Is it the sudden outbreak of sunshine? Is it write something silly to Andrew week? A reader we shall call John sends me this: I just tried the new me.com Find my iPhone app. I live in a rural setting and own a 3GS which had WiFi turned off (to save the battery up the wirelessless pub last night). The app was out by …
Re : GPS
What sort of useless GPS is it that gives an error of 3km ?
Two different issues at hand here
1) Google sniffed the Wifi networks and recorded the publically broadcast MAC and SSID and put it in a database against the current GPS reading.
That, to me, is acceptable (I've chosen to have that information broadcast, and it's not personally identifying) and useful (as the letter writer states) for Wifi positioning. The journalist's response that this is only useful in urban areas were cell towers can be used doesn't work for, say, Wifi-only devices like the lower end iPad model, or most laptops.
2) Where the Wifi network wasn't password protected, Google also grabbed a sample of the traffic on the network, which could of course be anything that all. They say this was because of a programmer error.
This is the bit I have problems with. They had no reason to grab that data, and whilst it was publically broadcast, one can assume in this day and age it was only because of clueless users who don't understand how to set up wireless encryption. Exploiting those users feels rather mean spirited.
Slightly dissapointed the Register can't seem to tell one of these issues from the other in this article.
Re: Two different issues
"Slightly dissapointed the Register can't seem to tell one of these issues from the other in this article."
This seems to be the first article where someone's actually managed to tell the issues apart! At no point is the capturing of unencrypted payload data mentioned by Andrew, he focusses on the rights or wrongs of storing geolocated device data.
While you may have no issue with Google storing the MAC and SSID, others do take issue with it. Specifically, Google have admitted that they stored this data not just from unencrypted publicly broadcast networks, but from every network they encountered irrespective of whether the SSID was broadcast and irrespective of whether the connection was encrypted (WiFi only encrypts the payload data, not the headers that contain MAC addresses/SSIDs).
From the report they commissioned to investigate the source code of their WiFi snooper, 'gstumbler' (http://www.google.com/googleblogs/pdfs/friedberg_sourcecode_analysis_060910.pdf):
“Kismet captures wireless frames using wireless network interface cards set to monitoring mode. The use of monitoring mode means that Kismet directs the wireless hardware to listen for and process all wireless traffic regardless of its intended destination… Through the use of passive packet sniffing, Kismet can also detect the existence of networks with non-broadcast SSIDs, and will capture, parse, and record data from such networks."
"The gslite program parses and stores the SSID information for all wireless
networks, whether the SSID is broadcast or not."
"All available MAC addresses contained in a frame are also parsed. All of this parsed header information is written to disk for frames transmitted over both encrypted and unencrypted wireless networks"
I also think your statement that MAC addresses are not personally identifying is naive. While not being directly identifying, there is a one-to-one link between most portable wireless devices and the user. Adding in geolocation just makes things easier. Anyone who detects my MAC address on a public wireless network could immediately identify me and/or my address if they had access to the database. That's pretty scary. It's even scarier when you think that they've done this for ALL wireless devices they encountered, even if I chose to encrypt my connection and not broadcast my SSID.
It is said people should know enough to encrypt their data, but even if that were remotely true, what level of encryption? Should people be constantly aware of what script kiddies can do? Should they upgrade to a quantum level encryption when available? Perhaps people should remember that PGP was classed as munitions! Encrypting data is something the authorities actually don't want you to do.
As to what a multi-billion dollar online advertising corporation could do with my personal internet data, if it really wanted to be evil? How about using the email addresses I am sending to in a targeted unsolicited email advertising (spam!) campaign? What if they took the fact I was accessing an adult site while sending emails to send adult emails to everyone on my To: list? Or amalgamating the To: lists of a couple of emails I was sending such that my wife knows that I am still in touch with my mistress and my lawyers?
How about a Muslim man receiving targeted ads for Liberty and Amnesty and thinking to himself "why am I getting these ads, I have never been to these sites... maybe my wife knows something about this."
They took the data without asking
And now they use the data for commercial gain. That is a crime in the USA. You gave permission when you downloaded the mapping app. I have not given permission. I have been violated; just like a burglary; just like an assault.
Google is Big Brother.
Missing the point a bit
If i left my door unlocked would google be valid to have a look round my house and see what i own? Thought not. Of course they have every right to make a note of where my house is on a map.
The no harm done argument is silly, intent is the key and this is what the US government will hopefully get to the bottom of.
Either the google decision makers never knew about it or it was a 'rougue' engineer that somehow was never noticed in testing or the 3 years worth of data collected.
Google need to prove and provide the engineer or provide who approved the actions for appropriate privacy invasion sanctions.
But thats the wrong analogy...
The right one to make is if you left all your belongings on your front lawn would it be valid for google, or anyone else, to take a look?...Of course it would...
Now if you left it on your front lawn completely unattended then, although morally wrong, it would be accepted that it is your fault if anything was nicked, you wouldn't get much help from the cops as they would just call you a twat for leaving it unsecured.
Some rural areas have an open entry social norm
Actually in many rural areas, if you leave your door unlocked, it IS considered perfectly acceptable for other people to come in, and even make themselves a cup of tea. Where I grew up in Shropshire, ringing the doorbell or knocking on the door was considered impatient. The protocol was to just push open the door (assuming that it was even closed), step inside and shout "HELLO!" as loudly as possible. The shouting was a key part of the politeness protocol; it announced your arrival so that if there was someone in, they wouldn't be surprised (and/or naked). But if the resident wasn't around to respond to the greeting, the next bit was to sit yourself down, get yourself a drink and wait until they arrived.
Privacy is a very urban concept.
Re: Some rural areas have an open entry social norm
Much as I wish more of the world was like that, I think that this is simply a different implementation of privacy rather than an absence of privacy. The people involve choose to make their living rooms semi-public spaces, and trust visitors not to over-reach the access they have been given.
I bet the same people who would be happy to come home and find you drinking their tea in their living room would be mightily miffed to come home and find you poking through their underwear drawer.
People tend to trust people that they know more than they trust strangers, and in rural communities people tend to know more of the other people there. Hence people in rural areas may be more willing to trust visitors by default because, due to the lower population density and migration rate, there is a much lower probability of a casual visitor unknown to them.
It's not really a _privacy_ issue, but one of _trust_.
"If i left my door unlocked would google be valid to have a look round my house and see what i own? Thought not."
Depends where you live. In Canada that is perfectly legal.
"The right one to make is if you left all your belongings on your front lawn would it be valid for google, or anyone else, to take a look?...Of course it would..."
No. The correct analogy is that of American style mail boxes and whether it is acceptable for someone to walk down a street, just after the postie has been through, and read/copy any postcards they find in the mail boxes.
Still the wrong analogy
You still have the wrong analogy.
First, the facts: The Wi-Fi protocol does not encrypt the packet headers, only the payload. The header contains information regarding the source and destination of the packets, and attributes stating whether the payload is encrypted and whether the SSID is broadcast or not (even though the SSID is included in the header as the source of the packet).
The software used by Google scanned EVERY WI-FI FREQUENCY it could find, regardless of its intended destination, and stored to disk the ENTIRE header of EVERY SINGLE packet, regardless of whether such header indicated that the payload is encrypted or the SSID hidden (both denoting intentions to remain private). Furthermore, the software parsed the headers and stored the individual fields, associating them to the current geo-location of the Street View car.
So, a more apt analogy would be if you request a non-listed phone number from the Telephone Company, you make sure you do not tell it to any stranger, and you even close the blinds and speak in code when you are talking to your friends. And to be extra sure, you make business cards which state in large bold letters, "TELEPHONE #: Private, do not ask for it."
Then one day Google comes along and taps the telephone wire on your street and checks the signal as it comes through and tries to determine everyone's phone number. It then catalogs your number with your address and stores them in their directory. On top of this, if you left the window blinds open, Google peers inside and takes note of all the phone numbers you dialed.
You see, its not a matter of unencrypted networks being available, free-for-all. It is a matter of ignoring the intentions of privacy of every network and scanning and cataloging them wholesale, without consent.
It's not just wrong and potentially illegal, it is downright creepy!
There we are.
``It's not really a _privacy_ issue, but one of _trust_.''
That caused a bit of a lightbulb to go off. That's why people will go ``I've got nothing to hide'', but really saying ``leave me alone with your nosy existential questions, it makes my brain hurt so much I rather trust the other guy'', regardless of whether that other guy can be trusted with your personal information. Or something to that tune. More on that later.
Even urbanites will have to trust strangers to an extent. But yes, if the social politeness norms allow you to sit at the kitchen table and make yourself a cuppa tea waiting for the occupant, that's both trust you'll be reasonably well-known to the occupant, you can be trusted to make tea, and that you won't be poking through the undies drawers even though nothing physical is stopping you, ie respecting their right to privacy.
Compare with, oh, living in high rises in Tokyo, where the social norms require one to ``not see'' and ``not hear'' certain things even though you can't otherwise not fail to notice them because everybody's packed so tightly.
The social interaction norms are different, but the basic elements are still all there.
The basic problem with privacy in this era is that there's no longer humans or the usually slow medium called ``paperwork'', and very little custom, to slow down the automatic dissemination machinery. And while the new tech has upsides, like this correspondent believes, there are downsides too. To mitigate the downsides, we are forced to examine exactly when we need to protect ourselves from others breaching our often implicit trust they won't be violating our privacy.
Because once information once out in the open can never get back in the bottle, one has to err on the side of caution, especially if the decisions affect others' privacy, like in lawmaking.
Not really tangentially but approaching from a slightly different angle, exactly for the same reasons we now need to generally recognize that we have many faces, or masks as the psychologists call them. Most here will have more or less different identities across different places they hang out. Online, various forums, but offline too. You're different at home, in school, at the office, in a kinky club blowing off steam. With the automatic machinery it gets ever more difficult to not have everything linked up, and that leads to problems. Like people getting fired, suspended, or worse, when things made public in one place, like on facebook, end up in places where they were never ment to end up with.
You can complain thinking about it makes your head hurt, but this is important and by those in power still very ill-understood, so it falls to the populace to stop avoiding the issue, understand, discuss, and make our governors aware they'll have to mend their ways.
Formal identity is a synthetic invention for the sake of administration, but I think we need to stop believing we can make do with just one, because no person has just one informal identity, and as noted, they're increasingly difficult to separate. So the synthetic one will have to become more life-like and allow for multiple masks.
That means the government, since it administrates that synthetic identity, will have to get its act together and start offering what's needed instead of trying to push people ever harder into a mold we've outgrown. We certainly don't need a government that says, directly or through strawman arguments, ``trust us because we sure don't trust you''.
I understand from people who claim to know (having lived in the relevant areas) that it is (or was until recently) illegal to lock the doors of buildings situated above a certain elevation (i.e. in mountainous regions). Anything that the owner had is/was at the disposal of anyone who needed it.
This is obviously down to providing shelter to those caught out by weather, and no doubt there was some way (maybe social, rather than legal) of ensuring that what had been used was replaced (I've never got around to asking about that ... Czech beer is a terrible thing!).
no even close
Front lawn? i dont think so it is leaving the door, open google has to decide to open the door and have a look in
When using GPS you shouldn't get the "blue confidence circle" unless your zoomed right in (to full). Are you sure it had actually got a satellite fix?!
The normal process is to start with cellular & then fix some satellites...
Re: using GPS?
Of course, if he'd stepped out of the pub so the damned thing could actually *see* some satellites it might have helped too.
Maybe they don't have many satellites in the country side? :-)
My friend with his non 3G iPad was surprised to see google maps figure out his location until I reminded him of the WiFi snoop. So handy if planning a route that it knows you're at home. I knew google had a good reason - help out iPad owners. Sounds plausible.
3KM . . . . thats nothing
I tried this the other day too... on my iPod Touch.
It located my iPod in Bordeaux, when it was actually in Carcassonne.
That's probably where my broadband was routed through, but not much use all the same.
You correspondent is missing one vital thing here
namely that Find My iPhone doesn't use any Google data anyway, relying instead on mapping from Skyhook
I dont think it was google folks....
iPod touch (since version 1) has been able to find its location based on wi-fi triangulation.
I was able to do this, long before the google spy cars came round my neighborhood.
The data/service that provided this is enabled by skyhookwireless
So lets not bash google for this, its been done already, years ago, by someone else.
Skyhook are dreadful at updating their database
I've submitted my address change and my WiFi router's SSID/MAC countless times in the six months since I moved house, and it still shows my location as my old house fifteen miles away.
But when you take your WiFi router from one rural location to another...
I discovered that by taking my WiFi router from one part of the Cotswolds to another part of the Cotswolds, neither of which had neighbours with WiFi, resulted in... all WiFi geolocation tools giving my location as my old address.
It's driving my wife nuts. Even changing the SSID hasn't made a difference. I think I'll have to try to assign the router a new MAC address.
SSID/MAC + Lat/Lng is OK in my book
I think the publicly broadcast bit of the WIFI snooping is perfectly acceptable. I mean I have these big numbers on my front door and there is this bit sign at the end of the road... I see it no different to that.
The logging of the actual data is a big no-no, but I can see how wireshark could have been set up in this way quite easily and provided they are held to account on this part, I'm perfectly happy.
But overall, I don't really see what the fuss is about.
What the fuss is about
The problem is that Google ignored the broadcast bit, and just logged ALL SSIDs and MAC addresses straight from the packet header, regardless of whether they were broadcast or not.
Don't dismiss wifi-based location too quickly...
"In urban areas the cellular network already locates you to within a few hundred yards rural areas, so the Wi-Fi snoop can't be justified there."
A few hundred yards error is still pretty substantial if you're trying to navigate, and not much cop even if you're just trying to establish a rough starting point from which to fine-tune your location by other means. Also, in some urban areas an error of just a few hundred yards would be a significant improvement - in my part of NW London, celltower triangulation misplaces my home location by almost a mile, despite there being several cell towers nearby which ought to allow a far better location fix. So anything which can be used to narrow down your location even further without having to wait for a GPS lock (assuming you have the option of using GPS in the first place) could be a benefit.
Also, given that your letter writer refers to locating an iPad using wifi data, and given that there are other portable devices besides the iPad which have wifit but no GSM or GPS capabilities, it seems likely that at some point someone somewhere will be damn grateful they were able to determine their position just based on wifi data.
"But in the countryside, there's a tiny Wi-Fi footprint amidst vast spaces where there's no signal at all*, so it's still useless as a location aid. Unless you happen to be within range, such as… at home."
You don't necessarily need an continuously accurate fix during a journey, but it is handy to get the occasional spot check to refine your position every now and again - is the hamlet you're passing through the one you think it is, or the one further up the road, or possibly even the one on the next road across?
Re: SSID/MAC + Lat/Lng is OK in my book
It goes a bit further than street numbers and road signs mate.
SSID+MAC+Lat/Long is equivalent to Telephone number + Lat/Long. Telephone companies offer you the possibility of opting out of a directory when you sign up, yet everyone with WiFi has been automatically opted in by google.
it would have been nice of them to ask first.
It OUGHT to be illegal to gather anything other than public hotspot SSID & MAC.
If you have good enough lawyers and the right country, maybe it is illegal.
It's as moral as taking down number plate of every car in every home driveway or waiting till someone comes out in the morning and photographing them.
Simple scenario for worry
iPhone (or your favorite equivalent) logged by Google at home address. Database is leaked or otherwise made available. Bad element sits outside pub, scans MAC addresses of those entering. Looks up home address in database, knows resident is occupied for a reasonable period of time (may depend on the quality of brew at the pub). Bad element visits home for resource redistribution.
… at which point your Home Intrusion app alerts you
and brings up a selection of icons for ways in which to deal with the miscreant: call the police, trigger poison gas system, etc
Deary me . . .
. . . in much the same way as the ID card debacle, people have the wrong end of the stick.
It's not the fact that it's possible to scan the SSID/MAC address, it's not even the harvesting of payload data, thats at issue here. The real issue is storing all this information in an organised and retrievable manner for financial gain.
For example, most people have a blue-tooth phone, whether it's turned on permanantly or not, and many have them set as being able to be seen. Would everyone be happy if that data was scanned, it's GPS position logged and stored in a database for some later use ?