OpenWLANMap: Free WLAN-Based GPS Replacement

flok writes "There are a couple of commercial products which can tell you where you are by the MAC addresses of access points in your neighbourhood. E.g. the iphone uses a system like this. There's now an open offering for this: OpenWLANMap. With this website, you can enter your access point mac address with your GPS location and then others can use that to navigate. There is also an app for your mobile which automatically enters this data, and you can upload data from e.g. Airomap and other wardriving applications."

Re:great stuff for locating

[acariquara]

Right, in the middle of the Amazon, I presume?

Re:Google

[olsmeister]

No, this is voluntary.

Better project

There's already a better project.
http://wigle.net/

Re:Better project

[LordNightwalker]

Wigle it, just a little bit?

Re:Better project

[DarkRat]

why do these websites have to be so damn ugly? I've seen nicer sites in the 90s

Re:Google

[Bearhouse]

No; your SSID & MAC are broadcast, so you hardly claim it's private data. This was supposed to be the only data they collected.
The idea was that - together with its GPS location, (that they supplied and recorded) - you would then be able to know approximately where you were just from the SSID & MAC.
The problem was, they "accidently" collected a shitload of additional data, (from 'open' networks).

http://techcrunch.com/2010/05/14/google-admits-to-accidentally-collecting-personal-data-with-street-view-cars/

Re:Google

[LordNightwalker]

No, this is voluntary.

From the summary:

There is also an app for your mobile which automatically enters this data, and you can upload data from e.g. Airomap and other wardriving applications.

So yes, it's voluntary for the person collecting and uploading this data, just as it was a voluntary decision on Google's part. It is however not at all voluntary for the people who own the AP's whose data are being collected.

MAC Address Spoofing

[stepdown]

It's pretty trivial to spoof a MAC address, should be easy to fool users if it's a simple list of MACs and coordinates?

Re:MAC Address Spoofing

[QuasiSteve]

Yep, if the software relies on a single AP to tell you that you're in Nowheresville because that's the only AP it has on file for it, and you're in Someotherhamlet that has no APs on file, and you set up there with your AP spoofing the Nowheresville one, people visiting Someotherhamlet will be utterly confused about why their devices are telling them they're in Nowheresville. Pretty trivial.

Good luck trying that in a more data-rich environment, though. You'd have to spoof the multiple APs of place A, attenuate them appropriately AND somehow gain precedence (by way of a confidence metric) over the existing ones that lead the software to conclude it's in place B.

Re:MAC Address Spoofing

[BasilBrush]

Yes it has to be robust enough to cope with this - never mind the spoofing, there's the fact that people move and take their wifi routers with them.

Re:MAC Address Spoofing

[SQLGuru]

Actually, this would be more interesting to set up multiple routers with a New York MAC, a Los Angeles MAC, a Tokyo MAC, and a London MAC. That way no one can pinpoint your location with this technology. Instant stealth mode.

Already exists

[robertkeizer]

WiGLE.net already exists. In fact it is fairly trivial to scrape information off of their site as well, although they make no guarantees of any kind of stable API whatsoever. They also have an android app for wardriving.

This is useless mental masturbation

1) It won't work when there is a local electrical power outage.

2) When people move ( they do this, and quite often these days )
          their AP will no longer be "there".

3) A real GPS which uses both GLONASS and the US GPS sats is
          trivially cheap to buy and will work in any situation short of all out
          nuclear war.

Re:This is useless mental masturbation

[Chris+Hodges]

But a "real GPS" isn't great in urban areas - precisely where there are the most APs to get a location from (and which tend to have reasonable power uptimes). With a reasonable number of users of the app it should be possible to keep the db reasonably up to date, and if you have 3 APs matching to London, and one to Oxford, it's not that hard to know which one to ignore (or you go from one city to another in a few seconds).

Re:This is useless mental masturbation

[DerekLyons]

But a "real GPS" isn't great in urban areas - precisely where there are the most APs to get a location from (and which tend to have reasonable power uptimes).

That's only true if you limit your definition of "urban" to "dense high rise city cores (where GPS signals are blocked)", which is an infinitesimally small fraction of the area usually described as "urban" and an invisibly small fraction of the total land area of pretty much any country. There's also an awful lot of us who live where WLAN 'coverage' is at best limited to major arterials, and at worst is spare to non-existent. (The nearest point to my house on Wingle is over a mile away - and I don't exactly live in flyover land.) Another thing to consider is that GPS coverage is global and (with a maximum five minute wait to download the latest emphemis, even though the old one is probably good enough) always 100% up-to-date, while WLAN maps are only as good as the last update...
 
So, the OP is 'mostly correct'. There isn't a one size fits all solution - but GPS is a 90% or better solution for most people, most of the time.

Re:This is useless mental masturbation

[Haegar]

The biggest problem with GPS is that it does not work inside a building.

With dense enough Wifi AP mapping you are able to still at least point to the right house/street.

Re:This is useless mental masturbation

[Chris+Hodges]

That's a good point, but to my mind the real test will be how well this integrates with GPS for the receiver - in my experience although the urban canyons are fairly small areas, they are almost by definition quite highly travelled, and there are much larger urban areas where the GPS is patchy - maybe all right for driving in the middle of the street, but walking next to the bulidings with half the sky blocked is a different matter. Of course, as most mobile navigation devices now have wifi built in, it's an extra tool in the box without too much effort.

What the hell?

[fustakrakich]

Just paint a target on your AP for the bombers... and/or SWAT teams.

Re:Google

[fazey]

so what you're saying is... they accidentally the whole thing?

openbmap has done this since 2009

[ssam]

and they offer full database dumps.
http://openbmap.org/

Google has an API to their data

[eladts]

Which is used by Chrome and Firefox to provide w3C geolocation support. You can call like the following example:

> curl "https://maps.googleapis.com/maps/api/browserlocation/json?browser=firefox&sensor=true&wifi=mac:00-14-bf-28-80-69|ssid:10160|ss:-26&wifi=mac:00-26-50-38-ca-11|ssid:2WIRE084|ss:-69"

{
"accuracy" : 27.0,
"location" : {
"lat" : 37.32097479999999,
"lng" : -122.0276630
},
"status" : "OK"
}

Re:Google has an API to their data

[ssam]

i am sure a lot of people would be grateful for a database dump they could download, so that a) that can figure out where they are without incurring data charges, b) without uploading details about their location to a website. in that case the openbmap database dumps look good.

Re:Google has an API to their data

[eladts]

The problem is that without (b), there is no way to maintain a comprehensive and up to date database.

Re:Google has an API to their data

[ssam]

i might not mind manually turning on logging, and then uploading the data somewhere after a few weeks with the date and time stripped out.

Re:MOD PARENT UP

[sschneebeli]

Wow. That indeed looks like a way more advanced project...

free iphones!

[Thud457]

More likely they'd spoof that you're at Starbucks while in reality it's Muggers Alley.

Re:Google

[chispito]

So yes, it's voluntary for the person collecting and uploading this data, just as it was a voluntary decision on Google's part. It is however not at all voluntary for the people who own the AP's whose data are being collected.

Sure, it's voluntary. Don't want people to know your MAC address/SSID for some obscure reason? There are other options: http://www.amazon.com/TP-Link-TL-R860-Cable-Router-Office/dp/B003CFATSS/

Re:Nobody should contribute

[dolmen.fr]

Nobody should contribute to a database that doesn't specify the license right on the front page. This site doesn't mention the license on the entire site. IOW, this is another "open" project that is anything but.

+1

Re:Google

[LordNightwalker]

Which is great, but your average Joe doesn't know about that; most still run "Linksys" or whatever as their ESSIDs. Heck, I didn't know about the _nomap tag. Sure makes your ESSID look ugly, btw. Anyway, two flaws: requires uncommon knowledge, it's opt-out instead of opt-in.

That being said: I fail to see the problem, but haven't given it much thought either. As far as I'm concerned, you bought a device that you know broadcasts radio waves to do its thing. You know radio waves don't stop at the boundaries of your house/garden. Therefore, you know it's already known by your neighbours. What's the problem if some info about it, that can't be used to identify you in any way, ends up in a database that helps cellphones get their geographic position without turning on the GPS chip?

Still, if Google got in trouble over this, the same should apply to anyone else doing the same thing. Otherwise, you're just unfairly targetting certain companies while giving others a free pass.