Google Street View Logs Wi-Fi Networks, MAC Addresses

An anonymous reader points to this story at The Register that says "Google is collecting more than just images when they drive around for the Street View service. 'Google's roving Street View spycam may blur your face, but it's got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique MAC (Media Access Control) addresses, as the car trundles along.' There's a choice quote at the end: 'Google CEO Eric Schmidt recently said Internet users shouldn't worry about privacy unless they have something to hide.'"

The Reciprocal

If I don't have anything to hide, then what logical reason do you have to spy on me?

Of course this applies to private companies just as much as government.

And...

[MrZilla]

'Google CEO Eric Schmidt recently said internet users shouldn't worry about privacy unless they have something to hide.'

And what if I DO have something to hide? Will you then remove me from all of your databases and registers?

Re:And...

[tolgyesi]

Here in Hungary the German minority was deported in 1946 based on a previous census where they answered honestly about mothertongue because it was a neutral information at the time the census was made.

I just don't see the issue

[AdmiralXyz]

I know I'm supposed to be outraged about Street View. I'm trying, I really am. But the outrage just isn't there.

It's (generally) not illegal to take one picture of a storefront from your car. It's not illegal to take two, or three. Nor is it illegal to put those pictures on the internet. Google is just taking this process and deploying it on a larger scale than anyone previously had the resources for. I think it's the same with wireless networks. YOU have chosen to blast your MAC address into the ether for anyone within a certain radius to record, so why should you be surprised when someone does?

Google is just acting as an army of men with clipboards, no single one of whom is doing anything wrong, and for me it doesn't follow that there's something wrong when they do it en masse, provided they stick to public roads and take the privacy precautions (blurring faces, etc.) they have been.

Re:I just don't see the issue

[Xest]

The biggest concern I have with street view is:

a) Burglars no longer need to visit an area to scout it to check for targets. The common argument from the pro-street view group against this is that well anyone could come down and take a picture for the same effect- that's true, but here's the difference, using my house an example. I live on a cul-de-sac, to get to my house and take pictures without someone noticing a guy with a camera would take some doing, everyone on our street knows everyone else, if someone came down, and turned around, someone would see them. If there was a subsequent burglary, then there would be witnesses who could point the police in the right direction in terms of a number plate, or a description of a person, or person(s) looking dodgy. With street view this is gone, people can now scout our street without ever knowing, they can perform a burglary without anyone have ever seen anyone suspicious looking coming down the street to scout it. They can spend as much time as they want examining the images on street view for best ways to rob the houses, or steal a car or similar. As much as the pro-street view grouping likes to suggest that because the images are taken from public places, it doesn't decrease security or make things any easier for criminals, they are wrong, it does. Which takes me to the second point:

b) The street view camera is quite high up, when browsing around on street view in the UK down by my girlfriends grand mothers house, I followed along a road, and was amazed to see how many walls I could see over that I'd never seen before. One image showed right over a wall you can't normally see over into a person's french windows that aren't normally visible showing a nice big 50"+ flat screen TV and a bunch of games consoles and games in full view, that no one passing by in the street would have otherwise ever known was there. The camera was most certainly too high on the street view vehicles and nullifies somewhat the argument that the images were taken from places where people could normally take pictures- could is perhaps true, but would? No, no one was going to walk around on stilts, or sat on someone elses shoulders or similar to take pictures in what would otherwise be random places. Again, if they were criminals, and if they did this it would raise further suspicion. People would remember seeing the culprits around.

I understand the theory that street view doesn't cause any issues in theory because they are just taking images from public places, but it's a theory that simply doesn't map to reality. Anyone scouting an area physically will be seen, there will be witnesses, if they take pictures of people's houses there will be a lot of suspicion from residents, if they hang around getting a good look into people's houses, there will be suspicion. Nothing lets criminals plan out a highly profitable crime spree and even map their best exit routes without ever having to be seen quite like street view does.

In the UK, I think what fucked me off most recently about it is that street view drove past the SAS HQ on a public road and photographed that too, yet a couple of MPs complained saying it put the SAS HQ's security at risk. Google accepted this and removed the images- I mean, wtf? So it's only a security risk for one of the most heavily defended army bases in the UK full of the best trained troops in the world, but it's not a security risk for say some unarmed old pensioner whose house has been filmed as a prime burglary target? Even if the approach was consistent it would be something, yet even that's not the case.

All this is not to say I'm totally against it, I think it's a cool piece of technology and I think a dataset of the world in images that large could prove vital to building new image recognition technologies and so forth (i.e. improving Google Goggles), I think my real concern is that it's not something that was well planned out, there wasn't enough public consultation, it does raise issues, and those issues have not been discussed and see

Re:I just don't see the issue

[Yvanhoe]

Exactly. I think that when people blame Google for doing something clever and legal that they had not anticipated, they choose the wrong target for their anger. You think it is not normal Google can do that ? Well, maybe there is a need for a debate about privacy & the public place then. For too long, people suppose that the vastness of the "public space" works as an anonymizer. With video-surveillance, wireless-thingies tracking, etc... this becomes less and less the case. Soon we will have to assume that a simple google search under your name will reveal your address, the place where you go buy condoms, the place you entered yesterday evening, etc... It would be legal under the premise that the public space is, well, public. Is that something we want ? Maybe not, but then we don't have to be angry at google, we have to be angry at lawmakers and urge them to redefine what "privacy" means in legal terms.

The key factor that is changing is that in order to track someone, one used to have to spend considerable resources to spy him, to track his habits, etc... This practice was proactive and well defined. Now, tracking or spying someone can be an almost passive process. Put an antenna or a good cam in your street, and register bluetooth IDs of phones that pass by and use an OCR to capture all the car plates. New practices need new laws.

Re:I just don't see the issue

[canajin56]

Your neighborhood sounds horrifying if 24/7 you have people with binocs recording the plates of everybody who visits. There was an equally crazy "gated" community near where I lived. I walked down it, to see what it was like, see if it was worth the city park they bought and bulldozed to build it. Some guy with a notepad ran up to me "This is private property and just standing here will put you in jail, I know you're not visiting, there are no children allowed" and I said "Oh I'm just casing the place, what's your house number and when do you work?" he bolted, probably called 911 80 times. Scary scary 12 year old, was I. I know better now, of course. He doesn't work, that's why he can sit on his porch on constant guard against schoolchildren taking a shortcut down his private through street that leads to the duck ponds...if your strata doesn't want visitors, build a damn barbwire fence and put an armed guard on your gate like the rest do. Meanwhile, a still shot from Google doesn't help you case, because you can't tell when anybody works, it doesn't let you plan shit. And odds are, it doesn't show you much or anything of what they have inside. If it does, a casual walk down the street would show you that, no need for any "suspicious peering" as you call it. And far from being the most risky part of a burglary, taking a quick look around just isn't that hard. In a gated community, ya, anybody who doesn't belong must have hopped a fence to get in, and that's suspicious...but if not...well...I've lived on a cul-de-sac...have you, really? There are always cars turning in, realizing its the wrong turn, looping around, and leaving. Do you really write them all down just in case? And do you make quick sketches or photograph people who walk in on foot? I dunno, is the UK really that far gone into big brother? Do you really corner and grill people out walking their dogs? How dare they take a loop around your street, it's not theirs! GET OUT FOREIGNER!

Re:Tell Your Wireless ...

[tagno25]

What they are doing is not even questionable, it is completely legal. They are just making a Wi-Fi map via scanning, not attempting to connect to the Wi-Fi.

Re:Ignorance abounds

[petes_PoV]

If you don't want people to see the SSID of your AP, don't broadcast it.

Broadcasting an SSID is a strictly local affair - maybe within a range of 50 metres, tops. Having Google store the SSID and its location makes it a global issue. It makes it practical for the sort of government department we'd ALL prefer to keep away to hold and analyse this data.

However, the biggest problem I have with this sort of collection of data is that I was not asked if I minded having information regarding equipment I own collected by a third party, who then hold it and may pass it on to others without my permission, or even my knowledge.

Re:Tell Your Wireless ...

[anarche]

wardriving involves the theft of bandwidth, which is a commodity.

What google are doing is similar to me driving around with my mobile going "oh I've just found a wifi link" and auto-logging the mac address broadcasting.

So if what google are doing is as illegal as wardriving, I'd better turn "automatically find wifi" option off on my phone...

Re:WLAN location triangulation

[epiphani]

I personally discovered this when my phone started insisting that I was living at my old apartment whenever I was at home.

My old place is halfway across town, and I moved nearly a year ago. Yet whenever you can see my access point...

Re:Ignorance abounds indeed

[betterunixthanunix]

As I noted elsewhere, it would not take much for Google to include a feature in Chrome that reported internal network details to Google services, which could then simply match those details to this database. Informed people would probably avoid Chrome, but most people are not "informed" about the technical workings of computer networks.

Re:Tell Your Wireless ...

[Jawn98685]

This doesn't look good on the surface ... and reeks of Google's Buzz privacy blunders all over again. Why can't Google (and everyone else for that matter) just stick to the personal data people are foolish enough to hand over to the web? This type of action puts them on the edge of WiFi hackers who are "just seeing if it could be done" ... except for that they're doing it for tens of thousands of personal and business WiFi networks.

My first reaction was the same - "How dare they play so fast and loose with 'private information' like that...", but on reflection, I'm not sure it's a bad thing. My house has wifi. It is secured well enough that I don't need to worry about he neighbors borrowing my bandwidth or a drive-by spam cannon causing me grief. Several of my neighbors..., not so much. It's 2010, folks. The risk of running an open wifi is well-known, as are the means to secure it, and still, most wifi routers/access points come out of the box with little or no security enabled.

Maybe it is time to "raise awareness" of this reality. Of course, it's not Google's job to do this, and I doubt that they had anything so altruistic in mind when they decided to collect and publish this information, but I do hope that it will have that effect to some small degree, at least.

Re:Tell Your Wireless ...

[0100010001010011]

They've enabled locations in HTML5. I was playing around with "Dive into HTML 5" and for fun clicked on the "Locate me". It was dead on. Even though I was going through a Proxy server (so I know they didn't find me through IP). Scroll to the bottom, it's "A complete live example"

Prey Project using it as the geo locator for theft recovery. I've had Orbicule's Undercover for a while, and they use Skyhook. Prey Project is 100% open source (all bash scripts more or less) and digging through they're using Google's location APIs to locate devices.

So basically Google now has a 'sky hook' type service that anyone can use for free. Not just that. Every single smart phone that doesn't have GPS built in, now has a 'near location' enabled. Meaning that google can provide location based results even without a GPS.

"The Dark Side of Numbers"

[MRe_nl]

'In the Netherlands, the effort at establishing a comprehensive
population registration system for administrative and statistical
purposes was completed even before the Nazi-occupation (Methorst,
1936; Thomas, 1937). In 1938 H. W. Methorst, who was then the
director-general of the Dutch Central Bureau of Statistics and
formerly also head of the Dutch office of population registration,
reported on the rapid progress being made in the Netherlands in
implementing a new comprehensive system of population registration
that would follow each person "from cradle to grave" and open "wide
perspectives for simplification of municipal administration and at the
same time social research" (1938: 713-714)... ... These registration systems and the related identity cards played
an important role in the apprehension of Dutch Jews and Gypsies prior
to their eventual deportation to the death camps. Dutch Jews had the
highest death rate (73 percent) of Jews residing in any occupied
western European country--far higher than the death rate among the
Jewish population of Belgium (40 percent) and France (25 percent), for
example."
source:
"The Dark Side of Numbers: The Role of Population Data Systems in
Human Rights Abuses." Social Research, Summer, 2001, by William
Seltzer, Margo Anderson, hosted by findarticles.com:
http://www.findarticles.com/cf_dls/m2267/2_68/77187772/p4/article.jhtml?term=

Re:Very true here, but consider the place

[VGPowerlord]

For someone who actually breaks in to an encrypted AP (and yes, WEP counts), consider that WEP might be like a retarded-midget bouncer who'll believe you if you lie to him, whereas WPA could be, "My name is Linksys ... Sorry about this, but unless you speak Italian and ol' Tony tells you what my favorite word or phrase is, I can't give you an IPv4 addres!" Any situation where network encryption is either bypassed or broken without the network owner's knowledge and permission is nefarious outright, regardless of intention, and that should most definitely be a criminal offense. Although if ol' Tony finds out before the cops do, you're probably even worse off.

The problem is that certain companies have muffed things for the rest of us.

For example, say a person wanted to play the latest WiFi-enabled DS games on their DSi, which supports WPA2.

Nintendo made an idiotic mistake for the DS by putting the WiFi configuration tool in each WiFi supported game, rather than in the system's settings. This DS version of this tool only supports WEP. Therefore, a DSi that plays DS Internet games must connect to a WEP wireless network. Whoops.

Re:Tell Your Wireless ...

[Zocalo]

Yes, but they can do that with the SSIDs, which are more likely to have extra uses as you can look for common service provider SSIDs to annotate your map with, say, the nearest retail chain offering a complimentary WiFi service without having to mooch. The only uses I can see for capturing the MACs is to tell identical SSIDs such as "LinkSys" apart or as a means of tracking users (or groups of users) for their Ad business.

Lets say that a given computer's MAC is known to exist in a given town. Now imagine if Google somehow included the MAC of that computer in the payload traffic going to one of Google's services. Put the two together and you have a superb means of providing not only targetted adverts, but location aware ones as well. Best of all (for Google), there's no Cookies required.

Re:Very true here, but consider the place

[dominious]

yes, but imagine Google was logging car plate numbers together with the address location they are parked and then published all that information on the web. Anyone could find where you live just by looking at your car plate numbers...Is this safe?

And yes, your car plate number and your home address are both public already, but at least they are not published on the Internets are they?

Re:Ignorance abounds

[NEW22]

Are you saying there needs to be a special law in place to prevent people and/or businesses from writing down your publicly broadcasted SSID? Maybe people should be fined or jailed? What would be the parameters on what you think should be possible?

Personally, I have a hard time conjuring up a reason to care that someone might have this info, so could you maybe paint your nightmare scenario? Is it something along the lines of "Through data-mining Google has been able to correlate my user accounts with my RL address and is guessing that it has my Access Point recorded, and my Google searches will have ads for Wireless Routers"? Or "I fear this database will become public, and people will use Google Maps and this data to stop outside my house and leech my internet, hack my system, and frame me with child porn, which is terrifying, but not so terrifying that I want to secure my Access Point"? I'm not sure what the fears are here.

Re:Tell Your Wireless ...

[clsours]

I asked the author of the piece for the quote, he sent me this:

http://www.theregister.co.uk/2009/12/07/schmidt_on_privacy/

Of course the above mentions that the interview was on CNBC, but not the date or a link to a CNBC (that I can find).

Re:Very true here, but consider the place

[TheRaven64]

No, you're missing the point. GMM (and, I think, Google Earth), uploads the MAC address of the access point, not of the local machine. It's been doing this for a couple of years, and it assumes that the first place that people search for from GMM is their current location. Google then uses this to build a database mapping access points to physical locations (and public IP addresses to access points). If you then run GMM while connected to an access point that other people have used this way, then it will automatically start in your currently location (or, at least, what Google's database thinks is your current location).