A defence contractor has figured out how to track you without ever needing your name, face, or numberplate. The product, SignalTrace, instead listens to the devices you're carrying, and their sensor clips onto existing cameras your city has likely already got mounted. 1/12

Its full name is ELSAG SignalTrace, made by Leonardo. The product page subheading is, verbatim: "Identify Suspects by the Electronic Devices They Use." In surveillance tech this is actually refreshingly honest. They aren't even trying to hide it. 2/12

The honest truth is that you don't need to know who someone is to track them. You just need a combination of things they always carry that nobody else does. 70 cars might have an iPhone; only 1 has this iPhone + an Audi head unit + specific Bose headphones + a Garmin. 3/12

That precise constellation, seen together at the same timestamps in the same places, is always you. It works because every device you own shouts a stable-ish identifier into the air whether you asked it to or not. Bluetooth, Wi-Fi requests, RFID, the radios in your car. 4/12

No hacking. No decryption. Just listening & storing. And because it logs which signatures travel together, it surfaces devices frequently near yours. Leonardo calls this "detecting convoys." Read that as: who you commute with, who you live with, who you keep meeting. 5/12

Here's the genuinely significant bit: SignalTrace doesn't need new poles, new contracts, or fresh public approval. It clips onto ELSAG cameras agencies already bought and already mounted. Any department running them can switch device-tracking on without a new procurement. 6/12

The @EFF has a name for this: mission creep. Infrastructure approved for one thing quietly grows into another, and the second thing never has to face the vote the first one did. Cameras approved to read plates can now log every device that drives past them. 7/12

Leonardo's reassurance is that SignalTrace doesn't decrypt your messages. This is true, & irrelevant. Nobody building a movement-tracking system needs your texts. They need to know a unique bundle of radios was on this corner at 8:14am. Metadata was always the product. 8/12

They also say data is only accessed "when a crime occurs." Notice what that governs: access, not collection. Everyone's signatures get swept up regardless. The promise is only about who opens the box afterward, not whether to fill it. And that box is filled to bursting. 9/12

What you can do: - Turn Bluetooth and Wi-Fi off when you aren't using them. Radios that aren't on aren't broadcasting. - Check MAC randomization is enabled. - Audit the silent stuff: tile trackers, tyre sensors, dash cams, head units advertising to nobody. 10/12

A Faraday pouch can help, but research the product... most are marketing fluff with very little upside. The real fight isn't personal hygiene though. It's whether your nearby agency can bolt this onto existing cameras without a vote. That's a local council question. 11/12

The thing about this development is that not much has really changed. What they've done is taken all manner of signals that are hanging around and pieced them all together. A network built to see cars just got upgraded to recognise the people inside them. Not good. 12/12