Google has given the owners of Wi-Fi routers around the world the right to opt out of a registry that the search giant uses to locate mobile phone users. Currently Google uses location data tied to the unique codes of residential Wi-Fi routers to help triangulate the location of mobile devices. Google made the change …
I still find this totally unbelievable, breathtaking arrogance etc
Who sighed this off at Google? Using my equipment to generate more revenue for Google. Don't be evil. Do me a favour.
So are you also up in arms about who signed this off at Apple, Microsoft, Skyhook and many, many more. None of whom have an opt-in or, as far as I know, an opt-out.
Skyhook's whole business in this area is based on WiFi triangulation (along with cell tower and GPS).
So Google are possibly the first to offer an opt-out and it causes a storm?
GOOGLE are notorious for this! The biggest Shadow in the industry.
Diverting attention to Apple and M$ etc. just makes you out like some soft Google fanboi. Stop defending this action, and condemn it for what it is.
Is that such a difficult thing to do?
Little Poppet = Google Troll
We can see your previous posts you muppet. You could have stuck to your point, but oh no...
Bad name for Google
I am sick to death of Google. Why are they so persistent in gaining personal information?
[Whining about other companies allegedly doing the same practice is neither here nor there. We are talking about Google here]
What El-Reg won't tell you...
That there are plenty of other companies driving around "slurping" your Wifi MAC to use for Geolocation databases.
Microsoft, Apple and others are all at in in addition to Google, however that does not may sensational news, and nobody dare criticise Microsoft or Apple, as the advertising cheques stop arriving if you do.
So you might call it arrogance, but I think you're a clueless idiot, so you don't count.
Reading is a Good Think...
...to Bad Little Poppet didn't bother to read the comment and understand it prior to jumping on the Google is a POS train. We already know that Apple has and did use very similar information on the Apple IOS devices. This sort of thing is not new. It is not like Google is the first to introduce this to market. They are one of many who are using this (which was AC's point). For now they are the first that seem to be pretty honest about the fact that it exists and are giving you options to control portions of it. If you wanted to debate the fact that this exists at all...that is a very different discussion.
There are only two companies that actually drive cars around the world mapping the road system.
One is Google.
The other one I can't talk about. (Hence anonymous for obvious reasons.)
Only Google is mapping your private wi-fi hot spots.
Only Google was guilty of war-driving.
Only Google filed a patent on war-driving.
That is arrogance.
Apple and Microsoft don't drive cars. So they can't slurp your wifi data. If you are thinking that by using A-GPS on their mobile devices and reporting their location and what wi-fi 'hot spots', its not that accurate. (Note if you live in mid-town Manhattan and had enough people carrying an iPhone, you could extrapolate a rough idea of your position. But there's no or little value in doing that. A-GPS is going to be faster and easier to use.
Not unbelievable but illegal
I do wish the ICO would remember that it's job is to police the collection and misuse of ALL personally identifiable information, not just the accidental cockups of the public sector, but the deliberate, for comercial gain, acts of private companies and individuals as well.
geolocated data for fixed installations is easily tied back to a person(*) (hence personally identifiable data), and hence collecting it is an offence under S55/DPA98, so is selling it to marketing companies after you have collected it.
So that is £500k, and up to 12 months on conviction, potentially for each instance.
One can also argue about interception of comunications.
No company is going to take UK communication, computer misuse and data protection laws seriously until after the ICO and police have dented the corporate bottom line, and locked up a couple of company directors.
(*) e.g. a home wifi router at a house with only one person living in it.
Yes just Google
Perhaps my post was a little unclear, my bad. Google has a massive PR machine telling us it's warm and fuzzy and has as part of it's company dogma "Don't be evil". It then employs the same kind of corporate "it's available so why shouldn't we just go ahead and use it" attitude to generating income using my equipment. Google is a corporation, I am an individual. If it wants to make use of Wi-Fi to generate another income stream it should negotiate a deal with other corporate entities who use Wi-Fi routers. Being ethical make business a little harder, not impossible.
Not cheering yet...
There's no info available on how they intend to do this, but I wouldn't mind betting that the opt-out process will involve some form of communication with Google that provides more information than they already have (name, e-mail address etc.).
The only satisfactory way to do this is to put the db to one side and start again with a register of people who actively sign in to the scheme. When someone signs-in and provides the MAC address of their router (I'm sure Google can provide an app for that), Google can incorporate the location data from the previous db into the new register. All above board, then.
Open to abuse?
Wonder how they'll verify the owners of wifi routers.
Or could you just go round collecting mac addresses and GPS coordinates, and then ask google to remove them all. Hey presto, location blackspot.
No it doesn't
So google have my mac address. So what? Yes they're using my information to a) make more profit for themselves somehow (indirectly) and b) help people LIKE MYSELF who can get a quick triangulation of where they are if GPS signals aren't forthcoming. Really, why does it matter? I have a fixed IP address, I have domains registered to my address, I have all sorts of info out there that aren't really of much use to anybody but a criminal. If Google have my MAC address and approximate location, is it any different to any other organisation having my name and address? All this "right to privacy" crap really does wind me up. Yes, we all need our privacy, but we live in a connected world. We want to be a "global village" but wake up - in a small village everyone knows what everyone else is doing.
Losing useful functionality like wifi triangulation because of "privacy concerns" is really like saying "let's lose some really useful functionality because there are some criminals out there who might make use of it".
I was at a friend recently, who moved house, and my stupid iphone told me I was somewhere completely different from where I thought I was.
And anyone who can associate that mac address with you can then and forevermore know your geographic location. I can think of many undesirable consequences, especially when I'm trying to get away from an abusive fiance.
Really useful functionality such as leaving your front foor open so the postman can deliver parcels would seem like a good idea right up until someone steals your furniture. That's why we don't do it.
unnecessary titular nonsense
Ok, I don't use google location services. Could you tell me then, what benefit it is to _me_ personally to expose my private SSID data to google?
"I was at a friend recently, who moved house, and my stupid iphone told me I was somewhere completely different from where I thought I was."
Try the number on the front and the street sign.
If your SSID is so private why are you broadcasting it to all an sundry within your area for anyone to see?
There is a setting that hides your SSID and it is then private(ish)
My whole Wi-Fi is off, actually, I was posing a hypothetical question.
There are some people out there who don't know what they're doing, and I'm not one of them ;)
How does this give away my location?
There's a post up there about being tracked by someone via google somehow. Other than the general principle of privacy (which I'm not dismissing), this is the only objection and I don't get it. If my MAC address is on a Google server somewhere, how does Joe Public get hold of my location? Do they hack into secure servers at Google HQ? If they're that clever than I'm sure they can get into DVLA, council computers etc.
I mean - if I told you my routers MAC address, could you tell me where I am? I'm sure Google have it.
Perhaps I'm missing something - I'm no expert.
Secondly though, if I'm broadcasting a unique identifier that I think someone might have to half the street and the complain that someone might find me - aren't I being a bit of an idiot even without Google? It'd be a bit like having a large sign outside your house with your name on it.
Thirdly - presumably the people opting out will also not have a mobile phone on the grounds that their service providers will know where their phone is.
Your scenario concerning abusive fiancées makes no sense. First off the fiancée has to find out the mac address, how are they going to do that? If they no it already then they already know where the person is because the only place they're going to find that information is from the AP.
Also it's trivial to change the mac address/SSID etc. of the router. Chances are if this person is trying to hide they've also changed their phone number, ISP, router etc.
I just can't see a problem with it, Microsoft and Apple are doing exactly the same thing.
Error in user module
"I was at a friend recently, who moved house, and my stupid iphone told me I was somewhere completely different from where I thought I was.
...and that's why I find myself in this predicament officer."
Why does it matter?
If you happened to be a dissident in a country with no democracy and a poor record on human rights and justice, you might be quite disconcerted that databases of Google, Skyhook, etc. could be used to determine your location. Your dismay might be heightened when men in balaclavas kick in your door and cart you and your family away, never to be seen again.
"I have all sorts of info out there that aren't really of much use to anybody but a criminal"
Precisely the reason to hide it, it really doesn’t matter to me if my neighbours / google / mickeysoft / Amazon etc. know a shit-load of my personal details as I have a reasonable level of trust with them, and I use peer guardian and various plug-ins to keep (most of) the irritating ads out of my browsing session anyway.
However given the frequency with which websites are hackced and have membership details stolen and the way grubberment employees lose CDs, USB devices etc., I find it more comforting to keep as much of my private information private by not giving it out to anyone in the first place.
So; let me get this clear, google will not record my SSID/MAC address on their databases if contact them and tell them my SSID/MAC address/name/email address/physical address/stool sample so they can put a record on their databases with my SSID/MAC address/name/ email address/physical address/stool sample telling them not to record such information?????????????
I'm with Stephen Gray on this, I too find the arrogance of google sickening, the crucking funts who implement these fraudulent “opt out” schemes AND the people who allow them to do it i.e. the regulatory authorities, should be burnt at the stake, cloned, and burnt at the stake a second time.
Yes; don't be evil, but only if you redefine evil to not include deception, hypocrisy and deceitfulness.
What's googles IP address?? is it 666.666.666.666 by any chance?
Really - I'm off the grid but now Google put me back on?
"If you happened to be a dissident in a country with no democracy and a poor record on human rights and justice, you might be quite disconcerted that databases of Google, Skyhook, etc. could be used to determine your location"
So I've got a house, broadband connection, bank, phone, pay bills, have a car etc. etc. but the only way the government can find me is because I foolishly wrote to them to let them know my MAC address and they asked Google where it was?
If I was in that situation I certainly wouldn't have a WiFi router broadcasting my location (assuming someone has my MAC address).
Someone said that there was/might have been a website that might have done something. Sure - maybe 1 in a million this would happen but given all the other ways to locate someone - it's a "horse bolted" situation.
Unless you're living in a cash only world anonymously in some squat without a mobile phone but, for some reason, with a WiFi router that you've registered with the government - I'm not sure what the issue is!
IPV6 makes this moot anyway. You will be broadcasting your IP address and mac so google ahoy.
"residential Wi-Fi routers " "Google Maps for Mobile"
There are only 48 bits in a MAC address, and not all blocks are allocated. How many webform submissions can that be to significantly empty their database...
Where does the "residential" come from? Google don't know whether any given WiFi MAC address is a residential one or not? You got WiFi, you had a driveby , Google got your location and your MAC.
I'm buying a cheap box 2nd hand so that we can swap WiFi boxes among mates in different parts of the country and follow the fun. You should do it too. It even works if you move between countries.
 Google Maps for Mobile is probably used to update the database. It knows where you are, it knows which WiFi signals it can see... this is why I no longer use it.
In Linux, it's relatively trivial to spoof a MAC. I know, I had 2 computers (Linux and XP) linked in Seattle once , used Wireshark (Ethereal then) to watch some bloke in the hotel probably watching pr0n, and capture his MAC addy.
Simple matter to spoof with 'ifconfig' then port-forward to my work's lappie. Free internet access, rather than $10/day they wanted.
Now, as Android is a kinda Linux derivative, wouldn't that concept work with it?
Maybe that's why it's semi-closed to stop folks hacking.
"If you do not wish to [situation] then please click this opt out link."
Hey, isn't that the same douchbag tactic spammers do to confirm your email address exists and someone is reading it?
Google know a shitload about the users of their services, probably more than most people would like them to know, giving them physical location confirmation through an opt-out process I'd imagine is just another load of data people would not want Google to know about.
Not only Google does this
Microsoft and many others are doing exactly the same (location database), and none of them offered an opt-in either, so this article is another sad excuse at Google-bashing. Shame on you, El Reg.
As far as I'm concerned, anything you can see from the streets or pickup from the airwaves is public domain.
Are you complaining that the road map mentions your street name? That nearly all GPS devices know exactly where your house number is (physically)? That your name appears in the telephone directory (unless you pay every month to keep it out)?
The wifi MAC list is a nice example of making good use of technology to assist navigation/location services, nobody is invading your privacy.
"Microsoft and many others are doing exactly the same (location database), and none of them offered an opt-in either, so this article is another sad excuse at Google-bashing. Shame on you, El Reg."
Another attempt to deflect attention to someone else! What Google are doing is bad. Shame on you for condoning this behaviour!
What's laughable is that you even claim this site is 'Google-bashing'!!! Strange really, because the Register is obviously a Google-Faux-Open-Source stronghold!
Your reaction towards a (rare) impartial article just reinforces you're rabid fanboism...
FYI a non listing in Directory Enquiries / The Phone Book™ etc are free. You can't opt out of the 'special' one though that is used to identify a line's location automatically in a 999 call.
(Specifically General Condition 4 of the General Conditions of Entitlement (“GC 4”)).
Wi-fi? Pah! Ethernet!
This is why using wireless at home is the invention of the devil.
Won't your WiFi box
let you change the MAC address it reports?
So long as it is not the same as your immediate neighbours your MAC address shouldn't matter.
You could keep changing it, picking ones from other locations, and then totally screw Google's WiFi location system in your area. Perhaps there should be prized awarded for the person who can fool peoples phones into thinking they are furthest from their current location. Perhaps we could all find the MAC address of some WiFi box in Google's offices. Double prizes should be awarded for getting wrong locations into their database. If we could get everyone in Mountain View to suddenly find they'd been relocated to say... Bogner. they might take the hint.
Don't broadcast your SSID
If you think ticking the box that says "disable SSID broadcast" meaningfully hides your SSID, you need to go read a little more, e.g. about Probe Request frames which J Random Client can use to discover which services are available nearby, with or without SSID Broadcast.
E.g. (semi-random choice)
@Dazed and Confused
The new BT HomeHub does something similar with wireless channels, changing channel when it sees other wifi routers in the area using the same channel for a minor performance boost.
It shouldn't be hard to add a feature to routers to switch your MAC every few hours/days/weeks - I'd pay good money
I remember reading their routers come configured to do this sometime early in the morning.
Certainly if you can get OpenWRT on your router then you should be able to do it, if not now then someone will write something to make it happen soon.
^ that was free.fr
Now the title is optional I forgot to put it in.
Hopefully the post makes a bit more sense now.
This is outrageous!
Google knows where WiFi MAC addresses are. Next you'll be telling me that the Royal Mail has a database matching my address with my postcode with my home's location.
Oh sorry, I didn't realise Google had the same function as the Royal Mail.
Hell, maybe I should give Google my name and full address aswell (if they haven't got it already)
Are you sure about that, Poppet?
Google's main revenue comes from advertising. However, they aren't using my MAC address, a sequence of 6 random-ish bytes, to shovel a load of advertising in the form of junk mail through my front door every morning. I'm unsure that the Royal Mail and Google have different functions. One provides free web search results as an excuse to spew ads, the other we all pay to deliver birthday cards etc. as an excuse to fill my house with ads. Just sayin'...
p.s. I know about the mail preference service. www.mpsonline.org.uk Opt-out, right?
The irony of it.
My post above prompted me to renew my mail preference service registration. At the end of the web form, the website asks for an email address to send you an opt-out link. Hotmail put that message in the junk mail folder.
@Symon 12:15 GMT
There’s another difference as well Symon, if somebody wants to drop ads through my letterbox, they have to say somebody to deliver that service for them.
However if google want to drop ads into my inbox/browser session that they are abusing a service that I pay for and I will tell them to go away with two words of my choosing (hint: the second word is “off”).
"how does Joe Public get hold of my location?"
I don't know the details of how it works but I am pretty sure there is (was?) at least one public-facing website where you could enter anybody's WiFi MAC address and if they're on the location services database you get a location for it. Maybe Bruce Schnieir has a link?
Now, if you had split unpleasantly with a partner and the partner took the router and you knew the MAC address...
Yes it's far fetched and improbable. Also far fetched and improbable is a nuclear power station in a tsunami zone without proper flood defences. Doesn't mean it won't happen.
Google (and anyone else collecting this without permission) should be forced to remove all information collected without permission, and start over.
Any type of data collection that involves this level of information that was collected by a private citizen would be grounds for a stalking complaint in many localities.
Why are they different? Not that anything will change, but this really sucks.
Example WiFi MAC address to location service
A URL to a public site that allegedly offers a WiFi MAC address to location service, e.g. for unbelievers to try, no authentication necessary, was in a post submitted by me a few minutes ago. The post was rejected, even though the underlying technology (including a Google API?) is afaik all documented and published.
I know these things exist, and I'd like you to see them for yourself. You, dear reader, apparently have to find them yourself. Shouldn't take long, using your favourite advertising-serving engine.
If El Reg blocks this post too, I'd like to know why. I am not an anonymous coward, you know my email address, but my email address or other identity information is not relevant to the general discussion. Thank you.
MAC to location website
I tried finding the website mentioned and I'm surprised The Register rejected the link. Here's an article from the register about it -
Some of the comments say it doesn't work - some say it does I'll have to dig out my MAC address when I get home and give it a try.
So I'll have to concede the situation with a mad, but knowledgeable, ex partner figuring out how to track you could be in issue (still very rare I would have thought) but still can't see the concern over a dodgy government suddenly managing to locate someone for reasons mentioned earlier.
Didn't work for me
My MAC address was not found - not sure why as I have Android Google maps app and have had the router for about a year.
What a load of tosh.
1) As an Android user I can confirm that in over a year of using the Location services I have never had an ad "pushed" onto me because of my location.
2) Google no longer collects WiFi MAC's since the "sniffing" escapade - they now do it in exactly the same way that every other company does it - via an app. As I understand it - the Google Maps application sends the MAC addresses of visible access points along with the cell tower you are connected to. If the location database contains MAC addresses and cell phone tower the phone then uses aGPS to get a quicker lock based on the approximate lat and long the database gives the phone. I would imagine that when the phone acquires a GPS lock it will then send it's current lat and long to Google which will help to further fine tune the location database.
Skyhook (as far as I know) were actually the first company to start using WiFi MAC's for geolocation.
Personally I find the service invaluable as GPS is a battery hog and some apps (HTC Sense Weather) will get your approximate location from Google via the location database and use that instead of activating the GPS.
3) What Google and every other company using this idea are doing is not wrong or illegal - YOU are using an unlicensed radio frequency - it's being broadcast to anyone in the immediate area. It is no different from standing outside your house and shouting a random phrase in italian - anyone who happens to be passing by who understand Italian knows what you are saying and can tell whoever they like that you were standing outside shouting it.
4) Hiding your SSID will actually stop your MAC going into the Google database - providing you never connect to it while using the Google location services.
X has not r happened yet, therefore it never will
"in over a year of using the Location services I have never had an ad "pushed" onto me because of my location."
Therefore it will never happen, right?
And the info will never be abused by Google or anyone accessing their database (with or without authorisation)?
Bit of a logic fail there, wouldn't you say?