Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Microsoft Networking Privacy Security The Internet Wireless Networking News Your Rights Online

Microsoft Exposes Locations of PCs and Phones 96

Posted by Soulskill
from the keeping-up-with-the-googses dept.
suraj.sun sends this excerpt from CNET: "Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned. The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets. Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database."
This discussion has been archived. No new comments can be posted.

Microsoft Exposes Locations of PCs and Phones

Comments Filter:
  • by datapharmer (1099455) on Friday July 29, 2011 @01:17PM (#36924718) Homepage
    we're surprised?
  • by RenHoek (101570)

    After all the lawsuits that Google had to go through, who was the genius at Microsoft that thought this was a good idea?

  • Isn't this similar to what Google is being sued over? Though Google didn't make it publicly available and came forth stating they goofed, they still are in court over the WiFi info collection incident. Where do we sign up for the Class Action against M$?!
    • No, it was the other data they captured while it was going through the wireless networks that got Google in big trouble.
    • by poetmatt (793785)

      ignore the dude who replied. the answer is yes, it's the same.

      • by Anonymous Coward
        How could it be the same? Google accidentally captured packets. Microsoft simply captured location / MAC address (which was what Google was supposed to be doing). Google got sued in multiple places because of the packet capture. It is not even remotely the same.
      • Re:Question... (Score:4, Informative)

        by ElectricTurtle (1171201) on Friday July 29, 2011 @02:13PM (#36925598)
        Ignore the idiot who doesn't know where his shift key is. It's not the same. Most wireless networks broadcast a beacon signal that informs nearby receivers the name of the network and other information. Triangulating this signal which is public in its very nature is neither illegal nor unethical.

        Google was capturing the packets being broadcast within the networks themselves by other clients. So a system authenticating with a server in plain text (which happens too often) would have the authenticating information (user/password) intercepted. Depending on the view one takes of open networks, this probably violates the Electronic Communications Privacy Act, or at least its spirit.
        • how do you authenticate in plain text over wireless? sure WEP is crackable, but not clear text and requires the capture a lot of packets.
          Do you mean people using a public unsecured wireless AP and authenticating to some web site over http (not https) ? hmmm
          So if I am walking down a street taking photos and people have posters with their credit card details hanging, I am breaching their rights? No, they are advertising their information.

  • So? (Score:5, Insightful)

    by YodasEvilTwin (2014446) on Friday July 29, 2011 @01:21PM (#36924804) Homepage
    All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).
    • It would tell you if they were a Dell customer, e.g. It would tell you what kind of device it was, and where it went...
    • by Anonymous Coward

      If you use the free WiFi at starbucks, I can record your MAC address. Now, since your phone or other devices in your vicinity send the positions of your MAC address to Microsoft if you are using WiFi , I can query their database and it gives my your position. Depending on how often and fast it gets updated and how often you use WiFi, I can track you (assuming that there are a lot of people using microsoft phones where you are).

      • Re: (Score:3, Funny)

        So that's not a problem. Microsoft phones are only seen at the mobile phone shops, and most of them with a mockup sticker instead of a live screen anyway.

        At least here in europe. I'm yet to see a single windows phone in the wild.

        • by ljw1004 (764174)

          Where in Europe? When I was in Italy last October, WP7 was the single most common smartphone I saw on the streets, and every billboard was plastered with Italy's national telecom operator advertising it. (disclaimer: I work at MS).

          • Really, I'm yet to see any. I have NEVER seen one, and I am curious about it!

            I travel regularly throughout germany, belgium, the netherlands, switzerland, france, andorra and spain. Have not seen ANY.

            What I usually see is iPhones, and the occasional android.

      • > If you use the free WiFi at starbucks, I can record your MAC address.

        Computer literacy test...
        Question: What is your MAC address?
        Answer by...

        Clueless user: Duhhhh... I don't got MAC, I got Windows

        Competent user: 01:23:45:67:89:ab

        Expert: What do you want it to be?

        And since we're at Starbuck's...
        ifconfig eth0 hw ether c0:ff:ee:c0:ff:ee

    • Re:So? (Score:4, Insightful)

      by John.P.Jones (601028) on Friday July 29, 2011 @01:31PM (#36924984)

      I see you on the street and decide to target you, I sniff some packets and learn your MAC address. I then use this MAC address to find where you are/have been/will be. The point is the connection between you and a set of MAC addresses is random but pretty static which can then be indexed to learn a lot about your locations.

    • Your MAC address can be divined through online interactions with people. It's feasible that the boogeyman called the cyber stalker could use this information to find you physically. This news is far more worrying than themobile devices that kept a local cache of locations you had been. Most of the hand wringing surrounding that were that someone could get your phone and discover your movement patterns. In that case, someone would have to be physically by you anyway to get your phone. This allows someone [th
    • by blindbat (189141)

      But when you buy a computer with your credit card, or send in electronic registration you give them the personal information.

      They already have the serial number and MAC address of the computer on file.

    • Re:So? (Score:5, Interesting)

      by hawguy (1600213) on Friday July 29, 2011 @02:40PM (#36925964)

      All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).

      Or, if I know my ex-gf's phone's or home access point's MAC address, I could find out where she moved when she told me to leave her alone and stopped answering my phone calls and emails. Makes it easier to pay her a surprise visit and convince her to take me back. Once she sees that I tracked her down and followed her halfway across the country to sit at her doorstep and wait for her to come home, she'll be bound to want me back. Fortunately, the MAC was captured from her phone while she was at work and at he gym, so I can always meet her in one of those places if she spots me at her house.

      • perhaps if you MAC'ed on her some more she would be persuaded by your leet skills /veal!
      • by formfeed (703859)

        Once she sees that I tracked her down and followed her halfway across the country to sit at her doorstep and wait for her to come home, she'll be bound to want me back. Fortunately, the MAC was captured from her phone while she was at work and at he gym, so I can always meet her in one of those places if she spots me at her house.

        Thanks microsoft, what a great service!
        Maybe one would be able to go even a step further. - Not that you have to, your plan is so romantic that I can't imagine any woman not wanting you back. - But just for curiosity, one could check what other MAC address has a similar movement pattern, goes to the movies with her, a restaurant for 73 minutes, and then stays at her place till 7am.

        • by Anonymous Coward

          What does 08:00:69:02:01:FC got that I haven't got? Why won't you love me?!

        • by gbjbaanb (229885)

          hey! even better, you could find out where Bill G goes, and follow him around. They might change their mind thinking this is ok after that happens a few times.

      • by adolf (21054)

        Your ex girlfriend's access point's MAC address is not entirely unlikely to already be searchable on wigle.net [wigle.net].

        (Her client devices' MAC addresses are another story, though -- you might find out where her Linksys box lives, but you won't discover which gym she goes to.)

    • Re:So? (Score:5, Insightful)

      by adolf (21054) <flodadolf@gmail.com> on Friday July 29, 2011 @03:06PM (#36926298) Journal

      So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing

      Suppose that there is a method to determine (with reasonable certainty) what your wireless MAC address is.

      Suppose this method is just as simple as driving by a location where you are known to be present (ie: at home) while you're using WiFi.

      What then?

      Or: Suppose that you have legal reasons to be paranoid, and physical access to the device by armed thugs with jackboots is only a warrant away.

      What then?

      Or. Suppose that an app on your phone calls home with your MAC address [android.com].

      What if it also knows your phone number [android.com]?

      What then?

      • by bloodhawk (813939)

        Or: Suppose that you have legal reasons to be paranoid, and physical access to the device by armed thugs with jackboots is only a warrant away. What then?

        I find it hard to believe there would be someone that paranoid and then not take basic precautions of not broadcasting wireless network details.

        • by adolf (21054)

          Until today, I'd find it very easy to believe.

          I myself am not very paranoid (I have no particular reason to be), but I try to remain aware. I've not really considered the notion of my WiFi widgets MAC addresses being funneled into a database.

          Until -- again -- today.

    • by williamhb (758070)

      All the full article really says is that someone could tie a MAC address to a location. So? Knowing your MAC address gives me almost no information about you -- nothing personally identifiable, anyways, unless I have an unrelated method of attaching your MAC to you personally (such as having physical access to your phone...). So the information is entirely useless for someone trying to invade your privacy, unless there's something I'm missing (that wasn't included in the article).

      I suspect there's one or two employers that would be tempted to search for "which of my employees are having affairs with each other" (which pairs of phones occasionally spend the night in the same location). Other searches like "who's interviewed at our competitors?", "who's potentially got an alcohol problem (phone is frequently in the pub)", "who's got medical issues", etc, would also be very possible.

  • It would be nice if devices had the ability to limit the GPS accuracy for all applications. Something that would allow them to return circular (Spherical?) regions that are defined to fall on a LAT/LON boundry so it doesn't place you in the center of the circle. Have the lowest region be exact LAT/LON, then 100 meters, 1km, 10km, 100km and off. This would only be helpful if the device itself did it to prevent companies with no common sense from doing this.
  • by DickBreath (207180) on Friday July 29, 2011 @01:29PM (#36924942) Homepage
    Sharing your personal information is part of Microsoft's efforts to be more open.
  • None of the articles covering this include a link to the alleged maps, and I can't find it on the web.
    SOMEONE PLEASE PROVIDE A LINK!!!
    • Chill the fuck out. If you read the article, you will notice about halfway through they do provide it, they just didn't explicitly link to it.

      Here it is: http://inference.location.live.com/ [live.com]

      Unfortunately after signing in it doesn't work, it takes you back to your Live main page. Perhaps they took it down after realizing it was a bad idea ...

      Can someone confirm?

      • Re: (Score:3, Informative)

        Yes. It's a bad idea.
      • In case MS does take theirs down, don't forget the biggest and oldest community-built database of wireless networks: Wigle.net [wigle.net]

        Long before MS, Google, or Skyhook wardrivers have been working in concert on their own time and dime to contribute over 40 million geolocated networks worldwide. A few thousand of those were first done by me in fact, though I haven't contributed in years.
      • by MikeURL (890801)
        Confirmed here, it is just taking me to the main live page.
  • by m50d (797211) on Friday July 29, 2011 @01:36PM (#36925058) Homepage Journal
    The only difference is that MS are letting us see what they have. Google have collected the same data and more. (And bear in mind anyone with a fleet of vans could do the same). When it comes to violating my privacy, I don't think I have more faith in any of these companies than I do in random strangers on the internet.
  • ... with an old herring. They deserve it.
  • Ok, why does Google, Microsoft, and others map out Wi-Fi locations?

    I'm at a loss here, it's not like they are only mapping out public Wi-Fi.

    • by Anonymous Coward

      Because when used correctly, it allows a device without a GPS to do GPS-like things, like finding its location on a map or pull up a list of local services.

      • by Jeng (926980)

        So they are relying on my neighbors Wi-Fi signal to figure out where I am?

        That sounds pretty dumb. Besides that afaik that is already done with cell phone tower triangulation. Private hotspots sounds like too much of a variable to me.

        Besides, how many Wi-Fi capable devices are out there that have a GPS function but no GPS?

        I know my last phone did that, but it was kinda old, it got it's location from the cell phone towers.

        • In fact it works pretty well, well enough for their purposes. They don't need enough precision to drop a bomb on you, rather they need just enough to know what neighborhood you're in, so they can target you with ads for local pizza joint you may not have heard of. Also, I have an iPad with a cell radio and WiFi, and the location feature works better with both radios enabled than with either one separately. With both enabled the locator is often accurate enough to nail what parking spot my car is in.
          • by HTH NE1 (675604)

            In fact it works pretty well, well enough for their purposes. They don't need enough precision to drop a bomb on you, rather they need just enough to know what neighborhood you're in, so they can target you with ads for local pizza joint you may not have heard of.

            Or region-lock DRMed content against you.

            Coming soon: laws requiring content providers to filter access based on location of the recipient, such as not serving pornographic content to computers on school property. Like the "drug free zone" around schools, except it's a "porn free zone", and it's mapped out on Google.

            Because if such databases are built, considered accurate enough, and are freely accessible, you're going to be expected to check against them as due diligence.

            • Ooo, very nasty. I had not considered that application. But yeah, the accuracy is good enough that sport teams could for instance disable streaming of live feeds of their games within the home city if the game isn't sold out. Or charge you to watch it while letting people elsewhere continue to watch it free.
        • by PitaBred (632671)

          Besides, how many Wi-Fi capable devices are out there that have a GPS function but no GPS?

          Almost every laptop in existence?

        • by Mia'cova (691309)

          Cell tower triangulation is pretty poor when done with on your phone. You'll only be able to pin your location within a few blocks. In an urban area, a few wifi hotspots will pin you within 100m fairly easily. Especially since wifi doesn't travel very far, just finding a known wifi signal is enough to know you're within about 100m of it. Especially handy indoors, eg a mall or at home, where you'll have those known locations.

          Remember the big issue where the iphone cached known locations? That was a really ni

    • by omnichad (1198475)

      Targeted ads.

      • by Jeng (926980)

        They get that via IP address.

        • by omnichad (1198475)

          To some degree. It's not all that accurate. Where I live - in a rural town of about 6,000, my IP shows me as being about 50 miles away. If you live in a major city, you can get more than a city name with other forms of geolocation - you can get a neighborhood.

          If I go to Google (logged in) and type plumber - I get the ones that are near where my profile says I am, and not where my IP says I am. It's a lot more useful. Plus, Google Maps on my iPod touch always shows me where I am almost to the street int

  • by trum4n (982031)
    People bitched up a fever when it was google.
    • Well, to an extent, Google is supposed to be the good company that still has a soul. We all know Microsoft is the evil empire that would do this sort of thing.
  • Sounds like a burglar's christmas wish come true. Assuming the burglar doesn't post his actions to facebook, I think the privacy implications for this are far worse than what Google's streetview has done.
    • by CycleMan (638982)
      Depends whether the burglar has a phone giving location info to Microsoft. Then it becomes a local police department's IT team's dream come true. Fingerprints that point to where he was when, which can be aligned with a matrix of known burglaries, and now he's plausibly connected to other crimes. Unfortunately, for them to catch this one burglar, they'll have to start tracking all of us all the time, and someone will wise up enough to steal someone else's phone and carry it to several crime scenes... I'l
  • by Mia'cova (691309) on Friday July 29, 2011 @05:18PM (#36928372)

    It sounds like we're due for a protocol change where these addresses are updated to prevent long-term tracking. Give the operator the choice of static or randomized. Some work would have to be done to ensure devices would continue to correctly identify a network they've previously connected to. But some of those details ignored, I think everyone gets my point here. The thing here is which I don't get is that the broadcast id of these routers isn't typically available to anyone intercepting your IP traffic. So this database won't help someone find you unless your machine has been compromised. Perhaps one solution is to have network hardware watch for the Ids but hide them from the OS. That would prevent a compromised machine from revealing its location while at the same time allowing for the broadcast Id to useful for assisted GPS. I'd be a little sad if we lost the awesome navigational benefits due to privacy concerns without first considering protocol/implementation fixes to address the concerns.

    One great example is indoor maps. You can get maps for the inside of a mall now as part of your smartphone's map app. You just zoom in on the mall and it turns into an indoor map. Without the wifi, you're not going to have an accurate location marker inside.

  • Microsoft has not taken any measures to curb access to its database

    So? Why bother? If it's Microsoft security, then what difference would it make?

: is not an identifier

Working...