Yeah, but he whole "pervasive surveillance" thing means there's no meatspace equivalent of Perfect Forward Security here. It only takes _one_ instance where someone can map my MAC address to an identity for the entire recorded chain to lose it's anonymity - one venue "in the system" where I make a credit card purchase or divulge my identity. Hell - if we're being paranoid, a sufficiently determined wifi access point operator has a _lot_ at their disposal to attempt to de-anonymise a specific phone. iOS for example under some conditions transmits the MAC addresses of the last 3 access points its connected to. There's a reasonably high chance on of them's my home and/or work wifi - use some tool that'll sniff all those ARP requests and geolocate them[1] to get partial address data. A determined enough attacker might be snooping any traffic that the phone puts through the network. Using non SSL protected POP3 or IMAP - guess who's got your email address (and password!)? Does your Twitter/InstaGram/Pintrest/4Square/SnapChat/whatever client always use SSL? Are ay of them vulnerable to sslstrip or MITM-able with unsigned certs? How many websites does your phone browser happily send unencrypted cookies to that're capable of providing strong hints to your identity? (Even HN did this up to a few months ago. "superuser2" doesn't reveal much about you, but knowing I'm "bigiain" in HN is enough to uniquely identify me.)
Now you've got me wondering just how many of the widespread free wifi rollouts are relying on this as part of their monetisation. McDonalds free wifi would be a great network to do this on. My local shopping center free wifi is almost certainly run by the same company as all of the othe AMP Capital shopping centers in Australia. And now that I think about it, they're pushing the center wifi hard, with things like Pinterest promotions and "like us on Facebook" and "download our iPhone app" - all things that could easily deanonymise my MAC address...
Now you've got me wondering just how many of the widespread free wifi rollouts are relying on this as part of their monetisation. McDonalds free wifi would be a great network to do this on. My local shopping center free wifi is almost certainly run by the same company as all of the othe AMP Capital shopping centers in Australia. And now that I think about it, they're pushing the center wifi hard, with things like Pinterest promotions and "like us on Facebook" and "download our iPhone app" - all things that could easily deanonymise my MAC address...
[1] https://github.com/hubert3/iSniff-GPS