Wikibeacon and similar services rely, primarily, on the ability of some phones to scan for beacons regardless of whether the ID number of the device is known to the app.
With news that Apple is further tightening the ability to scan for beacons that aren’t your own (by closing off the ability to manually input UUID numbers into an app, although not closing off any cloud-based databases it may tap into) it may be primarily Android phones that do scanning “in the wild”.
The Wikibeacon site set out to create a database of beacons. Not because it set out to be the definitive source of beacon placements, but as a way to take the temperature of beacon deployments.
A recent TechCrunch article (decidedly slanted to the positions of the author, but valuable nonetheless) pointed to Wikibeacon as evidence that beacon security is something to be taken seriously:
WikiBeacon is among the first sites to begin collecting “naked beacon” IDs and addresses — 32,000 so far — and posting them for all to see. Physical competitors are already beginning to use this data to target retailers who have been unfortunate enough to deploy naked beacons, and it’s not hard to imagine a world in which online competitors could target users, too.
If true, the author is claiming that Wikibeacon is, perhaps, comprehensive enough that it’s currently being used by companies to hijack their competitors.
Cornelius Rabsch, the Managing Director of BeaconInside, has his own take on public repositories of beacon locations:
Someone Is Falling in Love with Your Beacons
Geschäftsführer / Managing Director
There has been a lot of positive press coverage about WikiBeacon, a community project to map iBeacon devices around the world. Surprisingly, 3 small German cities are leading the rankings, #4 being Singapore and #5 Washington. A few thoughts immediately popped up showing a few fundamental problems with such an effort.
As an example, a tourist office could place beacons within all museums, parks and other points of interest. All beacons are guaranteed to be at exactly specified locations. The beacon meta data and related content is exposed via beacon management APIs or as part of existing Open Data initiatives. There is a clear value proposition: enable service providers to create engaging mobile experiences with valuable location-based content.
Even in commercial settings various service providers could share a single beacon and pay for a collaborative infrastructure. Why should you even install several beacons in one location? It’s all good.
A retailer invests a nationwide roll-out of beacons, a huge operational effort including hardware, installation and maintenance costs. It’s worth the effort because the goal is to create engaging mobile proximity services for your own customers. As good as it sounds, beacon signals are public and easy to detect and utilize. 3rd-party service providers or even competitors could use existing infrastructures to send geo-targetted notifications in their own applications (“We match all prices and provide a 2-year guarantee for free.“).
As bad as it sounds there are ways to protect beacon networks, e.g. by using frequently changing beacon identifiers or adding proprietary technologies. The risk involved in using beacons without the ownership is often too high and you cannot rely on the exact beacon position or the semantics behind it, i.e. changing store layouts or product offerings.
Nonetheless, public beacon data can be collected and creates this fear of misuse. It’s bad.
A good analogy is a wireless router where companies started wardriving to create databases of MAC addresses in combination with location information. An alternative way is to use already localized smartphone users to get this information. This data is valuable and can be sold.
With iBeacon networks this can be done in a similar way in theory. The big question is the value you get out of it. Just knowing that there is a beacon does not help with knowing the exact position or semantics, i.e. What zone does it represent? How large is the beacon zone? What is the exact GPS coordinate?
It’s not an ugly case, it’s just a case where transparency is needed. What is the reason for collecting this data with what kind of tools? Reselling, location fingerprinting, research, market analytics,…?
There will be all sorts of beacon networks but what infrastructure services, beacon management platforms or wikis do we need to create the most value out of it? Maybe it’s time for an Internet of Things/Beacon search engine like Thingful.
Share Your Thoughts
What do you think? Do public repositories like Wikibeacon do more harm than good? What would make them better?