Guest Post: Who’s Watching Your Beacons? The Role of Wikibeacon and Other iBeacon Databases

ibeacon-locations

Wikibeacon and similar services rely, primarily, on the ability of some phones to scan for beacons regardless of whether the ID number of the device is known to the app.

With news that Apple is further tightening the ability to scan for beacons that aren’t your own (by closing off the ability to manually input UUID numbers into an app, although not closing off any cloud-based databases it may tap into) it may be primarily Android phones that do scanning “in the wild”.

The Wikibeacon site set out to create a database of beacons. Not because it set out to be the definitive source of beacon placements, but as a way to take the temperature of beacon deployments.

A recent TechCrunch article (decidedly slanted to the positions of the author, but valuable nonetheless) pointed to Wikibeacon as evidence that beacon security is something to be taken seriously:

WikiBeacon is among the first sites to begin collecting “naked beacon” IDs and addresses — 32,000 so far — and posting them for all to see. Physical competitors are already beginning to use this data to target retailers who have been unfortunate enough to deploy naked beacons, and it’s not hard to imagine a world in which online competitors could target users, too.

If true, the author is claiming that Wikibeacon is, perhaps, comprehensive enough that it’s currently being used by companies to hijack their competitors.

Cornelius Rabsch, the Managing Director of BeaconInside, has his own take on public repositories of beacon locations:

Guest Post:
Someone Is Falling in Love with Your Beacons

Cornelius Rabsch
Geschäftsführer / Managing Director
BeaconInside

There has been a lot of positive press coverage about WikiBeacon, a community project to map iBeacon devices around the world. Surprisingly, 3 small German cities are leading the rankings, #4 being Singapore and #5 Washington. A few thoughts immediately popped up showing a few fundamental problems with such an effort.

The Good

As an example, a tourist office could place beacons within all museums, parks and other points of interest. All beacons are guaranteed to be at exactly specified locations. The beacon meta data and related content is exposed via beacon management APIs or as part of existing Open Data initiatives. There is a clear value proposition: enable service providers to create engaging mobile experiences with valuable location-based content.

Even in commercial settings various service providers could share a single beacon and pay for a collaborative infrastructure. Why should you even install several beacons in one location? It’s all good.
Tracking Beacons

The Bad

A retailer invests a nationwide roll-out of beacons, a huge operational effort including hardware, installation and maintenance costs. It’s worth the effort because the goal is to create engaging mobile proximity services for your own customers. As good as it sounds, beacon signals are public and easy to detect and utilize. 3rd-party service providers or even competitors could use existing infrastructures to send geo-targetted notifications in their own applications (“We match all prices and provide a 2-year guarantee for free.“).

As bad as it sounds there are ways to protect beacon networks, e.g. by using frequently changing beacon identifiers or adding proprietary technologies. The risk involved in using beacons without the ownership is often too high and you cannot rely on the exact beacon position or the semantics behind it, i.e. changing store layouts or product offerings.

Nonetheless, public beacon data can be collected and creates this fear of misuse. It’s bad.

The Ugly

A good analogy is a wireless router where companies started wardriving to create databases of MAC addresses in combination with location information. An alternative way is to use already localized smartphone users to get this information. This data is valuable and can be sold.

With iBeacon networks this can be done in a similar way in theory. The big question is the value you get out of it. Just knowing that there is a beacon does not help with knowing the exact position or semantics, i.e. What zone does it represent? How large is the beacon zone? What is the exact GPS coordinate?

It’s not an ugly case, it’s just a case where transparency is needed. What is the reason for collecting this data with what kind of tools? Reselling, location fingerprinting, research, market analytics,…?

Outlook

There will be all sorts of beacon networks but what infrastructure services, beacon management platforms or wikis do we need to create the most value out of it? Maybe it’s time for an Internet of Things/Beacon search engine like Thingful.

Share Your Thoughts

Join our weekly e-mail list for more on iBeacons. Join the conversation on Twitter, or connect with me on LinkedIn.

What do you think? Do public repositories like Wikibeacon do more harm than good? What would make them better?

2 Responses to “Guest Post: Who’s Watching Your Beacons? The Role of Wikibeacon and Other iBeacon Databases”

  1. Artur Kiulian

    I have a question, been following the map and suddenly amount of beacons increased from 14k to 30k, is it a bug? I dont really think it could double in 24h

    Reply
  2. Alexander Wehmeyer

    I can’t see the real advantage of a beacon library like WikiBeacon. Of course it is a good source for research reasons while visualising the beacon trend. Nevertheless I share the point of Mr. Rabsch that this kind of library can support “hackers” and wardriving. As long as beacons only broadcast the UUID, Major & Minor it is easy to clone them. Who ensures the authenticity of beacons? And how? Especially for iPhone users, who rely on working functions and services, beacons have to be protected against misuse. If this can be guaranteed a good user experience can be generated and location-based advertising can open new communication ways for the POS.

    Reply

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>