Google Street View Logs Wi-Fi Networks, MAC Addresses 559
An anonymous reader points to this story at The Register that says "Google is collecting more than just images when they drive around for the Street View service. 'Google's roving Street View spycam may blur your face, but it's got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique MAC (Media Access Control) addresses, as the car trundles along.' There's a choice quote at the end: 'Google CEO Eric Schmidt recently said Internet users shouldn't worry about privacy unless they have something to hide.'"
Tell Your Wireless ... (Score:5, Insightful)
This doesn't look good on the surface
Why can't Google (and everyone else for that matter) just stick to the personal data people are foolish enough to hand over to the web? This type of action puts them on the edge of WiFi hackers who are "just seeing if it could be done"
Re:Tell Your Wireless ... (Score:4, Insightful)
Basically Schmidt's quote can be better worded as saying "internet users shouldn't worry about privacy unless they're broadcasting something they have to hide".
Ignorance abounds (Score:5, Insightful)
Wow. That's pretty shitty reporting, even for The Register. Yes, Google records SSIDs and (I guess) MAC addresses of wifi APs. That way they can estimate your position for Google Maps on a mobile device, even if you have no GPS on that device. This has been public knowledge for at least a year now.
In regards to Streetview itself and recording SSIDs and such, there is simply no privacy concerns. When you are in public, people can see you. When you broadcast signals, people can receive them. If you don't want to be seen, don't go out in public. If you don't want people to see the SSID of your AP, don't broadcast it.
Bellwether (Score:1, Insightful)
It seems people tend to use the "nothing to hide" argument when they have something sneaky planned.
**Posting anonymously because I've got plenty to hide**
NOTE: Those weren't (apparently) his exact words (Score:1, Insightful)
That "quote" is somewhat disingenuous. For most news sources, i wouldn't care, but when it comes from The Register, or Light Reading (a/k/a The Enquirer of fiber optics), I want an exact quote -- because they're far too prone to insinuation and putting spin on things the way they want them to be perceived.
Re:Tell Your Wireless ... (Score:4, Insightful)
okay, so how is this different than any other wardriver or just anyone using wifi and how is it any more "enforceable"? Your computer keeps track of MAC addresses. There are apps that can be put on your phone to track mac addresses and open/close status while driving along with gps, and it's public information.
Ignorance abounds indeed (Score:5, Insightful)
This is the same sort of problem that we complain about when a company collects little bits of information that you leak in public, and builds a dossier on you. Yes, the information is technically public, but the fact that it is being assembled en masse is the problem. It is impossible to hide ever detail of your life from view, but when such a large database is built up, it reveals a lot about a person, potentially including things they did not want revealed.
Dear Google (Score:2, Insightful)
Can you please explain how wardriving is not evil?
Oh, and, by the way, off course I do have something to hide. That is why it is called privacy.
Re:I just don't see the issue (Score:4, Insightful)
Re:Tell Your Wireless ... (Score:4, Insightful)
Broadcasting? By making a search within Google?
Sorry but for example I rather keep the sex I have between me and my girlfriend our own private thing and not let everyone see it, or have videos of it. If I want to keep that to myself, according to Schmidt I shouldn't be having sex at all.
No, you shouldn't be recording the sex and placing the videos in a public location.
Re:Ignorance abounds indeed (Score:5, Insightful)
Maybe I'm just ignorant, but how would they map the SSID to you? All they know is that in this area, someone somewhere has a router with a SSID of "X." (And, if you're anything like my neighbours, half of those are named "linksys.")
Re:Tell Your Wireless ... (Score:4, Insightful)
Actually, Schmidt's quote can be better worded as saying "If you have something to hide, you shouldn't show it to the internet, because police can and will request that information from any provider, including Google".
But that doesn't sound at all as threatening, so let's just pretend he said something else!
Re:Tell Your Wireless ... (Score:0, Insightful)
What they are doing is not even questionable, it is completely legal.
Do you know much about German law?
Because in the USA it IS questionable and in some cities it is ILLEGAL.
Origin of Privacy (Score:5, Insightful)
Oh dear, I wish he hadn't said that. I hope he does too. Even quoted a bit out of context (it was possibly a flip tagline), when you direct activities at the biggest datalogger around and have capabilities that most people regard as extremely penetrating, you just do not say anything that might scare people. Bad for business.
Many people do not understand why privacy is a right. As he says "Why worry if you have nothing to hide?" It is not from nothing: One word answer: PREJUDICE. Privacy is basically a right of self defense against prejudice (and malice too, for that matter). We all have good reason to be concerned about the impression we make upon others since they can often make arbitrary decisions that affect our interests.
Of course others have a right to relevant information, but we have a right to control how much beyond we choose to present, and to whom. We do have a right to be treated as individuals. Not products of some correlation -- statistics is _descriptive_, not prescriptive.
Re:Privacy (Score:5, Insightful)
It is also not at all the argument he was making. But it's much more fun to just believe everything we hear on the internet rather than look up what he actually said!
Re:Dear Google (Score:1, Insightful)
if you haven't checked the box to disable broadcasting SSID then you aren't doing a very good job of hiding it
Re:And... (Score:5, Insightful)
And what if I have nothing to hide for the current government but don't get the assurance that today's laws are tomorrow's laws?
With enough information in the hands of governments, it's very easy to change a law, criminalize something that was perfectly legal and find and eliminate most of the 'criminals' under those new laws.
I know I'm kind of invoking Godwin's law here, but in 1939 it was perfectly legal to be Jewish here in the Netherlands. In the 1930s the Dutch government made an almost perfect register of the whole population, so in 1940 it was very easy for the Nazis to eliminate almost all the Dutch Jews.
Re:Privacy (Score:1, Insightful)
The decimation of privacy is almost embarrassing now.
250 years ago, an American citizen would fight and die for their own (and their fellow citizens) privacy and freedom. Now, if you read Schmidt's comment... it seems like you are guilty if you want to retain privacy. Extrapolate his comments to other fields:
-[Airline travelers] shouldn't worry about [taking their shoes off] unless they have something to hide.
-[High school students] shouldn't worry about [getting searched for weapons] unless they have something to hide.
-[Drivers] shouldn't worry about [DUI checkpoints] unless they have something to hide.
-[Internet Users] shouldn't worry about [privacy] unless they have something to hide.
I am amazed how quick we are to forfeit our rights in fear of being considered guilty.
When I was a child, there were no metal detectors or pat downs when I entered school. Our children will grow up in a world where this is the norm, so the envelop will continue to be pushed.
Where will it end?
Re:I just don't see the issue (Score:3, Insightful)
The odds are stacked against an individual who might want to keep certain details of their life private when an organization as large as Google is trying to pry their lives open.
But Google isn't "prying", that's my point. They're collecting information that you have chosen to make available publicly, whether it's by placing it on the public Internet, or broadcasting it over EM waves where anyone nearby can pick it up. If you want privacy, don't announce your information in a public manner, and you will be off Google's radar. Google got blasted for Buzz (and deservedly so) because information that people thought they had selected as "private" was being made available, but that's not the issue here. If you're concerned with your MAC address being recorded, you need to learn how wireless networking works.
Re:Ignorance abounds (Score:5, Insightful)
If you don't want to be seen, don't go out in public.
And yet many countries have laws against following someone around, noting down their movements.
If you don't want people to see the SSID of your AP, don't broadcast it.
I don't care if people see my SSID. I may care that a company (which makes its money from selling targeted advertising) has recorded it and stored it in a database along with location details, photographs, etc. That is fundamentally different from my neighbours and casual passers-by being able to see a SSID of "home" as they pass my house.
Re:Ignorance abounds indeed (Score:3, Insightful)
Really? (Score:5, Insightful)
What they are doing is not even questionable, it is completely legal.
Do you know much about German law?
Because in the USA it IS questionable and in some cities it is ILLEGAL.
How do people use public wireless, then? They have to enter all the information manually, as opposed to scanning and just picking out the right SSID?
Could you post some of the case law / legal statutes involved? Thanks!
Re:I just don't see the issue (Score:3, Insightful)
It's (generally) not illegal to take one picture of a storefront from your car. It's not illegal to take two, or three. Nor is it illegal to put those pictures on the internet. Google is just taking this process and deploying it on a larger scale than anyone previously had the resources for.
There are things that can be done in the small scale that are not a problem, that become an issue when taken to the large scale. One example I deal with from time to time at work is aggregation of information - under the UK government's rules for handling of protectively marked ("classified") information, a collection of information each piece of which is marked at one classification, may together require a higher classification. For example, taken together, a collection of documents each marked at RESTRICTED may itself become CONFIDENTIAL (which significantly changes the way the collection is handled).
The fact that each individual photograph, etc is perfectly legal doesn't necessarily mean that there aren't serious privacy concerns surrounding building up such an all-encompassing database of them.
No, it doesn't follow that there *is* something wrong, but neither does it follow that there *is not*.
Re:And... (Score:5, Insightful)
Those people who say "if you have nothing to hide" have something to hide -- their ignorance or contempt for your intelligence. There are a lot of things that are not illegal you don't want known; adultery is legal in Illinois. Even in states where it may not be illegal, you still wouldn't want your girlfriend to know she's not the only one. You may be a closeted gay working for a right wing congresscritter, or a closeted conservative working for a left wing congresscritter. You might not want people to know that you watch Mickey Mouse cartoons. The list goes on.
Either Schmidt is stupid (and I don't buy that) or he thinks you are.
Re:Tell Your Wireless ... (Score:2, Insightful)
wardriving involves the theft of bandwidth, which is a commodity.
I didn't know the CEO of Verizon had a /. account. Welcome aboard sir! Or are you the CEO of AT&T?
Re:I just don't see the issue (Score:3, Insightful)
Even small details like MAC addresses may ultimately reveal a lot of private data about a person, particularly combined with other information (such as its geographic location?). No, nobody expects every single detail of their life to be private; at the same time, many of us do have secrets and private details of our lives which we never broadcast, but which may be revealed by the sort of activity that companies like Google are engaged in.
Re:Tell Your Wireless ... (Score:3, Insightful)
Or worse yet... it is like me driving around and logging (e.g. writing in a paper) the numbers of the houses...
And then some guy getting mad at me because I identified that the number of his house is in X street!! "OMG you are profiling me!"
Very true here, but consider the place (Score:5, Insightful)
What they are doing is not even questionable, it is completely legal.
That's true here in the US. Existence of companies like Skyhook and the iPod Touch's location feature make that evident. The question is if it's legal in Germany.
Not that it shouldn't be, particularly when an AP is metaphorically screaming,
Hello there, anyone who can hear me!
My name is Linksys!
You can tell me apart from other folks with the same name because I'm XX:YY:ZZ:AA:BB:CC!
If you like, I can give you an IPv4 address!
No, no, I haven't been told to exclude anyone who doesn't know my favorite word or phrase!
Please talk to me! I love you!
Here in the States, logging that you heard such a declaration rightly isn't against the law. Further, based on my very crude analogy, I also don't think that "unauthorized" connection/use of an unprotected/unconfigured AP should be a criminal offense either. Perhaps if someone learns that their pipe is being used against their knowledge, they could (and should) take civil action to force that person to pay for what he's been freeloading on, but I digress.
... Sorry about this, but unless you speak Italian and ol' Tony tells you what my favorite word or phrase is, I can't give you an IPv4 addres!" Any situation where network encryption is either bypassed or broken without the network owner's knowledge and permission is nefarious outright, regardless of intention, and that should most definitely be a criminal offense. Although if ol' Tony finds out before the cops do, you're probably even worse off.
For someone who actually breaks in to an encrypted AP (and yes, WEP counts), consider that WEP might be like a retarded-midget bouncer who'll believe you if you lie to him, whereas WPA could be, "My name is Linksys
Re:Ignorance abounds (Score:5, Insightful)
2+ years [zdnet.co.uk]. It's a great application, with no more privacy implications than if you were to call someone with local knowledge and describe the landmarks that you could see near you.
Nobody, least of all Google, cares who owns "BT Home Connect 9923123" or "Pr0n4Free4EvarLan", they just care that there's a SSID in that area with that name.
Cue objections from Tin Foil Hatters who don't want The Man to be able to describe the outside of their parent's basement, lest their very souuuuls be stolen and sold to, god, I don't know, the Saucer People.
Fill me in, Hatters. To what Evil use could this information be put? Try to use reasons that might actually be valid on Planet Earth, if you please.
Re:Dear Google (Score:4, Insightful)
Wardriving is evil now? This is news to me...
It's not exactly like they are going to jump on your network and listen to all of your traffic. They're just recording your MAC address and your SID (which you chose to make publicly available) which you are blasting out into the world on the electromagnetic spectrum. Really this is no different than them driving past your house and recording what color you painted it.
Re:I just don't see the issue (Score:4, Insightful)
Re:Tell Your Wireless ... (Score:3, Insightful)
How does listening to publicly broadcasted information "steal bandwidth"?
Ma Bell (the original) (Score:5, Insightful)
In another ominous development, the phone company is planning to release a compiled document containing every name, address, and phone number of all their wired clients. The books will be published by region but be available globally. They'll be called by the disturbing name "White Pages".
They also will provide a charge-per-call service wherein on a request from not only government agencies but also private citizens, they will mining their data stores nationally in search of a particular individuals detailed info. While there is no clear consensus on this point, it appears this service will either be called 'Information' or mysteriously... just '411'.
They claim there will be an 'opt-out' option, but it will not be enabled by default, and there will be an extra charge for it's use.
Just some perspective to apply, not really meant as humor. This issue is about as dangerous as the phone book IMHO. You've got (or should have) an option in your router to hide your SSID. If you aren't using it, then you are BROADCASTING it. If someone tracking this information centrally really concerns you, change your SSID randomly every 30 days, and the MAC of your router. If your router doesn't support changing it's MAC, get a better one.
If it REALLY concerns you, don't use WiFi! There are much more nefarious things that can be done against WiFi than just logging an SSID/MAC that might actually be worth worrying about (again, IMHO).
Corporations have more rights than individuals (Score:3, Insightful)
Therefore, I'm free to decrypt satellite TV and get HBO for free, right? After all, the signal is OUT THERE, so large corporations should fully expect me to decode it on my own and play it through my TV.
Why is it that corporations expect privacy, but citizens should not expect it?
Re:Tell Your Wireless ... (Score:3, Insightful)
No, since the topic is mostly illegal actions, which should be obvious from the reference to the Patriot Act and requests by authorities.
And ever if it wasn't, that does still does not equal "internet users shouldn't worry about privacy unless they have something to hide". No part of that statement talks about not worrying.
Re:I just don't see the issue (Score:2, Insightful)
Burglars no longer need to visit an area to scout it to check for targets. The common argument from the pro-street view group against this is that well anyone could come down and take a picture for the same effect- that's true, but here's the difference, using my house an example. I live on a cul-de-sac, to get to my house and take pictures without someone noticing a guy with a camera would take some doing, everyone on our street knows everyone else, if someone came down, and turned around, someone would see them. If there was a subsequent burglary, then there would be witnesses who could point the police in the right direction in terms of a number plate, or a description of a person, or person(s) looking dodgy.
If you seriously believe that, you live in a fantasy.
If what you claim is true, then what was the make/model/plate# of the google street view van? Was the driver a male or female? How many of your all-the-time-alert neighbors saw it? After all, those things aren't exactly inconspicuous [google.com]!
I live on a cul-de-sac, too. There's noone here during regular working hours. You could literally have a film crew here for 2-3 hours a day, and noone would know.
If your cul-de-sac has a house or two with retirees, or stay-at-home moms, I really doubt all they do is sit by the window the whole time, and write down every license plate number.
My bet is thus: if I wanted to, I'd just take an HD camcorder, give it to my wife in the passenger seat -- or, heck, to my kid on the back seat, one of them would take the shot, while I'd drive into the cul de sac, turn around, and drive out. I'd say my chances are 1:50 that anyone would recall an "out of place" car being there, 1:1000 that anyone would know the make/model, and 1:10'000 that someone would know how many people were in the car, that someone was filming, and the license plate #.
The reality is exactly opposite to what you insist: if I want to physically scout a location, I won't be seen, there will be no witnesses, and there will be no suspicion. Cameras these days are rather inconspicuous, even HD cameras. I can have one in my hat, and just walk around, with a kid or two in tow. Or I can just drive around with a dash camera. Heck, I could probably get something flat and inconspicuous-looking magnetically attached to one of the mailboxes around here, if I wanted to see the people's comings-and-goings in real time, from a safe distance.
About the only point you may have is that the high vantage point requires a sufficiently tall vehicle, and couldn't really be inconspicuously replicated without having a camera in, say, a gyroscopically stabilized ball. Maybe it's a good idea for a project! Let's see who can throw the ball higher in the air, kiddo! And when we come home, we can review how high it flew ;)
Re:Ignorance abounds indeed (Score:3, Insightful)
This assumes they are continuously recording signal strength with GPS position. Perhaps they are, I dunno. Just the same, as someone up above already pointed out, if you have an Android phone and enable the Wireless Location provider, it can pinpoint your accuracy to within 35m or so, which likely indicates they don't continuously capture signal/location (or don't do the calculations to enhance the reported accuacy) and that its very roughly 2x the distance between the street and your location.
Of course, the first time you enable your GPS AND Wireless Location providers AND turn on your WIFI device on your phone, they now have enough information to very precisely associate your GPS location in relation to a number of wireless cell towers and all neighboring AP's. In other words, its very likely they absolutely understand which SSID is at which physical location. Of course, they also re-capture the MAC address/SSID as this is all reported back to Google.
And as a side note, many Android applications periodically turn your WIFI on, scan, turn back off, and report your location to third parties. Popular applications such as Locale and ShopSavvy both do this. And if you leave your WIFI device plus Wireless Location provider on, Google will use your phone as a war driving device whereby they periodically scan and return the results back to Google.
Re:Terminology (Score:3, Insightful)
Except that you can hide your MAC address by simply turning off SSID broadcast, and your router is no longer screaming it.
TV content distributors use satellites to distribute content. If you use that, you must decrypt it. But you can sit and watch patterned static all day long, use the streamed signal to generate pseudorandom locations, and even point a focused receive-only antenna at the satellite and use the satellite as a point of reference if you want to.
The signals the device intentionally broadcasts in the clear are vastly different from signals that are sent as encrypted and you must decrypt. It's not the interception of the signal, that's perfectly legal. It's the circumvention of the encryption protocol.
You can call your SSID/MAC a "service", but in order to consider it a "protected service" you must encrypt it. Which means you'll have to invent your own 802.11x-ish spec that encrypts the MAC address and SSID as well as all data sent over the data channel. At that point, your analogy would hold. But you've got some serious development to do first.
Or you could simply uncheck the damned "broadcast SSID" checkbox on your router's configuration screen and be done with it. Google's not stupid enough to try and use AirSnort to ferret out hidden APs when there are plenty of broadcasting ones they could use for their Wifi-assisted-GPS service.
Re:Privacy (Score:3, Insightful)
Now, if you read Schmidt's comment...
Which you clearly didn't actually do. You just believed what the internet told you that he said, without bothering to check for yourself.
Anology. (Score:2, Insightful)
This is about privacy.
I think if i go and sit accross your house and put down the times you enter and leave the house and publish this on my blog (that is ad-sponsored) you would think different. If i make a note also if you locked your door (WEP or WPA2) then you would become a little more suspicious.
A special note is made
Then i keep this data for 10 year. Anyone who is interested can buy it or browse it.
But i have to stop now, google anology police is knocking on my door.
Is this illegal? That is where privacy starts and passwords stop.
Re:Tell Your Wireless ... (Score:3, Insightful)
Sorry but recording all MAC addresses? Google's "Do no evil" just went out the door. There is no reason for Google to record the MAC addresses of devices.
Can people do scans and get that information, yes. The catch is they should have to do that scan to get it. ISPs most likely already know the MAC addresses, and they should it is their network.
Google is acting like it does not have to follow the rules.
Re:Tell Your Wireless ... (Score:5, Insightful)
No, it's more like, if there is a crack in the wall you have agreed to Google selling tapes of you having sex, if you didn't wan't to be recorded you shouldn't be broadcasting it!
I also got your girlfriend's moaning as my ringtone thanks to Google Street Laser Microphone, thankfully I didn't have to listen to weeks of mundane stuff to get that ringtone because I got a graph of your sad, appalling sexual life thanks to Google Street Thermo-cam.
I jest but the idea is that you can't claim I agreed to broadcast information I didn't knew I was broadcasting, and that's exactly what Google apologetics want to claim.
Re:Very true here, but consider the place (Score:5, Insightful)
It's true that this seems legal in the US. However there are lots of things which are legal because they seem harmless in the small scale, but which become privacy concerns on the large scale. The current laws don't deal with situations like this.
An example is police tailing. Police are allowed to follow someone without practically any oversight. This is self-limiting because it takes manpower, which is a highly limited resource. However courts have stated that surreptitiously monitoring someone's car with a GPS is equivalent to police tailing. This is something which requires considerably less manpower. Tailing with GPS is no longer self-limiting. If this were done on a large-scale, lots of people would consider it an invasion of privacy.
An entity listening to broadcasts in the 2.4Ghz range in a small area is probably not a problem. An entity with the ability to listen to these broadcasts across the entire US? That's something worth rethinking. Maybe it's a problem, and maybe it's not. I really don't know. But due to the scale, it's a slightly different situation.
Re:Very true here, but consider the place (Score:3, Insightful)
That's a pretty big leap from what is actually happening with these kinds of services. For one, it's possible to associate a person and their license plate without knowing where they live. But the only way you can associate a person with their SSID is going to their house, basically. And even then in a crowded apartment you'd probably be able to see several APs and have to ask which is the right one.
For another this data isn't "all published on the web". I don't know for sure but I bet if you tried to dump (eg) Skyhooks database by enumerating every possible SSID not only would it take you absolutely forever but they'd certainly block you at the server level.
Re:Tell Your Wireless ... (Score:5, Insightful)
Sorry but recording all MAC addresses? Google's "Do no evil" just went out the door. There is no reason for Google to record the MAC addresses of devices.
Actually, they do have a reason - it's called "WiFi geolocation", and can be used in conjunction with cell towers to pinpoint one's position much more precisely than towers alone can do. It's used in such capacity in Android, for example.
I've also heard that iPad (at least the non-3G variety) also uses WiFi geolocation.
In any case, I don't see the problem. On Slashdot, it has been said countless times in the past (e.g. with respect to websites being crawled when they don't want it to happen) that "if you put it in public, it's public". Well, guess what, that's precisely what a wireless access point does, if you tell it to broadcast its ESSID! It's not even something of the "unlocked door" variety, it's literally actively transmitting this information for everyone to hear. Noting it down is absolutely not a privacy threat - not anymore than the broadcast itself is in the first place!
Re:Very true here, but consider the place (Score:3, Insightful)
yes, but imagine Google was logging car plate numbers together with the address location they are parked and then published all that information on the web.
A car plate number is linked to its owner's personal information. A MAC address or ESSID are not linked to anything.
And yes, your car plate number and your home address are both public already, but at least they are not published on the Internets are they?
The idea that adding "... on the Internet" to something fundamentally changes privacy issues is akin to a similarly silly idea that adding "... on a computer" to a patent somehow makes a new, patentable invention.
Re:Ignorance abounds (Score:1, Insightful)
All right: what countries, and what are these laws?
Just for the moment, I think you're being as off-base as the Register's deliberate miss-quote of Schmidt's frank and decent warning [slashdot.org] about our modern reality.
I sympathize that you may be shocked to find that public information that used to be hard to get & access is now easy to get & access. Hell, I'm one of those people who prefer big cities to small towns because in big cities I can walk down a street or have coffee in a cafe and nobody 'knows' anything about me. It's a splendid freedom, after small-minded small towns. It's passing.