Google location tracking can invade privacy, hackers say If you've got a Wi-Fi network, chances are Google has used its top-selling Android mobile operating system to store your router's precise location and broadcast it for all the world to see. Google has been compiling the publicly accessible database of router locations in its quest to build a service, a la Skyhook, that …
... we did tear into them when they did the Streetview wifi-slurping, and they've pulled back from it. Trouble is the fuckers just found a different way to do it. There is a difference, though, between the Google and Apple activities : Google are treating wifi AP IDs as a public resource, whereas Apple are collecting detailed records of individuals' movements. Much as I hate what Google are doing, I find Apple's activities just a bit more scary.
On the plus side, Google think my router is in a street three miles away, so I'm not too unhappy. I'd be interested in whether or not that improves over time.
Did you read the article? Google is doing the very same tracking on their phones. Which btw is not detailed at all in neither.
And before people give me the "oh but Google is limited to 50 entries [and 200 wifi points]" that's still enough info to locate your general whereabouts for the past 1 or 2 days, which is what really matters (who cares where you were weeks ago).
Also Apple's info has a tendency to put you in strange places like Vegas (well documented by several people) or some weird city in France if my own info is to go by, so it's got errors anyway, it's not something that can be used against you. I've not seen anything about errors in Google's data.
... and yes I did read the article. If you look again at what I wrote I said I was specifically more concerned about the activity logging, vs the wifi locating. I suppose I could have referred instead to Google's similar activity, but I think it's more inclusive to stick it to Apple as well.
Anyway, it seems they're all at it and I don't really care how accurate or complete the data is : it is way too much more than is needed to support location services : all you need is current location for that and history is irrelevant (so why keep it?). So I agree that Google's tracking efforts, even though more limited, are just as objectional as Apple's.
Any apps out there to trash the stuff?
this is non-news, where the apple problem is real news.
Almost all the MAC to location data is obtained from Streetview cars...
Personally, I am really happy with my Android location awareness, without the need for battery sluping GPS. It's not saving my location, nor is it sending it anywhere UNLIKE apple...
Seems this whole story is built up around the principle of Apple damage limitation mode....
Google stopped collecting MAC addresses using Street view cars and move to Android phones last year, read up on:
http://www.theregister.co.uk/2010/10/20/google_has_no_plans_to_resume_street_view_wifi_collection/
Also try to lay off that Google kool-aid, it's turned bad already.
Great. You like Google's location service.
Google doesn't own my access point, nor collect any fees from me in exchange for using it to sell ads.
And yet, if you're on my block, my access point's MAC address is being monetized by Google to make your phone give you better location signal and push ads to your phone.
I'd like to see everyone who's got a MAC in their database send them a bill for providing location services.
The fact that I have encryption flipped on is, in the eyes of the law, enough to define my router as a protected computer system.
Accidentally stumbling upon it looking for your own AP is one thing. Recording it, geotagging the address, and phoning home to store it with Google? That's quite different.
(You _do_ understand that a MAC address is broadcast whether or not SSID broadcasting is suppressed, I hope.)
".. you all tore Apple to shreds about their location services file, now its time to do the same to Google."
This pretty much answers all of the complaints in response to this, and gives a good reason not to tear into Google:
http://www.androfun.com/wp-content/plugins/wp-o-matic/cache/40dd3_googlelocation.png
See that option there? Where is that on the iPhone? That's why it got tore into.
Re: +++ak
"Did you read the article? Google is doing the very same tracking on their phones. Which btw is not detailed at all in neither."
Well to be fair, reading the article is little help. The article has Google's statement saying it's opt in and is then followed by "We're guessing the only way to opt out is to exchange your Android device for a competing handset." - umm no, see the screenshot above.
What gets me is all the whiners who are probably using AGPS without even realising it, who are getting accurate location fixes (with 100m) without turning on their GPS and just being happy with their phones then come to whine when they find out how it works.
It's not magic and it requires information, if you don't like that information being collected, don't use the feature and/or buy a phone that allows you to disable it. But if information scares you... smartphones are probably not the right device for you.
Damned fanboys.
Hmm... Don't know how hard it is to build a custom rom for an Android device is, but theoretically, couldn't one just eliminate the offending code ? (Assuming rooted phone).
Or does it reside in some stupid daemon with no source code. Still, might be able to do something about that if it doesn't do anything too important.
Don't know much about Android innards, to be honest. Must check to see if it's been done. Anyone know?
This is shit. My gf has an android, because I told her that the church of jobs was underspecced and too expensive and I prefer open source based software.
So now Android is barely open source and they are spying on our hardware. What a bunch of wankers.
I hate them all, I just want to go and live in a field somewhere, till the land, make clothes out of sheepskin, expect nothing more than a cup of sugar for my birthday, sing fireside songs and fuck my brains out for entertainment....
No I'm not a luddite, I have a Soft Eng degree, but please stop the world, I want to get off
There is something wrong with the Google culture itself. How google updater works could be a nice example. It will check updates as admin user every 2 hours (yes, hours) and it will run even while no other google app running. It will stay, with same behaviour for 24 hours even all other Google apps removed.
If you block it with firewall, it will go really crazy. Ask IT admins about the nightmare they lived and the traffic it generated.
Now such behaviour can't come from a healthy culture. They must change their culture before it is too late.
Aw, come on, it's irresistible: all that data from all those phones that other people have bought, automatically collected and uploaded? Wouldn't you do the same? I know I would.
Now, if all that location information could be put together with the data from *every* search you have *ever* done, combined with every public record of your existence, and fed into the Google Psychological Profiling software at its purpose built facility in Delaware...
< pauses for evil laugh >
PS: it will be even more fun when people pay for everything with their phone!
On a country lane in the UK. But OTOH, it's not straightforward to learn the MAC address of a remote device, unless it's broadcasting a Wi-Fi signal and you're in range (in which case it must be, by definition, nearby - and if you have a directional antenna it wouldn't be difficult to locate it).
...will be the MAC address of the ADSL port on their router, not the Wifi port, so I think the point stands. Wireless MAC addresses are really only visible within the range of the device.
Also, I'm not sure whether the bottom 64 bits really are *usually* the MAC address. Firstly, this is a known privacy issue and various RFCs have addressed it. Secondly, the written (text) form of an IPv6 address provides net admins with a real incentive to use some other method, so that they get a large block of zeroes in the middle of the address.
Well, as you, and plenty of others who are highly concerned about this have demonstrated, a certain amount of bizarre thinking exists.
You were concerned about Google linking your MAC address to your location so you've entered (what will normally be your own MAC address) into the website of a 'hobbyist hacker' to provide a new database containing your MAC address, your location and you IP address.
That web page truly is Opt-in - don't enter your MAC address if you don't want your IP address recorded along with it - with no guarantees of privacy - and people on this site, who should be a bit more savvy are flooding to it to give up their private information - bizarre?
Thanks for the warning but I'm not an amateur, of course I used a VPN for this plus full browser lock down.
But also no I'm not that overly concerned about this sort of privacy. Did you find me complaining about it? Just surprised that Google doesn't have some complex crypto setup for this information, this way it seems their competition can easily use it for their own location solutions for free.
Er, what data? His site is clearly capable of collecting wifi MAC addresses, though we've no evidence that he doesn't just drop them on the floor once he's served up the map. He could also be collecting IP addresses, just like every other site on the planet, but we've no evidence that he is doing that either. He's definitely *not* collecting personal or geographic info, beyond what can be inferred by any other site, since his site does not ask for any.
Sometimes I wonder just what privacy horrors we are missing, whilst we fret over non-events like this one.
yes, but we have no evidence that he is NOT doing it.
You have to assume that he might be building a database mapping IPs to MACs to locations, since it would clearly be possible, and well within his technical expertise to do so.
My point is that he is (hopefully) not dumb enough to do so, because he has been in legal trouble in the past, a stunt like this would land him so far behind bars, they would have to pump him oxygen.
Essentially, if you had bothered reading my post properly, you would know that I was agreeing with you, but from a slightly different point of view. No need to flip your lid over it, honey.
I didn't provide my location, and (almost certainly thanks to an El Reg article a year or two back) I happen to know that my wifi is already mapped on someone's war-driving site, so I'm not terribly concerned about the privacy implications.
Come to think of it, I'm not too sure I care anyway. Whilst *my* location is quite variable, my *router's* location hasn't changed for quite a few years now and has separate MAC addresses for the ADSL (internet-visible) and wifi (war-driving visible) ports, so it's hard to see quite what the privacy implications are.
The ico (Information Commissioner) who are supposed to protect us are a bunch of lazy, technically illiterate bunch of freetards.
Due to them Google was let off lightly when steetview was found to be 'accidentally' collecting all our broadband data and mac addresses as it breezed down the streets of Britain. Most other nations (even third world) took this seriously and court cases are still going on.
The ico could not protect a child from getting his ice lolly pinched.
Something needed to be done about privacy laws 5 years ago, which would have meant that by now, we would have had some laws in place that were ready to prevent it ever getting this bad in the first place. But no, 5 years ago there were too many brainwashed sheep online repeating what they had been taught to say such as, "if you've got nothing to hide etc.." and that persisted until people interested in history could show the "nothing to hide" argument is a complete pack of lies and the lies come from the people who want to spy on everyone.
The abuse of our privacy online has become a completely lawless wild west for morally corrupt companies to do whatever they bloody well want and like with our privacy information and we can't stop them and its all done for their gain. Worse still the governments have intentionally done nothing to stop it because they don't really want to stop it. This is shown perfectly by the way Phorm have got away with so much. Its prefect proof of how the government are not interested in protecting our privacy. Thats because the governments know they can also abuse all our privacy information for their gain as well. So as the governments will not stop it, its going to get ever worse.
For example “Google pledged to stop using its world-roving Street View vehicles to collect Wi-Fi data and said it instead would rely on Android handsets to get the information”
Which means we are now at the shocking point where Google are trying to use all Android users literally as their spies! ... All to build up information for Google ... That means every Android user is now a spy for Google! We are all becoming effectively like a modern day electronic version of the Hitler youth reporting back to Google high command! It means any information Google wants, they just have to update their OS and then we all spy for them! Hows that for Orwellian and its happening now! So WTF are we to face in the years to come, now we are already at this shocking point!
Its completely lawless and the governments don't want to stop the companies and it won't stop, it will continue to get ever worse, until finally everyone has had enough of the corruption and exploitation and everyone finally stands together against the governments and says no more. Then and only then will the governments begrudgingly start to slowly, ever so slowly, stop the companies exploitation and it will take years of them delaying at every step, because they don't really want to change and it will get a lot worse in that time.
Right there under Settings -> Location & Security. You either check or uncheck "Use Wireless Networks" and when you check it, you're presented with "Allow Google's location service to collect anonymous location data. Collection will occur even when no applications are running." and Agree/Disagree buttons.
Clicking "Disagree" keeps it unchecked and it'll then only use GPS for location, and presumably won't gather data.
and if I "Disagree", it won't let me on my wireless network. This is on Gingerbread.
But the identification of my router and location by Google is the last straw. I used to be an Android supporter, but I have now mothballed my Nexus One and I'm back to using my dumb phone. I will terminate my phone 3G tomorrow as well. No real loss there because I will still retain mobile 3G access using a non-phone device.
I'm not an Android user, but two of my three wireless routers (at different locations, one approx 2.5 miles from the other two) are pinpointed fairly accurately by this. Incidentally, the one which isn't in the database, is running in a (mainly) shielded room, so I wasn't too surprised it wasn't there.
I don't really care about what Android users agree/disagree to disclose, *I* did not give Android users (or Google) consent to store the geographical location of these devices, let alone give them permission to flag the existence of these WLANS to all and sundry. That's what's bothering me most about this, these routers are configured not to broadcast their SSIDs.
Lets say you communicate with your doctor, sending test results, your conditions to his hospital email.
That doctor, being clueless or plain lazy, forwarded all his hospital mail to gmail. You don't even know about it.
Instantly, your data is in Google hands which they have right to parse because of the EULA that Doctor never cared to read before agreeing.
I think it is worse than your wifi collected.
Well, I discovered something. The BSSID on the freebox (the modem/router provided by French ISP Free) appears to be randomised on each reboot. The database doesn't know anything about my wifi. However all the other ones nearby from other ISPs are spot on, it can't be any more than a couple of metres off...
I usually have the GPS off anyway. Turned it on, it'll be interesting to see how soon my wifi shows up in the database.
"All location sharing on Android is opt-in by the user. We provide users with notice and control over the collection, sharing and use of location in order to provide a better mobile experience on Android devices. Any location data that is sent back to Google location servers is anonymized and is not tied or traceable to a specific user."
And the phone captures my wi-fi access point, which BTW I didn't give Google permission to do this.
I don't own a google phone.
It is 'War Driving' by proxy and its illegal.
What country are you in? Is war driving illegal?
Breaking the WEP/WPA and accessing the network would be illegal under hacking laws. Accessing an open AP is a bit greyer depending on your country, but just detecting the existence of a wireless point is simply listening what it is publicly broadcasting.
I'm in the US.
War Driving became illegal in the US post TJMAXX.
Any unauthorized access is illegal. There was a case of a guy driving up to the parking lot of a coffee shop to use their free wi-fi and he was arrested.
While the law is pretty clear on this... catching someone and prosecuting is harder to do.
What country do you live in?
I'm in the UK.
I agree that accessing a wifi point, and actually using it as is the case with your countryman and the coffee shop would be illegal here too (I think!). Although depending on the situation (i.e. accidentally accessing the neighbours open wifi) you could probably get away with it... Not so much if you have driven round and parked to "borrow" some bandwidth though, shows intent.
Kinda odd really, as in England, the physical trespass laws are such that if you leave the front door open, and somebody walks in, they aren't actually committing a criminal offense.
Anyway, the difference here is that the content of the message isn't been recorded, the MAC is in the header, and the connection being offered isn't actually being used or exploited.
After all, every wifi client device in existence that spits up a list of available access points, both encrypted and open when you say "scan for wireless access point" is reading and displaying exactly the same data which google is listening out for.
Maybe the fact it is recorded/logged might make a difference in the eyes of the law.
BTW, many years ago the cops tried to make speed camera detectors illegal over here by saying it was listening to police broadcasts. One of the manufacturers successfully defended their position by saying it wasn't allowing the owner to listen to a police broadcast, it was merely indicating the presence of one. IIRC the cops then changed tack and went at it from a "obstructing the course of justice"... sneaky so and sos.
Under UK law it's illegal to intercept radio communications not intended for you. Making use of information intercepted (e.g. recording it in a database that others have access to) was always treated as an aggravating offence.
To quote from ofcom's site:
There are two offences under law:
Under Section 5(1)(b) of the WT Act 1949 it is an offence if a person "otherwise than under the authority of a designated person,
either:
(i) uses any wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of any message whether sent by means of wireless telegraphy or not, of which neither the person using the apparatus nor a person on whose behalf he is acting is an intended recipient;
This means that it is illegal to listen to anything other than general reception transmissions unless you are either a licensed user of the frequencies in question or have been specifically authorised to do so by a designated person. A designated person means:
the Secretary of State;
the Commissioners of Customs and Excise; or
any other person designated for the purpose by regulations made by the Secretary of State.
or:
(ii) except in the course of legal proceedings or for the purpose of any report thereof, discloses any information as to the contents, sender or addressee of any such message, being information which would not have come to his knowledge but for the use of wireless telegraphy apparatus by him or by another person."
"simply listening what it is publicly broadcasting" is OK by me. But they are not just simply listening, they are recording and subsequently publishing or making use of what they 'heard'. Is it OK for me to make and sell recordings of any radio or TV broadcasts that I pick up by "simply listening"?
"Is it OK for me to make and sell recordings of any radio or TV broadcasts that I pick up by "simply listening"?"
As long as you have the permission of any relevant copyright holders, I don't see why not. I don't think the *broadcaster* can do anything about it.
Returning to the wireless access point, the "existence" broadcasts have no copyrightable content and their intended purpose is to be heard by any receiver within range, so I don't think there are any legal problems here either.
Once the data has been stored by Google and collated with some identifying information, it might be subject to the Data Protection Act. But that's only a wild guess. IANAL.
I still see no difference between what Google are doing, and running around with a CB set to channel 19. If you don't want every Joe and Jane in the area being able to see your Facebook password, encrypt your damned connection!
Anyway, the difference between what Google and Apple are doing, is that Google at least seem to be telling you what they are doing. How many iDevices tell you how much snooping that "free" fart app is doing before you install it? What about all the wibbling that Steve did after he found out third parties had snuck out details of his precious fondle-slab, by snarfing data from the development models as part of advertising programs? Notice how even the Apple developers didn't know their apps were grassing on them.
You think he was more pissed off that someone was doing it, or more pissed off that HE wasn't? Google, Apple, Microsoft, all want your data and all for the same reason.
My wi-fi router broadcasts it SSID with the expectation that this will be used by my or permitted users to find my network so that they can connect to it.
Accessing and using this information outside of its intended purpose is illegal.
Now here's a funny thing...
Suppose you have an android phone or iPhone where they are capturing information on SSIDs in your area. Suppose they find an unencrypted wi-fi.... now how hard would it be for the phone to automatically connect to the wi-fi network (if not already connected) to send data back out of channel of the edge/3G/4G network so that its not charged to you?
Color me paranoid but its possible...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
