Microsoft Curbs Wi-Fi Location Database

suraj.sun writes "Microsoft has ceased publishing the estimated locations of millions of laptops, cell phones, and other devices with Wi-Fi connections around the world after a CNET article on Friday highlighted privacy concerns. The decision to rework Live.com's geolocation service comes following scrutiny of the way Microsoft made available its database assembled by both Windows Phone 7 phones and what the company calls 'managed driving' by Street View-like vehicles that record Wi-Fi signals accessible from public roads. Every Wi-Fi device has a unique ID, sometimes called a MAC address, that cannot normally be changed."

Published?

[SoupGuru]

Did Google even publish their wifi data? I hope Microsoft gets the same attention Google is getting.

Re:

[mike_c999]

Yes they Did.
http://news.cnet.com/8301-31921_3-20070742-281/exclusive-googles-web-mapping-can-track-your-phone/?tag=mncol;txt [cnet.com]

Re:

[Timmmm]

No they didn't. They never published a database of MAC address locations. They just allowed you to look up the location of specific MAC addresses. They must still have that, otherwise how does wifi location still work?

Re:

[Marc_Hawke]

I was under the impression that Google (maybe I mean 'Android') just licensed someone else's database for their WiFi location.

http://en.wikipedia.org/wiki/Skyhook_Wireless [wikipedia.org]

Re:

[Timmmm]

Nope. They use (well they used to use) streetview cars (remember that mountain-out-of-molehills story about google hacking wifi?). Now I believe they just use the Android phones themselves to build the database.

Re:

[donatzsky]

You're probably thinking of Apple. They used to use Skyhook, but then decided to use their own tech.

Re:

[ADRA]

They did, but after they started to run streetview, they also began (at some point thereafter?) Wifi access point analysis as well. I'd imagine by this point they've completely supplanted their prior skyhook feeds.

Re:

[Sparks23]

No, Skyhook's definitely not the technology under the hood. In fact, Motorola replaced Google's built-in geolocation with Skyhook on their Android handsets, but Google pitched a fit about this. And so Motorola dropped Skyhook again and returned to Google's geolocation system, and Skyhook sued Google [searchengineland.com].

Re:

[whiteboy86]

Wait a moment.. Why are they keeping such a database? Am I missing something? It looks like the biggest privacy violation in years..

Re:

[Anonymous Coward]

"Microsoft has collected ... and makes them available on the Web without taking the privacy precautions that competitors have"
"Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database"
"Google tightened controls last month in response to a June 15 CNET article"
"Skyhook uses a limited form of geolocation to protect privacy"

Re:

[Baloroth]

Apparently, they did, but not any more. But I don't really see this as being an issue. All of them are only collecting information about wireless devices functioning as access points. That information has been gathered through "cloudsourcing" for years. I remember seeing a site with that information listed about 2-3 years ago, although in retrospect I'm not sure if it listed MAC addresses or not. Point is, the information is absolutely and in no way or means private. You publicly broadcast your MAC address

Re:

[hedwards]

It's like most things it can be used for good or for evil. It's really helpful in terms of routing you to the proper CDN so that the backbone capacity can be freed up for things that genuinely need to be routed over it. But by the same token it can be used in the fashion you're indicated like with region restrictions on game purchases.

Re:

[Hatta]

You don't need to know someone's physical location for that, just their location in the network. Traceroute to both CDNs, use the one with the fewest hops. Problem solved.

Re:

[somersault]

This is nothing to do with IP addresses.. it would work even if IP addresses were randomised every second. All you need are GPS co-ordinates and SSIDs/MAC addresses.

It's also not about restricting access to only local services, though it is used that way in advertising (which is much better than having an advert for a restaurant 2000 miles away).

This type of thing is very useful if you need to find your location using a device that has Wi-Fi, but no GPS. A lot of phones have GPS these days, but many still d

Re:

[icebraining]

SSIDs can't be used for the purpose - I've seen too many APs in each others' range with the same SSID (usually "linksys" or "SMC").

Re:

[Kalriath]

You can use the BSSID though.

MAC addresses

[Joe U]

You know, if everyone on Slashdot changed their WiFi MAC address on the same day most of the Geo services would have a fit.

Especially if they all changed them to addresses already in use. I did it a few times, I would watch the ipod map have a fit and throw me around the country a few times, mildly entertaining.

Re:

[jmd_akbar]

Why do i have a recollection of reading somewhere that MAC addresses are permanent and any change to them via any software would be reverted on the next system reboot or refresh???

Re:

[blane.bramble]

Yes, the MAC address is normally burned into the card (although it may be changeable when flashing the firmware). However, some drivers allow you to specify a MAC address, thus when you load the driver (and activate the card), the MAC address is over-ridden. You might want to do this (for instance) to associate a specific MAC address with a specific PC, not the network card inside it, so if the NIC is replaced, the PC retains the same MAC address.

Re:

[idontgno]

Yeah, the MAC in the network interface is more advisory than mandatory. In all the implementations I've seen, the OS network stack asks the network adapter what it thinks its MAC address is and uses that to do Layer-2 addressing, unless there's an OS configuration item to tell the OS to use some other value. As far as I know, the NIC doesn't really care what address is in the Ethernet header (for instance).

Some really old network adapters don't even have assigned MAC addresses or the hardware to store it; y

Re:

[Amouth]

also useful because not all MAC's are unique.. the larger the network the more likely a collision, personally I've seen several over the years.

Re:

[ADRA]

Well, every manufacturer gets a huge block of MAC's and should be releasing them uniquely, so if you ever get collisions it likely that you're:

1. A device manufacturer who's business among other things is to assign the MAC addresses of devices you produce
2. Have a habbit of changing MAC addresses for some bazaar reason
3. Using certain flavors of failover where the NIC's are paired on MAC level

Re:

[Amouth]

nope - Just a sys admin..

remember that while every manufacturer gets a huge block - that block is not enough for each device to be unique for the larger players. and i believe it was only in the last 10 years they started to allow a company to have more than one block.

considering that dupe MAC's only cause problems at the layer 2 level and there for on the directly connected network - having them use the same MAC on more than once device is not a problem.. until the odds catch up and the same customer ends

Re:

[vux984]

these days a lot of consumer routers have a "clone mac" feature, since you often have to register you mac with your ISP to get a dhcp address.

They you buy a router, and it doesn't work, because the ISP will only hand your PCs mac an address, so they came up with clone-mac, so that via the web interface to the router you can have it take the mac address of your pc, and set that as the mac address on the wan iterface of the router.

A couple years later you replace the router, and do it again.

And at the end of

Re:

[donaldm]

While the MAC address burned into the network card is permanent it is possible to spoof a MAC address. See here [blogspot.com]. In fact this type of thing is commonly used in clustering and also when using multiple NIC's for redundancy although in this case you present a common MAC address to the network switch so that if a card fails the MAC address presented to the switch does not change.

Re:

[donaldm]

I was coming home by train in Sydney Australia and checked my position via Google Maps. I was surprised to find that my map changed to a world map and it flipped me to Rome in Italy. I even tried switching on my GPS and still ended up in Rome so I switched to street views and they were of Rome and yes it was entertaining.

Can't normaly be changed?

[g0es]

Really? Last time I checked even most windows NIC drivers allowed you to change the MAC address. Granted it's still set on the card for this purpose it could be adjusted pretty easily.

Re:

[ifrag]

Spoofing should be enough to stay somewhat anonymous in terms of what Microsoft is doing. As long as whatever is accumulating the data gets an address that changes over time. I don't think there's any need to actually be able to change whatever is burned in.

Re:

[NoNonAlphaCharsHere]

Tried that on a phone or tablet have you?

Re:

[beanpoppa]

Except the article is talking about MS's published database, which is the MAC addresses of IEEE 802.11 devices in infrastructure mode. Not tablets or phones.

Re:

[NoNonAlphaCharsHere]

What part of "millions of laptops, cell phones, and other devices with Wi-Fi connections" wasn't clear to you?

patent

[gbjbaanb]

Is it me, or am I reading patent ideas into everything now?

Why didn't Google patent the street-view car concept and thus demand licences from Microsoft for copying yet another of their innovations.

Re:

[w_dragon]

Because patent battles between large companies that actually have income are only good for the lawyers. Google sues MS over street-view, MS sues Google over Chrome OS, or Google Chat, GMail, Google Docs, or any other service where MS had something similar first and probably has a bunch of patents that are good enough to at least drag out a court battle for a long time. Works the other way too, of course. Bing probably steps on a couple of Google's patents. You rarely see big tech companies go around sui

Tough.

[Phreakiture]

I say tough. Neither Microsoft nor Google are doing anything here that couldn't also be done by anyone with the resources. I suspect that a crowdsourced project to accomplish this end might also be feasible.

From wardriving, I've been able to put together a pretty good timeline of where I was and when whenever Kismet was running, and that's without having a GPS receiver connected to the computer. It's out there in the public view; deal with it.

If you do not like this, then the suggestion I would have is n

Re:

[cavreader]

Technology is released for technology sakes and to make loads of money before someone else beats you to market. Only afterwards do people start worrying about any possible privacy issues or other potential consequences. Barn door meet horse. Anyone expecting total privacy in today's world is wasting their time while simultaneously being annoying as hell in their constant shrieking and denunciations of "Big Brother" and the loss of their "rights". Even without an IP/MAC address look up database if someone is

Re:

[Phreakiture]

Good point.

About ten years ago, when Verizon first came into being, there was a forum put up at verizonreallysucks.com. I posted there a lot.

One day, my phone rang. It was the owner of the site, and he wanted to make me aware that someone who held an opposing view to mine had posted my phone number, but that he had redacted it for me. We had a good, long chat, and when we were back off the phone, I got on-line and posted a response basically mocking him for figuring out how to use a phone book, and the

Re:

[peterbye]

Look at the output of 'iwlist scan' on a wireless linux box.
First line of each cell looks like very much like a MAC address to me.

Dumbed down

[EthanV2]

Seriously, why are posters putting up such dumbed down summaries. First the article about networking LEDs, now this crap "Every Wi-Fi device has a unique I'D, somtimes called a MAC address" This is slashdot, I'd hope most of us know what a MAC address is.

Re:

[NoNonAlphaCharsHere]

Sure, it's the place where I keep my MacBook Pro.

Re:

[neokushan]

Also, if I'm not mistaken, the MAC address is actually something different entirely than the "unique ID" they're speaking of (although the MAC is supposed to be unique in itself). If they are talking about the MAC address, it sure as hell isn't "sometimes" called a MAC address, it IS called a MAC address. That's like saying "This site is sometimes called slashdot".

Re:

[icebraining]

Of course it's the MAC, there's no other number that can uniquely* identify a device in a 802.11 network. Everything else is either completely non-unique and/or transitory.

* yes, MACs aren't unique either, but they're close enough.

Re:

[Kalriath]

Well, if it's referring only to things in Infrastructure mode, the BSSID would uniquely identify it would it not?

Re:

[icebraining]

In an infrastructure BSS, the BSSID is the MAC address of the wireless access point (WAP).

Re:

[AmberBlackCat]

Maybe they're trying to get a bigger audience than just you. They're still going to fail because every alternative opinion gets modded away, but maybe they're trying.

A quirk of dialect?

[fuzzyfuzzyfungus]

Does anybody know why, with Microsoft, there appears to be a strong pressure toward including the word "managed" in things that they are doing? Back when it was just "managed code", that sort of made sense, ok, ok, the environment manages the memory; but 'managed driving'?

Re:

[Fastolfe]

Because Microsoft's revenue stream depends on businesses "playing it safe" with Microsoft products. Those types of decisions are usually made by MBAs, and MBA's love to "manage" things. If some new product lets them "manage" something, it's like porn to them.

Curious

[cdrguru]

Google's data was undoubtably for sale in certain circles and may still be. Why would anyone buy this information? Simple - it gives you about a 95% (or better) database that describes in geographic terms the market penetration of specific brands and models of WiFi routers.

How much would DLink pay to find out specific zip codes that had more Belkin routers than anything else? How about zip codes in affluent areas where NetGear low-end models are more common? The amount of analysis one can do with this a

Cant change mac addresses?

[nurb432]

Umm its pretty trivial and most home routers even have a button to do it..