On a recent trip to Disney World, I had an unusual experience. I rode a ride. It broke. We were evacuated, and a few minutes later, I got a picture on my phone. It was an empty raft sliding down Splash Mountain, taken at precisely the moment I was walking down the emergency stairwell. It was weird.
Technology has changed the Disney experience—and not necessarily in a bad way. These days, you can get something called a MagicBand, a radio-powered bracelet that will open your hotel room door at the Disney resorts, let you into the parks, let you get onto rides more quickly, and even pay for your breakfast at Gaston’s Tavern. It’s also communicating with beacons hidden throughout the park to let Disney know what you’re doing and where you’re going.
Disney first introduced the technology in 2013 and recently updated it, but I just encountered the band firsthand on my vacation. I still can’t stop thinking about it. The very notion of wearing a tracking bracelet freaks me out. (It’s weird enough that you have to supply your fingerprint at the front gate of Disney World, as well as other theme parks, these days.) I realize that this is something I signed up for—Disney will still let you use paper tickets and avoid MagicBands if you like—but I arrived at the park pretty clueless about the extent to which Disney would be tracking my every move. It’s kind of like signing up for Facebook with the hope that you can connect with far off friends, only to realize several years later that the social network has been gobbling up your online activity in order to sell ads. You agreed to this deal. Nevertheless, you probably didn’t comprehend every detail buried in the fine print.
Plenty of retail outlets already track shoppers using beacons with radio signals that communicate with the shoppers’ smartphones via apps with permissions for location services. Google Maps, meanwhile, identifies your location basically every time you use the service. Amusement Parks and cruise ships are increasingly incorporating connected wearables in order to streamline the fun and keep track of their guests’ activities. That’s not to say that constant surveillance is fun. It’s a tortured reality that we all struggle to comprehend in the real world. Inside the walled garden of a theme park, however, it’s something we elect to do.
When I got home from my brief stay at the most magical place on Earth, I contacted Disney—as well as a notorious hacker—to find out how exactly the park keeps track of its guests.
Curious about how the MagicBand works, I did what any responsible nerd would do and cut it apart with an Exacto knife. The guts of the cuffs are relatively simple. Using simple RFID technology, the silicon-wrapper bracelets—they almost look like chunkier Fitbits—send out radio signals. Inside, there are two antennas: one for short-range radio and one for long range.
The short-range antenna is the one in action when you tap a MagicBand to a Touch Point. After the touch, the band gives you a light show—LEDs swirl around the Mickey logo and turn green. The long-range antenna is, for lack of a more specific term, the always-on antenna. It’s sending signals out to beacons so that Disney can collect (somehow anonymized) data about its parks’ guests.
I don’t remember signing a document that explained the MagicBand’s far-reaching surveillance, specifically the long-range beacons tracking my every move. There is some legalese in the park’s terms and conditions and an obscure corner of Disney’s FAQ about the technology that mentions that the bands “provide information that helps us improve the overall experience in our parks.”
The idea makes great business sense. The company actively recruits mathematicians to examine patterns related to everything from food consumption to the schedules of costumed characters roaming the parks. If Disney knows where the guests are, Disney could ostensibly devote more resources to the spots where they flock. But it’s a bit unnerving that Disney wouldn’t tell me where the long-range, band-sensing beacons are located in the park. But I know there’s at least a few inside Splash Mountain.
“To ensure that photos are appropriately linked to the correct Guest account, there are a few points within the attraction where we ‘read’ the MagicBand,” the Disney spokesperson explained to me. “In this instance, your MagicBand was read by the system after you boarded the ride, and although you were evacuated, a photo was still taken and matched to your account.”
That’s creepy, but quite frankly, MagicBands are convenient as hell. You can schedule times to use your FastPass ride picks weeks ahead of visiting the park and then just show up and tap the bracelet on the Touch Point at the ride to skip the line. You can buy stuffed Mickey Mouse dolls, with a MagicBand tap and a PIN code. You can get your picture taken in front of Cinderella’s castle, and then tap your magical bracelet to send the photo to your MyMagic+ app.
Sure, you don’t have to download Disney’s smartphone app if you’re willing to explore the park in an old fashioned way. Since Disney launched the technology in 2013, though, MagicBands have become ubiquitous for about half of Disney’s guests. Those who stay at Disney hotels get MagicBands when they check in. Frankly, I thought the MagicBand was the only way to get around the park before I did more research.
Disney updated the band late last year with the release of the MagicBand 2. A new design enabled guests to remove a screw and take out a circuitry-filled medallion that could be attached to a keychain. I’ve even read that Disney considered installing them into those Mickey ear hats, which is equal parts unnerving and hilarious. Would I want to buy my kids souvenirs with tracking chips installed? Would anyone want that? Maybe some parents would want that. I did see a few kids on leashes at the park.
“The MagicBand was originally built with privacy in mind,” senior vice president Jim MacPhee told me about the device designed to track your every move, after I explained my Splash Mountain surprise. “There’s not connection to you as an individual.”
I have a hard time with this PR-friendly answer. “Built with privacy in mind” almost sounds like a the punchline of a post-Snowden era joke. Operating in a connected world where everything can be hacked, vague claims of privacy are hardly reassuring without some substantive details.
Disney’s executives couldn’t give me a source that could speak to the more technical aspects of the MagicBand. Or give me more information about how exactly they’re protecting park goers’ privacy. Or what tech Disney uses to anonymize its visitors’ personal information over the airwaves.
I still don’t know exactly how and where Disney World tracked me and the millions of other guests who visit the park every year. I do know that MagicBands can be hacked, however.
Since Disney wouldn’t tell me much about how the bands work, I went to hackers who would. As far as I know, MagicBand hacking hasn’t happened on a destructive scale. When the MagicBand first started shipping to Disney visitors, however, one homebrew hacker named Luke Berndt used a Raspberry Pi and some code to hijack a MagicBand so that could perform a whole host of tasks. Thanks to another hacker who’d dug up Disney’s FCC filings for the MagicBand technology, Berndt did all kinds of fun things, like getting one of the bracelets to turn lights on inside his home. He also said the hack could enable the MagicBand to work with smart locks or send commands to internet services.
“The band has two radios, and one of [them] is standard RFID!” Berndt said in a blog post, highlighting the short range antenna. “This makes things quite a bit easier.”
The second, long-range radio is actually the more interesting one from a tinkering point of view. While Berndt was able to hack the short range radio and create his own MagicBand functions, like turning on lights, the long range antenna is much more powerful. Documentation on the Federal Communication Commission (FCC) website reveals that the MagicBand’s long range antenna sends a 2.4 Ghz signal, not unlike your wireless keyboard or mouse. This could enable the device to communicate with receivers up to 100 feet away. According to security researcher and hacker Samy Kamkar, the technology could also be used to do much more.
“The chip that they’re using is technically not Bluetooth Low Energy, but it is on the same energy modulation,” Kamkar told me. “It is capable of detecting some Bluetooth signals. It can technically know if you have a Fitbit on you. Whether they’re doing that or not, I have no idea.”
That capability would apply to any Bluetooth-enabled device, Kamkar said, like a smartphone or an Apple Watch. Again, Disney says that it encrypts and anonymizes all data collected through the MagicBand system, so you shouldn’t necessarily worry about getting spied on at the parks. The long-range antennas could technically track you when you’re not in the parks, however. Not that you have much of a reason to be wearing it outside the part right now.
“Because they are remote, that also means that you could have sensors outside of Disney. There could be sensors in stores that correlate the fact that because you’re wearing the band you visited this store,” said Kamkar. “If I were designing this device, that would probably be the next thing I do.”
Now that I at least comprehend the scope of the MagicBand’s technology, I actually feel more comfortable using it. After all, it was the not knowing that creeped me out to begin with. Next time I visit a Disney park, I’ll still be wearing a MagicBand, fully realizing that it’s sending out signals with every step I take.
Still, I wouldn’t say I’m completely at ease. Disney’s vague answers, my MagicBand dissection, and Kamkar’s comments managed to demystify some of the band’s functions for me, but I’m still left feeling torn. What am I giving up in exchange for the convenience of tapping my special bracelet on light-up Mickey logos to gain access to fun rides and experiences? Is it something more than the intel that I bought three hot dogs for lunch or how I spent five minutes posing for pictures with a costumed mouse?
Disney World is supposed to be a fantasy land, where everything is effortless and the outside world doesn’t matter. Disney wants you to think that these all-access MagicBands work like magic, when really the system is just a bunch of wires, antennas, databases, and algorithms. Connected devices like these are the future—a future that requires people to sacrifice privacy for convenience. I think about this trade-off constantly, every time I scroll through Facebook, use Gmail, or offer up my location on Apple Maps.
We already elect to live under a certain degree of constant surveillance. These days, almost anything you do online and off involves businesses collecting personal data and leveraging it to boost profits. Disney is no different. If you’re lucky, that data collection might also lead to a better, more personalized experience. If you’re being realistic, you agree to be watched in order to enjoy that luxury.
Disney World isn’t exactly special in this sense. It is the most magical surveillance state on Earth, though.