Google To Allow Location Service Opt-out

TripleP writes "In a kind gesture from Google, they're allowing wireless AP owners to opt out of their location service. You only have to change your SSID to include '_nomap' as a suffix. Is it just me, or should this 'service' be an explicit opt-in?"

you dont opt in to webcrawling

[lemur3]

you use a special robots.txt file to opt out of websurfing.. why should this be any different?

Re:you dont opt in to webcrawling

[Lost+Found]

I basically agree with your point aside from the fact that you don't have to change your domain name to add a _norobots.com suffix in order to opt out of web crawling.

Re:you dont opt in to webcrawling

because this method enforces me to change how my AP is visible by its users
they don't force you to change your web address to opt out from crawling.
you'd have to update all machines using that AP to use the new network name?
they really think themselves as master of the univers

Re:you dont opt in to webcrawling

Robots.txt is a fine solution because website owners and hosters are schooled on it and they benefit from understanding it. My neighbor Cletus has no direct incentive to find out about this (even if it is in his perceived best interest), and requires him to rename his wireless network from something clever to something, well, Googly.

Re:you dont opt in to webcrawling

How bout this, make your AP not broadcast it's name, period.

Re:you dont opt in to webcrawling

[Elbart]

Breaks 802.11 specification.

Re:you dont opt in to webcrawling

Nonsense. The specification allows you to decide not to broadcast your SSID, and virtually every router allows this option.

Why shouldn't I be able to read information that you publicly broadcast? And if I can do it, why shouldn't google be able to?

Re:you dont opt in to webcrawling

Sorta this.

But it fails because changing an AP name isn't much of a pain in the ass, even if it is changing hundreds of computers too (which should be painless if you set it up right in the first place!)
Changing a domain name is a much harder process. (not hard, though)

Adding _nomap is a pretty trivial thing.
However, I'd rather it have been something smaller and less likely to ever appear in an SSID, since they are limited to 32 characters.
I don't think there is any rules against what characters can go in SSIDs, but it probably varies.
While not everyone typically uses the full range of fields for most things, some people do use it for very specific identification needs, or for stats in the case of game servers, website titles (such as alert counters), whatever.

Re:you dont opt in to webcrawling

[poetmatt]

uh, do you know anything about networking?

Not broadcasting your SSID causes *problems*. Parts of network detection and certain devices/software have problems with turning off your SSID. It also doesn't add anything as far as security, not even remotely.

So adding _nomap sounds pretty reasonable to me, aside from that SSID's are not the best of concepts as they are implemented anyway.

Re:you dont opt in to webcrawling

The last place where I used to work used lots (over 25 per location) of barcode scanners that work over WiFi, and runs 24/7 shifts for order picking, loading and unloading. Changing the SSID may not entail much if you have a centralized management system, but these scanners have to be configured by hand through a touchscreen.

So no, changing SSIDs is not "always trivial". I would have much preferred if they just used the broadcast flag for it (i.e. don't catalog hidden SSIDs)

Re:you dont opt in to webcrawling

[rickb928]

Reading my public SSID isn't a problem. Using it, and the details, is.

So you can read my SSID, but cracking my security and publishing the location isn't necessarily.

Of course, our courts in the U.S. are hell-bent on stripping the populace of any rights at all. This alone is reason enough to throw them all out.

Re:you dont opt in to webcrawling

[Martin+Blank]

I'm not sure why you want to limit my rights to publish the location of something that you broadcast to the public. I'm not cracking it, and I'm not even trying to log into it. I just capture the beacons and note the likely location based on GPS triangulation. Why do you consider that so private that I cannot publish it even though you're making it possible for me to see and locate it, especially when you accept that it's not an issue that I can see it?

Re:you dont opt in to webcrawling

[DJRumpy]

Not nearly the same situation either. When you put something on the web, you make it accessible to millions/billions of people. Your home AP is accessible to maybe 2 or 3 houses.

You shouldn't have to 'opt out' of this. It should be opt in.

Re:you dont opt in to webcrawling

[delinear]

Exactly - this is basically the equivalent of collecting house door numbers. It's a piece of information that's being made freely available to the public, the user has complete control over whether that information is broadcast or not, and now Google are giving them another option. This is far less intrusive than satellite photography services and far easier to opt out of and yet they've been around for years with little complaint, even though it's far easier to see ways to exploit that information (escape routes for burglars springing instantly to mind). It's not like the location is used for anything other than improving the quality of location services on mobile devices anyway (and even then they're not furnishing you with a list, they're just reading devices you can already see on your mobile and matching it up to a table of devices their side).

Re:you dont opt in to webcrawling

[justin12345]

This is a pretty clunky, it's akin to adding _nomap to every url you don't want indexed. Google might want to come up with a more elegant solution.

At the same time, Google doesn't really need to offer any solution at all. "Is it just me, or should this 'service' be an explicit opt-in?" You are opting in when you decide to start broadcasting radio waves. Complaining about having your wifi recorded is like yelling in a public place and then complaining that people notice.

Google might offer to ignore a network, but no one else will.

Re:you dont opt in to webcrawling

[James+Carnley]

Your neighbor Cletus probably wouldn't care about this functionality anyway.

The people worried about someone knowing about their SSID are not the type of people who publicly name it something clever in the first place. They can still hide the SSID or name it somewhat anonymously.

Re:you dont opt in to webcrawling

At the same time, Google doesn't really need to offer any solution at all. "Is it just me, or should this 'service' be an explicit opt-in?" You are opting in when you decide to start broadcasting radio waves. Complaining about having your wifi recorded is like yelling in a public place and then complaining that people notice.

I'd say that the act of disabling SSID broadcast should be a pretty clear sign that I don't want anybody to hear what my AP has got to say. As a security 'feature' it's a fallacy, but it does send an explicit message for the desire of some level of privacy.

Re:you dont opt in to webcrawling

[justin12345]

Disabling SSID is clunky too. Both approaches effect the user's experience.

But really what expectation of privacy do you really have when you are broadcasting a radio signal? It's not as if Google is decrypting your data. In the US I believe that would be illegal, and generally not something they would be interested in doing anyway. But recording a signal you are broadcasting I believe is still a-ok.

As far as security goes, I ran an experiment last year and I was really surprised just how bad wireless security really is. I just downloaded KissMac and set it to work on all the wireless networks reaching my computer (about 25 or so usually). I didn't use packet insertion, and I just used the Apple Airport card that came with the computer. Within a week it had cracked every single one that wasn't using WPA2 (nearly none of them were), and filled a hard drive with their network activity. I know that won't surprise a lot of /. users, but I was surprised at just how easy it was, any kid can do it.

Re:you dont opt in to webcrawling

[DragonWriter]

Not nearly the same situation either. When you put something on the web, you make it accessible to millions/billions of people. Your home AP is accessible to maybe 2 or 3 houses.

Your home AP is accessible to more than that -- like anyone walking or driving by your house. Things that are broadcast in the clear, including SSIDs, are inherently public.

Re:you dont opt in to webcrawling

[Snaller]

But then a website doesn't bathe me in radiation as i walk past your house - your wifi point does.

Re:you dont opt in to webcrawling

[DJRumpy]

Yes, but most people don't walk around with scanners in their pocket. Range is also very limited. This should not be opt-out. Why does Google need to scan your home AP in any case?

Re:you dont opt in to webcrawling

[rickb928]

Same argument for not allowing you to record a broadcast tv show and rebroadcasting it.

Especially if you intend to derive some value from it.

Though in practice I would not, as my post said, not be bothered. If you posted access info I would consider that wrong.

Re:you dont opt in to webcrawling

[justin12345]

Yes, but most people don't walk around with scanners in their pocket.

Yes they do, they're called phones.

Re:you dont opt in to webcrawling

[DJRumpy]

Funny. Mine doesn't do packet inspection from the vendor. Claiming everyone walks around scanning and cataloging neighbors WiFi is disingenuous at best. Goggle went beyond that, storing more info than SSID.

Re:you dont opt in to webcrawling

[bemymonkey]

Why for the love of God would you say that? WiFi geolocation is very useful, and extremely important these days, especially if you're having trouble getting a GPS fix.

Furthermore: An SSD is broadcasted - it's public. Why would you have any expectation of privacy?

If I hang a big sign that says "Bemymonkeyland" out in front of my house, do I have a right to stop people from using that as a location marker? Do I need to opt in to letting people say "Oh yeah, sure, the nearest McDonald's is three blocks down that way, right next to the Bemymonkeyland sign."? Same thing goes for "By the house with the red door and white picket fence." and "Next to the ugly ass broken down shack."

Re:you dont opt in to webcrawling

[bemymonkey]

http://en.wikipedia.org/wiki/Geolocation

Re:you dont opt in to webcrawling

[bemymonkey]

How is creating a list of WiFi access points and their locations the same as rebroadcasting TV? It's more like copying a page out of the TV Guide.

Re:you dont opt in to webcrawling

Google collects more than SSID.
http://en.wikipedia.org/wiki/Criticism_of_Google

Surveillance of WiFi networks
As it set out to photograph neighborhoods around the world as part of its Street View program, Google equipped its vehicles with antenna as well as cameras so it could create a database with the names of Wi-Fi networks and the coding of Wi-Fi routers. Google collected about 600 gigabytes of data from users of public WiFi stations (which are not owned by Google) during 2006–2010, including snippets of private data such as e-mail. No disclosures or privacy policy was given to those affected or to the owners of the WiFi stations, in more than 30 countries.
Google apologized, said they were "acutely aware that we failed badly here" in terms of privacy protection, that they were not aware of the problem until an inquiry from German regulators was received, that the private data was collected inadvertently, and that none of the private data was used in Google's search engine or other services. A representative of Consumer Watchdog replied, "Once again, Google has demonstrated a lack of concern for privacy. Its computer engineers run amok, push the envelope and gather whatever data they can until their fingers are caught in the cookie jar." In a sign that legal penalties may result, Google said it will not destroy the data until permitted by regulators.

Re:you dont opt in to webcrawling

[DJRumpy]

So in your view, Google should use my hardware and info for free (no payment to me), while they charge me by selling my information in order for me to use their services? At least I can Opt-In to Google. Apparently you have to Opt-Out in their case.

The latitude that the nerd crowd give google is amazing to me. If this was any other company they would be all up in arms. Google throws the geeks a bone by using a Linux kernel for the purpose of whoring out your personal data for a profit, and the geeks are falling over themselves to defend this sort of practice.

A home AP is NOT put out in public for the purpose of broadcasting it's info to the world. Typical wifi rarely reaches past someone's property at any usable range, just as someone might be able to get a glimpse in your window, but to sit there and peek in your windows would be an invasion of privacy, just as the police found when they tried to use heat sensing equipment that picked up thermal radiation through homes in order to detect the use of heat lamps and such equipment to grow weed. The supreme court agreed that a warrant was required to use thermal imaging. This doesn't strike me as being much different.

http://cannabisnews.com/news/16/thread16568.shtml

Certainly the heat is considered being 'broadcast' in a limited fashion once it leaves the house, and it can easily be picked up on the street by the proper equipment, but the home owner has a certain expectation of privacy here.

Re:you dont opt in to webcrawling

[rickb928]

That's copyrighted also.

What was your point again?

Re:you dont opt in to webcrawling

[bemymonkey]

A completely different issue which is no longer ongoing, AFAIK.

Isn't it really the MAC that they collect?

Re:you dont opt in to webcrawling

[bemymonkey]

"So in your view, Google should use my hardware and info for free (no payment to me), while they charge me by selling my information in order for me to use their services? At least I can Opt-In to Google. Apparently you have to Opt-Out in their case."

How are they using your hardware? They're simply taking note of the fact that YOU are using your own hardware, and making a note of where you're using it.

"The latitude that the nerd crowd give google is amazing to me. If this was any other company they would be all up in arms. Google throws the geeks a bone by using a Linux kernel for the purpose of whoring out your personal data for a profit, and the geeks are falling over themselves to defend this sort of practice."

Not sure where you're going with this, but it's pretty much the other way around with me - Android is the first Linuxy product I've used, and is the only reason I've been exposed to open source operating systems at all...

"A home AP is NOT put out in public for the purpose of broadcasting it's info to the world. Typical wifi rarely reaches past someone's property at any usable range, just as someone might be able to get a glimpse in your window, but to sit there and peek in your windows would be an invasion of privacy, just as the police found when they tried to use heat sensing equipment that picked up thermal radiation through homes in order to detect the use of heat lamps and such equipment to grow weed. The supreme court agreed that a warrant was required to use thermal imaging. This doesn't strike me as being much different."

How is creating a location database the same thing as trying to determine what a person is doing inside their own home? You're drawing parallels that aren't really there...

A broadcast SSID + MAC address is comparable to a street address or the color of your fence... anyone can come by and take a gander, and nobody in their right mind would stop someone from saying, "Oh, I'm in front of that corner house with the white picket fence, so I must be 4 blocks away from where I want to go." - which is, essentially, all Google is doing.

And as for wifi typicially not reaching outside of people's property: If that were the case, WiFi geolocation wouldn't work and this whole discussion would be irrelevant.

Re:you dont opt in to webcrawling

[bemymonkey]

My point is that

a) rebroadcasting TV and
b) making a list of when and where shows are broadcast

are two completely different things.

Just like creating a list of access points (b) is different from cracking the networks and surfing the web over them (a)...

Re:you dont opt in to webcrawling

[Darinbob]

And most people should not broadcast SSIDs anyway unless they explicitly want to be public. But that's not how a lot of routers work by default because it's inconvenient for people.

Re:you dont opt in to webcrawling

[ceoyoyo]

And Google got in trouble for it. Still, if you're spewing secrets out into the air, you really should assume someone's listening to them.

Re:you dont opt in to webcrawling

[BitZtream]

Or just not broadcasting your data to everyone driving down the street.

Lets remember, you opt-in by openly broadcasting. If you don't want people to know about your signal, don't broadcast for them to listen to.

Re:you dont opt in to webcrawling

[BitZtream]

Your home AP is accessible to maybe 2 or 3 houses.

Unless of course the signal reaches a public street ... which of course it did, which is why Google knows anything about it in the first place.

You don't broadcast your website to people, people make a request from your website to get data. You can say no with trivial effort.

Wifi is BROADCAST. People get bombarded with your signal like it or not. I would like to opt out of being bombarded with your signal, but I can't. I can't opt out of receiving it, you really have no right to bitch when I use it for my own means.

When you give Google the ability to not be forced to listen to your signal as they travel down a public street, then you can bitch about them 'taking' it from you.

No one is coming into your home and taking anything, they're standing on the street just recording what you throw at them CONSTANTLY.

If your wifi signal was private, random people on the streets wouldn't hear it.

Re:you dont opt in to webcrawling

[DJRumpy]

They use this for geolocation. If the data wasn't useful to them, they wouldn't collect it, no? They are using data from uses personal AP's for their personal gain.

The courts would seem to disagree with you about this. Google went beyond simple SSID/MAC collection. They used packet sniffing.

http://www.wired.com/threatlevel/2011/06/google-wiretap-breach/

“The court finds that plaintiffs plead facts sufficient to state a claim for violation of the Wiretap Act. In particular, plaintiffs plead that defendant intentionally created, approved of, and installed specially-designed software and technology into its Google Street View vehicles and used this technology to intercept plaintiffs’ data packets, arguably electronic communications, from plaintiffs’ personal Wi-Fi networks,” U.S. District Judge James Ware ruled. “Further, plaintiffs plead that the data packets were transmitted over Wi-Fi networks that were configured such that the packets were not readable by the general public without the use of sophisticated packet-sniffer technology.”

According to the Wiretap Act, amended in 1986, it’s not considered wiretapping “to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public,” according to the text of the federal wiretapping statute.

But Judge Ware said that interpretation did not apply to open, unencrypted Wi-Fi networks and instead applied only to “traditional radio services.”

Essentially a radio broadcast is setup in such a way that they intend and desire for people to tune in and pick it up and actively consume it's contents. A persons household WiFi would be hard to argue that same case since opening your personal WiFi spot is legally risky to the owner, and those that do so are most likely not aware of the fact that their WiFi is open or even what that means.

Take high powered Mic's as another example. Would you consider it an invasion of privacy if someone sat in front of your house and used one of these to record conversations in your household? Your conversations aren't encrypted, and most people wouldn't even think about this because they have an expectation of privacy. Now contrast that to packet sniffing an unencrypted WiFi network. You cannot assume that people have left an AP unencrypted with the intent to 'share' whatever communications travel on it. You also can't consider packet sniffing, or even SSID/MAC sniffing easily accessible to the public without stretching credulity quite a bit. Hell I'm a geek and I can't even tell you the names of the WiFi networks around my home. I don't care. I don't use them, I use my own. I certainly would never consider logging into one intentionally.

Re:you dont opt in to webcrawling

[rickb928]

Surprisingly, TV Guide doesn't agree with you. Well, maybe not surprisingly.

But I might take exception to you publishing the SSID if my router somewhere, since I clearly am entitled to broadcast it, but perhaps I didn't intend it to be broadcast all over New York State...

I see the point that broadcasting seems to imply free use, but Section 705 of the Communications Act recognizes that you may intercept transmissions, but you may not divulge the contents. And while my SSID may seem free and open, if i secure my network with a reasonable effort at security, I think I have a case for not wanting my SSID advertised by third parties, such s Google. And you.

And you are not immune to thw law

Re:you dont opt in to webcrawling

[BitZtream]

TV guide is copyrighted, the list of shows is factual information and in and of itself is not copyrightable.

Re:you dont opt in to webcrawling

[LingNoi]

That's not relevant; a company doesn't care about such things. In fact the majority of people don't care about this.

Re:you dont opt in to webcrawling

[LingNoi]

No they don't, they mistakenly collected extra data packets, once, which they owned up to as soon as it was found out.

Re:you dont opt in to webcrawling

[bemymonkey]

The packet sniffing issue was a whole other snafu - a big mistake on Google's part, and they were (IIRC?) rightly punished for it. This is a situation in which your eavesdropping metaphor applies, and AFAIK, Google no longer collects this information (and hasn't for a while)...

Marking down SSID & MAC Address locations, on the other hand, is completely benign IMO. More comparable to remembering the screaming couple on the lawn of that red brick house with the white picket fence ;)

Re:you dont opt in to webcrawling

[bemymonkey]

So... where is this Google-published list of SSID*s you speak of? Google doesn't provide the SSIDs and their locations to the public... it uses them internally for geolocation - your smartphone sends a list of the SSIDs around it and their signal strengths to the Google servers, and those send back your approximate location. No contents of the original transmission (not even the parts that you broadcast in clear text for anyone driving by to pick up) are ever divulged, so according to your Communications Act, it's just fine.

*SSID in this context meaning SSID and MAC Address and whatever else Google collects for geolocation purposes.

Re:you dont opt in to webcrawling

SSIDs should not contain any private information. And turning off SSID broadcast is pointless, since it's sent whenever there is traffic anyway.

My SSID used to be "private property", why would I want to keep that secret? What about all those "Linksys" SSIDs, why should they be secret?

Re:you dont opt in to webcrawling

[coolmadsi]

The latitude that the nerd crowd give google is amazing to me. If this was any other company they would be all up in arms. Google throws the geeks a bone by using a Linux kernel for the purpose of whoring out your personal data for a profit, and the geeks are falling over themselves to defend this sort of practice.

I read the blog post about it, they said they hoped that the "_nomap" would be adopted as a standard:

Finally, because other location providers will also be able to observe these opt-outs, we hope that over time the “_nomap” string will be adopted universally. This would help benefit all users by providing everyone with a unified opt-out process regardless of location provider.

(Emphasis mine)

The implication being that there are other location providers doing the same thing, so if the nerd crowd is not up in arms, perhaps it is not because Google specifically is being defended, but more because the issue is not percieved to be something that requires complaint (from my understanding of what they are doing, they are mapping wireless router names to a location on a map, for example "MyRouter" maps to "123 Fake Street" - I am sure it is a lot more complicated than that, but that is what I comprehended from their blog post).

Re:you dont opt in to webcrawling

[tomhudson]

anyone can come by and take a gander, and nobody in their right mind would stop someone from saying, "Oh, I'm in front of that corner house with the white picket fence, so I must be 4 blocks away from where I want to go." - which is, essentially, all Google is doing.

You can look - but only for a limited time - while walking by. Loitering is illegal in most places. You also can't start recording everything that's going on and storing it in a database for future use. The use of an access point that's located indoors should not be google's business.

Maybe we'll combat that by having people across the country start exchanging SSIDs and MAC addresses at random (it's not like MAC addresses are even unique when it comes to cheap consumer-brand routers and even NICs, and they can be spoofed, or just re-flash it).

Re:you dont opt in to webcrawling

[letsief]

The ironic thing about you complaining that geeks give Google too much latitude is that other companies (including Skyhook and Apple) do roughly the same thing Google does, yet Google is the main one getting heat for this. The other companies don't even have a way for people to opt out.

Re:you dont opt in to webcrawling

Actually other cell users simply use triangulation from cell towers to find your location. They don't drive around neighborhoods scanning and storing your neighbors AP info. In order for something like an iPod Touch to work it needs access to WiFi (meaning an open WiFi network) and it needs user authority to connect initially.

Re:you dont opt in to webcrawling

[letsief]

Cell phones can use cell tower triangulation, but most modern cell phones will more heavily rely on wifi triangulation because its significantly more accurate. A phone only uses just cell tower triangulation if GPS and Wifi are turned off (or if there aren't enough visible wifi access points available). But even if GPS is turned on, phones will still query the database using visible cell phone towers and wifi APs because it helps them get a GPS signal lock much, much faster. Haven't you ever wondered why

You're right that for an iPod Touch to use this it needs an active Internet connection. But its doing the same thing- querying a web-based service with the MAC addresses of currently visible APs, including the ones that it isn't connected to. You just need the active internet connection because otherwise the iPod doesn't have a way to query the web-based service.

iPhones (and Android phones) are part of the information-gathering system. Assuming you have GPS on, your phone is keeping track of unsecured and secured wifi APs, along with their locations, and reporting them up to the mothership. Google also uses their Street View cars to map access points. Skyhook sort of works the same way. Some software on mobile phones use the Skyhook data source, instead of whatever the phone vendor might provide. Mapquest on Android does this. There's a Skyhook service running in the background that captures MAC address and location data, and passes it up to the Skyhook mothership.

Re:you dont opt in to webcrawling

[letsief]

Oops, I forgot to finish a sentence there. I meant to say have you ever wondered why cell phones lock on to GPS signals much, much faster than GPS navigation systems that have been off for a while? It's because the cell phones get a head start by using cell tower and WiFi data and querying these location services.

Re:you dont opt in to webcrawling

You are making an assumption. A phone with a cell radio doesn't need WiFi to triangulate, and Apple has stated outright it does not upload any location information. Unless you can cite a source that proves otherwise, you are making a guess and nothing more.

For non-cell capable device, the device uses IP information to get a general idea of location. Simply getting an SSID and MAC address doesn't magically tell you where you are. They certainly don't connect and get an IP from an unsecured AP (although Google might). Apple devices do not connect to any WiFi without user authorization.

Re:you dont opt in to webcrawling

[letsief]

Look at Apple's Q&A on this topic:
http://www.apple.com/pr/library/2011/04/27Apple-Q-A-on-Location-Data.html

You can also look at their support page on location services:
http://support.apple.com/kb/ht1975

Notably, the first link says: "These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."

Apple's implementation is different than Google's and Skyhook's, particularly as it relates to how a phone estimates its location from the visible APs, but its still sending geotagged MAC addresses up to a mothership.

Your absolutely right that a cell phone doesn't need to use wifi to get an estimate on where it is. But, as I said before, wifi triangulation is much, much more accurate. That's not necessarily a big deal if you're just using it to assist GPS, but it might be if you're using it as an alternative to GPS (for instance, if you're using an iPod touch, or you're inside a big building and can't see GPS satellites). Apple's Q&A says the iPhone will use geotagged wifi information from their database in addition to cell tower information.

My iPod touch is not figuring out where it is based on IP address. If you turn on location services in the settings its using the geotagged wifi database. That's how its able to pinpoint your location to around 100 meters or so. There actually seems to be a bit of an inconsistency between the two Apple pages. The first one makes it sound like the iPhone has its own cache of geotagged APs, but the second one points out that the iPod Touch needs an active Internet connection to work. I've noticed that on my iPod Touch. That implies that its sending something up, and getting a response back. Maybe the iPod just passes up the MAC addresses of visible APs, and it gets back geotagged MAC addresses, and does the triangulation computations on the iPod.

I don't understand what point you're trying to make in your second paragraph. You're right that Apple devices don't auto connect without user authorization. That's true, but irrelevant. iOS devices can certainly see the MAC addresses of visible APs without connecting to them.

Damn your AP has some big range...

[TheCarp]

_nomapo of course. Just sayin.

Not really...

You can't be mad at google for receiving the transmission you are broadcasting into the air. End of story. You can hide your SSID or use this method if you do not want to appear, but otherwise there's nothing wrong with receiving transmissions that are being sent out there anyway.

Re:Not really...

Your cell phone calls are encrypted. If you've got half a brain, so is your wifi traffic.

Re:Not really...

[HarrySquatter]

Not necessarily. Secondly, gsm routinely drops to unencrypted calls as well.

Re:Not really...

[morgauxo]

"You can't be mad at"
Yes, you CAN. As many seem to be proving. That doesn't mean you wouldn't be an unreasonable @$$ for doing so.. as many seem to be proving.

Re:Not really...

[kenboldt]

What they are recording is the equivalent of your house number. You seem to think that they are opening up your home made porn stash to the world. They are simply logging where the AP "AnonymousCoward" is located then using that location to triangulate where you are when you use your phone.

Re:Not really...

[LingNoi]

If they give rid of "Anonymous Cowards" like you then they would have done the world a service. Please go away forever.

For Facebook and Google+

[klingens]

Everyone who doesn't want to get tracked by Facebook please change his name to Joe_NoFacebook Smith. Everyone who doesn't want to get tracked by Google +, add a "noPlus" instead. And everyone who doesn't want to get tagged by the Facebook picture recognition will please use a neon green colored "F" tattoo on their forehead.

Thank you for your cooperation.

Is anyone at Google still thinking anything? Do no Evil my ass.

Re:For Facebook and Google+

smart :)

Re:For Facebook and Google+

Hello,

I changed my name to Peter_NoFacebook Jones, but now I also want to opt out of Google+.

I tried various iterations of the following:

Peter_NoFacebook_noPlus Jones
Peter_NoFacebook_NoPlus Jones
Peter_noPlus_NoFacebook Jones
Peter_NoPlus_NoFacebook Jones ...but none of them seem to be working.

Is the "noPlus" flag case-sensitive, and is the ordering specific to either Facebook or Google? What is the delimeter for the Google+ opt-out.

What should I name my daughter? Are these flags compatible with feminine names? I'd like to do this for the rest of my family, by default. Does it matter if I add the flag to our last name? ...I guess they'll have to change their names if they want to opt back in.

Re:For Facebook and Google+

[clemdoc]

So that'll be Joe_NoFacebooknoPlus Smith? No Facebook, No Plus? Nice title for Bob 'in Moms basement' Marley.

Re:For Facebook and Google+

Its a common mistake. Its actually "Do No Evil Towards Our Shareholders".

Re:For Facebook and Google+

The 'Don't be evil' line hasn't mattered to google for quite some time. They're big, evil, scary and it's time for me to buy stock in tin foil.

Re:For Facebook and Google+

So everyone else who's doing it already offers an opt-out method? It's not like they're stealing data or even know who you are (unless you're stupid enough to put that in your SSID). They're simply matching a specific SSID to a specific GPS location.

Since you say "do no evil my ass", how would you suggest they create their AP database? On Android, the SSID correlation automatically gives you a privacy warning, but the user's GPS isn't always on.

Re:For Facebook and Google+

Once you broadcast radio waves, are you suggesting that nobody should pick them up?

Re:For Facebook and Google+

[morgauxo]

How is recording your SSID and the location it was found at tracking you? If you set it to your name, or to some personal information then that's your fault for broadcasting your name or whatever personal information. Radio is a common resource. If you are broadcasting your info out into the public domain then it's nobody's fault but your own if someone records and shares it. Fortunately.. if you have encryption turned on that's pretty much all they get. Your SSID. If you don't have encryption turned on then it is YOUR FAULT. Whatever you are broadcasting IS public.

Re:For Facebook and Google+

[kenboldt]

I don't think you have a clue what you are talking about. They are linking a PUBLICLY broadcast SSID to a GPS location. They AREN'T letting people in to view your homemade porn collection.

Re:For Facebook and Google+

[kenboldt]

except not.

Re:For Facebook and Google+

[zmooc]

WTF is this crap doing being modden up?! Is this slashdot? Or did I somehow get lost on the Internet?! There is nothing evil about receiving and decoding radio signals. Keep your radiowaves to yourself if you don't want to be noticed. Just don't broadcast. It's that simple.

It is utterly ridiculous it is somehow considered normal for just about anybody to transmit their filthy radio waves right through my body while listening to them is somehow considered evil. This is so incredibly wrong.

Go Google! Keep up the good work in protecting my rights to use a fucking radio!

Re:For Facebook and Google+

[kiwimate]

Since you say "do no evil my ass", how would you suggest they create their AP database?

Opt in. Advertise as much as they want. Have a big banner on google.com that says "please opt in to our AP database...here's how". You can't tell me Google, of all people, can't figure out how to broadcast an opt-in invitation/request to millions of people. If it's as simple as everyone says to opt out, it's just as simple to opt in.

Re:For Facebook and Google+

[webnut77]

Hello,

I changed my name to Peter_NoFacebook Jones, but now I also want to opt out of Google+.

I tried various iterations of the following:

Peter_NoFacebook_noPlus Jones
Peter_NoFacebook_NoPlus Jones
Peter_noPlus_NoFacebook Jones
Peter_NoPlus_NoFacebook Jones ...but none of them seem to be working.

You forgot Peter _NoFacebook_NoPlus_NoTwitter_NoDoubleClick... Jones.

Re:For Facebook and Google+

[BitZtream]

Well, the simplest solution to not be tracked by facebook is to not use their service.

This is very trivial, don't create a facebook account and don't visit any of their websites.

In order for facebook to track you, you have to take some action that facebook can track.

Likewise, the simple solution to avoid Google tracking you is to not use G+ or any other Google service. If you expect them not to track you internally, you're an idiot, every creditcard company, bank, insurance company, and any other firm that handles large sums of money has been tracking you since before you were born anyway, you're just too stupid to realize it.

If you don't want Google to know your wifi info, the simple solution is to not give it to them. They aren't coming onto your property to get it. They are able to obtain the information from the street without using any special equipment because you actively made a choice to broadcast a wireless signal that could be heard by any machine anywhere in the universe (those waves propagate forever).

Stop broadcasting your signal. If you stand in your front yard and yell at the top of your lung do you still not expect anyone to hear it?

Re:For Facebook and Google+

[Bucky24]

I'd bet that most people WOULDN'T opt in, since doing so would take a little time out of their day that they don't want to spend opting into a service that they don't get an immediate reward to (yes I know that in the end they all win since the geolocation gets better, but most people won't think about that).

Re:For Facebook and Google+

[quixote9]

"Is anyone at Google still thinking?" Apparently, not. Unless it's "Nobody will bother re-doing their network to all new SSIDs. Bwahahaha."

Re:For Facebook and Google+

[Bucky24]

Bear in mind that to a lot of people (ie non-techs), the simple hardware they are using IS special equipment.

Re:For Facebook and Google+

[kiwimate]

Well, maybe not. That's business. And really, if this were a story about the RIAA or MPAA how many people would be coldly saying "make it opt in, and if it doesn't work then too bad, figure out a new business model, otherwise you deserve to die off?"

Re:For Facebook and Google+

[Bucky24]

Oh I agree. I'm just pointing out WHY they won't do it.

Re:For Facebook and Google+

[zaajats]

amen.

if the Internet was opt-in everything, we'd still be in the stone ages.

If you don't want your SSID to be mappable

[samael]

Then don't broadcast it!

They aren't doing any snooping on your private data here, just noting where different SSIDs are broadcasting. Unless your SSID name consists of your name, DOB, mother's maiden name, etc. you have nothing to worry about.

Re:If you don't want your SSID to be mappable

My SSID does consist of my name, so that if my neighbors have a problem with my wi-fi, they know to contact me.

I'm fine with everyone within wi-fi range knowing my name and where my house is (since they already do). I'm less fine with my name and house being pin-pointed on a map for everyone to see.

Re:If you don't want your SSID to be mappable

[samael]

But it's not. Nobody can look on a map and see your name, If they're standing by your house and can receive the signal then they can tell where they are, but that's all.

(Unless Google are now publishing the complete lookup table, in which case I feel somewhat different.)

Re:If you don't want your SSID to be mappable

I don't think they actually work on the SSID. I'm fairly sure they use the router's MAC address. Some SSIDs are so common they would be useless for mapping.

Re:If you don't want your SSID to be mappable

Google might not publish this, but others already do.

Re:If you don't want your SSID to be mappable

Google might not publish this, but others already do.

*sigh* Yes, yes, and obviously, because some unrelated companies are doing this, it clearly means Google will too by... um... osmosis. Yeah, let's go with that. Osmosis.

Re:If you don't want your SSID to be mappable

[Missing.Matter]

They're not mapping SSIDs (not unique), they're mapping MAC addresses (unique), which I can find easily even if you're not broadcasting an SSID.

Re:If you don't want your SSID to be mappable

> Then don't broadcast it

Sure thing, that's fine so long as you don't mind breaking the functionality of groups of devices such as Android phones that have issues with suppressed SSIDs.

Re:If you don't want your SSID to be mappable

[poolecl]

If you are not broadcasting then they cannot map you! (Obviously if you are broadcasting a signal without an SSID you are still broadcasting.)

But should you expect privacy when you are sending a wireless signal out beyond the confines of your control?

Re:If you don't want your SSID to be mappable

[delinear]

It's not even about privacy. Most people don't know what a MAC address is, let alone care, and it's not like Google are plotting this on a map or giving any way whatsoever to trace it back to you or your location. This is far less nefarious than gathering people's phone numbers into a directory along with their name and address, yet for years that was considered perfectly acceptable on an opt-out basis. I'm all for privacy but let's fight the battles that actually matter - in the grand scheme this really doesn't.

Re:If you don't want your SSID to be mappable

[delinear]

It seems to me your issue should be with the hardware vendors if they're forcing you to publicly broadcast what you consider to be private information. If your phone only worked when you stood naked in a public place, would you accept that, too?

Re:If you don't want your SSID to be mappable

But if your not broadcasting your SSID how will Google know not to track it?

Re:If you don't want your SSID to be mappable

[morgauxo]

You couldn't have wifi without broadcasting some form of ID. When machines communicate they have to be able to identify what machine the message is intended for. I guess there could be a protocol that encrypts the ID. But then every device has to try to decrypt every message that goes past in order to check the ID to see if it's it's own. That would kill batter life and waste processor speed.

So.. every device gets a long meaningless list of seemingly random letters and numbers. (not quite random, different manufacturers do use different ranges to avoid conflicts). That's your MAC address and that's the one part you can't help but broadcast. Whoopdie Freakin Do.

Re:If you don't want your SSID to be mappable

[morgauxo]

If it's your house then your name and location are out there in plenty of public databases anyway. Get over it.

Re:If you don't want your SSID to be mappable

they're mapping MAC addresses (unique)

Crap. I can set my MAC addresss to anything I like.

Re:If you don't want your SSID to be mappable

[datapharmer]

No worries, I changed my MAC address to GG-GG-GG-GG-GG-GG.

Re:If you don't want your SSID to be mappable

[ceoyoyo]

Here's a suggestion: stop broadcasting information you consider sensitive. If you want your neighbours to know which AP is yours then climb out of the basement, go over there, and tell them.

Re:If you don't want your SSID to be mappable

[webnut77]

Nobody can look on a map and see your name,

You forgot about teh haxXorz. If everyone is so OK with this, why not let Google (and others) collect your credit card number too.

Re:If you don't want your SSID to be mappable

[BitZtream]

You're an ignorant fool.

Anyone who knows your name can find your address via simple public records searches.

If you own your house, your tax records are public, most states have these online and search able now. Own a car? All sorts of ways to get your address from that.

You're name is already on hundreds of big maps, with the names of millions of other people.

The fact that you're on the Internet almost guaranties that your name is on a public map somewhere thats easy to find by anyone who knows what they are looking for.

Get this though ... NO ONE GIVES A FUCK ABOUT YOUR HOUSE OVER THE OTHER 6 BILLION PEOPLE'S HOMES.

Re:If you don't want your SSID to be mappable

[BitZtream]

You'd be funny if you ... well, no it wouldn't, you need to have a clue to be funny.

F is the last digit in hex.

Re:If you don't want your SSID to be mappable

[Bucky24]

Once I filled out an order form and Chrome asked me "would you like to save your credit card data?". So likely they already have the credit card numbers for a lot of people who value speed over privacy.

Re:If you don't want your SSID to be mappable

[Bucky24]

But if you're living in the basement wouldn't the AP be your mom's, not yours? ;)

Re:If you don't want your SSID to be mappable

[Bucky24]

NO ONE GIVES A FUCK ABOUT YOUR HOUSE OVER THE OTHER 6 BILLION PEOPLE'S HOMES.

But that's not the point. Attitudes like that are why our civil liberties keep being eaten away.

Re:If you don't want your SSID to be mappable

[ceoyoyo]

You're a sad, sad geek if you get your mom to buy and set up the WAP for you.

Re:If you don't want your SSID to be mappable

[Bucky24]

Well yeah... But you're kinda sad anyway if you're living in your mom's basement.

Re:If you don't want your SSID to be mappable

[ceoyoyo]

True, but for some reason it doesn't seem to reflect poorly on your geekhood.

Opt-in

[C_Kode]

Everything should be opt-in. Never opt-out.

Re:Opt-in

[Hermanas]

Is it okay with you if I reply to your comment?

Re:Opt-in

What about organ donation?

Re:Opt-in

[JustAnotherIdiot]

Especially organ donation.

Re:Opt-in

[HarrySquatter]

Organ donation is opt-in so what was your point?

Re:Opt-in

[thisnamestoolong]

AC has a good point -- the vast majority of people are NOT organ donors in localities where it is opt-in, vs. the vast majority participating when it is opt-out. It is really hard to argue that this is not a good thing. You could, however, argue that it reflects VERY poorly on us that we need organ donation to be opt-out before we see a large number of organ donors...

Re:Opt-in

You opt-in when you broadcast your SSID for the entire world to see.

Re:Opt-in

He won't answer that because you didn't give him permission to.

Re:Opt-in

[Tim+C]

A lot of people think organ donation should be opt-out.

Re:Opt-in

[srussia]

Everything should be opt-in. Never opt-out.

I would be fine with opt-out if all it took was appending "_notax" or "_freeman" to my name.

Re:Opt-in

[darkpixel2k]

Everything should be opt-in. Never opt-out.

I know you've probably never given it a second thought, and now might seem like a reaaaallly bad time--but would you like to opt in to our defibrillation program?

Ok--real quick now CANIDEPLOYAIRBAGSRIGHTTHEFUCKNOW?

Re:Opt-in

If I'm in Room #1 and walking to Room #2 is it better fit to say that I'm opting-in to #2 or out of #1? Not that I disagree with what you're getting at in this case, but rethink your use of absolutes of "everything" and "never." Do you mean "everything" in respect to when something concerns disclosure of information? Sorry to be "that guy" but I'm attempting to provoke thought, not ridicule your stance.

Re:Opt-in

You opt-in to airbags when you get into a vehicle that has them. You don't want the airbags? You have the option of walking, riding a bike/motorcycle, taking a bus, or having an older car. Now crashing, on the other hand, should be opt-in.

Re:Opt-in

Including taking a picture of your house from the street?

That's basically what this is - they're simply mapping publicly available data, using a passive sensor, from a public location.

Re:Opt-in

[TubeSteak]

You could, however, argue that it reflects VERY poorly on us that we need organ donation to be opt-out before we see a large number of organ donors...

Human nature is generally lazy.
If something is opt-in, most people won't opt-in.
If something is opt-out, most people won't opt-out.

We can argue about public policy and organ donation, but when it comes to our privacy
anyone who argues for a default opt-in/out that provides less privacy does not have your best interests in mind.

Re:Opt-in

You opt-in when you broadcast your SSID for the entire world to see.

I agree. Google is scraping publicly available information when they compile these SSIDs with their coordinates. The only reason we think of SSIDs and their locations as "secret" is that we can't see them most of the time, and nobody has ever driven around making lists of them. But now that someone is, nothing has actually changed. It was always the case that if your SSID was not hidden, it was out there in public. If you don't like that, you've always been free to hide it.

Re:Opt-in

[morgauxo]

It is, you opt in when you broadcast. It's really no different than standing in your front yard and shouting. You don't have a right to be upset when somebody driving by records and shares what you say.

Re:Opt-in

[morgauxo]

There's an easy solution. Those who opt in automatically get put higher on the list in the case of needing an organ themselves. Not to be entirely callous, Opt-outers can have any leftovers. IF there even are any. It sounds pretty fair to me!

Re:Opt-in

[zmooc]

Then can I please opt out of my neighbours transmitting their radiowaves into my home?

You are turning things upside down, as is half the world. Just like it is not very common for people to be able to opt out of nearby people hearing them screaming, it is rather difficult for you to opt-out of my antenna receiving the radio signals your radio broadcasts. If you don't want to be heard, don't broadcast. It's that simple.

Re:Opt-in

Not really poorly reflecting. If you actually stop and think about it, you're contemplating the possibility of your own death, and most people don't want to stop and think about it anyway, but adding that little downer makes it that less likely. Making it opt-out means most people can gladly not think about it, but still participate.

It reflects the public's poor ability to reflect, rather than reflecting poorly upon them.

Re:Opt-in

[stephanruby]

It's already opt-in. To have a working hotspot, you don't need to broadcast your SSID continually. You can enter it manually, or you can just broadcast it for 30 seconds. The only reason it's on is because of the convenience it provides.

Re:Opt-in

[Darinbob]

But this is in conflict with Google's "be evil" policy.

Re:Opt-in

[webnut77]

Everything should be opt-in. Never opt-out.

I would be fine with opt-out if all it took was appending "_notax" or "_freeman" to my name.

Hi, Bob_UncleSamPleaseTaxMeIntoOblivionSinceImSureYoullSpendItMoreWiselyThanIWill Smith here.

Re:Opt-in

[BitZtream]

And you opt in to the world mapping your SSID location the instant you start broadcasting it. You have the option of using a wire rather than wireless if you don't want to broadcast.

Re:Opt-in

[Bucky24]

I dunno what it's like where you live, but in my town if someone bothers me by screaming too loudly I can call the police and have them put a stop to it... Isn't that similar to "opt-out"? (generally I don't because it's more entertaining to listen, but still).

Re:Opt-in

[wye43]

I opt-out of the opt-out process.

Yes

[Errol+backfiring]

It should require an explicit opt-in.

Re:Yes

That's like saying you should have to opt in to people knowing the mailing address of your house by reading the numbers on the front of your door.

Re:Yes

[zmooc]

Opt-in? Just like my neighbours should explicitly get my permission to broadcast their fugly SSID into my home!

IMHO broadcasting voids any reasonable expectation of not being noticed. This should not be opt in or opt out or whatever. Anybody is and should always be allowed to receive any radio signals. If you don't want me to receive your radiosignals, keep them to yourself.

Re:Yes

Explicit opt-in would make the service useless, because nobody would take the time to "opt-in". This service works because wireless is everywhere and simply looking at the available SSID they are able to locate you. They're not logging to your system or anything bad.

Why are people so freaked out?

Why do you care?

[Manip]

While it is nice of Google to offer this, I don't really understand why people care. The SID was always public information as are the location of the AP. So to then turn around and accuse Google of invade your privacy by recording what essentially you've told your AP to shout from the rooftops seems a little contradictory to me. It isn't like SIDs are personal or in any way linked to you as an individual or even your surfing activity.

So as I said, nice of Google to do this, but I'd question what anyone who opted out really hopes to accomplish by doing so...

Re:Why do you care?

[Chrisq]

While it is nice of Google to offer this, I don't really understand why people care. The SID was always public information as are the location of the AP. So to then turn around and accuse Google of invade your privacy by recording what essentially you've told your AP to shout from the rooftops seems a little contradictory to me. It isn't like SIDs are personal or in any way linked to you as an individual or even your surfing activity. So as I said, nice of Google to do this, but I'd question what anyone who opted out really hopes to accomplish by doing so...

An SSID of "I hate Islam" might work well in the leafy suburbs of Surrey, but you might not want the location broadcast world wide

Re:Why do you care?

[LubosD]

but you might not want the location broadcast world wide

Sorry, where can I download the complete database of AP locations? Because as far as I know, the database "read access" works the other way around. Your phone submits a list of APs around you to Google's servers and in turn you get your approximate location. I don't understand what the problem here is.

Re:Why do you care?

Then change it? What kind of moron writes this and doesn't realize the obvious solution. I could've done the same thing as Google to a smaller scale and this wouldn't even make the news.

Re:Why do you care?

[Chrisq]

Then change it?

"I hate Islam _nomap" it is then.

Re:Why do you care?

And I'm pretty sure they work by MAC address, not SSID anyway. Otherwise you'd show up everywhere simultaneously every time you got near a "linksys" ssid.

Re:Why do you care?

Not only does Google not have any reason to broadcast SSIDs worldwide, they don't even have much reason to record them (other than this feature, of course). They use the BSSID for location triangulation, because it's unique. The service would hardly be as useful if it had to triangulate based only on seeing three APs named "linksys".

Re:Why do you care?

[vagabond_gr]

"Public information => no need for privacy" is a very typical logical fallacy. Privacy is not a black-or-white thing, categorizing things into private/public misses the point.

For example: when you move out of your home, your location is public information. Anyone who can see you knows that you're there. Similarly, your "image" is public information, anyone can take a picture of you. This does not violates your privacy, as long as it happens by random people in the street. If someone tracks your every movement, takes a picture every minute and publishes this information on the net, your privacy is clearly violated.

I don't care that much about the SID thing, but people have every right to feel that their privacy is violated by automatic collection of data, even if the data are "public". Privacy has a lot to do with who has access to the data, what it does with it and even how easy the access is.

Re:Why do you care?

[delinear]

Nobody has access to the data. Your device sends Google a request saying devices A, B and C are nearby, Google then looks these up in their database, decides you are likely somewhere near location X and returns that location. If you have something you want to keep private being broadcast by your router, you should be more worried about the guy outside your house reading that information on his phone than Google keeping a private database of that same data.

Re:Why do you care?

[canajin56]

Actually, your phone submits a list of AP MAC addresses to Google, and Google records those along with your phone's GPS data (if available), or it sends you your approximate location (if GPS data isn't available). This new thing will tell your phone what SSIDs to ignore, but not only does Google not publish the SSID location database, they don't even have one. These people are in a massive panic over somebody learning their MAC address.

Re:Why do you care?

[canajin56]

Good thing Google records MAC addresses not SSID then?

Re:Why do you care?

An SSID of "I hate Islam" might work well in the leafy suburbs of Surrey, but you might not want the location broadcast world wide

That's not a problem, it's only if your SSID is a base64 encoded image of the one who you aren't supposed to make images of, then you wouldn't want your location accessible!

Step 1: construct base64 encoded image as SSID
Step 2: ???
Step 3: Prophet!

Re:Why do you care?

Just to clarify:

Do they record my AP MAC address (BSSID) even if I turn SSID broadcast off?

Re:Why do you care?

[Fishbulb]

I could see a case where someone's life may be in jeopardy if there was a searchable index of SSID names that automatically zooms into a location on a map. Someone being stalked by an aggressive ex, for instance, who doesn't realize their SSID is tied to a map location that is easily searchable. Let's say said aggro ex set up the WAP in first place and so knows the SSID but lost it in the divorce/breakup, or even willingly gave it up knowing they'd eventually be able to search for it via google maps.

Re:Why do you care?

Nobody has access to the data. Your device sends Google a request saying devices A, B and C are nearby, Google then looks these up in their database,

So nobody has access to the data...which resides in Google's database? Which cannot possibly ever be compromised, sold, or used improperly?

Re:Why do you care?

[ceoyoyo]

Don't broadcast things that you don't want people to see.

Re:Why do you care?

[kqs]

Sorry, where can I download the complete database of AP locations?

I seem to recall that there are a number of war-driving sites which have fairly large databases of APs. And they don't provide an opt-out method. Neither does Apple nor any of the geolocation companies which collect this info. So once again, Google leads in privacy. And for their pains, gets blasted by many commentators (not you, but many others) who complain about Google but not about any of the others. Hell, I bet the loudest complainers were happy when the first wardrivers started publishing their databases.

Re:Why do you care?

[BitZtream]

And again, I fail to care about yet another silly reason why we should throw common sense out the window and make a retarded decision based on the possibility that some bigoted ass would get hurt.

Considering the value to society...

[mebollocks]

... then it should be opt-out.

Re:Considering the value to society...

[Eponymous+Coward]

You have the right answer. Nobody seems to think about the greater good any more. Large corporations and governments already have access to all of this data. Google is just making it available for regular people in an incredibly useful way. It's perfectly valid to have problems with this, but don't ignore the benefits as well.

Re:Considering the value to society...

[mebollocks]

In this regard I find it telling that the word "Idiot" was originally coined to describe these people.

Re:Considering the value to society...

[kiwimate]

Nobody seems to think about the greater good any more. Large corporations and governments already have access to all of this data.

So you think large corporations, like Sony or Microsoft, should be able to use this data too?

Re:Considering the value to society...

[Eponymous+Coward]

Sony and Microsoft already have it. Or are you asking if they should be allowed to collect or buy the data in the first place? Either way, I think they should be allowed to use.

Ideally, their use of the data would come with some conditions. For example, I wish they had to disclose what data they have about me, where they got it, and who they have shared it with. It should also be possible to ask them to delete the data. I don't think it's in my best interests though for companies to be heavily regulated in the way the EU seems to be going. That's just my opinion though.

Re:Considering the value to society...

[kiwimate]

I was asking the question if they should be allowed to use it, following on from your comment that they already have it. I do have to give you kudos for being consistent, even if I disagree with you.

It should also be possible to ask them to delete the data.

Agreed - but I take it further and ask that it be harder for them to get it in the first place. Your SSID by itself might be harmless. Your address by itself might be harmless. The knowledge you have a 10 year old daughter by itself might be harmless. The knowledge of her movements and your movements and the movements of your family, individually, could all be harmless. But have enough data points and either enough data mining prowess or just enough boredom/sociopathic tendencies to put A and B and C together and it is more information than I want any random person to have about me.

Sorry, but I'm just not comfortable with all of that, because "the greater good" stops when it threatens the safety of my family. A number of posters on this thread are throwing around the paranoid label, but my family has suffered from stalkers and anonymous phone callers who threaten young kids when they are the one to answer the phone, so I don't particularly care if some random person on an internet forum thinks I'm paranoid. I don't want to make it any easier for the next idiot.

Opt-in is not an option

[mikeplokta]

There's no point saying "It should be opt-in", because it can't possibly work on an opt-in basis. There's no way to get a sufficient number of opted-in wireless access points. The available options are "Opt-out is OK" or "The service shouldn't exist".

Re:Opt-in is not an option

There's no point saying "It should be opt-in", because it can't possibly work on an opt-in basis. There's no way to get a sufficient number of opted-in wireless access points. The available options are "Opt-out is OK" or "The service shouldn't exist".

...And the score is Rational Thinking - 1, Kneejerk Reactions - 1,000,000.

Re:Opt-in is not an option

OK, then the service should not exist. Simple enough.

Re:Opt-in is not an option

[HarrySquatter]

There's no way to get a sufficient number of opted-in wireless access points.

Boohoo? Since when is that information owed to Google?

Re:Opt-in is not an option

So we remove a highly useful service because of a handful of tinfoil hats? No thanks.

Re:Opt-in is not an option

[Aeiri]

You successfully read 2 of the 3 sentences in his post. If you read the third, you'll see that he has no opinions stated in this post whatsoever.

Re:Opt-in is not an option

[PerfectionLost]

Since you broadcasted outside of your house, and they drove by. If they had to trespass to acquire this information it would be arguably yours.

Re:Opt-in is not an option

[Missing.Matter]

The available options are "Opt-out is OK" or "The service shouldn't exist".

Then the service shouldn't exist. Simple enough.

But then again, there may be a third option you're not considering. What are these location services used for? Checking into restaurants, tagging pictures with locations, checking the weather, etc. Where do I do these things? Mostly when I'm out on the town, or at home. So, make deals with Starbucks, AT&T, Barnes and Noble, etc. to use their SSIDs in the database. These companies have vast networks of wifi hotspots so it should cover a good deal of high traffic ground, especially in cities and urban areas. Then allow the user the option to store the location of his own home or work network locally on the phone to fill in the gaps.

Re:Opt-in is not an option

They could do EXACTLY what they are doing now, except the SSID would read "yes" instead of "no". That would make opt in an option.

Re:Opt-in is not an option

[Tim+C]

It's not owed to Google, but that's not the point. The point is that Google is taking public information and turning it into a service that is useful to ordinary people. You may disagree, but personally I think that's socially useful and I for one will not be opting out.

Re:Opt-in is not an option

[poolecl]

If you eliminate the service by regulation you are only creating a facade of privacy. (And the same argument can be used for regulating security.) The only way that you can truly eliminate the privacy risk is through technology. (And not just an opt-out tag which is just a form of regulation, albeit self regulation.) As long as you have a wireless beacon sending out a unique identifier, there is no way to control what is done with that information. You can pretend to make laws that say "Thou shalt not collect information from your surroundings and remember where you collected it," but in the end the information is out there and someone will collect it. If it's not Google telling you very publicly about it, it is the government or the "bad guys" doing it secretly.

Re:Opt-in is not an option

[delinear]

What you're suggesting is not logistically feasible. Even if you ignore the difficulties of getting sufficient numbers of businesses on board with this to make it worthwhile (and the fact that you's still be missing out large swathes of any non-urban locations), what happens if your local restaurant goes out of business (happening quite a lot in this current climate) and you buy their router in an auction? Are Google then liable for the fact that you didn't realise someone else had opted you in? I'm sorry, but with this kind of attitude we'd probably not have telephones (how useful would they be if you had to personally gather every phone number you might want to call). There comes a point where giving up something as trivial as a perceived notion of privacy over a bit of practically useless data that you're already broadcasting to the public is less important than the benefits that location services can provide, especially when a trivial way to opt out (far easier than opting out of telephone directories) is also being offered.

Re:Opt-in is not an option

[DragonWriter]

Boohoo? Since when is that information owed to Google?

Its public since you started broadcasting it.

Google is part of the public.

Re:Opt-in is not an option

[kiwimate]

Agreed. I have quite a different opinion from a number of people, evidently. This article on Slashdot is the first I'd heard of this (and I am sure I'll get some abuse for admitting that, but...). I work in the IT field, have done so for 25 years professionally (many more years as a hobby, like most people), and read tech sites like Slashdot on a daily basis.

So my reaction is that if someone in my position is only just becoming aware of this, how is Joe Public going to hear about this? Forget about "it's public information, you shouldn't be broadcasting" etc., etc. Let's just say for whatever reason Joe Public doesn't want to be in this. How does he learn about this?

By the way, it's not just a matter of changing your SSID. You have to change everything that might have that SSID hardcoded - laptops, iPhones, Tivo, etc. In my house we have two Tivo units, my laptop, three iPhones, one netbook...I think that's it, maybe I'm forgetting something. We're not a particularly tech-heavy house, but that's seven devices plus the router which I have to reconfigure (including typing in a complicated password). I know, I know - it's a one time thing, it'll probably take me half an hour, whatever. That's half an hour I'd rather not waste just to get around something Google is foisting on people.

Stuff that. Let Google set it for opt in instead, let them advertise to their heart's content that this is how you sign up for it, and if they can't get enough users to opt in, well...I can't muster up an enormous quantity of sympathy, honestly.

Re:Opt-in is not an option

[webnut77]

where giving up something as trivial as a perceived notion of privacy over a bit of practically useless data

You're forgetting the lesson of the chicken wing.

For years producers had all these chicken wings left over and usually ground them up and put them into animal feed. One day someone invented the "buffalo wing" and suddenly all those trivial, practically useless by-products became valuable.

Re:Opt-in is not an option

[aj50]

Objecting to people recording your SSID broadcasts is like objecting to people on the street taking photos which include your house.

Re:Opt-in is not an option

I'm broadcasting 2 or 3 houses in each direct. Google is not my neighbour.
Under protest I ad _nomap to my SID. It's an ugly hack, but google with get nothing from me.

I have, however, also made them blur my property and I'm advising everybody to follow suit. I imagine a streetview with blurry images left and right everywhere you go.

I'm done with google. No more search and no more services that require an account

What about other mapping systems?

[funfail]

What happens if I want to hide my access point from Apple, Google and Skyhook at once? Should I name by AP as

LINKSYS_NOMAP_NOAPPLE_NOSKYHOOK

or will this be a global suffix?

Re:What about other mapping systems?

They seem to want _nomap as a standard for everyone.

Re:What about other mapping systems?

[Nerdfest]

My guess that they didn't make it nogoogle so that Apple and the other mappers can respect it if they wish. Personally, I think broadcasting your SSID is opting in and this is not required.

Re:What about other mapping systems?

[dn15]

What happens if I want to hide my access point from Apple, Google and Skyhook at once? Should I name by AP as

LINKSYS_NOMAP_NOAPPLE_NOSKYHOOK

or will this be a global suffix?

From TFA:

Finally, because other location providers will also be able to observe these opt-outs, we hope that over time the “_nomap” string will be adopted universally. This would help benefit all users by providing everyone with a unified opt-out process regardless of location provider.

Re:What about other mapping systems?

GOD FUCKING DAMNIT. they're not talking about SSID, they're talking about the MAC.

Go ahead, hide your ssid, you h4x0r d00d. It means fuck all. It means fuck all because you can change it. What Google has a database of and cares for is a collection of MAC addresses and their location. You cannot change your mac address, and changing your location is often prohibitively expensive.

Re:What about other mapping systems?

[Nerdfest]

Actually, it's fairly trivial to change your MAC address on many routers.

Differences

[betterunixthanunix]

1. Robots.txt is hidden from view -- users never have to see it. Adding a suffix to a hotspot name is not hidden from view, everyone has to see it, and it becomes an annoyance.
2. Websites are not related to home addresses. We are talking about physical locations, not some server on the Internet, and in most cases those locations are a person's home.

Neither of these is a particularly convincing argument for technical people, of course. I do not care about my ESSID and I know that radio transmissions are not in any way private. The average, uneducated citizen is different -- they expect wifi to be private to their home, not collected into a massive database somewhere. The FCC designed the 802.11b/g/n standard with this in mind; that is why it is unlicensed and at such low power levels (compare with licensed radio operations, where everything has to be explicitly registered and authorized).

Really, I am on the fence on this issue. One side of me says that this should be opt-in, and the other says that people should know better. In either case, the problem boils down to technical ignorance.

I don't really mind

I don't care that much if Google maps my AP. Because if someone is lost out where I am, they're going to need all the help they can get.

information wants to be free

It should not be "opt in" - that's an illusion: someone else can just ignore it.

Information wants to be free, remember? If you don't want someone to detect your signal, don't broadcast it into space where others can receive it.

_nomap = search me

I think this just makes it more visible. If you turn off the AP name broadcast it obviously doesn't work and Google can still see the BSSID regardless.

At any rate, the correct way for explicit opt-out is to give Google the BSSID to delete and allow Google to not add the BSSID to the location database. Simple and less stupid. Works like donotcall lists, and only effective if the company adheres to it.

Unfortunately, there is no way to get the BSSID from a AP unless you use something like wireshark. That's a little to hard for average joe. Here's a better idea that Google can endorse... Let AP owners click a "Prevent this AP from being used in location services" and have it tell google to add/remove itself when settings are changed. This does nothing for a lot of the established AP's, but future ones can do it out of the box. Wireless didn't really take off until around 2005 or so, and many of these devices are being replaced by ISP-provided locked-down ADSL/DOCSIS modems that the user can't make any adjustments to other than the broadcast name and password to access.

reality vs expectation

"The average, uneducated citizen is different -- they expect wifi to be private to their home"

They do? I don't think so. People understand that signals propagate over distances. The tune in their FM radio or broadcast TV or make a cell phone call. They perfectly well know that their ESSID is broadcast beyond their house.

They just don't (generally) care. Anyway, information wants to be free. If you shout something from the rooftops, don't bitch when somebody else overhears. It's the simple nature of reality, and trying to legislate against the nature of reality ALWAYS causes far more problems than it solves.

Re:reality vs expectation

[ciderbrew]

I think people would be shocked that wifi and mobile phones use radio waves. I think they expect it to be "digital". If you said "propagate over distances" you'll have lost them at propagate.

Re:reality vs expectation

[binford2k]

I would assume that's why he said broadcast instead of propagate, yeah?

Re:reality vs expectation

[ciderbrew]

Go about 10 words before the word "broadcast" and re read. Look for the words "propagate", "over" and "distances" in AC (#38060134). Were you too shocked that phones use radio waves!?!?

Re:reality vs expectation

[binford2k]

Where does anything in my one sentence comment imply that I don't understand radio waves?

And in any case, people don't need to know dick about radio to realize that there are no wires connecting device A to device B no matter where they go in their house. And that the connections persist even in the yard or -gasp- out on the street as they drive away or up to their house. And it doesn't take much of a cognitive leap to realize that if they can see their network, that others quite possibly could too. Matter of fact, my mother's first question when I set hers up was, "can people driving by see what I'm doing on here?" And she's about as non-tech as they come.

Why do you think people name their networks funny and clever things? Would they take the time to think up names like "AMANDA_HAS_AIDS" or "get off my netz" if they didn't expect others to see them?

For people to realize that simply the NAME of the network, even if the traffic is encrypted, is useful information and that someone would be scraping it for location service is a different story and I'd bet that a very small percentage get that. But even so, I doubt that very many of them care.

Re:reality vs expectation

[betterunixthanunix]

And that the connections persist even in the yard or -gasp- out on the street as they drive away or up to their house. And it doesn't take much of a cognitive leap to realize that if they can see their network, that others quite possibly could too.

Actually, it takes a substantial cognitive leap for many people. Many people do not understand that a computer can record things, that these things can be automated, that cars passing by their house can detect wifi, etc.

Why do you think people name their networks funny and clever things? Would they take the time to think up names like "AMANDA_HAS_AIDS" or "get off my netz" if they didn't expect others to see them?

Why do you think people "name" their networks "linksys?"

Re:reality vs expectation

[binford2k]

Why do you think people "name" their networks "linksys?"

All 4.7% of them? http://wigle.net/gps/gps/Stat

Re:reality vs expectation

[ciderbrew]

Are you even reading this? I never said anything about your understanding of radio waves. You said " that's why he said broadcast instead of propagate". But the post did say propagate.
[quote (#38060134)] They do? I don't think so.

People understand that signals propagate over distances. The tune in their FM radio or broadcast TV or make a cell phone call. They perfectly well know that their ESSID is broadcast beyond their house.[/quote]

My point is, the "Layperson" would not understand "propagate over distances" - They only understand crap such as next week they are going to pick winner of next weeks X celebrate factor on ice in a TV show. I don't think I'll bother with this any more.

Paranoia much?

[ZorinLynx]

Why in the heck do you people care if Google maps your AP's location? It's not like this information can be used for anything but it's intended purpose: wifi location services.

Making it opt-in would make it useless as people won't care enough to opt-in.

This isn't a privacy issue at all. The tinfoil-hat crowd really needs to get a life.

Re:Paranoia much?

[synapse7]

Besides, changing my SSID would require WAY too much work in reconnecting all wireless devices.

Re:Paranoia much?

[kiwimate]

Why in the heck do you people care if Google maps your AP's location? It's not like this information can be used for anything but it's intended purpose: wifi location services.

So you don't care if people map your e-mail and publish it? Because, you know, it's not like anyone would use it for anything other than its intended purpose to send you legitimate e-mail. Spammers? Nahhh...

Making it opt-in would make it useless as people won't care enough to opt-in.

Bummer. Poor Google. I'm not even sure this is correct - do people care enough about free software and open source to contribute their time and efforts to make it a success?

Re:Paranoia much?

[ZorinLynx]

>So you don't care if people map your e-mail and publish it?

It's not the same. You can't DO anything with my SSID or access point MAC address. MAYBE you can do a denial of service attack on it by cloning it. But wait.. you'd have to be nearby. And if you're nearby you can get that info yourself anyway without using Google.

Nobody can contact or spam you using your access point's MAC address or SSID. They can't use your network if you have proper encryption set up and they're not near by. There is literally nothing that anyone can do with this database to affect you in any negative way. Some of you really need to think this through and realize that the Google wifi location db/skyhook/etc. is completely harmless privacy-wise, while providing an excellent service to the public.

Re:Paranoia much?

I'm guessing you haven't been around for very long - "It's not like this information can be used for anything but it's intended purpose".

Give it a while, kid, and you'll get it.

Life opt in

Please append "_nokill" after your name if you would like to avoid a public domain applied death.

oops...not the same? Says who?

Re:Life opt in

[PhilHibbs]

A t-shirt with "_nomurder" printed on the back would be cool.

You are BROADCASTING your SSID.

[IGnatius+T+Foobar]

Google has every right to use your SSID for geolocation purposes. The privacy whiners all seem to conveniently forget that when you operate a wifi access point, you are BROADCASTING your SSID to anyone within range. It is the same as if you switched on an AM or FM radio transmitter in your home or business and continuously spoke into the microphone: "My network is named kitty-net ... my network is named kitty-net ... my network is named kitty-net ..."

If you don't want something known to anyone within range, you might consider not BROADCASTING it. Every access point in the world has the ability to shut off its SSID announcements.

Re:You are BROADCASTING your SSID.

[CimmerianX]

Simply not broadcasting your SSID will not stop the techniques used by Google, Apple, and Skyhook from mapping your WIFI MAC Address, which is what they collect.

Re:You are BROADCASTING your SSID.

[beantherio]

I am not broadcasting my ssid for Google to pick it up. I am broadcasting it for myself. How hard is that to understand?

Re:You are BROADCASTING your SSID.

I'm pretty sure FCC regulations disagree with your views on radio transmission. If you don't like how people use what you are broadcasting, you are free to not broadcast.

Re:You are BROADCASTING your SSID.

That's like saying you didn't put those photos on Facebook for everyone to see, but just for you. Yes, those photos. The ones you accidentally marked Public that caused your family to disown you.

Re:You are BROADCASTING your SSID.

I am not broadcasting my ssid for Google to pick it up. I am broadcasting it for myself. How hard is that to understand?

"Broadcasting" is the act of sending something out into the ether for anybody to hear. How hard is that to understand?

Re:You are BROADCASTING your SSID.

tell that to the military/police

intercepting ANY radio transmission "not intended for you" is illegal, ask a HAM radio operator

Re:You are BROADCASTING your SSID.

[Missing.Matter]

Every access point in the world has the ability to shut off its SSID announcements.

If you're not broadcasting your SSID, Google will still map it. If you don't want them to, you'll actually have to broadcast an SSID, and append _nomap to it, since anyone can find your router's MAC address even if you're not broadcasting your SSID.

Re:You are BROADCASTING your SSID.

I am not broadcasting my ssid for Google to pick it up. I am broadcasting it for myself. How hard is that to understand?

I really think you need to look up the work "broadcast".

Re:You are BROADCASTING your SSID.

[QuasiSteve]

The thing is, where exactly would you draw the line?

Yes, I'm broadcasting my SSID - however, my reason for doing so is that I don't have to tell guests, patrons, etc. what the SSID is supposed to be and how they can enter that on their OS of choice. All OS's have at least a user-friendly method for connecting to an AP that does broadcast its SSID.
I'm leaving aside that Google may still record APs that simply don't broadcast an SSID and thus requiring you to actually turn it on and fill in something along with the suffix.
My reason for doing so is not necessarily so that, when combined with GPS data, it can be used for geolocation - just like I'm not broadcasting the SSID for research into what SSIDs are the most common in the world, statistics of whether or not people are broadcasting SSIDs and if so how many are going to be using the suffix, and so forth and so on.

However, I realize that these are side-effects of broadcasting all the same. Truly, if I didn't want this, I should not be using wireless at all.

But now let's take another example. If I'm sitting in my home, does that mean that, say, facebook has every right to point a camera inside and take pictures of me for a facial recognition database?
After all, I chose to let the photons come in through the windows, bounce off of me, and go back out of the windows. Should I be keeping my curtains closed 24/7 if I want to have any expectation of privacy?

What about speaking? Should I sound-proof all surfaces in my home because otherwise Apple has every right to use advanced listening devices to record conversations that I'm broadcasting into the world - however nearly-inaudible - for improving Siri results on a regional level?

Should I get inertial dampeners on the bed to prevent the geological survey people from recording and publicizing every time we have sex?
( The seismograph we had installed as part of a case against the muni where we claim that cracks in the walls are the direct result of semis and busses going over the speedbumps close to our home while they claim it's natural? Yeah. You'd be amazed at what it can record. )

Just because you make something 'public' does not mean it is free to use for whatever purpose by whatever entity. ( Although I can't find the ruling for 'Stovall v. Yahoo! Inc.', if that's even gone through. )

Again, I don't take any issue with the recording of my SSID/MAC for the purposes of location services - I use them myself, they're quite useful. But some people may disagree, and I can see why they might - so I don't think Google has an automatic 'right'... at least not in the jurisdiction in question; The Netherlands.

Re:You are BROADCASTING your SSID.

Wait, are you saying that the Google Street View cars (if they're still doing it) or an Android's wifi device magically know that a non broadcasting wifi AP is even there?

WHAT MAGIC IS THIS?

Yeah, I don't think you've thought this through properly.

(Incidentally, you can still name your AP whatever you like, even with broadcast being off. Otherwise, how do you associate a laptop or another wifi based device?)

Re:You are BROADCASTING your SSID.

[sexconker]

Wait, are you saying that the Google Street View cars (if they're still doing it) or an Android's wifi device magically know that a non broadcasting wifi AP is even there?

WHAT MAGIC IS THIS?

Yeah, I don't think you've thought this through properly.

(Incidentally, you can still name your AP whatever you like, even with broadcast being off. Otherwise, how do you associate a laptop or another wifi based device?)

Google maps you regardless of whether or not your SSID is set to broadcast.
It's not magic, you just have no idea what you're talking about.

Re:You are BROADCASTING your SSID.

Apple airport routers do not have the ability to shut off broadcasting of guest network SSIDs. (can only shut off broadcasting of private network SSID)

Re:You are BROADCASTING your SSID.

[ceoyoyo]

If you want to use public radio spectrum in a public space then you have to accept some loss of privacy. If you want to keep that privacy then stop broadcasting into public airspace - either stop broadcasting entirely or shield your property.

Re:You are BROADCASTING your SSID.

[ceoyoyo]

I'm not sure about the draconian US, but most places intercepting a radio transmission not intended for you is not illegal. Judging by the availability of radio scanners in the US it isn't in most states either.

USING the information contained in a radio broadcast not intended for you is usually illegal. But if you're using a protocol that is specifically designed for discoverability, you're going to have a hard time arguing that Google is supposed to know your broadcast is not intended for general reception.

Re:You are BROADCASTING your SSID.

[webnut77]

Sorry, I had mod points yesterday. +1 Common Sense

Re:You are BROADCASTING your SSID.

[webnut77]

Should I get inertial dampeners on the bed to prevent the geological survey people from recording and publicizing every time we have sex?

You really don't belong here, do you?

Re:You are BROADCASTING your SSID.

You are broadcasting photons through your monitor. I collect them using my new device but let's face it, you have a choice. If you don't like me collecting that information, feel free to work with your monitor switched off.

Re:You are BROADCASTING your SSID.

[aj50]

Can you back up that claim? Is there evidence that APs with SSID broadcasts disabled are still used for location tracking?

Presumably if it isn't announcing it's SSID, your router is only broadcasting signals if someone is using the network. In this situation, can an observer distinguish between the AP and the client?

Furthermore, is an ordinary phone able to detect the existence of an AP which isn't broadcasting its SSID?

Re:You are BROADCASTING your SSID.

[Bucky24]

If I write my grocery list on a giant billboard on the side of the road, I'm writing it for myself, but I really can't get mad if someone else sees it and writes it down.

Re:You are BROADCASTING your SSID.

[zmooc]

You may not be broadcasting it in wifi protocol terms, but in my world any radiowave leaving your accesspoint is being broadcasted.

Re:You are BROADCASTING your SSID.

[QuasiSteve]

What? What's wrong with having sex with the geological survey people? :)

Re:You are BROADCASTING your SSID.

[webnut77]

You probably don't even live in your Mom's basement. :-)

Mobile access points?

How does google cope with all the mobile access points in things like ferries, trains, coaches, buses, trams, MiFi ? Surely those shouldn't be geolocated at all.

Even the router I gave my parents, now 100km from the location when they originally drove past my house gives Google's geolocation problems.

Re:Mobile access points?

[Knuckles]

Mathematics.

Re:Mobile access points?

[delinear]

I'm assuming the service doesn't work based on a single access point. If you have ten access points that their database says are in location A and one access point that their database says should be 500 miles away, I'm sure they're smart enough to take a decent guess as to where you are.

Not sure why it matters

[dn15]

I value privacy as much as the next person but I don't see why this matters. Network names do not give away anything personal unless you *choose* to put something personal into the SSID. And if you do that you have "opted in" to broadcasting your personal information. Or am I missing something here?

Re:Not sure why it matters

Nope, not missing anything here. Just the tinfoil-hat crowd looking to blame corporations for all their problems.

Re:Not sure why it matters

I value privacy as much as the next person but I don't see why this matters. Network names do not give away anything personal unless you *choose* to put something personal into the SSID. And if you do that you have "opted in" to broadcasting your personal information. Or am I missing something here?

I think it's even more than that. I think Google's database only considers the MAC addresses of the access points, not the SSIDs. So they don't honestly care about any personal information in the SSID.

Opt-in is a harder problem

[achowe]

Most consumers would not know how to login nor modify their WiFi AP settings.
Probably most wouldn't care nor understand. Only security concious power users
would understand and would do what was necessary to opt-out or not broadcast
their SSID. Frankly if you don't want to be mapped, don't broadcast SSID.

Re:Opt-in is a harder problem

[kiwimate]

Most consumers would not know how to login nor modify their WiFi AP settings.
Probably most wouldn't care nor understand. Only security concious power users
would understand and would do what was necessary to opt-out or not broadcast
their SSID.

Fair enough.

Frankly if you don't want to be mapped, don't broadcast SSID.

Given the first three sentences - how many people know how to prevent this, then?

Re:Opt-in is a harder problem

[webnut77]

Frankly if you don't want to be mapped, don't broadcast SSID.

And if you don't want to be mugged, don't leave your house!

Bob_DontMugMe Smith here.

Re:Opt-in is a harder problem

[achowe]

Doesn't track. If I don't leave my house, I can still be robbed.
A home owner has to take proactive measures to protect their
residence, good locks, alarm system, maybe bars on windows,
and learning how to disable SSID broadcasting.

Hidden SSID is not the Answer...

[CimmerianX]

Not broadcasting your SSID is not going to keep Google, Apple, Skyhook, etc... from learning your Wifi MAC address and mapping it. The best answer to this is to manually define your Wifi MAC address. Many consumer based routers let you specify a specific mac. So does DD-WRT. So everyone who doesn't like this idea shoud just change their MAC address to a random address from the DB from another country such as DE:AD:BE:EF:13:37. This MAC address geolocates to Latitude: 44.4899982 Longitude: 11.3569865 Piazza di Porta Maggiore, 2-4 40125 Bologna, Italy.

Re:Hidden SSID is not the Answer...

[qubezz]

Rotating your AP's MAC every hour should do the trick...

Re:Hidden SSID is not the Answer...

[sexconker]

Many ISPs require you to tell them if you have a new MAC Address.
Access gets cut off if the modem sees a different MAC than the DSL/Cable line says it should be seeing.

Re:Hidden SSID is not the Answer...

[PoopCat]

What is your modem doing sending its WIFI MAC to the upstream DSL/ Cable router in the first place?

Re:Hidden SSID is not the Answer...

[Bucky24]

I dunno about other providers, but Comcast requires you to register the MAC of your computer with them (they disguise this by having you go to a website in IE, supposedly only to set up your comcast account). The modem ignores connections from any other MAC. So you clone the MAC of your computer to the router to use it. I dunno if it actually sends it to Comcast or if it's the modem itself that knows it.

Re:Hidden SSID is not the Answer...

[sexconker]

What is your modem doing sending its WIFI MAC to the upstream DSL/ Cable router in the first place?

Many ISPs require you to tell them if you have a new MAC Address.
Access gets cut off if the modem sees a different MAC than the DSL/Cable line says it should be seeing.

Re:Hidden SSID is not the Answer...

[PoopCat]

Yes, that's fine, but why is your modem sending it's WIFI-side MAC upstream to the router, and not the router-side MAC? Does the device not have two interfaces? What am I missing here? My shitty whatever-the-hell-it-is-brand wifi DSL modem has a WIFI interface and a DSL interface with two different MACs. Pretty damn sure that centuryqwestlink doesn't know (or care) about the WIFI side.

Re:Hidden SSID is not the Answer...

[PoopCat]

*its* godsdammit. The internet has ruined me :(

Re:Hidden SSID is not the Answer...

[sexconker]

Yes, that's fine, but why is your modem sending it's WIFI-side MAC upstream to the router, and not the router-side MAC? Does the device not have two interfaces? What am I missing here? My shitty whatever-the-hell-it-is-brand wifi DSL modem has a WIFI interface and a DSL interface with two different MACs. Pretty damn sure that centuryqwestlink doesn't know (or care) about the WIFI side.

Pretty damn sure that they only reason they don't care is because they control that hardware and know it's a fixed MAC.

Your modem has a MAC address that the Cable/DSL provider registers. If you buy your own modem, you'll have to call them up and tell them the MAC.
They do this to make sure people don't fuck with shit.

Similarly, your modem expects a specific MAC address and locks out new MAC addresses. Sometimes the modem will forward this MAC on to your ISP, sometimes it does all the checking on its own. If the modem forwards the information to the ISP, then your options to get shit working if you've been locked out are: Wait for some undefined amount of time, try some reboot voodoo, or call up the ISP and have them do shit. If the modem does not forward the information to the ISP, your options to get shit working if you've been locked out are: Wait for some undefined amount of time or try some reboot voodoo.

If you have a modem that simply has a single ethernet port, that you hook up to your PC or router, then the MAC address the modem sees is that of the PC or router, and you can be locked out if you buy a new PC/router and connect that directly to the modem.
If you use one of those shitty modem+router combos, then the MAC the modem sees is fixed, and you shouldn't ever run into the issue, because the MAC never changes.

Re:Hidden SSID is not the Answer...

[PoopCat]

That's all very exciting, but a) I bought my modem from MicroCenter and qesturylink knows nothing about the WIFI side of it, and b) centuryqwest knows nothing about the WIFI side of it. So again, perhaps you can answer my question: why does your upstream ISP's router KNOW or CARE about the __WIFI__ side of your modem? And if said modem has a single ethernet port connected to , and *that* whatever has a WIFI radio, how does the ISP's router KNOW or CARE about that WIFI interface's MAC address?

You say "ISP needs to know your device's MAC to ensure people don't fuck with shit". That is not under dispute, but you seem to be conflating the WIFI interface with the ISP's connection to your modem, which are (unless you have a WISP, and somehow are communicating with said WISP _and_ local devices over the same radio) completely separate.

ISP <---------> [ISP-side (DSL or cable connection) modem WIFI] <--------> local devices (laptop, etc).

Please, tell me HOW or WHY your ISP should care about the WIFI interface there? You can't, can you? Do you even understand the question?

Re:Hidden SSID is not the Answer...

[sexconker]

Holy shit you're fucking stupid.
Your ISP will only let you use an approved modem with a registered MAC address.
This restriction can be lifted by calling your ISP.
If you have never seen this restriction, you are probably using a modem supplied by your ISP.

Your ISP will only allow that modem to communicate with a certain client MAC address.
This restriction can be lifted by waiting for X amount of time, rebooting all devices (client, router, modem), or calling your ISP.
If you have never seen this restriction, you are probably using a modem/router combo supplied by your ISP, or have never plugged in a new, powered-on client to your modem and immediately checked internet access.

The proposed solution to anonymizing your location data was to change your router's MAC address.
Many routers let you change the MAC address you present to the modem. This feature exists because people typically buy a router and want to drop it in and have it work. If the router uses its own MAC, the modem will not give it an IP address because that MAC doesn't match the MAC of the old router / computer.

Changing your MAC address in this fashion will thwart Google or others mapping your shit if the MAC presented to the modem is the same as that in the BSSID. It will also result in your internet connection being fucked every time you change it, and your ISP getting tired of your shit.

Changing your MAC address in this fashion will do nothing to thwart Google or others mapping your shit out if the MAC presented to the modem is different from that in the BSSID. It will still result in your internet connection being fucked every time you change it, and your ISP getting tired of your shit.

MAC addresses aren't magic. MAC addresses aren't fixed. MAC addresses aren't secure. Your ISP sees your MAC address. You can change the MAC address your ISP can see. The only MAC address you can change on a consumer router is the one your ISP sees. This address can indeed be the same as the one Google would see via the BSSID, but that was never the fucking point of any of the last 3847629 posts.

Re:Hidden SSID is not the Answer...

[letsief]

If your WiFi router firmware lets you change your WiFi MAC address (which the DD-WRT firmware lets you do), you could change that all the time without creating any problems with your cable modem. As long as the WAN MAC stays the same you won't have any problems.

Re:Hidden SSID is not the Answer...

[PoopCat]

Holy shit you're fucking stupid.

Ah, I was waiting for the ad hominem. You have successfully shown you have run out of ways to answer the wrong question. I suggest you re-read every message in this thread, and try to figure out how that happened.

Publically broadcasted info

[Nanosphere]

My SSID is:

Nanosphere'); Drop
Table SSIDs;--

Re:Publically broadcasted info

I would be shocked if Google doesn't sanitize their inputs.

Re:Publically broadcasted info

[halivar]

They probably learned their lesson when Little Bobby Tables signed up for G+.

Obligatory xkcd.

Re:Publically broadcasted info

... which I'm sure will work really well on the company who probably gets attacked more than all other companies combined.

Re:Publically broadcasted info

You are known as Little Bobby Tables in these parts.

Re:Publically broadcasted info

Little Nanosphere Tables we call him :)

Dont broadcast your ssid

...

The Best Solution There Is

WiFi based geolocation is extremely useful. Who cares if Google knows where an access point with a random MAC address physically is. I am broadcasting that information anyway so I obviously don't care. I don't even care if they record my SSID (which I don't think they do) because, again, I choose to broadcast that. I don't really see what the privacy concern is here. Google aren't snooping on anyone's private data (at least now they have fixed that software glitch) so it is no worse than someone writing down what you say when you yell it in the street.

Line your walls with lead

[bigtrike]

Prevent your SSID from going outside of your property and you won't have a problem, then.

The SSID isn't actually used by the service

[kakris]

Just to clarify what seems to confuse some people here, the actual service doesn't use the SSID for location, it uses the MAC address. They're using the SSID to allow you to opt out, but when someone submits WIFI info for location, they're sending the mac address of the station, not the SSID. MAC addresses are unique (or at least they're supposed to be. I'm looking at you Shanzai.) SSIDs are not unique. If they used SSIDs, you'd never be able to figure out where "linksys" or "netgear" actually are.

Re:The SSID isn't actually used by the service

Does DDWRT or Tomato VPN let you change the AP's MAC? Would it be possible to make a plugin for them that changes the AP's MAC periodically (say, once a day or week)? If so, you could effectively opt out without having to append something to your SSID.

Re:The SSID isn't actually used by the service

They do let you change the MAC. I expect it is possible to write something that automates changing the MAC address*, but at the very least you have SSH access so you can automate SSHing in and changing it.

*note that any connected computers won't like the MAC being changed, not a big deal, but it will cause some disruption when the address changes.

Re:The SSID isn't actually used by the service

[letsief]

Except that depending on your Wifi management software, some devices will see a device with the same SSID but a different MAC address as a different network, and make you manually reconnect to it.

Thats it

Im setting up a standalone (no internet connection) open wireless router with the name: Google can [expletive here]. I wonder what expletives I can spell out in a MAC address. Map that!

They've got it backwards

[KeithH]

I don't care if a visitor let's the world know that he is at or near my house. What I object to is applications tracking *my* movements.

Mobile devices typically allow users to turn this off. On my Android Xperia X10, it's under "Location and Security Settings" and has separate flags for GPS & wireless networks.

Broadcasting here...

[Todd+Knarr]

When I set up an AP I'm broadcasting the SSID to everyone in range. I know this when I set it up. It's pretty much a physical requirement of wireless that you broadcast at least it's presence. Even secured point-to-point links broadcast a signal that any receiver in range can pick up. If I care that people know my AP exists in a particular spot, I shouldn't be using a broadcast technology!

NB: getting on my wireless won't help you much. Most of the computers in my home are on the wired LAN for security and the wireless subnet does not have access to the wired LAN, only the Internet. I put my trust not in data links any joker with a Pringles-can antenna can access.

I've had it w/ Google

[GodfatherofSoul]

The privacy raping is putrid. I simply don't trust them, but I still have to wait until either another contract change (how about Slashdot post the article in time next go around?) or until April to sever all ties. I went Android because it seemed to have more favorable developer sales contracts, but I'll deal with the Apple sandbox to not have my contact info monetized.

Re:I've had it w/ Google

[poolecl]

Doesn't Apple do the same thing with WiFi location services?

Re:I've had it w/ Google

It's not like Apple is much better than Google, so I'm not sure what you'd be gaining. There's no need to ditch Android. Just use a customized version like Cyanogenmod that lets you remove all of the Google apps.

Re:I've had it w/ Google

[Bucky24]

Yeah why doesn't anyone ever talk about that? Maybe because Apple just never tells us when they take info they aren't supposed to....

COMMENT_NOMODTROLL_MODFUNNY

[alostpacket]

_nomodunderrated_nomodflamebait_modawesome_doubleawesome_kthx

Wrong!

[ThatsNotPudding]

It isn't like SIDs are personal or in any way linked to you as an individual...

My middle name of Linksys goes back six generations, you insensitive clod!

Re:Wrong!

[PoopCat]

Liar! Your middle name is Not!

Morons!

[morgauxo]

Ok, I've said it before, I'll say it again.

If you broadcast something over any radio service (part 15 wifi included) and you think it is or should be private...
YOU ARE A MORON
MORON MORON GO AWAY, RETURN TO THE NETS ANOTHER DAY (or don't).

I care so much because I don't want to see any new laws restricting the use of receivers. I don't want to see somebody's imagined (and in this case it really is imaginary) privacy rights to result in new restrictions on something that might actually have been useful.

For Sale: List of People who Opted Out

[retroworks]

Coming Soon: Opportunity to Opt Out of the Opt Out List.

what about other MAC addresses in their database?

A while back the database had the MAC address of my *laptop* in it. It's not there now, but how would I control them adding that? And why should I 'advertise' google by changing the SSID?

Perhaps online access to the database and a right-to-delete would be more like it?

Why not make it work the way DoNotCall.gov works?

[ugen]

Why not allow users to enter their MAC address on something like donottrack.google.com - and remove AP from their database based on the entered information? That would be a proper method, that would work instantly, rather than relying on periodic rescan of your general vicinity. It would also avoid having to reconfigure every computer, wireless printer and other devices on the network, having a ridiculous looking SSID and general douchebaggery.

Re:Why not make it work the way DoNotCall.gov work

[ryan420]

FTA: "As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse. Specifically, this approach helps protect against others opting out your access point without your permission."

Obviously, allowing anyone to enter any MAC address into a web field doesn't work. You'd have to validate ownership of the MAC address. How would Google do that?

Re:Why not make it work the way DoNotCall.gov work

[letsief]

What would stop Skyhook and/or Apple from sabotaging Google's database using their own lists of MAC addresses and SSIDs?

Re:Why not make it work the way DoNotCall.gov work

[ugen]

Anyone can enter any phone number into donotcall.gov - yet no one seems to be particularly bothered.
I am sure basic integrity checks (like requiring an email, and perhaps validating vs. known ssid) could be performed. However, once done - this method would be far superior.
The current method is clearly just a sham. It's ok though - I own a few APs in different locations (states) and make sure to set the same MAC address on all of them.

Re:Why not make it work the way DoNotCall.gov work

[letsief]

OK. I'm not sure what you're worried about, but you can do whatever you want to your APs. But, did you change the MAC address for the Wifi interface, or just the MAC address for the WAN interface? Most firmwares only let you change the MAC for the WAN interface.

Re:Why not make it work the way DoNotCall.gov work

Quote from the blog:
>we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse. Specifically, this approach >helps protect against others opting out your access point without your permission.