Microsoft Exposes Locations of PCs and Phones 96
suraj.sun sends this excerpt from CNET:
"Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned. The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets. Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database."
and... (Score:3)
Well... (Score:5, Funny)
Re:YES (Score:2)
Microsoft released their source code and swore that this wouldn't happen, right? RIGHT?
wut? (Score:2)
After all the lawsuits that Google had to go through, who was the genius at Microsoft that thought this was a good idea?
Re:wut? (Score:4, Informative)
Re:wut? (Score:5, Funny)
Google: I caused a screwup.
Microsoft: That's not a screwup. THIS is a screwup!
Re: (Score:2)
Well, they are trying to outdo the competition in the internet and security markets.
Re: (Score:3)
Google: I caused a screwup.
Microsoft: That's not a screwup. THIS is a screwup!
According to the article, Google and Skyhook were doing exactly this screwup as recently as last month, when CNET published an article [cnet.com] about them doing it.
Re: (Score:1)
people have been asking the same to everything microsoft did after windows xp. It's the biggest WTF company in the world.
The only reason they still exist is that it seems it takes quite a beating to kill a giant elephant.
Question... (Score:1)
Re: (Score:3)
Re: (Score:2)
ignore the dude who replied. the answer is yes, it's the same.
Re: (Score:1)
Re:Question... (Score:4, Informative)
Google was capturing the packets being broadcast within the networks themselves by other clients. So a system authenticating with a server in plain text (which happens too often) would have the authenticating information (user/password) intercepted. Depending on the view one takes of open networks, this probably violates the Electronic Communications Privacy Act, or at least its spirit.
Re: (Score:1)
how do you authenticate in plain text over wireless? sure WEP is crackable, but not clear text and requires the capture a lot of packets.
Do you mean people using a public unsecured wireless AP and authenticating to some web site over http (not https) ? hmmm
So if I am walking down a street taking photos and people have posters with their credit card details hanging, I am breaching their rights? No, they are advertising their information.
Comment removed (Score:5, Insightful)
Re: (Score:3)
Re: (Score:1)
Re: (Score:1)
If you use the free WiFi at starbucks, I can record your MAC address. Now, since your phone or other devices in your vicinity send the positions of your MAC address to Microsoft if you are using WiFi , I can query their database and it gives my your position. Depending on how often and fast it gets updated and how often you use WiFi, I can track you (assuming that there are a lot of people using microsoft phones where you are).
Re: (Score:3, Funny)
So that's not a problem. Microsoft phones are only seen at the mobile phone shops, and most of them with a mockup sticker instead of a live screen anyway.
At least here in europe. I'm yet to see a single windows phone in the wild.
Re: (Score:2)
of course. My own gps is windows ce (with the occasional ce's version of the BSOD)..
Re: (Score:2)
Where in Europe? When I was in Italy last October, WP7 was the single most common smartphone I saw on the streets, and every billboard was plastered with Italy's national telecom operator advertising it. (disclaimer: I work at MS).
Re: (Score:2)
Really, I'm yet to see any. I have NEVER seen one, and I am curious about it!
I travel regularly throughout germany, belgium, the netherlands, switzerland, france, andorra and spain. Have not seen ANY.
What I usually see is iPhones, and the occasional android.
Re: (Score:2)
> If you use the free WiFi at starbucks, I can record your MAC address.
Computer literacy test...
Question: What is your MAC address?
Answer by...
Clueless user: Duhhhh... I don't got MAC, I got Windows
Competent user: 01:23:45:67:89:ab
Expert: What do you want it to be?
And since we're at Starbuck's...
ifconfig eth0 hw ether c0:ff:ee:c0:ff:ee
Re:So? (Score:4, Insightful)
I see you on the street and decide to target you, I sniff some packets and learn your MAC address. I then use this MAC address to find where you are/have been/will be. The point is the connection between you and a set of MAC addresses is random but pretty static which can then be indexed to learn a lot about your locations.
Re: (Score:2)
Re: (Score:3)
But when you buy a computer with your credit card, or send in electronic registration you give them the personal information.
They already have the serial number and MAC address of the computer on file.
Re: (Score:2)
Exactly! If this same information was given about medications it would pass the HIPAA test. There really is nothing to see here.
Are you sure? HIPAA says:
Protected health information (PHI) under HIPAA includes any individually identifiable health information. Identifiable refers not only to data that is explicitly linked to a particular individual (that's identified information). It also includes health information with data items which reasonably could be expected to allow individual identification.
And since this database effectively turns a MAC address into a street address plotted on a map, if you had a paper with a prescription with their home access point's MAC address, I think that would be protected under HIPAA, just like if it had their home address rather than MAC address.
Re:So? (Score:5, Interesting)
All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).
Or, if I know my ex-gf's phone's or home access point's MAC address, I could find out where she moved when she told me to leave her alone and stopped answering my phone calls and emails. Makes it easier to pay her a surprise visit and convince her to take me back. Once she sees that I tracked her down and followed her halfway across the country to sit at her doorstep and wait for her to come home, she'll be bound to want me back. Fortunately, the MAC was captured from her phone while she was at work and at he gym, so I can always meet her in one of those places if she spots me at her house.
Re: (Score:2)
Re: (Score:2)
Once she sees that I tracked her down and followed her halfway across the country to sit at her doorstep and wait for her to come home, she'll be bound to want me back. Fortunately, the MAC was captured from her phone while she was at work and at he gym, so I can always meet her in one of those places if she spots me at her house.
Thanks microsoft, what a great service!
Maybe one would be able to go even a step further. - Not that you have to, your plan is so romantic that I can't imagine any woman not wanting you back. - But just for curiosity, one could check what other MAC address has a similar movement pattern, goes to the movies with her, a restaurant for 73 minutes, and then stays at her place till 7am.
Re:So? (Score:1)
What does 08:00:69:02:01:FC got that I haven't got? Why won't you love me?!
Re: (Score:2)
hey! even better, you could find out where Bill G goes, and follow him around. They might change their mind thinking this is ok after that happens a few times.
Re: (Score:2)
Your ex girlfriend's access point's MAC address is not entirely unlikely to already be searchable on wigle.net [wigle.net].
(Her client devices' MAC addresses are another story, though -- you might find out where her Linksys box lives, but you won't discover which gym she goes to.)
Re:So? (Score:5, Insightful)
Suppose that there is a method to determine (with reasonable certainty) what your wireless MAC address is.
Suppose this method is just as simple as driving by a location where you are known to be present (ie: at home) while you're using WiFi.
What then?
Or: Suppose that you have legal reasons to be paranoid, and physical access to the device by armed thugs with jackboots is only a warrant away.
What then?
Or. Suppose that an app on your phone calls home with your MAC address [android.com].
What if it also knows your phone number [android.com]?
What then?
Re: (Score:2)
The mobile data network is different from WiFi. Even if a MAC address (in the conventional sense) is used for assigning IP addresses (which I doubt -- not even IPV6 is sufficient reason for VZW (et cetera) to not NAT the hell out of everything), that MAC will not be the same as the WiFi adapter.
Two different interfaces, two different MAC addresses.
Re: (Score:2)
Or: Suppose that you have legal reasons to be paranoid, and physical access to the device by armed thugs with jackboots is only a warrant away. What then?
I find it hard to believe there would be someone that paranoid and then not take basic precautions of not broadcasting wireless network details.
Re: (Score:2)
Until today, I'd find it very easy to believe.
I myself am not very paranoid (I have no particular reason to be), but I try to remain aware. I've not really considered the notion of my WiFi widgets MAC addresses being funneled into a database.
Until -- again -- today.
Re: (Score:2)
All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).
I suspect there's one or two employers that would be tempted to search for "which of my employees are having affairs with each other" (which pairs of phones occasionally spend the night in the same location). Other searches like "who's interviewed at our competitors?", "who's potentially got an alcohol problem (phone is frequently in the pub)", "who's got medical issues", etc, would also be very possible.
Device Control (Score:1)
Re: (Score:1)
Sharing your personal information (Score:5, Funny)
LINK PLEASE (Score:1)
SOMEONE PLEASE PROVIDE A LINK!!!
Re: (Score:2)
Here it is: http://inference.location.live.com/ [live.com]
Unfortunately after signing in it doesn't work, it takes you back to your Live main page. Perhaps they took it down after realizing it was a bad idea ...
Can someone confirm?
Re: (Score:3, Informative)
Re: (Score:2)
Long before MS, Google, or Skyhook wardrivers have been working in concert on their own time and dime to contribute over 40 million geolocated networks worldwide. A few thousand of those were first done by me in fact, though I haven't contributed in years.
Re: (Score:2)
Re: (Score:1)
Isn't this just being more honest? (Score:3, Insightful)
Slapping around the face... (Score:1)
I seem to be missing something. (Score:2)
Ok, why does Google, Microsoft, and others map out Wi-Fi locations?
I'm at a loss here, it's not like they are only mapping out public Wi-Fi.
Re: (Score:1)
Because when used correctly, it allows a device without a GPS to do GPS-like things, like finding its location on a map or pull up a list of local services.
Re: (Score:2)
So they are relying on my neighbors Wi-Fi signal to figure out where I am?
That sounds pretty dumb. Besides that afaik that is already done with cell phone tower triangulation. Private hotspots sounds like too much of a variable to me.
Besides, how many Wi-Fi capable devices are out there that have a GPS function but no GPS?
I know my last phone did that, but it was kinda old, it got it's location from the cell phone towers.
Re: (Score:1)
Re: (Score:3)
In fact it works pretty well, well enough for their purposes. They don't need enough precision to drop a bomb on you, rather they need just enough to know what neighborhood you're in, so they can target you with ads for local pizza joint you may not have heard of.
Or region-lock DRMed content against you.
Coming soon: laws requiring content providers to filter access based on location of the recipient, such as not serving pornographic content to computers on school property. Like the "drug free zone" around schools, except it's a "porn free zone", and it's mapped out on Google.
Because if such databases are built, considered accurate enough, and are freely accessible, you're going to be expected to check against them as due diligence.
Re: (Score:1)
Re: (Score:2)
Besides, how many Wi-Fi capable devices are out there that have a GPS function but no GPS?
Almost every laptop in existence?
Re: (Score:2)
Cell tower triangulation is pretty poor when done with on your phone. You'll only be able to pin your location within a few blocks. In an urban area, a few wifi hotspots will pin you within 100m fairly easily. Especially since wifi doesn't travel very far, just finding a known wifi signal is enough to know you're within about 100m of it. Especially handy indoors, eg a mall or at home, where you'll have those known locations.
Remember the big issue where the iphone cached known locations? That was a really ni
Re: (Score:2)
Targeted ads.
Re: (Score:2)
They get that via IP address.
Re: (Score:2)
To some degree. It's not all that accurate. Where I live - in a rural town of about 6,000, my IP shows me as being about 50 miles away. If you live in a major city, you can get more than a city name with other forms of geolocation - you can get a neighborhood.
If I go to Google (logged in) and type plumber - I get the ones that are near where my profile says I am, and not where my IP says I am. It's a lot more useful. Plus, Google Maps on my iPod touch always shows me where I am almost to the street int
Yet... (Score:1)
Re: (Score:3)
Feel free to take the stereo too. (Score:1)
Re: (Score:2)
Time for a protocol update (Score:3)
It sounds like we're due for a protocol change where these addresses are updated to prevent long-term tracking. Give the operator the choice of static or randomized. Some work would have to be done to ensure devices would continue to correctly identify a network they've previously connected to. But some of those details ignored, I think everyone gets my point here. The thing here is which I don't get is that the broadcast id of these routers isn't typically available to anyone intercepting your IP traffic. So this database won't help someone find you unless your machine has been compromised. Perhaps one solution is to have network hardware watch for the Ids but hide them from the OS. That would prevent a compromised machine from revealing its location while at the same time allowing for the broadcast Id to useful for assisted GPS. I'd be a little sad if we lost the awesome navigational benefits due to privacy concerns without first considering protocol/implementation fixes to address the concerns.
One great example is indoor maps. You can get maps for the inside of a mall now as part of your smartphone's map app. You just zoom in on the mall and it turns into an indoor map. Without the wifi, you're not going to have an accurate location marker inside.
Access to the database (Score:1)
Microsoft has not taken any measures to curb access to its database
So? Why bother? If it's Microsoft security, then what difference would it make?