Thursday, when Ars detailed a distributed DIY Stalking network that spied on mobile Wi-Fi users, several readers—such as this one and this one—said the article overstated the real-world threat. We disagreed then, but we're even more convinced of the potential for abuse following reports of the deployment in London of trash cans that track the unique hardware identifier of every Wi-Fi enabled smartphone that passes by.

Renew, the London-based marketing firm behind the smart trash cans, bills the Wi-Fi tracking as being "like Internet cookies in the real world" (see the promotional video below). In a press release, it boasts of the data-collection prowess of the cans' embedded Renew "ORB" technology, which captures the unique media access control (MAC) address of smartphones that belong to passersby. During a one-week period in June, just 12 cans, or about 10 percent of the company's fleet, tracked more than 4 million devices and allowed company marketers to map the "footfall" of their owners within a 4-minute walking distance to various stores.

Unparalleled insight into past behavior

"The consolidated data of the beta testing highlights the significance of the Renew ORB technology as a powerful tool for corporate clients and retailers," the Renew press release states. "It provides an unparalleled insight into the past behavior of unique devices—entry/exit points, dwell times, places of work, places of interest, and affinity to other devices—and should provide a compelling reach database for predictive analytics (likely places to eat, drink, personal habits, etc.)."

Reading the marketing material, one can't help thinking of the scene in Minority Report, the film adaptation of the Philip K. Dick short story, where a protagonist on the run from an authoritarian government enters a Gap store. A 3D hologram instantly recognizes his iris signature as belonging to a Mr. Yakamoto, the identity the protagonist has assumed in an attempt to hide from his all-knowing adversaries. This dystopic possibility of trash cans that can recognize passersby seems to be lost on Renew, which has hinted at the possibility of bringing smartphone-tracking bins to New York and Singapore as well.

"We will see all MACs that currently shop at the stores and we will be able to measure any new MACs arriving into the venue and the route they take," the marketers said. "By combining the Renew ORB live data with the Renew Network we can measure and affect a range of retail metrics, which may be key for the specified shop outlet." Metrics include: the specific areas inside a store a person visits, the percentage of customers who are new, and the average time between visits. Each can is also equipped with a device that "detects smartphones by proximity, speed, duration, and manufacturer." That means they could tell if the person is jogging, walking, loitering, or in a car that's speeding.

The marketing materials don't say this, but it might also be possible to attach specific attributes to the MAC addresses that are collected. A phone that goes into the women's room probably belongs to a female, for instance, while a MAC address entering the Big and Tall clothing retailer probably belongs to a person of large carriage. People who don't want to be tracked must first complete the form here, which requires them to divulge the MAC address of their smartphone.

There's no indication that Renew is observing anything more than the MAC address of the phones that pass by. But there's little stopping someone else—working for his own creepy motives or for a more nefarious company or government agency—from building a similar network that collects the same MAC address data and combines it with any unencrypted traffic that may leak out. At a minimum, that might include the names of wireless networks a particular phone regularly connects to, and in the event the phone is connected to an open Wi-Fi service while in range of the stalker boxes, the information could also include e-mail addresses, personal pictures, first and last names, and whether the person uses a dating website or other online services.

No doubt, some civil liberties advocates will push for laws that place restrictions on this type of indiscriminate data collection. That kind of remedy will no doubt curb some tracking abuse, but given the low-cost CreepyDOL stalking tool Ars profiled Thursday, it won't stop all of it. Another measure that everyone should take is to turn off Wi-Fi except when it's needed.

But even that probably won't prevent monitoring in every instance, since, as Ars noted in Friday's review of Android 4.3, some phones may continue to ping wireless access points even when Wi-Fi is off. A more effective fix is for the Apples, Googles, Samsungs, and AT&Ts of the world to build privacy-preserving features into the wares and services they sell and make it easy for average people to turn them on.

But phone makers need to hurry. The ability of marketers or creeps down the street to stalk our mobile Wi-Fi usage is only going to get easier. It's time end users had a way to fight back.