>but there are still metadata that can be collected.
That logic is questionable given how poorly "spying on public wifi users" scales. You either need to put a bunch of eavesdropping radios in a bunch of public places or somehow convince a bunch of small businesses to use your "free wifi" solution. Even if you do have access, it's hard to monetize the data, given that nearly every device does MAC randomization (so you can't track across different SSIDs) and iOS/windows rotates mac addresses for open/public networks. OTOH setting up metadata capture on a commercial VPN service is pretty straightforward, because you control all the servers.
Doesn't pretty much every Starbucks location in the United States use a nationwide provider?
Despite the randomized Mac address, you can still fingerprint devices using all the usual tricks when they connect to the authentication and authorization page before you allow them to access the broader internet.
If the receipt had a passcode on it, you've got a link between all of your browser fingerprint, radio fingerprint and payment detail fingerprint and possibly customer loyalty provided at time of payment.
>Despite the randomized Mac address, you can still fingerprint devices using all the usual tricks when they connect to the authentication and authorization page before you allow them to access the broader internet.
Fingerprinting is overrated given that every iPhone 17 is identical to any other iPhone 17. If you leave system settings at stock, which most people do, there's very little to fingerprint.
>Doesn't pretty much every Starbucks location in the United States use a nationwide provider?
True, although mobile data is cheap and plentiful enough that I rarely bother using wifi at cafes or fast food places. The only time I use public wifi is if I'm staying long term, which basically only encompasses trains, airports, and hotels. Those are diverse enough that it's tough to build a complete profile.
>If the receipt had a passcode on it, you've got a link between all of your browser fingerprint, radio fingerprint and payment detail fingerprint and possibly customer loyalty provided at time of payment.
I don't think I ever saw a place that was that guarded about their wifi. The closest I've seen is hotels requiring your room/last name, which would allow them to identify you, but at the same time I'm not sure how much information they can glean, other than that I'm logging into gmail or airbnb. Persistent monitoring that ISPs can do is far more useful.
> Those are diverse enough that it's tough to build a complete profile.
Debatable; i promise you that somebody out there is willing to buy the info and will attempt to combine it with $otherInfo such that it becomes valuable enough for somebody else to buy. Lots of adtech/survalence-tech operates with thin margins at _massive scale_.
> I don't think I ever saw a place that was that guarded about their wifi.
It's rare; i'd run into it only a few times a year. Typically PoS systems and WiFi are not integrated. I also haven't really been paying attention since LTE is good now :).
That logic is questionable given how poorly "spying on public wifi users" scales. You either need to put a bunch of eavesdropping radios in a bunch of public places or somehow convince a bunch of small businesses to use your "free wifi" solution. Even if you do have access, it's hard to monetize the data, given that nearly every device does MAC randomization (so you can't track across different SSIDs) and iOS/windows rotates mac addresses for open/public networks. OTOH setting up metadata capture on a commercial VPN service is pretty straightforward, because you control all the servers.