Yup, got myself an ESPduino which is a combination of an Arduino-compatible with an ESP8266 on-board.
This will be the platform for my little project, where I aim to run interference to disrupt the WiFi-based visitor-counting system the local town has installed.
As preparation I’ve been walking around town, trying to identify and photograph the installed devices and I have found 6 or 7 this far, rumor says they have 15-20 devices installed around busy walking streets and squares. I have also done some research and happened to find that a friend has been involved in a similar project previously, through my research I got a bit better picture of what they are doing and how their measurement of visitors/people are moving through town.
With my ESPduino and some clever coding, I can spray the air with faked frames, to make it appear as many people are walking by, through lists of popular OUI prefixes I can generate millions of what looks like genuine phones with WiFi from popular brands, with some focus of a particular fruit brand. This will probably screw up and skew the measurements so much that the data they collect will become pretty much useless.
I’m guessing the setup will be simple, after deploying the code to the ESPduino, the hard work is pretty much done, now the fun starts. With a powerbank of reasonable capacity, you could run the ESPduino for hours. As broadcasting the same MAC-addresses over and over would not be very useful, the program would change a few of them every minute, if you got 50 faked MACs and 5 of them got changed every minute, it would look like a busy street, people coming and going. This is going to be parameters you can tweak in the program.
Why am I doing this? Well, there is the privacy angle, I do not like to be monitored, I think I should be able to walk through the city without becoming a number or a hash in a database somewhere unless I participate with consent. All smartphones today has WiFi and unless you turn it off when leaving your home, you can and will be tracked and some point or another, most people aren’t even aware of this fact and won’t even give it a thought. I want to protect them as well as myself by throwing grit into the machinery, to make the tracking data less valuable as they can not trust it completely.
Furthermore, I aim to release the full source code along with a list of OUI-prefix, so everyone interested and able, can roll their own configuration in their copy of the source code, to minimize the risk of duplicate entries at the same time. Source code with instructions on how-to setup, configure and run the ESPduino.