Summary of "How to Track the People Tracking YOU"

Overview

Demo/interview from Black Hat Arsenal of “Chasing Your Tail” — an open-source tool to detect when people (or their devices) are tracking/following you by passively monitoring wireless signals.
Built around Kismet captures parsed in real time by Python scripts; runs on low-cost hardware (Raspberry Pi family).

Kismet collects Wi‑Fi probe requests, SSIDs, MAC addresses, Bluetooth beacons and other wireless beacons (and can ingest SDR sources).
Kismet stores data as a SQLite database; the Chasing Your Tail Python modules parse that DB in real time to identify devices that reappear over time.
Detection is temporal rather than purely spatial: the system looks for the same device signature seen now and again 5–10–15 minutes earlier (or other windows) to infer following.
Post-analysis: GPS timestamps + Wigle API queries let you map where a device kept appearing (i.e., where a follower spends time — work/home).
Signatures are not only MACs (which many phones randomize) but probe request patterns and unique SSID names the device seeks — these can act as persistent identifiers.

Large, simple touchscreen interface (designed for use in a vehicle) with big buttons: start/stop, create ignore list, delete ignore list, check system status, “start chasing your tail.”
Ignore list feature: capture and ignore devices seen during setup (your own gear) to avoid self-alerts.
Real-time alerts for devices seen repeatedly across temporal windows; produces post-run reports and maps showing routes and likely follower locations.
Modular Python code (refactored with AI help) to make contribution and extension easier.

Any device that runs Kismet is suitable (Raspberry Pi 2/3/5/Zero should work; Pi5 tested). Kismet uses modest CPU (~25% on Pi5 while running in demo).
Wireless adapters that support monitor mode are required (community-recommended: Alfa, Panda). Injection is not needed for this purpose — only monitor mode.
Optional: small USB GPS dongle (~$10 used), Bluetooth dongle (for richer detection), small screen ($20–$30), SDR if you want to detect TPMS or other radio types.
Multiple USB ports allow plugging multiple adapters for better coverage.

Back end: Kismet (open-source wireless capture/aggregation).
Analysis: collection of Python scripts that parse Kismet’s SQLite DB, detect repeated signatures, generate reports/maps, and query Wigle for geolocation of SSID networks.
Project hosted on GitHub under Argalius Labs — 100% free and open source.

Personal safety: health-care workers receiving threats used the tool for peace of mind.
Force protection and executive protection: agencies have based workflows on the concept for detecting tails.
Search and rescue: several groups used the approach for locating people.
Investigative: mapping where devices/SSIDs are frequently seen can expose workplaces or habitual locations.
Detecting modern drones (long-range Bluetooth beacons) or potentially AirTags / TPMS via SDR extensions.

MAC randomization reduces usefulness of raw MACs; the system relies on behavioral/signature features (probe request patterns, SSID probes) to identify devices across randomization.
If SSIDs are generic (e.g., “Starbucks”) they’re less useful; uniquely named home or workplace networks can be strong identifiers.
Range varies by technology: Wi‑Fi/Bluetooth give better range than TPMS; detection distance depends on antenna and environment.
Ethical/legal: tool is for defensive/legitimate uses (force protection, safety, search & rescue); misuse or privacy implications should be considered.

Get a Raspberry Pi or any Kismet-capable device.
Attach a monitor-mode wireless adapter (Alfa/Panda recommended), optional Bluetooth and GPS USB dongles.
Install Kismet and run continuous captures.
Install the Chasing Your Tail Python scripts from the Argalius Labs GitHub repo.
Configure GPS and Wigle API key (optional) for geolocation reporting.
Use the UI to create an ignore list during setup, then start monitoring; review alerts and post-run maps.

Demonstrated at Black Hat Arsenal; the presenter improved the codebase and demo with help from AI and community feedback.

Sponsor/security posture advice mentioned during the demo: “deny by default.”