

Google Street View Logs Wi-Fi Networks, Mac Addresses - cwan
http://yro.slashdot.org/story/10/04/23/0522228/Google-Street-View-Logs-Wi-Fi-Networks-Mac-Addresses

======
ugh
Yawn. This has been known since at least 2008[1]. All that particular story
tells me is that the urge to vilify Google is huge.

[1] <http://rotacoo.com/a-couple-of-thoughts-on-street-view>

~~~
microcentury
Huge, and consistently pursued by the Register. Don't have time at this moment
to dig up links to illustrate, but every time there's an anti-Google story the
Register are right up there misinterpreting it to maximum 1984 effect.

------
mansr
If you don't want people to see your WiFi MAC address, don't broadcast it into
public spaces. Besides, there is no way to tie a MAC address to a personal
identity, so where's the damage?

This is really no different from house numbers printed on paper maps, as they
have been for centuries.

~~~
fooboo
But now there are services to lookup the owner mapped to the house. It's not
apples to apples here. A house is stationary, there is a 1-to-1 mapping: house
number to name. But say you have a wifi laptop and it is established that a
MAC maps to you with reasonable certainty, then it's certainly possible to
track your movements using that information.

IMO, I find that Buzz messages on Google Maps to be extremely creepy and am
willing to bet a good portion of people doing so have no idea that they can be
visualized that way.

~~~
roc
It's only 1:1 MAC:House if you're the only wifi network _and_ house in a
reasonable range. And in that case, if you're broadcasting your wifi network,
you set the 1:1 mapping up yourself.

Frankly, I don't even know if I'm upset with this. If you throw a signal into
the public, you don't then get to decide how people use it.

At least, that's the argument we've always used against corporations that try
to legally control how publicly broadcast information gets used by those who
receive it.

~~~
pierrefar
Most people don't know they are throwing a signal into the public. They are
just setting up a tool to check email, Facebook, and talk on Skype. It's not
immediately obvious to them what exactly is happening.

And please don't blame the consumers for their lack of knowledge in this. You
don't need to know how a car works to drive, nor how a DVD player works to
watch movies, nor is it essential to know how a computer works to use it.

~~~
grhino
What's the threat if someone has your MAC address?

------
lpgauth
Skyhook Wireless as been doing this for a while.
<http://en.wikipedia.org/wiki/Skyhook_Wireless>

------
skolor
Now, correct me if I'm wrong, but this doesn't, actually, do anything. As far
as I knew, your MAC address was only relevant on the given network you are on.
So, if you're on a Wireless network, this is useful, Google knows where that
access point is, roughly.

This does not, as the article seems to imply, let Google "cross reference the
Mac address of a user's connection with their real identity and virtual
identity". As far as I know, a website does not have the capability of pulling
the Wireless MAC address from a router, through the browser.

(Please note, this may be incorrect, as I am not an expert in networking, or
web browsers, however, I have dabbled in both, and have at least a working
knowledge of both) A MAC address is used in communication on a Network. It is
a unique "code" for each network interface. In theory, it should only be
available to those on your direct network. Unless there is some sort of
protocol I am un-aware of, routing across networks must be done by IP address,
so outside of your own network the MAC address is useless.

Now, when it trying to cross reference a MAC address (tied to the hardware)
with a user account, I don't see how Google could find the Wireless MAC
address from one of their servers. Unless they use an exploit to run MAC
address gathering code from the browser, I can't see any way for them to get
that information to cross reference the user.

On top of that, this would only be slightly more accurate than the exist GeoIP
databases. Your wireless access point has a range of roughly 100 feet or more.
A GeoIP database can be accurate to the block you live on. It seems fairly
comparable.

~~~
grhino
I agree.

I could come up with some uses that law enforcement could use the street view
data combined with logs from access points to guess the user for a particular
MAC address.

------
iseff
If you use Firefox's geolocation support[0], you're seeing the benefits of
this[1].

FWIW, I find that it is FAR more accurate than my iPhone indoors. Without the
line to a satellite, my iPhone is generally wrong by a radius of a few blocks,
while Firefox is generally within a few meters.[2]

[0]: <http://www.mozilla.com/en-US/firefox/geolocation/>

[1]: <http://www.google.com/privacy-lsf.html>

[2]: NOTE: This is from Los Angeles, a heavily populated area, which probably
makes it easier. YMMV.

------
crocowhile
>Google CEO Eric Schmidt recently said Internet users shouldn't worry about
privacy unless they have something to hide.

Is this true? Did he say that? It's hard to believe.

~~~
TallGuyShort
Yes. He said it in an interview on CNBC.
<http://www.youtube.com/watch?v=A6e7wfDHzew>

"If you have something that you don’t want anyone to know, maybe you shouldn’t
be doing it in the first place. But if you really need that kind of privacy,
the reality is that search engines like Google do retain the information for
some time, and we are all subject to the Patriot Act, and it is possible that
that information may be made available to the authorities." -- Eric Schmidt

~~~
callahad
Which is quite distinct from "Internet users shouldn't worry about privacy
unless they have something to hide."

Rather than telling users not to worry, he's explicitly warning them that
search engines, including Google, are subject to inquiries from law
enforcement, and thus, should not be considered secure.

~~~
thirdstation
I like Bruce Schneier's response:

"Privacy protects us from abuses by those in power, even if we're doing
nothing wrong at the time of surveillance.

"We do nothing wrong when we make love or go to the bathroom. We are not
deliberately hiding anything when we seek out private places for reflection or
conversation. We keep private journals, sing in the privacy of the shower, and
write letters to secret lovers and then burn them. Privacy is a basic human
need."

Snipped from: <http://www.schneier.com/essay-114.html>

------
randomstring
Why stop there. They should capture the Bluetooth MAC addresses too. That way
they can follow individuals.

Harder to to with the more limited range of bluetooth.

[http://www.indy.com/posts/stealth-09-indy-airport-study-
trac...](http://www.indy.com/posts/stealth-09-indy-airport-study-tracked-
phones)

------
paulitex
"recording users' unique MAC (Media Access Control) addresses"

MAC addresses aren't necessarily unique, nor are they permanent. It's pretty
trivial to change them using ifconfig.

------
jrockway
The point is so that phones can know where they are without using as much
power. (Wifi is cheaper than GPS, I guess.)

------
slowpoison
I expect soon you'll be able to search for somebody in the world by their mac-
address.

------
jancona
This has been going on for years. See wardriving:
<http://en.wikipedia.org/wiki/Wardriving> and Wigle: <http://wigle.net/> Or is
it only a problem when Google does it?

~~~
TallGuyShort
What I've seen mentioned in several articles about why this is dangerous, is
that Google has a unique ability to cross-reference the information with other
data on a massive scale. Most war-drivers don't have nearly as much weight
behind them.

~~~
grhino
So, if a user has a laptop on a coffee shop wireless network, access to a log
of the MAC addresses registered at the coffee shop could be cross referenced
with Google's data to find out where that MAC address was at the time the
street view car went by. If you assume that the street view car happened by
that MAC address while that user was at home, you could then look up the
residents and figure out the identity of the user of that MAC address.

Honestly, it doesn't concern me that much, but I'm trying to figure out what
has other people worried.

------
BSousa
I just hope a looney follows Eric around, taking photos, publishing everything
he can find on him (what's his breakfast, time he gets home, car he drives,
how much he earns, etc) . I'm pretty sure he would think a bit more before
saying stupid things like: "If you have something that you don’t want anyone
to know, maybe you shouldn’t be doing it in the first place"

Oh yeah, I forgot, someone already did:
[http://www.hackinthebox.org/modules.php?op=modload&name=...](http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=17679&mode=thread&order=0&thold=0)

Know what, FUCK YOU Mr. Schmidt!

