Slashdot Mirror
Microsoft Exposes Locations of PCs and Phones
suraj.sun sends this excerpt from CNET:
"Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned. The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets. Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database."
we're surprised?
Get a web developer
All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).
No, it was the other data they captured while it was going through the wireless networks that got Google in big trouble.
Get a web developer
Sharing your personal information is part of Microsoft's efforts to be more open.
I'll see your senator, and I'll raise you two judges.
The only difference is that MS are letting us see what they have. Google have collected the same data and more. (And bear in mind anyone with a fleet of vans could do the same). When it comes to violating my privacy, I don't think I have more faith in any of these companies than I do in random strangers on the internet.
I am trolling
Their security consultant, Mark Zuckerberg, said it was OK.
"National Security is the chief cause of national insecurity." - Celine's First Law
Here it is: http://inference.location.live.com/
Unfortunately after signing in it doesn't work, it takes you back to your Live main page. Perhaps they took it down after realizing it was a bad idea ...
Can someone confirm?
user@host$ diff
Yes. It's a bad idea.
You make it sound as if Microsoft does anything in a premeditated fashion. Stuff just happens and then it bubbles up until the lawyers and marketroids find out about it.
Google: I caused a screwup.
Microsoft: That's not a screwup. THIS is a screwup!
"When information is power, privacy is freedom" - Jah-Wren Ryel
Ignore the idiot who doesn't know where his shift key is. It's not the same. Most wireless networks broadcast a beacon signal that informs nearby receivers the name of the network and other information. Triangulating this signal which is public in its very nature is neither illegal nor unethical.
Google was capturing the packets being broadcast within the networks themselves by other clients. So a system authenticating with a server in plain text (which happens too often) would have the authenticating information (user/password) intercepted. Depending on the view one takes of open networks, this probably violates the Electronic Communications Privacy Act, or at least its spirit.
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
Well, to an extent, Google is supposed to be the good company that still has a soul. We all know Microsoft is the evil empire that would do this sort of thing.
In fact it works pretty well, well enough for their purposes. They don't need enough precision to drop a bomb on you, rather they need just enough to know what neighborhood you're in, so they can target you with ads for local pizza joint you may not have heard of.
Or region-lock DRMed content against you.
Coming soon: laws requiring content providers to filter access based on location of the recipient, such as not serving pornographic content to computers on school property. Like the "drug free zone" around schools, except it's a "porn free zone", and it's mapped out on Google.
Because if such databases are built, considered accurate enough, and are freely accessible, you're going to be expected to check against them as due diligence.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
It sounds like we're due for a protocol change where these addresses are updated to prevent long-term tracking. Give the operator the choice of static or randomized. Some work would have to be done to ensure devices would continue to correctly identify a network they've previously connected to. But some of those details ignored, I think everyone gets my point here. The thing here is which I don't get is that the broadcast id of these routers isn't typically available to anyone intercepting your IP traffic. So this database won't help someone find you unless your machine has been compromised. Perhaps one solution is to have network hardware watch for the Ids but hide them from the OS. That would prevent a compromised machine from revealing its location while at the same time allowing for the broadcast Id to useful for assisted GPS. I'd be a little sad if we lost the awesome navigational benefits due to privacy concerns without first considering protocol/implementation fixes to address the concerns.
One great example is indoor maps. You can get maps for the inside of a mall now as part of your smartphone's map app. You just zoom in on the mall and it turns into an indoor map. Without the wifi, you're not going to have an accurate location marker inside.
Google: I caused a screwup.
Microsoft: That's not a screwup. THIS is a screwup!
According to the article, Google and Skyhook were doing exactly this screwup as recently as last month, when CNET published an article about them doing it.