Slashdot Mirror
My Location the Next Google Privacy Controversy?
theodp writes "While Google boasts one of its Privacy Principles is making the collection of personal information transparent, even techies are left guessing about what's going on behind the scenes of certain products. The American Dictator points out that Google's Wi-Fi collection efforts don't stop with its Street View cars, offering up this explanation of Google's My Location: 'When you allow Google to "know your location," what you are really agreeing to is to send to Google's computers your Wi-Fi environment — not only the name of the Wi-Fi hotspot you are logged into, but also the names and signal strengths of every Wi-Fi hotspot around you. In other words, the same things that those Google Street View cars were sucking up as they drove by your house.' So, will changes in privacy attitude prompt changes in Latitude?"
This make me glad I never use he internet, ever.
Don't use this feature! It's linked to Googlepredator.
I thought the "My Location" had long been considered a massive privacy breach,
Who actually uses it?
This method of radio-location is not special or unusual in any way. If anything, it is rather common and not even innovative on google's part. Several firms have exited for _years_ which focus on location based services as determined by nearby hotspots. Also, Latitude is littered with warnings about the nature of the service, and the fact that your location information will be sent back to Google. Of course, this is even less interesting when you consider the fact that your cell phone carrier already knows all of this information all the time and always has, which nobody makes any fuss about whatsoever.
You mean that in order to use a service that uses your Wifi surroundings to determine your location, you have to send the service data about your Wifi surroundings? Holy shit!
Next, you'll tell me you have to send your private, personal *search terms* to Google to get search results - the horror!
I'm a government spy, you insensitive clods!
Google Chrome / Firefox asks me if they can have my location, for the websites I go on. I say yes, and they get it right. They use Wifi geolocation, and not the IP address as you'd expect. So they know my town when I'm behind an American proxy. The buggers!
The issue was with Google mining Wireshark style packets from open wireless networks, not SSID's. WTF is this, guys? Sheesh.
That makes it public. Google is merely asking you to forward some public information to them. You may, if you wish, decline.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
They only know as much as you tell them, and agree to give them to retain.
if you don't like them having your information: NOBODY IS MAKING YOU GIVE IT TO THEM!
I think many of the people screaming loudest about the street view data collection never understood that Google was intentionally and unapologetically logging the SSIDs.
Nerd rage is the funniest rage.
People go to great pains to send a hundred mW throughout the air as far as it'll go, and are surprised when it does just that?
I'm on a volunteer ambulance squad; being a nerd I made a python script to scrape our crappy eDispatch provider's website for our dispatches and assemble them on a nice website. There was a big fight over password protecting this... despite the fact that we are going to great pains and expense to pump the very same information at about 50W. I ended up throwing a trivial password on it, until everybody forgot.
Point is, people don't seem to understand the 'broad' part of 'broadcast', and get annoyed that they don't have full control of the signals they emanate past their walls.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
I completely agree, it's surprising how many people think that when they send something to EVERYONE, that they have no ability to tell EVERYONE that "that was a secret. don't tell anybody, K?"
The recent privacy controversy was never about Google detecting and recording the names, unique IDs, and signal strength of local WiFi hotspots -- It was about Google mistakenly recording traffic, including unencrypted information that anyone could easily utilise.
In addition to that, there are only four ways to locate someone connected to the Internet:
- GeoIP which can perhaps pin you down to a city, perhaps even a town,
- WiFi triangulation which can pin you down to within a few metres
- Latency triangulation which is frankly uncompletely unworkable on something as complex as the internet
- IP->Postal Address Mapping (Read: ISP's database)
Obviously only two of these are workable for someone like Google and GoeIP is completely inaccurate. No ISP is going to give Google access to their address database.
If you have Google Maps on your phone (iPhone excluded), and you have wifi enabled, it will give you your 'wifi location'. That means google already knows about where the wif access points are? But how does it know you ask? Well, when you walk around with GPS enabled, and wifi enabled, Google seems to take this data and correllate it so that it has that access point mapped out. While I don't have any kind of reference for this, I've seen it done (new router, no other wifi around, and bingo after enough times I go by it with gps, it suddenly knows where it is without). I don't care if they know the location of access points, however I am concerned about them capturing packet data. Of course, if you leave your access point open - anybody can do that....
x86, oh yes, I'm pro.
How many people have scanners these days?
How many people have the Internet?
Now do you understand why there might be concern about putting the dispatches in a central location on the Internet?
There are a lot of idiots out there, and they can really waste your time. That really is the biggest pitfall of open information, imo.
I don't understand how Google tracking wifi networks is bad for me.
And I don't understand why Google wants that information in the first place. How does knowing my SSID help them?
That's what concerns me. I don't post anything on the net under my name, but other people might do so and there isn't anything in particular I can do about that. Other than, well moving to a shack in the middle of Montana. And you people called the Unabomber "crazy" for being so "paranoid" about the technology.
Always bragging about how Android does this, how Android does that.
Well, the iPhone was doing this *first*! Put that in your I/O socket and smoke it.
Friend comes to my house. Friend uses Google location service. Now Google has the information about my wireless network, even though I did not give it to them.
It would not be impossible for Google to determine that it was my house that the wifi data corresponds to, particularly if I use some other Google service. That means that I only really have Google's promise to "do no evil," and a hope that nobody else manages to gain access to Google's data -- that situation makes me a bit nervous.
Palm trees and 8
Point is, people don't seem to understand the 'broad' part of 'broadcast'
Or the 'cast' part.
How many people have scanners these days?
How many people have the Internet?
Now do you understand why there might be concern about putting the dispatches in a central location on the Internet
I have got to study my logical fallacies again. I can tell that this is one, but not which one it is.
Put in simple English, however, it might go something like this: Scanners are cheap, especially the ones which can only handle a couple of frequencies, which is all you need to monitor dispatches. In fact, I have not only regularly seen them on Craigslist for $10, but I occasionally see them on Freecycle for nothing. Anyone who is motivated to scan these dispatches, therefore, can do so. You could panhandle for the cost of a used scanner in most American cities in just one day, or substantially less if you're any good at spanging. So realistically, passwording the web dispatch log accomplishes basically nothing.
Your argument would only be valid if the bar to intercepting those radio broadcasts were high, which it isn't. Odds are that you could actually buy a radio used that was already programmed/crystal'd for the frequencies you want. Shit, for less than what it costs to get a computer that can run a modern web browser you could probably get one that would permit you to transmit on those frequencies.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Is this system actually relying on MAC addresses rather than SSID's? Otherwise how can a system like this rely on a property that is often left set to the factory default or could change at any time?
Also, I guess this relies on the Google Toolbar to work since I assume there's no way for a browser to collect information about nearby SSID's (or even your SSID), right?
By the way, the above questions aren't me being worried about any of this. I'm just curious about how the system works.
I am the inventor of the hilarious refrigerator alarm.
Unless your house is a Faraday cage Google could get that information with one of their WiFi aware vans. It's not your friend who gives out information about your wireless network, it's you, as a consequence of having one.
Analogies don't equal equalities, they are merely somewhat analogous.
True, but that does not give Google information about which floor I live on, or which room, etc. There is a lot more information being handed over to Google than those vans are collecting.
Palm trees and 8
Friend comes to my house. Friend uses Google location service. Now Google has the information about my wireless network, even though I did not give it to them.
If you are worried about broadcasting information that you would prefer to keep private, perhaps you could consider not broadcasting such information.
I've heard good reports about some networking technique that doesn't use radios. It may be relatively new, but you can find the equipment in stores.
Google at one point funded the company Fon to provide wifi access "to the world".....I even got a free router out of the deal. To abide by their policies, I had to provide an open channel to be used by any other Fon user, and the location of my hotspot was broadcast on their website as were all other users of the service.
This isn't the same. You agreed to give Google that information. They can pretty much do anything they want with it.
You can trace AvianIP packets by the pigeon droppings.
When our name is on the back of your car, we're behind you all the way!
I completely agree, it's surprising how many people think that when they send something to EVERYONE, that they have no ability to tell EVERYONE that "that was a secret. don't tell anybody, K?"
Interestingly, that seems to be DirecTV's business model.
I've managed my personal information for a long time, being careful what's public and what's not. For example, I make no secret about my home phone number. My home address, on the other hand, is strictly confidential, and only a handful of people know it.
If you type my name in to a search engine you will find me, as well as lots of other people with the same name as me. You will find what I want you to know about me. There is information about me that is not on the Internet (one biggie in particular), and I make damned sure it stays that way.
...laura
Good jeorb editors.
This is complete BS. First of all, Latitude makes it exactly clear what they are doing, this is how the iPod Touch does location (btw, anyone else get really annoyed when people call it the iTouch, or is that just me?), along with many other implementations. The Google street view car got in trouble because it was recording *more* than just SSIDs and signal strengths. It was recording actual data being transmitted across these networks. Latitude is not instructing your phone to sniff all open wireless networks around you and send back a sample of TCP traffic to Google. The suggestion is ridiculous.
We always knew Comcast was corrupt, here's the proof: http://tech.slashdot.org/comments.pl?sid=1909890&cid=34545432
How does your friend using from your house give them that information as opposed to the van outside? Albeit it might be slightly more accurate with lat/long than outside but its unlikely to help with the floor (ie altitude)
I would have named their service Google Wardriving which is pretty much what they are trying to patent.
They only know as much as you tell them, and agree to give them to retain.
W R O N G
Google knows the sum total of all things all people have told them.
Consider facebook.
If your friend sends you a facebook invite email, facebook creates a profile for you and links the profile to that friend, the supplied name, and the supplied email address.
If you later sign up for facebook with completely fake information but that same email address, facebook digs up that profile and gives you recommendations on who to add.
You never supplied facebook any real information beyond your spam email address. OTHER PEOPLE provided real information about you, and facebook has it and you have no rights over it.
Yes, there's a disclaimer, but facebook is exploiting that fact that your jackass friends on facebook are morons who will tell them your address and social security number if prompted.
Google does the same thing. You can't hide from them because someone you know in real life will be dumb enough to supply them with your information. The only consent they need is that of the supplier, not that of the person the information pertains to.
Unless your house is a Faraday cage Google could get that information with one of their WiFi aware vans. It's not your friend who gives out information about your wireless network, it's you, as a consequence of having one.
Fail.
If said friend goes to said Faraday-caged house and logs on to said caged WiFi, said friend will still be giving out said information to said Google.
You don't have to guess what Google does because they do the same thing everybody else does.
Skyhook and lots of other companies have WLAN geolocation databases. Lots of phone apps use such databases and services, including iPhone and Nokia.
EyeFi and other cameras determine your location from visible WiFi APs and encode it in your images. They probably transmit your locations to your server. When you upload your images to Flickr, Picasa, or your own web site, you transmit that information along.
HTML5 has a standard location API. Every mobile phone browser will support that because it's so darn useful.
Mobile operators already know where you are; in fact, they are required to know that by law, supposedly to allow "Enhanced 911" calls, but also for law enforcement purposes. They clearly share that information with governments and police. They almost certainly also share it within their own "group". They offer location services to you. They may or may not sell that information as well.
Phone applications can find out which tower they are talking to (and have been able to do so for a while), so on most smartphones, sofware already could track you.
The only thing that's different about Google is that they actually offer you a free and useful service based on that data, whereas others have been using the data without telling you and/or have been charging you for it. And Google has stopped collecting this data because they don't actually need to; most geolocation is now done via towers or GPS, and for the few WiFi-based use cases, they can just buy the data from several vendors.
And even if all of those are not available, web sites can usually tell roughly where you are from your IP address. For cable, DSL, and WiFi that can be very accurate; for 3G connections, it usually is some proxy server that's not too far away.
If you're worried about people tracking you, Google is probably the least of your worries; at least they tell you and you can turn it off. That's a lot better than most of the other people who have access to your location.
This is the not the first time he has submitted biased garbage masquerading as fact in his own personal crusade against Google and for some reason someone keeps approving his ridiculous submissions. For gods sake, can we start out discussions out with real questions instead of "So why do hate America, Google?"
Let's take a look at some of the other crap he's submitted and has subsequently been posted:
Here we have: Are Googlers too smart for their own good?
http://developers.slashdot.org/story/10/05/21/1427245/Are-Googlers-Too-Smart-For-Their-Own-Good
And here we have the first "expose" on the conspiracy that Google has perpetrated on us all by intentionally collecting payload data on Accident:
http://yro.slashdot.org/story/10/05/29/0818219/Google-Describes-Wi-Fi-Sniffing-In-Pending-Patent
If you want to use "wireless networks" to determine your approximate location on an Android phone (something quite common I think), you _HAVE_ to agree to your location data being sent to Google even when no app is running. If you disagree, you can't activate Wireless Networks Location. This means you either have to use GPS everytime you want to look something up on Google Maps etc., or have to enter your location by hand (if you don't agree with their "consent"). The exact text of the "Location consent" is: "Allow Google's location service to collect anonymous location data. Collection will occur even when no applications are running." Here is a ticket regarding this issue: http://code.google.com/p/android/issues/detail?id=2813 In my opinion this is really bad.
Its not googles data to intercept and keep under the privacy laws of some parts of the world.
Google also has the funding to sort, index and could sell data to unknown gov and private interests.
This is the start of 'bad' things and some people really want this 'trail run' exposed in daylight rather than the dark places Google operates in.
Google took the view that data collection and storage was not legal, but as other firms had done mapped wifi too, why not just grab everything in one pass.
After the press reminded privacy commissioners of the digital aspect of their portfolio's Google went into damage control.
Domestic spying is now "Benign Information Gathering"
If its a corrupt company and the phone doesn't actually have a real GPS (only training wheel GPS) then it can't. But if you have (perhaps one of the few?) phones who do have a real GPS they can find your position without connection (or even sim cards in them)
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
The data google stored was not for google, they where a man in the middle. They also kept the data and seem to be stonewalling.
Domestic spying is now "Benign Information Gathering"
Yes, you do fail to understand what the "unless" at the beginning of my comment meant.
It also happens to be completely useless to Google, or anybody else outside of your house, to know what the SSID of your access point is. But it doesn't change the fact that your scenario was explicitly excluded, mainly because it is unlikely.
Analogies don't equal equalities, they are merely somewhat analogous.