rangerovers.pub
The only place for a coil spring is up Zebedee's arse.
Member
avatar
Joined: Dec 30 2015
Posts: 3208

When I opted in to the FON service I was told clearly that by doing so I consented to my own hub being made available to others. FON access is limited to 1Mbs so if you've got a fibre connection running at 50 Mbs, then it is using 2% of your bandwidth. Big deal, especially when you consider that if you are connecting over 2.4 GHz wi-fi then you are only going to be using half of your available bandwidth anyway as 802.11g protocol runs out of steam at around 24 Mbs.

BT aren't revealing the locations of their customers either. If you live in the middle of nowhere and are the only house then it's pretty likely that the FON hotspot you can see is from your house but not necessarily. If you live on a modern housing estate, or even better, in a block of flats, how would anyone know where the hotspot is located from the multiple address? The other way of not revealing your address is to change the SSID on your hub to something other than the default BTHub6-xxxx then it wouldn't be possible to link the FON hotspot to any particular hub.

Member
Joined: Sep 02 2016
Posts: 320

You probably Opted In to "FON" over 10 years ago then: That's fine - as it was your choice to do so: The problem however is that since 2009 it has been an automatic Opt In, and that's not so fine: It means BT made that decision for customers (and presumably hid this away in their small print somewhere ?); The question then is how/why exactly they thought this change acceptable/appropriate/etc...

Incidentally in my case - as I described above - the chap using part of my hub for his SMSs used a Company van and would often not move it unless I was insistent: When I explained I would photograph this obstruction of his and send it to both the Council and his Company he called the police to say I was "threatening" him (!): Now that's when it all became a very big deal to me, and so I did as said I would......

BT are certainly revealing the locations of their Customers personal Hot Spots as in many cases it is very easy to identify those individual Customers, and they have not been asked if that is OK to do either.... It is not really acceptable for them to say "well there are so many ( grouped together ) it is hard to tell" either ! In fact more recently I located a few neighbours locally and asked them if they were aware of this FON facility and none were....

If you check around on the web for this (eg. "BT FON disable") you will see many are irritated by BT's underhanded policy on all this; As for changing SSID's etc on their Hubs I simply advise folks concerned to change to a non-BT Hub instead; just try de-registering your FON service and see what I mean !

Suitable analogies are difficult but if Householders found out that their Power Supplier was also effectively using 2-10% of their bill to light the lamp-posts outside (and were not up-front about it) there would be mass trouble for sure !

Member
Joined: Dec 30 2015
Posts: 1340

Hang on, are you saying that the BT FON system releases personal data? (ie data that identifies an individual).
The fact that there's a BT hub in a certain property isn't personal information, but if a name or email address came up that's a different matter.

Member
Joined: Sep 02 2016
Posts: 320

Is your address and the fact that you are a BT Broadband Customer 'personal' information: I would say so !

What I am saying and repeating is that BT are providing FON Hot Spots and not actually (and clearly enough) revealling how.....
Do as I did: Identify and explain it to any unsuspecting (BT BB) neighbours: You may be surprised by their reactions !

For clarification I am stating that all such facilities should be OPT IN not automatically defaulted to that, and that is very
close to the intentions and aims of the GDPR....

Member
avatar
Joined: Dec 30 2015
Posts: 3208

I opted in in May 2011 when I moved to my previous house. I admit it may have been that the default was In so requiring an opt out but it was still made clear what was involved. As for identifying customers (and therefore coming under GDPR), how does knowing what address contains a BT home hub identify the owner or provide their personal details? It doesn't, so there are no personal details being given out. OK, so I can tell which of my neighbours are using BT, which are using Sky and which one is using Talk Talk. How does that give me any personal information? That fact that the couple living at number 2 use BT doesn't tell me anything else about them. What personal details can be obtained by knowing that someone uses BT as their ISP and live at a particular address?

As for the attempted analogy about the power company, that would only be relevant if your broadband was metered but FON is only available if you are on an unlimited tariff. If you are on a capped tariff then it isn't an option.

I'm still a little confused why someone would need to use you internet connection to send SMSs, emails maybe but not SMSs. An SMS is sent over the mobile network not via the internet. And why would he choose to use your service when there are thousands of others that he could use? In the village where I live there is a population of 2,455 people, so, assuming 2 point something people per household, that's roughly 1,200 households and there are 416 BT FON hotspots in the village. So if I wanted to go and use someone else's, very slow, connection, I could but why would I choose one over the 415 others available? Now if you have changed the password on your main connection to something easily guessed, then he wouldn't be using the throttled back FON connection, he would log in to the unrestricted one. Then you could simply block his MAC address. In the old days you could log in virtually anywhere as anyone with an SSID of Linksys often hadn't changed the password from the default of password. Alternatively, why not just turn off FON on your hub? You won't be able to connect to anyone else's hub but as it seems to bother you so much, why would you care?

Member
avatar
Joined: Dec 30 2015
Posts: 3208

davew wrote:

Is your address and the fact that you are a BT Broadband Customer 'personal' information: I would say so !

Utter bollocks. No different to someone seeing you using a Tesco carrier bag to put the contents of your kitchen waste bin in the dustbin and concluding you are probably a Tesco customer. Personal information is anything that identifies the person not where they do their shopping or who they use as an ISP.

Member
Joined: Dec 30 2015
Posts: 1340

Gilbert is right. Personal data relates to an identified or identifiable natural person. ie the data under consideration needs to describe an identified individual. If BT FON SSIDS said "DaveW'sAccesspoint" and then gave out your address, DoB, or other info there would be a problem.

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/

Member
Joined: Sep 02 2016
Posts: 320

Ok, so now I am talking ‘utter bollocks’, cheers chaps !

In fact FWIW the ‘nasty van man’ mentioned had been parking there for months, 2-3 times a week, usually 10-11 at night, engine running and was, as stated, obstructing my drive (and three others)…. So he was causing a problem for quite a few households: One time when I asked him to move so I could get out of my drive he stated “(only) when I have finished my SMS mate” and then the (escalating) police problem I described started. In fact I wondered why he did not just put his pad down on the passenger’s seat and move down the road but there was no parking space for several houses (as the road is narrow)…anyway it looked like he was using some kind of free on-line SMS-sending app. (instead of the usual side channel of his mobile provider for this). Unfortunately I was unable to ascertain why he was doing that, just that he did not want to move immediately and thus drop his (WiFi) connection. As far as I could tell he was doing something ‘nefarious’. His Company was very apologetic when I contacted them; His activities then ceased and so I am unable to ask him just what he was doing and why.... but it did reveal the whole "BT-with-FON" problem (and not just for me) !

It is interesting how I am apparently having to justify my (overt) stance here rather than BT justifying their (covert) automatic opt-in stance !
All I can say is that my neighbours were very grateful when I (finally) worked out what was going on and stopped it.

Incidentally that ‘power’ analogy I used was how one of the BT BB neighbours described it. Possibly a coincidence but many of these users were inundated with Virgin Media offers too... or maybe we are all paranoid !

Part of the problem here of course is explaining what Big Data companies are doing (and how) by comparison with the usual (eg. retail) situation/s. [“Cookies” are a good example: If I go into Halfords I don’t expect them to let all their friends that I was there looking at batteries (or whatever) so they can mail me offers etc, unless I tell them specifically that it is OK to do so.]

Similarly it seems like a joke that Huawei is banned for possibly providing 5G hardware that is ‘a security risk’ when FakeBook and co have been doing this kind of monitoring for years (but it’s OK because it is Software-based and so Governments don’t understand it so easily…)

GDPR – and its related principles - are all there for good reason/s (albeit a bit late...) ; OPT-IN Rules (as I may have already mentioned once or twice....) !

Finally I did not write this either:

“…Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person…”

Member
Joined: Dec 30 2015
Posts: 1340

I think you're taking the opt in stuff out of context. These rules only apply to gaining consent to process personal data under GDPR. GDPR only applies to PD. What personal data do you feel is being processed by the BT FON system? (whether pseudonymised or not).

Member
Joined: Sep 02 2016
Posts: 320

With respect Morat, having already had to justify my actions on here I am not about to have my apparent interpretations of OPT IN used as an example of me "thinking bollocks" too !! In fact I know quite a lot about "Analytics" and how it has been used for years to profile people, and that GDPR is a (belated) attempt to address that....

However it is simple enough, Consent requires me to agree to something directly, not by 'implication' or 'other means', for instance:
https://www.mailjet.com/gdpr/consent/

It is not about what I 'feel' either. My example was clear enough so I wont repeat it: BT have unlilaterally (and covertly) signed BB Customers up to FON; To sign on you need an e-mail address, typically BT Yahoo, part of 'OATH', who will happily also harvest data for "their own use and 'selected' partners".. (and frankly I know a lot more about BT than to believe they are 'doing it all for us Customers' etc either... the ultimate marketing lie !)

Anyway, the 'final' (GDPR) paragraph explains how this works; No single organisaton necessarily contains non-compliant 'Personal Data', but comparison of several databases may do this, as you know.... and so such effectively pseudonymisation contravenes GDPR principles too, as that paragraph already explained....

What I will end on though on is a positive note: Following on from my 'van man' incident a (not so) nearby BT BB neighbour contacted me to ask if that could be why he 'was plagued by noisy kids parked outside his house on Friday/Saturday evenings until the early hours interrupting his sleep' (and requiring him to pick up their fast food litter deposited on the grass verge in the morning) ? I explained FON Hot Spots to him.... (he had no idea he was OPTED IN of course, and was incensed especially as the BT "Help Desk" person he spoke with was apparently clueless about it... ).......

Solution ? First I showed him how to turn off the wireless facility with with his PC/Admin access... as this is overly complicated I installed a non-BT (TP-Link) Hub for him instead, one with a physical switch to turn off Wireless; Result ? No noisy kids Fri/Sat and his all-important sleep restored !!
The following Xmas I received an excellent bottle of Single Malt Scotch from him too; Cheers BT BB FON !!

Member
Joined: Dec 30 2015
Posts: 1340

Dave, just want to point out that I didn't accuse you of talking or thinking bollocks. I'm genuinely interested in what personal data you think is being revealed by BT FON.

I'm also concerned that you're going to cause trouble for yourself if you try to argue the law incorrectly. There are two areas that trouble me:

  1. I'm not convinced that BT are processing personal data by providing the BT FON service. The fact that they have your personal data for other purposes doesn't necessarily bring BT FON into the realm of GDPR. The fact that they could look your name/address/email up in one database and link it to a router MAC address in another database doesn't mean that they do. Or that they provide that information to employees. I'm not sure what advantage they would gain from doing that either.

Of course BT FON was introduced before GDPR so there won't be a Data Privacy Impact Assessment on record - but there may be one day if BT ever alter their service which would make this easier to understand. However, you might be able to get some more relevant info from their Privacy Statement.

  1. IF there is a link between the two then consent still isn't necessarily required to process your personal data. BT could process your PD using one of six lawful basis. One of which is consent, sure - but that's the least smart move as consent can be withdrawn at any time and that's a massive pain in the arse for any business.

The most likely basis, I'd suggest, is Legitimate Interest which would allow them to process the PD required to provide their services. (As long as it is not excessive, is accurate and subject to the organisation and technical protections required to ensure security)

So, really what I'm saying is that I don't think you can use GDPR as a legal challenge to BT switching on BT FON by default even though I do understand that it's a dick move by BT to do so.

Member
Joined: Dec 30 2015
Posts: 1340

davew wrote:

Is your address and the fact that you are a BT Broadband Customer 'personal' information: I would say so !

Your address on its own is not personal data - it does not identify a person, it identifies a house.
The fact that a BT router is in the vicinity is not personal data (even if you can work out which property it is in)

Taken together, your name, your address and the fact that you are a BT Broadband customer would be personal data, but I'm struggling to see how you would link the three together from a BT FON hotspot. That's my main issue with your line of argument.

Member
avatar
Joined: Dec 30 2015
Posts: 3208

I'm afraid it was me that accused you of bollox but only in that you were saying that BT were in breach of GDPR by opting you in to FON, knowingly or not. BT have your personal details anyway, your name, address, bank details, every single telephone number you have called, the amount of data you have downloaded from the net, etc. All of that they have, and are entitled to have, as you are a customer of theirs. The other data they have, as they supplied it, is the MAC address of your home hub. However, what they are not doing is publishing any personal identifiable information. Anyone can see that my BT hub has the SSID of BTHub6-WR3Q but they can't find out who owns it just from that. OK, they can conclude that it is in my address as the strongest signal they receive from it is when they are directly outside but that still doesn't identify who owns it (other than it belongs to that bloke that lives in the house of the corner with 3 P38 Range Rovers parked outside).

As for personal information that is pseudonymised, in just the same way as some of us have Googled RRToadHall and found that his real name is Carl Christy, anyone can Google Gilbertd and probably find that it is regularly used by a bloke known as Dick Gilbert (who is actually called Richard Gilbert). If anyone was then interested enough, they could look up the voters list and find my address. So should the voters list be subject to GDPR as it contains personal information that allows you to identify someone, or does the fact that you already know the name mean you already have identified them?

Finally, anyone that doesn't use the FON service can simply switch it off on their own hub (which means they will then no longer be able to connect to anyone else's) but nobody else can connect to theirs. They opted in, knowingly or otherwise, to a service, not to having their personal data revealed.

Member
Joined: Sep 02 2016
Posts: 320

(Sorry Morat but for some reason your first answer (#71) was not visible to me before I responded to #72 here !! Perhaps a 'refresh' issue/servers etc or BT/GCHQ etc are monitoring me now ??!)

Yes Morat, and that statement (#72) already earned an "utter bollocks" remark of course..!!... but it is not MY statement/definition of Personal Data here it is all part of GDPR Principles

OK, look at BT's local coverage map (as I suggested) and you can most certainly identify individual house/s (as those kids did to my neighbour, who is ill and needed his sleep etc; Thus BT seriously impinged on his health by their FON OPT IN 'default': That on its own is enough to fall foul of those principles).

The problem here is always the same: I have been around this loop a few times now and it is always the same: Everyone apparently thinks their data is sacrosanct until it is used for a purpose they did not sign up to, or, as in that link above you probably also did not follow, " NOT saying NO is NOT the same as saying YES "! (aka CONSENT)

So here it is in a nutshell: Even if you do OPT IN to FON BT still have to ask you specifically if it OK to display your location on a map !

Back to your remarks in #71 again :
Maybe this MAP Permission is hidden away in BT's Ts&Cs somewhere in obscure legalese....
In fact I will now ask them and let you know what they say. OK !?

Knowing BT they will either ignore my question (several times), or suggest I call their FON Help Line...... so don't hold your breath !

Member
Joined: Sep 02 2016
Posts: 320

Just saw your note as I posted mine Gilbertd/Richard !

Perhaps this is the best way to address the issue then: If relatively open usage of our Personal Data is fine/acceptable, why was the GDPR needed ?

Of course, GDPR is not well supported in the US; That issue with Toad simply illustrates that GDPR is probably too little/too late (?)

I realise this stuff may be new to many but it is not to me; Decades ago I attended a seminar where BT proudly announced they had reverse-engineered The Telephone Book: Why ? So that cold-callers could target addresses on whole streets sequentially; We all know where that led of course.... (and don't even get me started on the related topic of how offshore callers can emulate UK Caller ID numbers either) !

Sorry I forgot to say that yes you can turn off your Router/Wireless, but most not-very-tech-savvy BT BB customers can't; I recommend TP-Link Routers instead !

Again this is not a new topic, many folks have been annoyed for a while too (Expletive Alert !):
https://www.reddit.com/r/britishproblems/comments/5ixlhr/fuck_off_with_your_bt_wifi_with_fon/

Member
Joined: Dec 30 2015
Posts: 1340

Dave, I've just looked at the BT FON coverage map and it does not contain personal data. As I said, an address is not personal data. The location of a hotspot is not personal data. The data on that map does not identify any living person so it is not personal data and therefore GDPR does not apply.

You may object to BT FON being enabled by default, but nothing in the GDPR will help you mount a legal challenge as it does not apply.

<quote> OK, look at BT's local coverage map (as I suggested) and you can most certainly identify individual house/s (as those kids did to my neighbour, who is ill and needed his sleep etc; Thus BT seriously impinged on his health by their FON OPT IN 'default': That on its own is enough to fall foul of those principles). </quote>

Sorry, that's just wrong. The map identified the location of a hotspot, it didn't reveal the identify of your neighbour therefore GDPR is not relevant. Was it a shitty situation for your neighbour? For sure. Should BT make it clear/easy for customers to disable BT FON if they wish? I would say so. But that doesn't mean you can use GDPR rules on consent to change the situation. GDPR is only relevant in cases of processing personal data and this is not such a case.

Member
Joined: Sep 02 2016
Posts: 320

Thanks for your response/research Morat but I would still maintain that, as my neighbour's privacy was clearly 'invaded'/'impinged upon' then both BT's Duty of Care and GDPR Principles had been infringed indirectly. The main point is that anyone signing up to "BTWifi-with-FON" after May last year may well have a Prima Facia case worth pursuing (although that is tricky as they/FON seem to have preempted all this and associated 'charges'):-

https://network.fon.com/
Ts&Cs
https://corp.fon.com/fon-application-sla/
Note, in particular their 'universal get-out clause':
“ FON shall use your current location through your mobile device only in order to show you the available hotspots near your location.
FON is not responsible for any Expenses relating to the connection to a FON or FON Partners powered by Fon WiFi Signal. “

Incidentally FON claim now to have 23M Hot Spots; They seem to have failed to mention though how many of these are OUR hubs.... !

Thanks to your questioning the validity of all this I will also ask the ICO about this specific issue too; Might also take a while though (!) Overall I tend to see the GDPR as 'a step in the right direction' but essentially something which will develop further over the years anyway, based on Governments (eventually) better understanding what is going on here with regards to what Personal Privacy and OPT IN really mean for Customers... and the situation (and legislation) will change to reflect that too.

EDIT; Just searched a bit further... (and I am now even less impressed !):-

https://corp.fon.com/privacy-policy-of-fon/

Looks like by signing up for FON you are thus authorising them for all kinds of liberties too !

Member
Joined: Sep 02 2016
Posts: 320

On cue this arrived today from Google; Looks like agreeing to their Privacy Policy means they 'own' you (and in perpetuity) ?

Warning: 29 Pages !!

https://www.gstatic.com/policies/privacy/pdf/20190122/f3294e95/google_privacy_policy_en_eu.pdf

Don't like their Personalised Ads. ? Just turn them off (and then you will get 'General' Ads . that you can't mute instead !)

Insidious...

Fortunately however:

https://www.huffingtonpost.co.uk/entry/google-knows-literally-everything-about-you-heres-how-to-stop-it_uk_5abb68dde4b06409775b7d2b

Member
Joined: Jan 16 2017
Posts: 430

davew wrote:

Thanks for your response/research Morat but I would still maintain that, as my neighbour's privacy was clearly 'invaded'/'impinged upon' then both BT's Duty of Care and GDPR Principles had been infringed indirectly. The main point is that anyone signing up to "BTWifi-with-FON" after May last year may well have a Prima Facia case worth pursuing (although that is tricky as they/FON seem to have preempted all this and associated 'charges'):-

https://network.fon.com/
Ts&Cs
https://corp.fon.com/fon-application-sla/
Note, in particular their 'universal get-out clause':
“ FON shall use your current location through your mobile device only in order to show you the available hotspots near your location.
FON is not responsible for any Expenses relating to the connection to a FON or FON Partners powered by Fon WiFi Signal. “

Incidentally FON claim now to have 23M Hot Spots; They seem to have failed to mention though how many of these are OUR hubs.... !

Thanks to your questioning the validity of all this I will also ask the ICO about this specific issue too; Might also take a while though (!) Overall I tend to see the GDPR as 'a step in the right direction' but essentially something which will develop further over the years anyway, based on Governments (eventually) better understanding what is going on here with regards to what Personal Privacy and OPT IN really mean for Customers... and the situation (and legislation) will change to reflect that too.

EDIT; Just searched a bit further... (and I am now even less impressed !):-

https://corp.fon.com/privacy-policy-of-fon/

Looks like by signing up for FON you are thus authorising them for all kinds of liberties too !

A far simpler option is just not to use BT if you don't like it. That is about the only way of actually making any difference to it as then you aren't giving them any money. Even if you had to buy wifi access somewhere for the odd times you would have used their hotspots, it would probably be cheaper anyway.

I stopped using them years ago as they didn't offer a service worth paying the price they asked for it - About the only thing I missed was isp provided email, but theirs I found to be so flakey it wasn't worth using anyway (and still works now, despite not being their customer since 2016).

Member
Joined: Sep 02 2016
Posts: 320

Well I understand what you mean BrianH but of course using the 'better the devil you know' approach I still have my P38 !

BT's 'own' e-mail service has now been absorbed by Yahoo of course.. that famous UK-company

I think we all know the Social Networking philosophy that "if you are not paying for a product then you are the product"
Or as Fakebook say "we make money from advertising (oh and selling your retails to others...)" but what is irritating here is that BT customers are paying for it, including our locations on their WiFi maps !

In order to get the 'official' view I have sent this question to FON (several times now); They did not answer:

_Please explain how my Home Hub location appearing on BT's WiFi-with_FON Hot Spot Location map is NOT
an infringement according to GDPR/Privacy principles.
_

  • To be fair if they do ever respond I am expecting an answer like "Utter Bollo(x/ck)s" !! .... (but in 'corporate-speak' obviously)
  • If they don't reply I will ask the ICO too !