/ Shopping, Technology

Shops are spying on you – but does it bother you?

Eye spying on you

Threatened by competition from online retailers, shops are introducing new technologies to find out more about you, the customer. Do you find shops analysing your behaviour creepy, or are you happy to accept it?

You may not realise it, but when you’re sifting through shirts to find the right size, or deliberating over which brand of shampoo to buy, what you’re doing is both fascinating and valuable to retailers.

That’s why new technologies that monitor shoppers’ behaviour are becoming more common.

What shops are doing

Your smartphone is a great source of information for shops. It’s constantly communicating with nearby phone masts and wi-fi networks, and in doing so it’s sending out unique IDs which some shops can pick up. They use them to measure how often you visit the store, how long you spend in there and how you move around. They can even track people who are just walking past.

Sign in to the in-store wi-fi, and shops can find out even more about you. Some in-store wi-fi providers track customers’ locations within the store, and cross-reference this with any demographic information you’ve provided. In some cases, the sites and apps you use over the wi-fi are recorded and fed back to the store.

Then there’s in-store movement tracking cameras. These can measure how many people are going in and out of a store, which areas of the shop you’re spending time in and for how long, and even the items you’re picking up off the shelf.

And some digital video screens showing adverts can scan your face and determine whether you’re male or female and which age bracket you fall in to, just by examining facial characteristics. Advertisers look at the demographic data for particular times and places, and use it to tailor the ads they show.

Creepy, or nothing to worry about?

To me, there’s something inherently uncomfortable about a camera tracking your movements or analysing your facial features, even if you’re not being filmed. But the solution shouldn’t be for shops to keep quiet about the tracking that’s being done.

We think it’s unacceptable for retailers and technology providers to say – as some did – that customers don’t need to know that anonymous data is being collected on them, or to hide the tracking they do deep within a privacy policy that customers are unlikely to read while out shopping.

Shops should be upfront about what monitoring they’re doing, explaining the benefits for customers and laying out how their anonymity will be protected – and where possible, they should provide a way for customers to opt out if they’re still not comfortable with it.

What do you think – does it make you uncomfortable to know that shops are analysing your behaviour? Or do you think it will make for a better shopping experience?


Which shops are monitoring GSM signalling? How do they match the phone’s IMEI number to the shop customer? They wouldn’t know the identity of a customer from a phone’s IMEI number. Only a mobile network would be able to do this. It sounds rather far-fetched.

I often use free wifi in many retail businesses, for example O2 and The Cloud. I realise that my visit to each business will recorded by my use of the wifi, but this is the price I pay for using the wifi, so I don’t mind.

May I give you a recent example… I went to a certain fast-food restaurant of an evening. The next day I was served with a survey from ‘Google Rewards’. I use an Android phone and use this App to earn a bit of money answering surveys. The survey asked me if I was in said fast-food restaurant at said time on said day. I didn’t answer, but Google/fast-food restaurant knew where I was.

I wonder how clever these companies are with interpreting information about individuals. Will they manage to work out that I left without buying anything was because I did not appreciate having to listen to piped music? I hope so.

Something my mother and I love doing when we go past ridiculously expensive items in a department store is to point at the price tag and laugh with our mouths wide open holding our bellies, all silently and with exaggerated gestures, and then walk away, hoping that the CCTV cameras will pick us up. Now that we both finally have smartphones and after reading this article we’ll probably do that even more often.

This article on SpyBlog some years ago said Path were capturing TMSI — a temporary ID number assigned to your phone when it picks up a signal — rather than IMEI. Perhaps Matt has more recent information?

Might I suggest that when you pay for something that the proximity to a till and your payment card timing would work fine if they wanted to ID you.

BTW the second link takes you to an archived copy
Which? Archive
This article, Protecting personal details, was last updated on 30 July 2008 and is now out of date and held in our online archive for reference. Explore our latest Technology articles.

Thanks for spotting that one Dieseltaylor. I’ve removed it and added a different link further up the article. It’s about security tips when using public wi-fi so will be a little more useful. I’ve also added a link to the best and worst high street shops in the useful links section 🙂

Ever since Google Street View arrived it has been obvious that Big Brother is watching us and there is little we can do about it unless the surveillance is illegal or we can introduce legislation to make it illegal.

I’m happy with surveillance if it helps to catch shoplifters and deter crimes such as assault on staff and other customers.

I wonder how much this monitoring of our behaviour costs, though it is obvious that customers are having to pay for being watched.

Google Street View is not surveillance. It is a one-off snapshot of public places, the same view that can be seen by anyone.

It might not be surveillance but many are not very impressed by the invasion of personal privacy, which is an important factor in surveillance.

I don’t see how Google Street View is any invasion of personal privacy. It is only a snapshot of what can already be viewed from public places.

Last year I saw the Google Street View car while walking along a main road. I remembered the place, and several months later I managed to find myself on Google Street View. I don’t have a problem with this. I was in a public place and in any case Google blurred out my face.

I’m not concerned either but there were a lot of protests when Google introduced the service and many are still not happy with it. Rather than acting professionally and checking photos for faces and registration numbers, Google waits for complaints. A couple of my nephews appeared on Google Earth and so did the my neighbour’s car parked on the drive, neither faces or the number being blurred.

There were many complaints back in 2009 (some information is still online) but now most of us just accept the loss of privacy.

I have no problems with surveillance in shops in connection with crime, but I do wonder what shops might do with what information they collect. Perhaps I shall leave my phone at home next time I visit Tesco.

I don’t understand why people aren’t happy about Google Street View. Nearly all faces and number plates are blurred out. Compare this to Yandex Panoramas (Яндекс Панорамы), the Russian equivalent of Google, which doesn’t blur out faces or number plates in any of the countries that it covers.

The Germans seem to take particular exception to Google Street View. Try looking at Berlin, including very prominent places such as Checkpoint Charlie, and you’ll see lots of buildings greyed out because residents have requested this. Although I admire the Germans’ approach to privacy, they take this to an unreasonable extreme when it comes to Google Street View. Consequently Google discontinued adding new German cities to Street View.

Have you ever been on Google Location history? As I have an Android phone, it uses my location. I’ve just been having a look and it has all my historical journeys, including me going from home to work etc etc. It’s a bit creepy and I’m going to delete all the data: https://maps.google.com/locationhistory/

Patrick – I have an iPhone but used to use Google Latitude before it was discontinued in 2013. I opted in to Google recording my location history. I found myself often wanting to know when I had been to a particular place, and this location history was a very useful reference. Now the iPhone optionally records one’s location history locally on the device under “Frequent Locations”, which is equally useful and is not stored on a third party’s server.

Thanks Wavechange, I had it turned off for one google account, but not the other. All off now 🙂

I’ve turned off Google Location History a long time ago, but when I had it on I found that it was recording that I had travelled 523 miles while I was fast asleep in my bed. What was happening was that it couldn’t pick up a GPS signal indoors, but was hopping between several mobile phone masts throughout the night and recording those as journeys.

I suppose his has its uses for people needing to set up an alibi – they can send somebody out with their Android. Not that I require this facility at the moment.

I cannot really imagine you out and about with a robot that looks like a human, John.

Always one step ahead, Wavechange!

No, obviously I meant “Android phone” as frequently promoted by Patrick. I wouldn’t mind having a personal robot though, especially if I could navigate it from the comfort of home and transmit instructions to it while it was working for me.

Kingsgate Shopping Centre Huddersfield

” If visitors want to use the centre’s free wifi, they are asked to hand over information. To sign in they’re encouraged to use social media services such as Facebook, and agree to giving Purple wifi access to elements of their Facebook account, including their email address and likes. This information can then be used to target bespoke emails.

“What we can do is target our marketing more specifically,” said centre manager Jonathan Hardy. “What it will enable us to do in future is to say to loyal customers, to specific genders or age groups…. we have these offers on at this specific shop that will appeal to you.”

Using the free wifi also means shoppers “like” the Kingsgate’s Facebook page, meaning its Facebook posts will appear on shoppers’ friends’ newsfeeds.”

From Channel 4 program 25/3/14

I routinely keep my phones off as I only wish to use them when I want to call people.

Lady London says:
28 March 2015

Be careful, technically phones can track you even if it it switched off. To make sure you would need to remove the battery.

I ought to mention perhaps that I have been receiving Mobile Commerce Daily since May 2014 so actually have a raft of information on developments from the Commerce viewpoint. It tends not to mention the data leaks and privacy issues.

The European experience during the last century and the treatment of Dr. Kelly make many people question how much should you trust the “Government” with all information. Whistleblowers need protection and if we are all logged somehow somewhere that may well discourage citizens from spilling the beans to the detriment of society as a whole.

If we are to increasingly monitor people then we need to make sure people are fully aware that commercial entities do not deserve the same “trust” as the Government. There is a lady AFAIR in the US who is maintaining we should be paid by the marketing companies to study our habits not get a free ride off our data and them be able to sell it interested parties..

Perhaps it’s my age but I find such actions intrusive and rather insidious just as I find that if I’ve looked for a product online I then get bombarded with adverts for that product. It all smacks of Big Brother.

You can do a lot to prevent this by automatically deleting your cookies every time you start your browser. Cookies are the means by which web sites track the web sites you have been looking at or to which you have deliberately authenticated. Try using Firefox and install an add-on called CookieCuller. Every time you start Firefox, CookieCuller will delete all of your cookies except for those you specifically choose to preserve, for example because you don’t want to have to re-log into a particular site every time you use your PC.

It should be the default NOT to track us. If we want targeted advertising we should have to opt-in, just like we should have to opt-in to receive marketing calls and to be tracked via our mobile phone.

Wavechange, there is already a “do not track” request sent with the HTTP headers of most modern browsers, so what you say is supposed to be already in place. Unfortunately, in practice, this doesn’t seem to work because it relies on websites to voluntarily respect your “do not track” request.

Age concern bothers me, why does a charity shop need this .why waste the charity money on something like this when it does not benefit those who need it. I will no longer support them by donating or supporting them through this blatant waste of donated money.

Several years ago the BBC regional news program for this area reported that one of the main shopping centers in one of our cities was using this technology. The owners of the center said that there was a sign up at the entrance to inform people about it. But the sign was so small that when shoppers were asked if they had seen it they all said ‘no’. There was a big outcry about it and in the end the system had to be turned off due to public demand and people avoiding the shops. So I’m suprised that the industry has still pushed for this invation of personal privacy to go ahead.

There needs to be a new law that says nothing can be introduced that automatically opts people in to something, even if they have the right opt out. Everything must be ‘opt in’ only. This is a basic human right. Nobody has the right to opt anybody in to anything without asking first.

Many people don’t know about tracking in the first place so they can’t opt out and why should they have to spend there time doing so anyway. As for people being tracked as they walk passed a store without even going inside, who would bother spending time to opt out of that ? So we end up being monitored even if we don’t want it. It has to be stopped and made into opt in only. That’s not all bad for the store because they can use incentives like offers to get people to sign up to tracking.
I hope Which? will campaign for an ‘opt in’ only law for everything.

We are celebrating the 800th anniversary of the Magna Carta this year. It needs updating: “Except by the will of Parliament the Citizen shall not be opted-in to anything without their express consent”.

Ah yes. Magna Carta, also known as Magna Carta Libertatum (Latin for “the Great Charter of the Liberties”). With all this surveillance, perhaps too many liberties have been taken.

I was bemused when I had a receipt asking whether I’d like a test to see if I had a cold/flu after buying some cough sweets from Boots. What next, a receipt asking if I’d like dietary advice if I buy a Snickers?

Knowing the personal and intimate things available in Boots the mind boggles.

A responsible health shop and pharmacy wouldn’t sell chocolate bars and othe foodstuffs devoid of goodness.

they dont just spy they use details and bomb ya with sales calls and junk mail then sell your details to other call centers

I bought a smartphone case very cheaply from China which acts as a Faraday cage to slip in the smartphone. It means that you are “incommunicado” for the duration but is useful if you wish to frustrate any followers and its use is not an onerous habit to acquire.

For generations schoolboys up to no good have been on the lookout for something that will make them invisible and frustrate followers. As their escapades evolve in the digital age I think you’ve hit on the closest possibility yet.

You would need to bring Harry Potter into the 21st century, John.

In Japan it is not at all uncommon to see people wearing white masks. I was told they were them if they have a cold to stop it spreading or if they suffer from allergies. I am not sure what the response would be if I walk into Waitrose incognito wearing one of these if I explain to them I am wearing it for health reasons and I am also allergic to the scent emanating from the perfumed candles and sprays on display!

We noticed a lot of Asian tourists [possibly Japanese] in Italy last year wearing masks. I wasn’t sure whether they were protecting themselves against the pollution of Napoli or protecting others from their own infection. In view of the numbers involved I deduced it was the former. They seemed content to wear the masks for much of the time, as though it were habitual and the usual practice in their own country. A change of atmosphere, even without pollution, can cause a reaction; even going from Norfolk and spending a few days in London I notice the difference and am glad to get home, but I don’t think I would wear a mask. I’m not referring to Waitrose here, but I should appreciate it sometimes if the staff on the deli counters and other open serveries would cover their mouths and noses. The glass counter screens in the post office are a good demonstration of how airborne infections can proliferate.

I haven’t encountered Potter, initial H – is he on this blog? My mind is more in the Jennings and Darbishire generation.

Ken Dodd recounts the tale that as a schoolboy he sent off for a “Seebacktroscope” so that he could impress his friends and confound his enemies. He was never stabbed in the back so it must have worked.

Struggling to get back on topic, I was wondering whether a piece of cooking foil would act as a simple Faraday cage. It foils chickens but would it work against a determined espionage agent?