Cebit awards offline surveillance startup Viewsy

While reading the latest disclosures of foreign companies and secret services following you on every web page you visit, you might have thought: “I go offline shopping at local retails and pay cash. You won't get me!” Unfortunately the first start-ups are already on the way to follow you in the offline world and track you there as well.

According to an article of the German journal FAZ, the Code-N price for young start-ups at the computer exhibition Cebit was just awarded to Viewsy. They presented a software to adapt the tracking and analysing methods available for online retailers for local retailers.

Therefore, the unique MAC address is used which is broadcasted by every smartphone with activated wifi. This allows to identify visitors and measure their time spent in the store, reoccuring visits, etc. You don't even have to buy something.

As people in Germany are in general privacy-aware, the company directly addresses this issue. The MAC address would like a pseudonym and all data is securely kept in the cloud. Furthermore, people could manually opt-out on a central website to get not tracked anylonger.

I am not convinced. The past have shown that data will be abused and won't be forgotton if there are no constrains by design. This business idea goes into the category of SaaSS (Service as a Software Substitute, read more) which is always unfavorable and evitable in this case.

I see the following problems:

  • People are not aware that there are tracked.
  • People have to explicitly take action theirself to not participate in this program.
  • The data is kept at a central place (the cloud). Hence, one hack would affect the loss of data of all stores.
  • The personal MAC could get combined at some later point with other data (Facebook, Google, etc.) to unreveil the full identity. Let's assume a third company aquires this company. It reminds me on the recent aquisition of Whatapp by Google. There is no good.
  • Ultimatively, people have to trust a company to handle their data respectfully even though, there is no direct (contractual) aggreement between the visitors (we don't speak about customers yet) of the retail store and this company.

I hope that some new affords regarding personal data protection on a national or better international level will consider these practices as illegal before it gets deployed.

In any case, I'm sad to read that the prize comes along with 30.000 Euros. For such a threat of privacy I don't see any justification.