Twitter | Search | |
Tim Perry
Connect to the wifi at Milan MXP airport, and it sends your data to , who then track you all over the web. All before clicking anything, and exactly what their privacy policy promises they *don't* do. What's going on here ? How is this ok?
Reply Retweet Like More
Tim Perry Nov 6
Replying to @MiAirports
Just in case leaking your data and tracking you for a year (minimum) wasn't enough, MXP is also sharing your MAC address here, in the referrer header. That's not just identifying you to the ad network, but giving them the hardcoded unique id of your laptop's wifi hardware.
Reply Retweet Like
Tim Perry Nov 6
Replying to @MiAirports
This tells them some interesting things about your laptop, but also notably means they can recognize your computer anywhere, forever. You could manually change it, in theory, but it takes a little technical knowledge, and effectively nobody does (and you shouldn't have to).
Reply Retweet Like
Tim Perry Nov 6
Replying to @MiAirports
Who are then? Surprise: they're a tracker & ad middleman. They do deals with sites across the web to get everywhere (like this 'free' wifi hotspot), track you as you browse, and sell ad space targeted directly to you to "demand partners" (advertisers)
Reply Retweet Like
Tim Perry Nov 6
Replying to @MiAirports
According to their website they're integrated into 50,000 sites & apps, showing ads to 1.5 billion unique users (20% of all people!), via a range of "advanced targeting" & profiling technologies. Yikes. As a bonus, MXP sends the same to too:
Reply Retweet Like
Tim Perry Nov 6
Replying to @MiAirports
So hey, from my POV this looks like: - Personally identifiable data - Send to ad firms, which definitely needs consent - No consent (I haven't clicked *anything*) - A fictional privacy policy => One bad big GDPR violation Any comments ? Will you fix this?
Reply Retweet Like
Tim Perry Nov 6
Replying to @MiAirports
Reply Retweet Like
Gian Segato Nov 6
Replying to @pimterry @MiAirports
What/how did you specifically intercept the traffic? Cookies set by the captive portal -> other subsequent requests with the same cookies attached, everything from a "Fresh Chrome" instance of HTTP Toolkit, right? Travelling tomorrow, planning to test the same thing at Berlin SXF
Reply Retweet Like
esantoro Nov 11
Replying to @pimterry @MiAirports
hey that' cool and everything, but couldn't you just sue ? This kind of big entities only start actually dealing with stuff when they are required to appear in court.
Reply Retweet Like
Tim Perry Nov 11
Replying to @esantoro @MiAirports
To their credit they actually responded pretty quickly, and then (apparently) fixed it the very next day: I can't confirm that myself since I'm not near the airport any more of course, but feel free to go check!
Reply Retweet Like