Wifi/BLE Paxcounter Project with ESP32 boards

(Verkehrsrot) #21

Every wifi router is doing that.
I think the root problem here is that the signalling communication in Wifis happenes (still) unencrypted.

Since this is a TTN forum, let’s turn your question in more TTN related one: Every TTN gateway, which is using the wide spread Semtech packet forwarder, is pushing it’s complete signalling traffic unencrypted via the internet to a LoRaWAN server, regardless if the received packets are intended to be processed by this server, or any other LoRa network. The unencyrpted signalling payload contains a unique DevAddr (is this personal data?) and some other data like exact timestamp and RF parameters which could be used for fingerprinting devices.

Do you think a LoRaWAN gateway is eligible to do that without the need to warn users that it will do so?

(Verkehrsrot) #22

I added a branch for TTGOv1 board, but don’t own such a board.

Can anyone here, who owns a TTGOv1, test the code?

(Verkehrsrot) #23

TTGOv1 support now integrated in master.

(Wodec) #24

(in Dutch) https://www.ivir.nl/publicaties/download/PrivacyInformatie_2016_6.pdf

(Verkehrsrot) #25

I have an idea how to solve this clean in the Paxcounter:

(Remko) #26

Interesting paper.
It shows that counting is possible when precautions have been made.
It also shows that rules of one country cannot be applied to another.

(Verkehrsrot) #27

Meanwhile it was reported to me, that it works on TTGOv1.


The intention of your PAX counter system is to identify and count people without them knowing they are being counted.
I’m glad the law is as tight as it is - it stops idiots using software similar to yours that can randomly measure people in areas like toilets, places of worship or snooping on their neighbours gardens/houses.

Lorawan does not set it itself up for that purpose. The clues are in the names :wink:
In the end, it is all about the intended use. Thankfully you have included some warnings in your notes, but any proper use of your software is what it is until the privacy issues are confirmed solved.
One way to solve this may be that you only provide the compiled software image?

(Verkehrsrot) #29

The intention is to count people, not to identify them. The code proves that, because there is no kind of analytics inside it.

I’m not sure what national country law you reference here. It depends on use case and national law, what is legal and what’s not. I added warnings in the readme file, to point this out.

In my opinion LoRaWAN is a data transmission technology, not less, not more. It has no restriction or intention on certain use cases, as long as they fit to the LoRaWAN footprints like duty cycle, etc.

You’re welcome to make the world better by contributing a hash & salt function to this project!


As I understand it, this is not true!
The software works by identifying first and then recording its existance in an internal “table” (so you can discard repeated pings?). You can only discard if you have identified the Mac address previously and hold it in memory (it doesn’t matter how long for)
You can only be correct if on each scan, you just accumulate the total number of Macs found per scan (and you didn’t record the MAC address), but as you say you don’t do that because you are trying to find a way of hashing the MAC address?



Nice work, I wanted to give a try, but no luck, can’t compile due to this issue

(Verkehrsrot) #32

I added the missing library dependency in platformio.ini, it should now be automatically downloaded and installed, if not present. Thanks for the hint!

I can’t give support on how to install / update a platformio installation, since i’m new to it. I had no difficulties installing platformio and get it running on a Win 10 Visual Studio Code.

Maybe these instructions on platformio website give some help to solve your problem.

(Bsiege) #33

Brave new world!!!
Everybody who carries wave emitting devices should know that this information could be recieved and identified by anyone. This paxcounter project is IMHO one of the less concerning (mis)use of this data. And to have legal parity, in this case everybody that emits data should inform the surrounding that he is emitting data and does not allow anyone to recieve this.

Hey, lets make an APP for this!! :wink:

(Bingo600) #34

Would it be possible to make a “Non LoRa” Source version of this one , that just uses the display ?

I could use a few in an environment, where LoRa (any) transmission to the outside world is “forbidden”


(Verkehrsrot) #35

It’s an open source project, you’re welcome to open up a branch in the repository and remove all LoRa related code. Shouldn’t be too much effort.

(Bingo600) #36

Expected that ansver :smirk:

It would just be so much easier for the author, to do that :thinking:

Well thank you for a nice OpenSource project :+1:


(LoRaTracker) #37

Yes to you it would be so much easier if someone else would do the work.

So why dont you give it a go ?

(Bingo600) #38

Why are you being smart here !!

I was implying that the author could do it, in 1/10 of the time.

Not that i wouldn’t give it a go.


(Jac Kersing) #39

But that still takes the authors time and the author isn’t interested…

(Bingo600) #40

I noticed that, and that’s ok , still a nice proj.
I’ll give a rewrite a shot, and can use some of the original code as inspiration.