I created an account while in the store with an email of fuckyou@thisisstupid.com and a basic password and surprisingly didn’t have to verify the email. Then turned on a VPN to my house.
I plan on just creating a new account every time I go in just to fill up their database with nonsense.
Cool, is samwaltoncaneatabagofdicks@inhell.com still available?
It is not. You need to add a number at the end.
inhell.info is available and Postfix is a thing.
You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.
The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there’s a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.
Bogus email only helps for spam but doesn’t do anything about tracking.
EDIT: For Android when there’s a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.
GrapheneOS let’s me do a per-connection randomized MAC.
I’m sure they do collect a lot more about my device, but there’s not much I can do about it short of wrapping my phone in tin foil.
Don’t forget to disable wifi and bluetooth before approaching the store, as those give off unique identifiers too.
This is the way. Fuck them.
Don’t forget to spoof your MAC address so they cant see who is making the fake accounts ;D
Sometimes these login portals accept any old bogus email or burner account. They were logging your IP anyway so realistically doesnt add any more compromised dafa
I’m gonna assume that by IP you mean MAC address because your IP is something that gets negotiated with the AP when you connect, changes every time you connect and can’t really be linked back to your device at a public AP. In that case, the right move is to enable MAC randomization and connect through a VPN if you need to hide who you’re talking to or just rely on TLS if you don’t care that they know who you’re talking to and only need to hide what was said.
You can also set randomized MAC addresses in your wifi settings
That’s what I meant when I said “enable MAC randomization”
People think your IP address is the key to your treasures but everyone you communicate with on the Internet has your IP or talks to someone who does.
Yup, meant MAC/other hardware info lol
Why would anyone interested in privacy connect to any public WiFi? That’s crazy.
Brilliant service and add a VON om top it will make it no sweat.
More like “we were doing this before, but now we have to tell you we are doing it”.
I am so happy to live in Sweden. All open WiFi networks here are free to use and requires no email or account (VPN recommended as always, though). Even at grocery stores.
That’s generally true in the US as well. That’s why people are so outraged by this.
So Walmart has done it again, huh?
This might be anecdotal tbh. I am in the US and I run into captive portals all the freaking time. It’s so annoying.
In the EU they already had a complaint, because it violates GDPR, but in any case I would never use a public WiFi without a VPN, and even less in places with these conditions, there is also free WiFi in some Rstaurants (even in most McDonalds), public Libraries and others. Fuck surveillance advertising
Right, and this Walmart in Europe would be where exactly?
AFAIK it does not exist in Europe, but I meant that these conditions in the EU would not be tolerated. Maybe because of this there isn’t a Walmart in the EU, there are a lot of Malls from other companies and none of these use this practices in their restaurants, mostly with free WiFi for their visitors. Offering free WiFi is already enough of a benefit for them, because it attracts customers, they do not need to intrude on their privacy with an obvious attempt to spam them and make money with their data.
https://storelocator.asda.com/directory
Asda is Walmart
That’s England so no gdpr anyway
UK gdpr not withstanding, the question asked was: where in Europe. UK remains a part of Europe post brexit.
There’s just no reason to unless you are really skimping on phone data. Random wifi hotspots are one of the most dangerous things for an average joe in terms of infosec.
They seem to explain pretty well how your data will be used, why would this violate GDPR?
I might be wrong but i think it is because they don’t give you the option to opt out and use the wifi.
Should they? I would simply not connect to their Wi-Fi and move on, it’s not like they are obligated to provide you internet.
No way to opt out?
I have seen it on Europe… maybe there was some way to circumvent it hidden away, not sure. But you could type a random email and that’s it, like they don’t send anything to confirm the email or anything once you submit you have access to internet.
Better to send a disposable mail, where yo can receive the log data before it expired.
eg
- https://maildrop.cc
- https://altmails.com
- https://www.disposablemail.com
- https://www.lazyinbox.com/#/
- https://www.guerrillamail.com
etc
anonbox from ccc
Agreed. My iPhone connects to my home VPN via Wireguard as soon as I leave my home WiFi. Has the added benefit of pihole ad filtering everywhere.
Have you experienced any downsides to using pi hole? Does anything stop working?
Obviously the first ad links in google don’t work any more, which drives the wife crazy ;-) Also nowadays more and more websites complain about me using an adblocker.
But technically, not really any problems at all.
I used to before but my family was extremely bothered that they couldn’t click on ad links. If I remember correctly, it’s pretty easy to set up if you want to just try it.
In the 6 years I’ve ran mine, I’ve not had any issues and I run a blocklist with over 1 million domains on it.
If I was to run into something that’s blocked that I do want loaded, I can just open the pihole interface and either whitelist the blocked domain or disable blocking for a short time, each with just a couple clicks.
So the first thing you give any sketchy WiFi is your home address?
Yup. What are they gonna do that every other portscanning bad actor isn’t doing 24/7 already?
Also, how would they distinguish between my private VPN and that of a commercial provider?
Wireguard and PiHole combo is such a blessing.
I was about to say… Isn’t using public wifi’s extremely dangerous?
Yes, because of this using an public WiFi without VPN is a no-go
I always give some bs emails in those authentication forms. Mainly because as a client who tries to connect, I do not have internet access, so I cannot verify my email before they give me the access. And when they gave me access, there is no power in the world to make me do that 🤷
I used to spoof my MAC to connect to Xfinity Wifi hot spots. I would give them emails like “eet4dickComcrap@gmail.com”
Android automatically spoofs your MAC for every network and regularly changes it for each one too unless you explicitly disable that after connecting.
Makes static DHCP leases a PITA.
Yup.
unless you explicitly disable that after connecting.
Walmart, the biggest grocery retailer in the entire United States, uses face tracking in the majority of their stores in several sections, and we’re concerned about their Wi-Fi?
The Wi-Fi seems like such a minor problem compared to them collecting massive amounts of data off of something you aren’t consenting to explicitly.
Like you walk into their stores and they can know: How often you visit, what items you buy, what payment method you use most often, what items you looked at and what aisles you visit, who you bring with you, what your kids look like, what disabilities you may have, size of your household, and whatever else they want. There’s basically no respect for any privacy in their stores.
The US is a privacy nightmare in competition with China. Most of the US doesn’t have any option over their privacy. You just don’t get it here.
It’s even worse as an associate. They make us sign up for some social media I never use, download apps on our phones, and make us give them our handprints for a machine to take out our tills. And we’re getting face scanned by cameras all day. Dystopian nightmare and it makes me feel ashamed to have accepted the job here.
I use GOS and therefore believe that I have some level of protection on the WiFi level based off of that, and I have their apps on a separate profile but it’s getting tougher on privacy here at Walmart.
Edit: That’s also why I have no pictures of me in my socials and deleted my Facebook, Instagram, and twitter, so they shouldn’t have too many ways to market to me aside through my debit and credit cards possibly.
You do realize they were almost certainly doing this before, right?
More of shock value of them announcing it and requiring an email now.
Literally 1984
NB4 VPN
Accept the terms and continue shopping for condoms, lube, a shovel, a length of sisal rope and a bag of lye
Don’t forget the 100 boxes of Sudafed.
It’s Walmart, don’t forget that they sell ammo there too.
Please, think about the improved products and services before making any rash decisions.
Not sure about this Walmart case but most you can write any email like random letters a@gmail.com or not even the Gmail part as long as it’s a valid looking mail and then works like you don’t even have to confirm the email or anything.
this is incorrect for the walmart case, next step is the password for the account, so you need to login or create a Walmart account for access
Oh yeah I see I mis read the prompt, I thought it was going with a enter you mail as alternative to using an account.
I’ve never agreed to this, but I might be on Walmart Wi-Fi from a long time ago. Once recently shopping at Walmart in person I got an email to my account saying something really creepy like, “rate your in store purchases” and sent me pictures of each item I bought IN STORE with an invitation to rate each. Also included my real name. This isn’t even the email I use for my online pickup orders.
Don’t all stores do this, particularly those with membership cards? Isn’t one of the main reasons for these cards to track your purchases in exchange for discounts, besides fostering loyalty? All major stores in my area operate like this. If you use scan-and-pay with a smartphone or another device, joining their membership program is mandatory. They monitor what, when, and where you buy, and sometimes even why. I don’t understand why this surprises some people.
Walmart is not a membership store. I never scanned a membership card, or put in any code or anything. I walked in with my child, browsed around a little bit, ended up purchasing a water gun and some potted flowers, paid at the self-scan, and walked out. I did use a debit card, but that card shouldn’t even be connected with the old account that I got an email for, as the card is years newer than the account.
Oh, sorry, I misunderstood. My bad. I thought the outrage was about them collecting data, which is normal. ; but that’s very strange. How did they connect your purchase/receipt to your email? Have you found out yet?
