UK data watchdog to quiz Google on Streetview Wi-Fi database
Sharp criticism of Google in Germany has today prompted the UK's privacy watchdog to quiz the firm over data its Street View cars have collected about Wi-Fi networks. Officials from the Information Commissioner's Office (ICO) will seek details and assurances about the practice. A spokeswoman told The Register the ICO had been …
They can't use your mac address to identify you on the internet, story over.
But if someone uses your WiFi access point to connect to the internet and find their location from Google's records then your IP address can be linked to that location.
That's OK if you keep your network locked and avoid google location services and Android phones -- but it does mean you have to be more careful.
You con't actually connect via the Access Point to find your location. It uses triangulation of Access Points in the area to guess the location rather than use GPS (It can therefore be used with Laptops).
The system just detects the signals that APs give off to shoe they are available - doesn't matter if they have encryption or not.
It is similar to sitting in the car and trying to tune in your radio. Knowing the, stations, the strength of the signals and which frequency the national stations are tuning to could give you an approximate location of where you are.
Quite so. But Google won't know which IP address is associated with the SSID unless they do connect to the internet through it.
To be fair, Google are only doing what reams of geeks do anyway, only minus the sending out of WPA DEAUTH packets to try and get a handshake. I'd be hasty before condemning them and giving a bunch of legislators the excuse to ban wardriving for everyone.
Somethings might be "ok" to be public, until they are hoovered up and stuck in a database. It suddenly turns into something to be concerned about.
I'm not too worried that my ssid is broadcast under normal circumstances, but I do feel I should be concerned that it is now sat in a database of googles waiting for whatever use want.
I'm not even sure what the implications about all this are to be quite honest. I am pretty sure I might not like them though by the time Google has finished working out just how it can use it all.
As far as I can see this data is used in Google Chromes "Wi-Fi Based Geolocation". As they said, the MAC address is viewable by anyone with a Wifi enabled device, anybody can walk down the street with a laptop and see this -- and more (Channel, SSID, etc).
Just looks like another case of government staff having never touched a computer before, and having no idea what they're actually talking about.
...can someone reign them in!
OK here is the plan.
Google can get a rough geotag by your IP, but if like mine, it tends to be 100 miles out.
Now they potentiall have your mac details.
You search online for car tyres.
It comes back and lists all they car tyre places within 5 miles of you, or worse, tell you that Dave on facebook 3 doors up says you should shop at xyz has he also has a Ford Focus, seen on your drive that day.
It would also seem that Google has already incorporated their database of WiFi addresses into Latitude. Most of the time I connect to the internet through the Ethernet socket in my Manchester University Hall of Residence and my latitude location stays the same for weeks at a time. However when I returned home and connected to the home WiFi, my latitude location updated to my home address every time I refreshed the page, despite the fact that I'd disabled latitude on my phone. Needless to say, streetview crawled my street over the summer and the router is powered on the whole time. Clearly Google has associated my router's MAC to its physical location. I confirmed this theory when I connected to the university WiFi and exactly the same thing happened. Google's nefarious Oglemobiles have clearly also plundered one of our nations' great universities for its digital bounty. Be afraid, be very afraid...
aye.
but thats because although i have a wifi router, my main systems are on the wired side of a
routed network segment thats then passed through to it. hence the MAC of my router is one step
away from the MAC of the wired side of my wifi router...et voila. goodbye knowledge.
further to that, I DHCP from a server halfway around the world via a TOR so even ISP information wont be right.
with DEACT this is the way a lot of people will play by this time next year
"seek details and assurances about the practice"
We all know what happens when the ICO start seeking assurances.
Unsurprisingly, ICO will get assurances from people with a vested interest in giving ICO assurances.
What's missing is any critical/expert analysis of those assurances. ICO. Bloody useless.
My guess this info has been commissioned by the US Government and Google is undertaking this task as a commission. Can you imaging being able to tie up a MAC address with a physical address.
We all know that every colour printer prints the MAC address on every sheet in hidden yellow dots, so when you "register" your nice new printer, they know who owns a printer with MAC address *********
In the UK the poice are routinely collecting APNR data about car movements and mobile phone data is collected as we move from cell to cell. It is getting to the stage where "they " know where you are, who is travelling with you and what computers you use and everything you have written on email and the internet.
"We all know that every colour printer prints the MAC address on every sheet in hidden yellow dots
Really? Even those without a NIC in them, that'll be a challenge.
Often it's Time, Date and Serial Number. So set the date and time wrong on your printer and your half way there. Also it can be turned off on many machines...
I came to the conclusion that the Street View Googlemobiles must also have been wardriving as they trundled around as soon as I downloaded Firefox 3.5 and tried out its geolocation feature - how else would it have been able to work out *exactly* where I live?
Errr.... aint this what the iPhones have been using on Google Maps since forever? I remember reading something about Skyhook's Wi-Fi Positioning System (WPS) ages ago being used as 'assisted GPS' even on the first gen iPhones (2G).. so where have they been for the past 3 years and only NOW they realise!
Geddafor koutta here!
Assisted GPS is different, this is using a server to offload some of the initial position processing of the GPS data and compare fix information for a GPS signal. It could utilise other network positioning to help but on a mobile this is more likely to use cell tower information.
and what happened to personal privacy in that little scenario then ?
[SARCASM]
I feel safer already.
[/SARCASM]
They're making their own "skyhook" style location database. Your device reports SSIDs and things that it can see, and a google server tells you where you think you are.
My iPod touch has a google maps app that already does this with reasonable sucess in built-up areas.
Of course google having all this data is a bit more worrying, but hey, this is the future.. seems our privacy is le skewed, anyway :(
What use does this info have?
If you wanted complete and utter security, then don't broadcast something publically.
I was on a train the other day I had caught in a hurry in a place that I've never visited before. I trying to find out where the train was heading and when i would get there. The GPS in my phone wasn't picking up a signal but luckily the Google Maps app running on my Windows phone tracked my position to the nearest 2Km. This was good enough to reassure me that I was going in the right direction.
Now I know it's the Google car that collects the wifi data. I was wondering how they collected that info.
So long as Google swear never to release the MAC data they've collected I can't see this as a problem or an invasion into anyone's privacy. It's no different to recording street names and a rough GPS coordinate of the street.
new router ???
i know i replaced minne about 3 months ago so im safe ...
but i have to agree this information on its own is not an issue, collated into a single database not good
"We only use information that is publicly broadcast. It doesn't involve accessing the network to send or receive data."
really? so if the 'phone' doesnt recieve any data from your router (re bssid) then how is this information helping the phone find its co-ordinates? inbuilt crystal ball that guesses its near your router?
Receiving the BSSID is not acessing the network. Your BSSID is being gets broadcast as part of the specification when requested.
Doesn't mean it is accessing your network - that would involve connecting to your AP and your AP giving it permission to use your network.
Your phone checks for nearby wifi then sends the MAC address of the wifi it finds to Google, who knows where these MACs are (because it found them all while driving past). Google then discards this information and uses it's crystal ball to find out where you are.
... as some people on here seem to equate.
The BBC (iPlayer) and music/film industry seem to rely heavily on this fact to make us all criminals for timeshifting stuff using more up to date tech than a VCR (a bittorrent).
Am I missing something? Can't I stop my phone/router/printer from broadcasting it's SSID. I know I can change my MAC address and network name.
...they're saying they've only catalogued APs that are broadcasting their SSID? Shirley nobody with any common sense would broadcast the SSID of a private WLAN?
I know it's not much of a security solution of itself, but there is really no point in broadcasting the SSID of a private WLAN. Of course the trouble is that most wireless APs and routers broadcast the SSID by default. Of the stuff I work with regularly only Cisco have the common sense not to broadcast the SSID by default. They even go so far as to call the WLAN broadcasting the SSID the "guest" WLAN to give you a clue.
What this system uses is not the SSID, which is indeed suppressable in the user options, but rather the BSSID which is not suppressable, is part of the IEEE 802.11 specification and in most cases is the fixed MAC address of the AP.
What alarms me most about this story isn't the potential privacy issue but rather just how far behind the curve the ICO and their German counterparts appear to be. When I first got my hands on an iPod Touch last year one of the first things I wondered was how the map app knew where I was without a GPS chip. A bit of research led me to Skyhook and the whole MAC-mapping industry which had been around for several years.
Does nobody at the ICO share my level of curiosity about IT? And if not, can I have one of their jobs please?
Wireless Geographic Logging Engine: Making maps of wireless networks since 2001. 20,430,834 points from 1,091,231,717 unique observations.
http://wigle.net
http://www.bt.com/static/wa/wifi/pages/findhotspots.html
Is this any diffferent.... ???
yep..when i first entered the world of eg kismet, there were pletny of places to upload your GPS-powered results to help others find the hotspots you found.... its nothing new.
more people should operate WPA2-PSK , hidden SSID, AES-only 802.11a APs ;-)
"The ICO spokeswoman said British regulators are interested in how the data is being processed and used by Google. If the firm were collecting data on the security settings of Wi-Fi routers, she said, it would be asked to give assurances about what it might do with that information".
Surely all the ICO need do is examine the details which Google must have registered in its application under the Data Protection Acts before commencing collection or processing of the data?
If a user runs a suitable script from your website, you can get the MAC of their router returned to you. Use the geolocation database and you have just found out where that pesky corporate whistleblower or political dissident blogger is located and you can send the secret police round to get them.
Try http://test-geolocation.appspot.com/
A very smart friend of mine from the Czech Republic immediately twigged then I showed him this article that Google is not gathering the location data through WarDriving. That would be highly inefficient and their database would soon age. And if they did it by WarDriving they wouldn't have my friend's MAC address either, as he lives on top of a tall building and there is little chance of picking up his WiFi signal from ground level.
This database is populated with your consent when you agree to the non-gps based services on your Android phone (and possibly others).
I seem to have a lot of smart friends, another one observed this:
"When using the javascript geolocation API, the user explicitly agrees to use the location service. In firefox, the default location server is, surprise, google. The user actually accepts to send data in order to get the position. This means ip address, mac, wifi macs around, base station (in mobiles), gps, and any other info the might be helpful. Thus, you get your position, and google has all the info around you in exchange. Quite clever. And scary. The users work for them."
