

“Greater Choice” - unalone
http://parislemon.com/post/12859599499/greater-choice

======
feral
Whats the major problem with logging the location of a Wifi access point?

I understand Google screwed up in this area before, when they captured network
traffic. (Even then, it seems they captured that data due to oversight, not
some nefarious scheme.)

There are lots of huge privacy issues in the world; I don't think a database
of approximate wifi locations ranks particularly highly. I don't care if
Google map my hotspot, and I'm happy to have my phone locate quickly, when I'm
out and about.

And they are now providing a way to opt-out, for the people that feel strongly
about it; its not trivial to implement, but I can't think of a way of making
it easier.

It seems a lot less complicated for an end-user than robots.txt is in the
related scenario of web scraping.

That blog post is full of vitriol; I don't think its adding much constructive
discussion, or insight; I think its just blowing things out of proportion.

~~~
ghurlman
1\. End users don't configure web servers 2\. Since when is "it's too hard" an
acceptable solution for HN or Google?

Have you ever tried to tell someone nontechnical how to reboot their router
over the phone?

"Just unplug it and plug it back in" "Unplug what?" "The router - the thing
with the network cables in it" "The one with the tv cable?" etc.

Now try to tell them how to reconfigure their SSID, and then reconfigure all
their connected devices to match.

~~~
feral
So, Google could be forced to not gather this information at all.

Whether its in the public interest is a tradeoff between the utility provided
vs the privacy loss. I think its a net utility gain - I like my phone to
resolve quickly, and see little downside - so I have no general objection.

Some people might object strenuously to this information being gathered; they
now have a mechanism - albeit kludgey - to opt-out.

Could the opt-out be implemented better?

You say you don't accept 'its too hard' as an excuse. But sometimes there's a
limit to how well a problem can be solved, given its importance and the set of
people who care about it. You could build a physical switch on the router
(perhaps even one that appends '_nomap' to the SSID). But we don't expect
Google to ship everyone a new router, right?

If there's ever sufficient consumer demand, router manufacturers could add
this feature. But there probably isn't going to be.

We live in a world where Telcos track and log our locations, to a resolution
of the nearest cell, or nearer, all the time. They typically have our identity
and demographic information. They know who we call and message, and for how
long. I'm studying social network analysis, and you can infer an awful lot
from data like this.

So, how do I turn my phone on 'do not track' mode?

I think its pretty decent of Google to enable this feature; yes, the solution
is inelegant, but the people that care enough about this can probably figure
out how to enable it.

I think anger about privacy violations should be directed at worse offenders.

~~~
kiiski
Maybe it would be better to have people who don't mind it opt-in rather than
expecting people to opt-out of something they might not even know they're in.

"...anger about privacy violations should be directed at worse offenders."

No, it should be directed at every offender.

~~~
TeMPOraL
> Maybe it would be better to have people who don't mind it opt-in rather than
> expecting people to opt-out of something they might not even know they're
> in.

No, because it will render this service useless, as almost no one will know or
care about it. Sad truth, but you can't have 'opt-in' for everything if you
actually want to accomplish something.

------
eli
Yeah, but the problem was a bigger joke.

There are many serious threats to privacy in our increasingly networked world.
Cataloging the location of public WiFi hotspots is not one of them.

(Also, I can't think of any other practical way for them to work an opt-out
system? Mailing in your WAN MAC address?)

~~~
icebraining
_There are many serious threats to privacy in our increasingly networked
world. Cataloging the location of public WiFi hotspots is not one of them._

That wasn't the problem. Google sniffed and stored _data packets_ , not just
the location of the APs. And of course, a decent proportion of them were
completely unencrypted.

See their own blog: [http://googleblog.blogspot.com/2010/05/wifi-data-
collection-...](http://googleblog.blogspot.com/2010/05/wifi-data-collection-
update.html)

Of course, whether should people have to encrypt their Wifi networks is
debatable, but the EU authorities weren't pleased, so now Google is trying to
play "extra nice" to calm them down.

~~~
eli
It was an accident. Google doesn't want your data packets.

But if you're concerned about bad guys stealing your wireless data, then it
doesn't matter what Google does or opts you out of -- you need to use
encryption.

~~~
icebraining
I'm not concerned: the EU privacy watchdogs are.

Personally, I used wired, since my router is so shitty it can't even hold
10mbps over Wifi (not even unencrypted).

------
buster
" Apple does the same thing. So does Skyhook (which is suing Google for
ditching their location database to build their own). So do others. It’s a
good idea. And it makes locations services much better."

versus

"The solution is a joke."

Then he rants about how opt-out is bad and opt-in doesn't work. So what is it?

If someone cares enough to opt-out then he'll be able to change his SSID. Be
happy that Google doesn't let you register your access point with Google and
opt-in/out there (and while doing that mapping your identity to your
accesspoint and location).

I don't see an easier way of opt-out. And i understand that opt-in is not
feasible.

By the way, you have to explicitly enable this data gathering while setting up
your phone (on android), so part of the data gathering is to blame for the
user that enabled it, i guess. ;)

------
ugh
What should Google do? Yes, the solution they propose is horrible and hardly
anyone will be able to understand it. The important question is whether people
really should be able to not have their access points mapped.

SSIDs are public, just like house fronts. I think the European data protection
hounds should calm down a little.

I think talking about data protection as a failed ideology is much more
interesting than talking about the last convulsions of the same.

~~~
fl3tch
> SSIDs are public, just like house fronts.

Yet, they allow you to pixelate your house front in Europe. That's the
cultural standard of privacy there, so it shouldn't be surprising that SSIDs
matter to them.

~~~
Angostura
That's correct. They offer an opt-out mechanism.

Same here.

~~~
fl3tch
That's not really the point of this thread. The point was the next two
sentences about "data protection hounds" and a failed ideology. European
standards of privacy are not less legitimate just because they are different
from American standards. His argument apparently was that since we allow house
fronts to be photographed (in America), we should have no problem with SSIDs
being captured. I was explaining why they would matter in Europe.

------
ErrantX
Great; so what is the alternative solution? I've been mulling it over and
there simply doesn't seem to be a way.

Google did indeed make a massive cock up over collecting the Wifi data - and
taking them to task on that is a good thing.

Demanding a magic opt-out of public data seems to be a case of privacy gone
mad.

First we had PC. Now we have privacy. What is it about these things that
always get taken to the extreme. _sigh_

~~~
NelsonMinar
Two alternative that don't require users rename their entire networks. One,
opt-out via MAC address. Or two, opt-out via geofencing: let me pick my house
off a map and type my SSID. Both of these solutions could be automated by a
little program that ran once in the user's network. I'm sure the clever
engineers at Google could come up with even better solutions if they actually
cared about a usable opt-out solution.

~~~
underwater
So to stop Google recording our location and SSID we should give them our
location and SSID?

~~~
fennecfoxen
I'm not sure what you're complaining about exactly. You object to giving them
information they already have so they can remove it?

~~~
underwater
It depends on why you want the information removed. If it's because you don't
want it publicly available then fine, but you may not want Google to store
that information at all. In that case opting out is giving them even more
information about you; as you'll be potentially linking your IP, Google cookie
and account to your SSID when you complete the opt-out.

------
benwerd
I'm almost convinced that the Google solution is a demonstration of intent to
overcome legal hurdles in places like Germany. It's not at all a real solution
that real people will use.

------
mef
Where is the outrage over the multiple wifi access point databases which
already exist and _don't_ give anyone the ability to opt out? (skyhook,
navizon, etc)

~~~
icebraining
The outrage was over the data packets Google collected. Now they're being
forced to implement this as a punishment, it seems, more than because of any
actual problem with SSID location recording.

------
dguido
The fact that certain people think they're entitled to privacy while
broadcasting an access point name over a shared wireless frequency is a joke.

------
gsoltis
Thought experiment: Imagine the same product, determining the location of a
mobile device, through a different mechanism. How about we replace SSID with
paint color of a building, and the mobile device's wifi antenna with the same
device's camera. From there, the service works more or less the same. The
sensor (camera) sends google a snapshot of its current surroundings. Google
compares this pattern of colors to a map it has created by cataloging building
colors around the world and makes a best effort to find a match and provide a
location based on that.

Assuming you are ok with google street view (if you're not, I assume they same
reasons would apply to SSID mapping), what then is the difference between the
color of your house and your SSID?

And to head off one possible reply, the data collection issue is orthogonal to
the mapping of SSIDs. I don't think anyone is saying that it was ok to capture
data packets, but for the purpose of this thought experiment, let's pretend
that google had properly performed the SSID mapping and stored only SSID and
location of their collection vehicle.

------
Atropos
This opt-in/opt-out is a false dichotomy in my opinion, because probably 90%
of the population don't know this issue at all. So it doesn't seem to matter
much, how difficult the opt-out mechanism is. Likewise, if you use an opt-in
mechanism, practically nobody will opt-in, although if everybody could weigh
the cost/benefits the result might be different.

Which is fine, it would be a huge price on society if everybody had to educate
themselves on these small issues all the time. This is an area where
regulation is the best choice. As long as there is no law against it, I can't
see how it google is in the wrong here?

------
dayjah
My mother would fail to be able to do this. Not just because it's a technical
challenge, but also because her ISP sends out routers which are preconfigured
with a SSID to make setup _easier_, you just plug and play. No admin console,
no telnet (TBH: I didn't look to hard for either).

Perhaps GOOG feel privacy is only the concern of people that have enough nouce
to setup a wifi router? 100% of the routers at residential buildings I
connected to wifi at on my recent trip to the UK were this type.

~~~
chc
If you feel that strongly about this, you can learn how to configure a router
or you can find someone to do it for you. If you don't want to do either, it
doesn't seem like this is terribly high on your list of priorities.

------
alttag
1\. So, how does this "solution" affect networks they've already mapped? It
seems odd this would be proposed after the fact.

2\. Why should I have to change my name to not be mapped? From a rights
perspective, if you're doing something with my info, shouldn't the onus of
changing primarily be on you?

------
metel
Huh.

I never thought I'd live to see arch Apple loyalist Matt Siegler post
something negative about Google.

I honestly can't remember the last time one of these well-known Apple
loyalists lashed out at Google...

It's extremely noteworthy.

------
steve8918
When the wireless router broadcasts the SSID, is that all it broadcasts or
does it also broadcast its MAC address, etc? How can you tell the difference
between one "linksys" router and another one, also broadcasting "linksys"?

~~~
rwar
My understanding is that the wireless router broadcasts a packet and that
packet contains the SSID and MAC address.

------
Groxx
That's a horrible solution, but I really don't know what the problem is. Yes,
they inadvertently collected extra packets - _and they stopped_. Why no
outrage against Apple or Skyhook?

------
jeffdechambeau
Serious question: why is MG Siegler taken seriously at all? So far as I know
he has no credentials, is incapable of actual analysis, and takes forever to
get to the point. Am I missing something?

~~~
myspy
He is a good writer, great analyst and knows how to get to the point. You just
feel offended when someone is right and you can't cope with it.

~~~
arron61
Great analyst? He's basically an apple PR personnel. Most of his posts van be
summed up into Apple can do no wrong. Anyone opposing apple is wrong and
stupid. There is no logic. It's blatant and it's almost like he does it for
page views

------
yanw
If the solution is not ideal it's only because the problem is imaginary.

Why are we pretending that logging locations of public WiFi hotspots is even
an issue?

~~~
sp332
The outrage isn't about about public hotspots. It also logs your home SSID,
even if the network is encrypted. That's what people are mad about - having
their home routers on a Google map.

~~~
watty
I don't get it - when I click on available wireless networks I see all of my
neighbors SSID names, should I not read them? These are not private, the
default setting of a router is actually to _broadcast_ this name.

So, perhaps we should advocate router manufacturers to change the default SSID
broadcast?

~~~
sp332
Yes and anyone can see my license plate # as I drive by. That doesn't mean I'd
be comfortable having my car tracked.

~~~
shoota
Unfortunately, your car is already being tracked. A lot parking garages, and
toll roads are doing exactly this.

------
dlikhten
There's a bigger joke here. They are asking people WHO ARE ALREADY NOT
KNOWLEDGEABLE ENOUGH TO ADD A WIFI ENCRYPTION to change their network SSID. I
think .01% of the population will benefit.

Naturally opt-in < opt-out.

~~~
gravitronic
Encryption has nothing to do with it.

If your SSID is broadcast, without opting out they are adding the hotspot to
their database.

In my neighbourhood about 95% of the AP's that broadcast SSID are encrypted,
so this is a much wider group than just the open hotspots.

~~~
robert-boehnke
The people that he refers to are the ones who had their data inadvertently
collected by Google due to a lack of Wifi encryption.

This is what got the whole process of adding _nomap started.

~~~
gravitronic
I don't think so. While the data collecting was one snafu that hit a smaller
set of people with WIFI routers, the bigger story unveiled was that Google
created a huge database of (SSID, Router MAC, location) regardless of wifi
encryption.

That's why it's _nomap and not _nosniff.

------
bstar77
I don't understand why so many people are defending Google here. The reality
is that the vast majority of these so called "public" access points are going
to be unassuming users that have unwittingly been added to Google's public
wifi grid that basically invites people to use their wifi as a public service.

Please correct me if my assumptions are wrong. This feels like an incredible
invasion of privacy. It's one thing for a user to ignorantly leave their wifi
unprotected and have a few people take advantage, but it's another to look at
it as an untapped resource and build a business model around it.

~~~
elisee
The mapping is not done so people can find your WiFi and connect to it. It has
nothing to do with whether your access point uses encryption or not. It's just
a way to do triangulation using known anchor points.

Suppose there's 3 access point advertising their existence around you (most
access points do by default). If you know their coordinates on earth and their
relative signal strengths, you can pinpoint a pretty accurate position of
yourself. Kinda like GPS.

Google screwed up by collecting more data than they should, and now they are
doing a little dance to appease the lawyers.

The solution is indeed a joke, because there's no problem. It makes no sense
to not want people to pinpoint an access point on a map, when it's actively
advertising itself. The way I see it, there's no privacy breach whatsoever.

The real problem (Google collecting too much personal data) has already been
fixed.

