(Note: This is the companion post to my article at Public Books about evading data detection at Disneyland. For the fun story, read the Public Books version; for tech details and the “why” of my choices, read on here).
We’re definitely not the only family who planned a Pandemic Revenge trip to Disneyland. How could we not? The Cars series was on constant repeat in our home for months on end. An in-class presentation about California elicited feedback from other first-graders that the only thing that really mattered, the only part of California that everyone knew, was the Land of the Mouse (take that, Yosemite). Once that genie was out of the bottle, the writing was on the wall.
So how does a conscientious data collection objector go to Disneyland? What was once just a fun and overpriced amusement park pushing the boundaries of “Imagineering” and entertainment has transformed into a land of constant surveillance.
The change has been a long time coming, but not without precedent. About fifteen years ago, I gave a talk with my friend Irina Shklovski at Ubicomp, the Ubiquitous Computing conference, which happened to be at DisneyWorld that year. We were talking about GPS tracking of sex offenders and the problems that arose with the circulation and commodification of location-based data–problems that, incidentally, would soon extend to everyone with a smartphone.
We didn’t know that then. Instead, we found ourselves in what was clearly a Ubicomp dreamland, DisneyWorld. Wristbands for park access. Music that stayed the same volume no matter where in the park you went. Personalized experiences. And the Mouse himself everywhere, in every carpet design and archway and headboard and–you get the point. It was creepy.
Fastforward to 2022, when I needed to take my family to Disneyland, have an amazing time, and not be data-surveilled. How would we do it?
If you want the fun story, head on over to Public Books, where I wrote a full essay about our untraceable trip. This post assumes you’ve already read the piece and want to know more about my tech stack, as these are details the editors thought were best placed elsewhere. Geekery ensues: you’ve been warned!
I am fortunate to know more than one person who worked at Disney and so I tried to get the inside scoop on the status of their tracking tech. How advanced is their facial recognition? Where and when would we be scanned, photographed, or otherwise detected through the park? What were my obfuscation options?
My understanding, from these conversations, is that it is still possible in Disneyland (not World) to evade because they rely on the app and credit card swipes to generate single user ID’s, not on a wristband which is subject to infrared detection throughout the parks in Florida.
I also learned that at no time did the Disney ID I set up have to match any actual ID, like real names and birthdates on a driver’s license. So we could go with pseudonyms, and keep that identity circulating within the park. The onus was on us to keep up the gag, and keep our real identities separate from our activity at the park that day.
At this point I also had to consider: how much did I care about Disney knowing I was at their park, versus knowing that my young family was there? I decided that I don’t mind Disney knowing about me. I’ve been to Disneyland before, and I’m an adult. I am not telling them a lot about myself by being there. But I do care about my children’s identities, so that’s where my obfuscation techniques were the most intensive.
Note that I am not on Disney+ and ensure that most of my online interactions with Disney related sites and stores stay obfuscated through alterna
