean like per TCP connection?
It's not at the packet level - by default on gOS (and a dev option on stock pixels), every time you connect to a network, even ones you have connected to prior, you get a new random MAC. The standard aosp/pixels do one random but persistent MAC randomization. This only helps marginally from a privacy standpoint. Per-connection makes this data point useless, thereby increasing privacy.
But can't you go manually forget the network in your device network options to circumvent this?
I'd assume after a certain amount of time or after moving far enough away from the network it "forgets" the last randomized MAC address?
It doesn't really make sense to store these things long term.
GrapheneOS let's me do a per-connection randomized MAC.
I'm sure they do collect a lot more about my device, but there's not much I can do about it short of wrapping my phone in tin foil.
Don't forget to disable wifi and bluetooth before approaching the store, as those give off unique identifiers too.
Don't forget to spoof your MAC address so they cant see who is making the fake accounts ;D
That's done automatically on mobile devices
This is the way. Fuck them.
Not Walmart, not wifi but my default is @gfy.com