It doesn't have to be voluntary. If I have a list of all the MAC addresses/timestamps and can cross reference that against a different known list of people times (ex: credit card transactions, rewards card, even face recognition) then you can associate them. With enough data it can be very exact.

If you had face recognition and rewards cards, you wouldn't even need a MAC address to track someone.

The rewards card would be in one location, you could then know that person's identity at all stores via cell phone connections or cameras.

It can be feasible if the enough credit card or reward card usage data is gathered for you, across all the stores you visit. Hard, but possible. Still for a lot of users the entropy will be too high.

https://news.ycombinator.com/item?id=2942967 87% of the U.S. Population are uniquely identified by {DOB, gender, zip} (latanyasweeney.org) (278 points, 712 days ago, 101 ocmments)

Yes but you'd have to uniquely identify by store visit patterns, and assuming you use a trackable method like credit card, loyalty card (universal one), AND have your wifi turned on.

You listed a lot of dimensions, whereas to make the correlation between mac address and customer info, you only have 1 dimension (visits/location) to do the correlation with.

Personally, I heavily use credit cards[0], loyalty cards[1], and I leave my wifi turned on all day because Google Maps gets grumpy when I turn it off.

In practice, I find that I've needed a lot fewer dimensions than I'd expect to find people; when I was in grade school one time I cross-referenced the attendance list (for a last name), the reverse phone lookup in the white pages, and a map of the school district boundaries to figure out where a classmate lived.

I think that repeated visits to a grocery store like a Safeway would be a really good proxy for home ZIP code. Every Safeway I've visited in the SF bay area has a wifi access point, and I wouldn't be surprised if it was logging the MAC addresses of phones that pass by. Maybe some hackers will try to optimize their route home and pick a grocery store that's half way between work and home, but I hypothesize that a large enough number of people choose to run to the nearest grocery store for that "one item they forgot to buy for dinner" or for dedicated weekly shopping trips that you could draw reasonable conclusions about aggregate behaviour.

[0] I like buying stuff online; it's kind of unavoidable there.

[1] I always get this weird sense of power when I buy peaches at the Safeway at full price during off-peak and then the next week they go on sale for "Safeway Club" cardholders at the store I usually shop at.

I think it would be easy to link either your credit card or your image (if they were doing that) to your MAC if you only made two trips to the same franchise with wi-fi on.

For example, imagine they have cameras that can image your license plate. You go there twice -- they have one MAC and two sets of possible plates. The odds that you and another person were both shopping at those times is pretty low. Now they have license plate, make/model of the car, can probably triangulate the wi-fi to know what you bought each time with reasonable fidelity...