I still find this totally unbelievable, breathtaking arrogance etc
Who sighed this off at Google? Using my equipment to generate more revenue for Google. Don't be evil. Do me a favour.
Google has given the owners of Wi-Fi routers around the world the right to opt out of a registry that the search giant uses to locate mobile phone users. Currently Google uses location data tied to the unique codes of residential Wi-Fi routers to help triangulate the location of mobile devices. Google made the change …
So are you also up in arms about who signed this off at Apple, Microsoft, Skyhook and many, many more. None of whom have an opt-in or, as far as I know, an opt-out.
Skyhook's whole business in this area is based on WiFi triangulation (along with cell tower and GPS).
So Google are possibly the first to offer an opt-out and it causes a storm?
...to Bad Little Poppet didn't bother to read the comment and understand it prior to jumping on the Google is a POS train. We already know that Apple has and did use very similar information on the Apple IOS devices. This sort of thing is not new. It is not like Google is the first to introduce this to market. They are one of many who are using this (which was AC's point). For now they are the first that seem to be pretty honest about the fact that it exists and are giving you options to control portions of it. If you wanted to debate the fact that this exists at all...that is a very different discussion.
Perhaps my post was a little unclear, my bad. Google has a massive PR machine telling us it's warm and fuzzy and has as part of it's company dogma "Don't be evil". It then employs the same kind of corporate "it's available so why shouldn't we just go ahead and use it" attitude to generating income using my equipment. Google is a corporation, I am an individual. If it wants to make use of Wi-Fi to generate another income stream it should negotiate a deal with other corporate entities who use Wi-Fi routers. Being ethical make business a little harder, not impossible.
That there are plenty of other companies driving around "slurping" your Wifi MAC to use for Geolocation databases.
Microsoft, Apple and others are all at in in addition to Google, however that does not may sensational news, and nobody dare criticise Microsoft or Apple, as the advertising cheques stop arriving if you do.
So you might call it arrogance, but I think you're a clueless idiot, so you don't count.
Uhm no.
There are only two companies that actually drive cars around the world mapping the road system.
One is Google.
The other one I can't talk about. (Hence anonymous for obvious reasons.)
Only Google is mapping your private wi-fi hot spots.
Only Google was guilty of war-driving.
Only Google filed a patent on war-driving.
That is arrogance.
Apple and Microsoft don't drive cars. So they can't slurp your wifi data. If you are thinking that by using A-GPS on their mobile devices and reporting their location and what wi-fi 'hot spots', its not that accurate. (Note if you live in mid-town Manhattan and had enough people carrying an iPhone, you could extrapolate a rough idea of your position. But there's no or little value in doing that. A-GPS is going to be faster and easier to use.
I do wish the ICO would remember that it's job is to police the collection and misuse of ALL personally identifiable information, not just the accidental cockups of the public sector, but the deliberate, for comercial gain, acts of private companies and individuals as well.
geolocated data for fixed installations is easily tied back to a person(*) (hence personally identifiable data), and hence collecting it is an offence under S55/DPA98, so is selling it to marketing companies after you have collected it.
So that is £500k, and up to 12 months on conviction, potentially for each instance.
One can also argue about interception of comunications.
No company is going to take UK communication, computer misuse and data protection laws seriously until after the ICO and police have dented the corporate bottom line, and locked up a couple of company directors.
(*) e.g. a home wifi router at a house with only one person living in it.
There's no info available on how they intend to do this, but I wouldn't mind betting that the opt-out process will involve some form of communication with Google that provides more information than they already have (name, e-mail address etc.).
The only satisfactory way to do this is to put the db to one side and start again with a register of people who actively sign in to the scheme. When someone signs-in and provides the MAC address of their router (I'm sure Google can provide an app for that), Google can incorporate the location data from the previous db into the new register. All above board, then.
So google have my mac address. So what? Yes they're using my information to a) make more profit for themselves somehow (indirectly) and b) help people LIKE MYSELF who can get a quick triangulation of where they are if GPS signals aren't forthcoming. Really, why does it matter? I have a fixed IP address, I have domains registered to my address, I have all sorts of info out there that aren't really of much use to anybody but a criminal. If Google have my MAC address and approximate location, is it any different to any other organisation having my name and address? All this "right to privacy" crap really does wind me up. Yes, we all need our privacy, but we live in a connected world. We want to be a "global village" but wake up - in a small village everyone knows what everyone else is doing.
Losing useful functionality like wifi triangulation because of "privacy concerns" is really like saying "let's lose some really useful functionality because there are some criminals out there who might make use of it".
I was at a friend recently, who moved house, and my stupid iphone told me I was somewhere completely different from where I thought I was.
And anyone who can associate that mac address with you can then and forevermore know your geographic location. I can think of many undesirable consequences, especially when I'm trying to get away from an abusive fiance.
Really useful functionality such as leaving your front foor open so the postman can deliver parcels would seem like a good idea right up until someone steals your furniture. That's why we don't do it.
There's a post up there about being tracked by someone via google somehow. Other than the general principle of privacy (which I'm not dismissing), this is the only objection and I don't get it. If my MAC address is on a Google server somewhere, how does Joe Public get hold of my location? Do they hack into secure servers at Google HQ? If they're that clever than I'm sure they can get into DVLA, council computers etc.
I mean - if I told you my routers MAC address, could you tell me where I am? I'm sure Google have it.
Perhaps I'm missing something - I'm no expert.
Secondly though, if I'm broadcasting a unique identifier that I think someone might have to half the street and the complain that someone might find me - aren't I being a bit of an idiot even without Google? It'd be a bit like having a large sign outside your house with your name on it.
Thirdly - presumably the people opting out will also not have a mobile phone on the grounds that their service providers will know where their phone is.
Your scenario concerning abusive fiancées makes no sense. First off the fiancée has to find out the mac address, how are they going to do that? If they no it already then they already know where the person is because the only place they're going to find that information is from the AP.
Also it's trivial to change the mac address/SSID etc. of the router. Chances are if this person is trying to hide they've also changed their phone number, ISP, router etc.
I just can't see a problem with it, Microsoft and Apple are doing exactly the same thing.
This post has been deleted by its author
If you happened to be a dissident in a country with no democracy and a poor record on human rights and justice, you might be quite disconcerted that databases of Google, Skyhook, etc. could be used to determine your location. Your dismay might be heightened when men in balaclavas kick in your door and cart you and your family away, never to be seen again.
"If you happened to be a dissident in a country with no democracy and a poor record on human rights and justice, you might be quite disconcerted that databases of Google, Skyhook, etc. could be used to determine your location"
So I've got a house, broadband connection, bank, phone, pay bills, have a car etc. etc. but the only way the government can find me is because I foolishly wrote to them to let them know my MAC address and they asked Google where it was?
If I was in that situation I certainly wouldn't have a WiFi router broadcasting my location (assuming someone has my MAC address).
Someone said that there was/might have been a website that might have done something. Sure - maybe 1 in a million this would happen but given all the other ways to locate someone - it's a "horse bolted" situation.
Unless you're living in a cash only world anonymously in some squat without a mobile phone but, for some reason, with a WiFi router that you've registered with the government - I'm not sure what the issue is!
"I have all sorts of info out there that aren't really of much use to anybody but a criminal"
Precisely the reason to hide it, it really doesn’t matter to me if my neighbours / google / mickeysoft / Amazon etc. know a shit-load of my personal details as I have a reasonable level of trust with them, and I use peer guardian and various plug-ins to keep (most of) the irritating ads out of my browsing session anyway.
However given the frequency with which websites are hackced and have membership details stolen and the way grubberment employees lose CDs, USB devices etc., I find it more comforting to keep as much of my private information private by not giving it out to anyone in the first place.
So; let me get this clear, google will not record my SSID/MAC address on their databases if contact them and tell them my SSID/MAC address/name/email address/physical address/stool sample so they can put a record on their databases with my SSID/MAC address/name/ email address/physical address/stool sample telling them not to record such information?????????????
I'm with Stephen Gray on this, I too find the arrogance of google sickening, the crucking funts who implement these fraudulent “opt out” schemes AND the people who allow them to do it i.e. the regulatory authorities, should be burnt at the stake, cloned, and burnt at the stake a second time.
Yes; don't be evil, but only if you redefine evil to not include deception, hypocrisy and deceitfulness.
What's googles IP address?? is it 666.666.666.666 by any chance?
There are only 48 bits in a MAC address, and not all blocks are allocated. How many webform submissions can that be to significantly empty their database...
Where does the "residential" come from? Google don't know whether any given WiFi MAC address is a residential one or not? You got WiFi, you had a driveby [1], Google got your location and your MAC.
I'm buying a cheap box 2nd hand so that we can swap WiFi boxes among mates in different parts of the country and follow the fun. You should do it too. It even works if you move between countries.
[1] Google Maps for Mobile is probably used to update the database. It knows where you are, it knows which WiFi signals it can see... this is why I no longer use it.
In Linux, it's relatively trivial to spoof a MAC. I know, I had 2 computers (Linux and XP) linked in Seattle once , used Wireshark (Ethereal then) to watch some bloke in the hotel probably watching pr0n, and capture his MAC addy.
Simple matter to spoof with 'ifconfig' then port-forward to my work's lappie. Free internet access, rather than $10/day they wanted.
Now, as Android is a kinda Linux derivative, wouldn't that concept work with it?
Maybe that's why it's semi-closed to stop folks hacking.
Hey, isn't that the same douchbag tactic spammers do to confirm your email address exists and someone is reading it?
Google know a shitload about the users of their services, probably more than most people would like them to know, giving them physical location confirmation through an opt-out process I'd imagine is just another load of data people would not want Google to know about.
Microsoft and many others are doing exactly the same (location database), and none of them offered an opt-in either, so this article is another sad excuse at Google-bashing. Shame on you, El Reg.
As far as I'm concerned, anything you can see from the streets or pickup from the airwaves is public domain.
Are you complaining that the road map mentions your street name? That nearly all GPS devices know exactly where your house number is (physically)? That your name appears in the telephone directory (unless you pay every month to keep it out)?
The wifi MAC list is a nice example of making good use of technology to assist navigation/location services, nobody is invading your privacy.
FYI a non listing in Directory Enquiries / The Phone Book™ etc are free. You can't opt out of the 'special' one though that is used to identify a line's location automatically in a 999 call.
(Specifically General Condition 4 of the General Conditions of Entitlement (“GC 4”)).
"Microsoft and many others are doing exactly the same (location database), and none of them offered an opt-in either, so this article is another sad excuse at Google-bashing. Shame on you, El Reg."
Another attempt to deflect attention to someone else! What Google are doing is bad. Shame on you for condoning this behaviour!
What's laughable is that you even claim this site is 'Google-bashing'!!! Strange really, because the Register is obviously a Google-Faux-Open-Source stronghold!
Your reaction towards a (rare) impartial article just reinforces you're rabid fanboism...
:)
let you change the MAC address it reports?
So long as it is not the same as your immediate neighbours your MAC address shouldn't matter.
You could keep changing it, picking ones from other locations, and then totally screw Google's WiFi location system in your area. Perhaps there should be prized awarded for the person who can fool peoples phones into thinking they are furthest from their current location. Perhaps we could all find the MAC address of some WiFi box in Google's offices. Double prizes should be awarded for getting wrong locations into their database. If we could get everyone in Mountain View to suddenly find they'd been relocated to say... Bogner. they might take the hint.
If you think ticking the box that says "disable SSID broadcast" meaningfully hides your SSID, you need to go read a little more, e.g. about Probe Request frames which J Random Client can use to discover which services are available nearby, with or without SSID Broadcast.
E.g. (semi-random choice)
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e8297.shtml
The new BT HomeHub does something similar with wireless channels, changing channel when it sees other wifi routers in the area using the same channel for a minor performance boost.
It shouldn't be hard to add a feature to routers to switch your MAC every few hours/days/weeks - I'd pay good money
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
There’s another difference as well Symon, if somebody wants to drop ads through my letterbox, they have to say somebody to deliver that service for them.
However if google want to drop ads into my inbox/browser session that they are abusing a service that I pay for and I will tell them to go away with two words of my choosing (hint: the second word is “off”).
I don't know the details of how it works but I am pretty sure there is (was?) at least one public-facing website where you could enter anybody's WiFi MAC address and if they're on the location services database you get a location for it. Maybe Bruce Schnieir has a link?
Now, if you had split unpleasantly with a partner and the partner took the router and you knew the MAC address...
Yes it's far fetched and improbable. Also far fetched and improbable is a nuclear power station in a tsunami zone without proper flood defences. Doesn't mean it won't happen.
Google (and anyone else collecting this without permission) should be forced to remove all information collected without permission, and start over.
Any type of data collection that involves this level of information that was collected by a private citizen would be grounds for a stalking complaint in many localities.
Why are they different? Not that anything will change, but this really sucks.
A URL to a public site that allegedly offers a WiFi MAC address to location service, e.g. for unbelievers to try, no authentication necessary, was in a post submitted by me a few minutes ago. The post was rejected, even though the underlying technology (including a Google API?) is afaik all documented and published.
I know these things exist, and I'd like you to see them for yourself. You, dear reader, apparently have to find them yourself. Shouldn't take long, using your favourite advertising-serving engine.
If El Reg blocks this post too, I'd like to know why. I am not an anonymous coward, you know my email address, but my email address or other identity information is not relevant to the general discussion. Thank you.
I tried finding the website mentioned and I'm surprised The Register rejected the link. Here's an article from the register about it -
http://www.theregister.co.uk/2010/01/05/geo_location_stealing_hack/
Some of the comments say it doesn't work - some say it does I'll have to dig out my MAC address when I get home and give it a try.
So I'll have to concede the situation with a mad, but knowledgeable, ex partner figuring out how to track you could be in issue (still very rare I would have thought) but still can't see the concern over a dodgy government suddenly managing to locate someone for reasons mentioned earlier.
1) As an Android user I can confirm that in over a year of using the Location services I have never had an ad "pushed" onto me because of my location.
2) Google no longer collects WiFi MAC's since the "sniffing" escapade - they now do it in exactly the same way that every other company does it - via an app. As I understand it - the Google Maps application sends the MAC addresses of visible access points along with the cell tower you are connected to. If the location database contains MAC addresses and cell phone tower the phone then uses aGPS to get a quicker lock based on the approximate lat and long the database gives the phone. I would imagine that when the phone acquires a GPS lock it will then send it's current lat and long to Google which will help to further fine tune the location database.
Skyhook (as far as I know) were actually the first company to start using WiFi MAC's for geolocation.
Personally I find the service invaluable as GPS is a battery hog and some apps (HTC Sense Weather) will get your approximate location from Google via the location database and use that instead of activating the GPS.
3) What Google and every other company using this idea are doing is not wrong or illegal - YOU are using an unlicensed radio frequency - it's being broadcast to anyone in the immediate area. It is no different from standing outside your house and shouting a random phrase in italian - anyone who happens to be passing by who understand Italian knows what you are saying and can tell whoever they like that you were standing outside shouting it.
4) Hiding your SSID will actually stop your MAC going into the Google database - providing you never connect to it while using the Google location services.
"in over a year of using the Location services I have never had an ad "pushed" onto me because of my location."
Therefore it will never happen, right?
And the info will never be abused by Google or anyone accessing their database (with or without authorisation)?
Bit of a logic fail there, wouldn't you say?
That blocks all ads coming into an Android phone will make a fortune, even at $0.99 a pop. It will have to be an independent app, though, not a browser plug-in since alternative browsers that support plugins (e.g. Fennec) do not run on all Android platforms. My LG Optimus S for example :( And Oera fanbois and fangrrls can keep silent. I've tried every version of Opera since the beginning on Win Linux and Android and none of them meet my needs.
Cheers for following up but the web page in that earlier article is not the one I was thinking of (the service seems very restricted for a start, whereas the one being discussed in this article works in principle for any WiFi service whose MAC is in the DB, which is lots of them). And I still can't find the one which originally provoked some of this upset by showing how simply it could be done.
I *think* one of the widely publicised gelocation APIs in question is
http://code.google.com/apis/gears/api_geolocation.html but others (including one from MS, see below) exist.
Either way, if you can somehow get at the underlying MAC->location info for a MAC other than your very own, then you have the kind of location-revealing service we're talking about here.
Earlier this year both MS and Google had to tighten up access to that kind of info, for the kind of reasons being discussed here.
Here's some reporting of the MS escapade:
http://news.cnet.com/8301-31921_3-20085028-281/microsofts-web-map-exposes-phone-pc-locations/