Man-in-the-middle shenanigans are much harder with TLS (SSL) conversations, which unsurprisingly has been what Google has been push hard at, for years. You'd have to serve content that's from a cert-signed source. All the other browser makers have followed suit so that you can't even go to an unsecured site without huge warnings.
There's still valuable information to be gained. DNS over HTTPS is fairly rare still, you'd be able to get a lot of information from just hostnames and outgoing IPs. While you couldn't get path or form data, you're still tracking time spent on sites and usage habits.
You are very correct. Tracking their MAC addresses would be useful too, assuming the randomization of them doesn't get pushed to every new session. Currently devices will use random MAC addresses when scanning SSIDs to produce the list we see as available networks to avoid tracking, but they still use their true address when connecting.
MACs are hit and miss, mostly because they're easily overwritten. I know quite a few 00:00:00:00:00:00 users, or varied other patterns. I personally like c0:ff:ee:c0:ff:ee.
Now, that's from a technical perspective of a person who wouldn't be using random free wifi spots, so that little bit of info may still be somewhat useful.
Man-in-the-middle shenanigans are much harder with TLS (SSL) conversations, which unsurprisingly has been what Google has been push hard at, for years. You'd have to serve content that's from a cert-signed source. All the other browser makers have followed suit so that you can't even go to an unsecured site without huge warnings.
There's still valuable information to be gained. DNS over HTTPS is fairly rare still, you'd be able to get a lot of information from just hostnames and outgoing IPs. While you couldn't get path or form data, you're still tracking time spent on sites and usage habits.
You are very correct. Tracking their MAC addresses would be useful too, assuming the randomization of them doesn't get pushed to every new session. Currently devices will use random MAC addresses when scanning SSIDs to produce the list we see as available networks to avoid tracking, but they still use their true address when connecting.
MACs are hit and miss, mostly because they're easily overwritten. I know quite a few 00:00:00:00:00:00 users, or varied other patterns. I personally like c0:ff:ee:c0:ff:ee.
Now, that's from a technical perspective of a person who wouldn't be using random free wifi spots, so that little bit of info may still be somewhat useful.