Google's roving Street View spycam may blur your face, but it's got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique Mac (Media Access Control) addresses, as the car trundles along. Germany's Federal Commissioner for Data Protection Peter Schaar says …
Eeeehmm, this is nothing new, Google uses WiFi access points to locate you on Google maps when the device you're using has no GPS or you're inside a building.
To do this they need a database relating each access point SSID to it's approximate GPS coordinates.
Companies like Navizon collect this information too and then sell software based on the database they create, or sell the info to Microsoft and Yahoo.
And as for the United Faildom?
Forgive me for sounding ignorant - but does this mean it is already the case in the UK that they've built up a DB of the WiFi MAC codes as they've been trundling around?
I wouldn't, of course, be in the least surprised. Though I'll be a-shooting them a letter if it's indeed the case.
And there I was thinking they used a much more simplistic solution like cell triangulation...
Assisted GPS mixes GPS, Cell Node triangulation and known WiFi triangulation to better pinpoint your location within a few metres; without the WiFi, the accuracy can drop significantly.
This has been known for sometime, other services offer the same service. Effectively they mesh the SSID with known GPS coordinates and use signal strength to further triangulate the required location. If the WiFi network is publically viewable (not accessible or accessed) then it will be logged using one of these aGPS solutions.
Skyhook and they've been using it for years - it's the technology they use to locate you when you don't have cell coverage or GPS (ie, on the iPod Touch).
This is nothing new...
Not just Street View vans
Not only that, but if you have an Android phone with GPS, you are helping them keep the database up to date if you use the location service.
Not to mention Skyhook, used in the MapsBooster app.
Not the same
Guessing your location based on where they think your ISP is located (typically an incorrect guess for most consumers who have dynamic IP's) and logging a record of your equipments MAC addresses are two completely different things.
I guess with this type of information not only are they building records of where around the country has high concentrations of wifi (so they can show this in google maps), but also information like what router manufactorers are used where etc.
why is this news?
this was reported on the register over a month ago in relating to a verizon router hack.
yep, put in my mac code to the api, and it goes straight to my house.. (presumably they use some sort of triangulation too)
Give him his privacy
For the sake of us all...
It's about time that Google was put down - once and for all.
A tip for Google
Don't piss off the Germans. I seem to recall they can get nasty if you piss them off. I forget the details, but I seem to remember them being at the center is a really big war or two.
I am sure you could find more information on yahoo somewhere.
You know it HAD to be the hand grenade.
You know, I feel a bit like I'm on Wired when I feel the need to log in just to vote someone down. I recommend, however, that the author of this post reads what yesterday's mail ingeniously called a 'Nazi Smear':
Or as the Guardian sub rather more straightforwardly called it at the time: Don't mention the war. Grow up.
posted a response in the same vein last night but somehow didn't get past moderation.
It's one of the most embarassing things about this country. I've lived in Germany, have a german partner and consequently know a lot of germans. The amount of times I've been with them in the pub and overheard these kind of comments or been watching television and some attempt at comedy has turned up is frightening.
It really is sad and makes us look like a bunch of ill-informed, xenophobic kids to people from other countries. Grow up indeed.
Went to Berlin just after the world cup in 2006.
Met some very friendly people, a few even offered a tour around their very beautiful city who were very pleased to show us places damaged during the war, the Berlin wall, fallout bunkers etc.
I wonder how people in future will think of the British when they remember the invasion of Iraq?
Why are they doing this?
simple answer - geolocation - so they can punt more relevant 'local' ads at you and get a quicker fix on your location in google maps on your phone.
Wouldnt be surprised if they did this in every country.
@ Mr Schmidt
" internet users shouldn't worry about privacy unless they have something to hide"
So Mr Schmidt, when are you going publish online your bank account information, your credit card details, information about the school that your children attend, and the medical history of you and every member of your family? Oh, and how about publishing the algorithms you use to create the google rankings?
His comments are the reason that everyone should seriously consider just what Google have to hide.
"Don't it always seem to go, that you don't know what you've got till it's gone".
"Meet the new boss, same as the old boss."
Needs more explanation
Is Google recording the MAC addresses of access points (e.g. a domestic wireless router), or of any devices that happen to be switched on as their car passes (e.g. a laptop)?
Are MAC addresses normally visible beyond the local network? I would have thought not.
I can see why spooks might be interested in the MAC addresses of mobile devices, but why would they be interested in the MAC addresses of access points?
Visible? Yes, that they are.
Consider if two APs have the same SSID (happens fequently) - computer's got to know which one it's communicating with, right? :)
"""Visible? Yes, that they are.
Consider if two APs have the same SSID (happens fequently) - computer's got to know which one it's communicating with, right? :)"""
Of course they're visible over the air, but that's only useful if you're physically nearby. What the original poster probably meant was that once you connect to Gmail, etc, any of your local MAC addresses (Devices, AP, or otherwise) have long been stripped and replaced with the MACs of each router along the line.
So it's only a threat if Google happens to be your ISP...
Don't be Evil
Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ...
I can't see a problem with this in the UK
After all, we already have nowhere to hide, with the cameras and all.
And now some git (recently ex) minister is telling us that ID cards won't cost the government anything - because we're going to pay for them. Does that mean we actually pay twice? Once through tax that the government pays to whoever is implementing the system, and again when we buy our lovely ID card?
"Skyhook" as well - http://www.skyhookwireless.com/ - used (AFAIK) in the iPhone/iPod Touch...
Er, Mac or MAC
Capital letters too expensive?http://www.theregister.co.uk/Design/graphics/icons/comment/dead_vulture_32.png
Hardly worth the effort
As most replace their computing kit every three or four years, unless Google plans on annual drive-bys, the information gathered will soon be out of date.
Add to that, the fact that most MAC addresses and SSIDs can be changed at will, so the exceptionally paranoid will be updating theirs regularly.
Anyway, it's not particularly useful to know the physical location of a MAC address, since it's not sent as part of the packet that goes out on the internet. It's the ISP-issued IP address you're interested in, but the one being broadcast by the access point isn't the same as the one on the other side of the NAT box, so what Google will end up with is a list of all the known locations of 192.168.1.1
Annnual Automatic Updates
It is my understanding that European countries where Street view is already rolled out will be updated at least once a year, just as they are in the US.
Can only assume that slurping as much data as possible as they go by is some cunning plan to pay for the returfing somehow, eh?
I can imagine that when a phone running Google maps feeds Google a MAC address that is anomalous or not in the database then Google will add/remove/update it according to the phone's GPS data or whatever other wizardry they have up their sleeves.
I'm a n00b to this tech as I prefer my maps without the fascism but it seems to me that a phone would feed Google GPS coordinates and a bunch of MACs and Google would say "you are there so MAC number 1, which isn't on our database, must be there as well. And MAC number 2 which according to us is 5 miles away must be wrong because MACs 3 and 4 agree with the GPS " etc etc
Google's attitude to privacy and their laughable motto aside, how on Earth could this be construed as an invasion of privacy? People are transmitting radio waves from their house, then complaining when someone receives those radio waves? Sounds a bit odd to me.
War-driving's not illegal if you're Google?
Weren't the cops arresting (or at least, stop & questioning) war drivers a few years ago?
Nothing is illegal if you are Google*
*Unless you piss off Apple. They pay the politicos more so they get preferential treatment.
It isn't what you know, it's who you know**
Could be better.
The only thing I see wrong with this is that it isn't all that effecient in terms of building a mac address database. After all it takes a lot of time to build up the streetview data and it goes out of date pretty quickly. A far more effiecent (and accurate as they can collect a far greater set of data) system would be to collect it from GPS equipped mobile phones, and if they were to do that I could understand why people might get angry about the loss of privacy (although it could be opt-in and still probably kick streetviews ass). Their lattitude system already tracks peoples location (if you opt into it) so there is no reason why they couldn't mine that.
As it is you really can't do all that much with the data that they collect. You can't equiate someones ip address to the wireless mac address of their router, so therefore you can't figure out their location. Seems to me this guy just wants to be seen to give out about streetview invasion of privacy, and therefore seem like he actually cares about peoples privacy.
"A far more effiecent (and accurate as they can collect a far greater set of data) system would be to collect it from GPS equipped mobile phones, and if they were to do that I could understand why people might get angry about the loss of privacy (although it could be opt-in and still probably kick streetviews ass)."
Android does this. When the device is first setup, you are asked whether to allow it and can toggle it in settings.
See also Skyhook Wireless
The only news here is that this is news.
Google Maps for Mobile listens for SSIDs  if your phone has WiFi. Does it also report SSIDs (or whatever) back to HQ, to keep their database up to date?
 It presumably isn't SSID alone, otherwise a lot of places would have SSIDs of Netgear or whatever, and that would not be helpful.
Did Google log this data in the UK too?
>Did Google log this data in the UK too?
Oh, yes. To see it in action visit http://www.cyclestreets.net/ and try out the "detect where I am now" feature on the journey planner. It's got my location down to the house.
If they did ....
how would you know ?
So appropriate, I think we should now replace "The worlds biggest ad whatever" with:
Kraken: A sea monster of "gargantuan" size.
I vote DataKraken up over "chocolate factory."
El Reg; time for a nickname update!
If You Have Nothing...
...to hide, you have nothing to fear.
Where have we heard that before?
Me/hides the 211.
If you have nothing to hide,
you have nothing worth having.
MACs could be useful ...
If they really are gathering the details of all the MAC addresses in use, as opposed to just those of the access points, there are potential (though very likely pretty small) worries:
How securely will Google keep the data they collect? If you're using MAC filtering on your network, you might not appreciate someone gathering a list of all the MACs that you have, and then putting it in a big data centre somewhere.
While the MAC address wouldn't normally get outside the home network, if you're connecting to someone else's network, whether an office or a coffee shop, they're going to know your MAC address too.
That comes back to the first point; what are they doing with this information? If there's any way that someone else (including law enforcement) can determine that the laptop used a hotspot X on a certain date may be kept at address Y, that's more information than many people may feel happy giving out.
"""How securely will Google keep the data they collect? If you're using MAC filtering on your network, you might not appreciate someone gathering a list of all the MACs that you have, and then putting it in a big data centre somewhere."""
If Google can get your device MAC addresses while simply driving by, then does it matter if they're published, since anyone else can as well?
MAC filtering for security is about as effective as setting your SSID to "please_stay_out_thanks" - if you aren't doing WPA (preferably version 2,) then you aren't even trying to be secure. And MAC filtering adds so little additional protection that it's worthless to do it with WPA.
Demolishing privacy, that's the objective
"If there's any way that someone else (including law enforcement) can determine that the laptop used a hotspot X on a certain date may be kept at address Y, that's more information than many people may feel happy giving out."
And this is why Google is gathering that data: To monitor and archive individual wifi-equipment (ie. user) whenever it is seen, where it was seen and when.
"Oh yes, this mac-address was seen 2 years ago in this address and now we see it again in netcafe sending copyrighted material into network, catch the criminal asap!"
Surveillance is the motive here, again
"If Google can get your device MAC addresses while simply driving by, then does it matter if they're published, since anyone else can as well?"
Yes, it matters.
"Anyone" is not driving by everybody and "anyone" is not storing that address and "anyone" is not selling that data to anybody or giving it to police for free.
Another method of forced surveillance, again.
Don't do evil...
So why has Eric Schmidt not aired his privates public?
Does he have something to hide or is he just an asshole?
No big deal - nothing at all
Hey dudeherren - it's just geolocation. Nothing to get your lederhosen in a twist about.
If you don't want your SSID noted then don't broadcast it. Rather simple, really.
Geolocation using WiFi is a useful service and doesn't compromise anything
So you believe an SSID is hidden if the router's broadcast is turned off? If you think that's true you need to try out some [really simple] tools like what's embedded in Ubuntu. May not bet there now, but Ubuntu would "see" every router and AP in my neighborhood and that includes the "silent" ones.
There are many free, downloadable sniffer tools that will do a whole lot more than Ubuntu.
probably not actively scanning
I would expect that google is passively collecting SSIDs that are broadcast, and not using tools to cause no-broadcast routers to disclose their presence. They might grab it from existing traffic but I would expect that.
After all, this is to support geolocation. So what you want is something that a W-Fi-enabled device can listen to (battery life says that you'd prefer not to be active). There's no point collecting SSIDs that aren't broadcast if your intended users won't be using that data.
Mate, I think you're being a little naive here.
Firstly, you are assuming that this is only to support geolocation; Google are well known for using any data that comes their way to improve their advertising service.
and secondly, the scanner is part of the googlemobile, so battery-life is not an issue. Thus, active scanning is easily achievable.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great