There's a bigger joke here. They are asking people WHO ARE ALREADY NOT KNOWLEDGEABLE ENOUGH TO ADD A WIFI ENCRYPTION to change their network SSID. I think .01% of the population will benefit.
I don't think so. While the data collecting was one snafu that hit a smaller set of people with WIFI routers, the bigger story unveiled was that Google created a huge database of (SSID, Router MAC, location) regardless of wifi encryption.
The issues got conflated. This whole thing came to a head when it was discovered that Google was inadvertently capturing stray packets as it drove by. Of course, Google doesn't want nor need bits of your stray data, but it became a story about reading your private messages.
The solution to not wanting to be mapped, is Google's Opt-Out procedure. The solution to not wanting other people to read your wireless data, is to properly use encryption.
There are many serious threats to privacy in our increasingly networked world. Cataloging the location of public WiFi hotspots is not one of them.
That wasn't the problem. Google sniffed and stored data packets, not just the location of the APs. And of course, a decent proportion of them were completely unencrypted.
Of course, whether should people have to encrypt their Wifi networks is debatable, but the EU authorities weren't pleased, so now Google is trying to play "extra nice" to calm them down.
It was an accident. Google doesn't want your data packets.
But if you're concerned about bad guys stealing your wireless data, then it doesn't matter what Google does or opts you out of -- you need to use encryption.
Yes, it is. You're talking about a completely different problem. Anyway even if my network is encrypted, it won't keep Google from logging my SSID and location.
This isn't "calming them down". This is throwing gasoline onto the fire.
Google should understand that in countries where privacy is considered an fundamental right, the default answer when it comes to gathering this kind of information is "no", no matter how minor the issue may be.
Telling those authorities "we're gonna do it anyway" is a major provocation.
I disagree: I don't think the authorities have any real problem with SSID location collection. After all, Google requested permission before capturing (they have to, at least in some countries like Portugal) and that was granted.
Our commission did have a problem with Street View photos, but not with the SSID recording.
A web form to submit a MAC address would make more sense, but if this were a serious problem the solution would be to go to the manufacturers. A standard for broadcasting an "opt-in" bit configurable in the router's admin interface might be reasonable.
(But standards take time to develop and implement. Not to mention that the existence and location of certain MAC addresses is far from the biggest fish to fry, right-to-privacy-wise.)
Perhaps, but I think determining the wireless MAC address of your router would be a much more difficult technical challenge compared to changing the SSID.
Why would the opt-in version of the exact same solution not work? You add '_domap' to your SSID to opt-in. If you don't add that, Google agrees to remove your SSID from their records (this does require that they periodically re-scan APs, of course). Am I honestly missing something?
That's Google issue to sort out-- to incentivize the service. The opt-in solution is still technically feasible, in the sense that it is as easy to implement as the opt-out solution.
Two alternative that don't require users rename their entire networks. One, opt-out via MAC address. Or two, opt-out via geofencing: let me pick my house off a map and type my SSID. Both of these solutions could be automated by a little program that ran once in the user's network. I'm sure the clever engineers at Google could come up with even better solutions if they actually cared about a usable opt-out solution.
It depends on why you want the information removed. If it's because you don't want it publicly available then fine, but you may not want Google to store that information at all. In that case opting out is giving them even more information about you; as you'll be potentially linking your IP, Google cookie and account to your SSID when you complete the opt-out.
While I think that having to change the SSID is a lame solution, the problem with your suggestion is that there's no way to ensure that the person opting the networks out actually has control over the network; it would take minutes for 4chan or other mischievous people to opt-out whole neighborhoods.
What should Google do? Yes, the solution they propose is horrible and hardly anyone will be able to understand it. The important question is whether people really should be able to not have their access points mapped.
SSIDs are public, just like house fronts. I think the European data protection hounds should calm down a little.
I think talking about data protection as a failed ideology is much more interesting than talking about the last convulsions of the same.
Yet, they allow you to pixelate your house front in Europe. That's the cultural standard of privacy there, so it shouldn't be surprising that SSIDs matter to them.
That's not really the point of this thread. The point was the next two sentences about "data protection hounds" and a failed ideology. European standards of privacy are not less legitimate just because they are different from American standards. His argument apparently was that since we allow house fronts to be photographed (in America), we should have no problem with SSIDs being captured. I was explaining why they would matter in Europe.
I’m German so don’t tell me about European cultural standards of privacy.
There was a huge outcry in Germany when Google announced that they wanted to start Street View there. Photographing the fronts of homes is perfectly legal in Germany (and will continue to be legal), the ability to opt-out was a concession from Google, not a legal requirement. That said, Google certainly caved in to prevent a Lex Google.
I despise the official German view on data protection that found its expression in this outcry, fueled by many politicians. To me it’s nothing more than thinly veiled anti-americanism and a reduction of data protection to limiting freedom and not the state.
Google’s freedom to photograph the fronts of homes or collect SSIDs is my freedom, too – at least if the law isn’t selectively enforced (and it shouldn’t be). Data protection’s main goal should be to limit the state and not my (and Google’s) freedom.
That’s what I mean by failed ideology of data protection:
1) Its meaning can easily be twisted and turned and consequently it can have perverse consequences.
2) Control over data is practically impossible and we should much rather try and find ways to better arrange us with a world in which privacy is hard or impossible to achieve.
Whats the major problem with logging the location of a Wifi access point?
I understand Google screwed up in this area before, when they captured network traffic. (Even then, it seems they captured that data due to oversight, not some nefarious scheme.)
There are lots of huge privacy issues in the world; I don't think a database of approximate wifi locations ranks particularly highly. I don't care if Google map my hotspot, and I'm happy to have my phone locate quickly, when I'm out and about.
And they are now providing a way to opt-out, for the people that feel strongly about it; its not trivial to implement, but I can't think of a way of making it easier.
It seems a lot less complicated for an end-user than robots.txt is in the related scenario of web scraping.
That blog post is full of vitriol; I don't think its adding much constructive discussion, or insight; I think its just blowing things out of proportion.
Exactly. Useless solution for the majority. But who gives a shit anyway? In tech it's hard to decide what's good for you and what not. Privacy is nothing trivial anymore. You are out there or you live in a forest without any technical device at all.
What he said. At some point, if people want to eat, they need to belly up to the big table called society. The Enlightenment came with great discussion of the social contract for good reason. Opting out of the social contract is a hard problem. Even the guy in the forest was born to a mother. Even the orphan depends on someone to survive the first years of life. Anyone who can formulate solid arguments got an education that someone provided and paid for.
You're router is a flashlight shining in the GHz range. If it was in the visible range, your neighbors would get an injunction because it would keep them up at night.
So, Google could be forced to not gather this information at all.
Whether its in the public interest is a tradeoff between the utility provided vs the privacy loss. I think its a net utility gain - I like my phone to resolve quickly, and see little downside - so I have no general objection.
Some people might object strenuously to this information being gathered; they now have a mechanism - albeit kludgey - to opt-out.
Could the opt-out be implemented better?
You say you don't accept 'its too hard' as an excuse. But sometimes there's a limit to how well a problem can be solved, given its importance and the set of people who care about it.
You could build a physical switch on the router (perhaps even one that appends '_nomap' to the SSID). But we don't expect Google to ship everyone a new router, right?
If there's ever sufficient consumer demand, router manufacturers could add this feature. But there probably isn't going to be.
We live in a world where Telcos track and log our locations, to a resolution of the nearest cell, or nearer, all the time. They typically have our identity and demographic information. They know who we call and message, and for how long. I'm studying social network analysis, and you can infer an awful lot from data like this.
So, how do I turn my phone on 'do not track' mode?
I think its pretty decent of Google to enable this feature; yes, the solution is inelegant, but the people that care enough about this can probably figure out how to enable it.
I think anger about privacy violations should be directed at worse offenders.
Maybe it would be better to have people who don't mind it opt-in rather than expecting people to opt-out of something they might not even know they're in.
"...anger about privacy violations should be directed at worse offenders."
> Maybe it would be better to have people who don't mind it opt-in rather than expecting people to opt-out of something they might not even know they're in.
No, because it will render this service useless, as almost no one will know or care about it. Sad truth, but you can't have 'opt-in' for everything if you actually want to accomplish something.
It's an invasion of the privacy of the owners of said access point because they neither asked not intended for their SSID and location to be put into Google's database.
It's as simple as that. In most Western countries, a citizens right to determine what happens with information about them is considered a fundamental right. The fact that the information is publicly available and easy to collect does in no way diminish that right.
It's what is done with that information what matters. And no owner of a WiFi access point ever intended their SSID to end up in Google's databases, and especially not related to their geographical location.
It crosses an ethical and possibly legal line that may not be recognized in the US, but is pretty plain and solid in many other countries. And these aren't technologically clueless countries: net neutrality is the law in the Netherlands.
Google knows all of this, and yet chooses to publicly tell these countries to go fuck themselves. Smooth move.
1) Just because you never ask or intend for that, doesn't mean that's your right: TV channels don't have to ask each person that passes on the street and happens to be filmed for authorization. There's a thing called expectation of privacy.
2) Google, at least in some countries, did in fact request permission from the appropriate bodies: here in Portugal we have a "National Commission for Data Protection" and they did authorize Google to collect that data and even to photograph the streets.
Where is the outrage over the multiple wifi access point databases which already exist and _don't_ give anyone the ability to opt out? (skyhook, navizon, etc)
The outrage was over the data packets Google collected. Now they're being forced to implement this as a punishment, it seems, more than because of any actual problem with SSID location recording.
Serious question: why is MG Siegler taken seriously at all? So far as I know he has no credentials, is incapable of actual analysis, and takes forever to get to the point. Am I missing something?
Great analyst? He's basically an apple PR personnel. Most of his posts van be summed up into Apple can do no wrong. Anyone opposing apple is wrong and stupid. There is no logic. It's blatant and it's almost like he does it for page views
I've always assumed it's because his hyperbole incites reaction, lots of comments and all that. His articles mostly end up being completely worthless and sensational in my opinion. I try to avoid them, but occasionally I stop in to check and it's always the same reaction, "Oh, he's still doing that."
The outrage isn't about about public hotspots. It also logs your home SSID, even if the network is encrypted. That's what people are mad about - having their home routers on a Google map.
I don't get it - when I click on available wireless networks I see all of my neighbors SSID names, should I not read them? These are not private, the default setting of a router is actually to broadcast this name.
So, perhaps we should advocate router manufacturers to change the default SSID broadcast?
Hardly comparable, since you can know the name of the person from the license plate, but there's no SSID -> Owner's Name database.
A better comparison is your house address and number: it's out there for everyone to see and it gives them much, much more information than the SSID ever could.
Having a semi-public database could be a bad idea. Depending on how often the database is updated (and how it is queried) you could track where your new neighbours have moved from and where the old one went.
If someone is being stalked they'll disconnect their phone, but who thinks to change their router SSID?
I don't understand why so many people are defending Google here. The reality is that the vast majority of these so called "public" access points are going to be unassuming users that have unwittingly been added to Google's public wifi grid that basically invites people to use their wifi as a public service.
Please correct me if my assumptions are wrong. This feels like an incredible invasion of privacy. It's one thing for a user to ignorantly leave their wifi unprotected and have a few people take advantage, but it's another to look at it as an untapped resource and build a business model around it.
My understanding is that Google's servers keep the wifi location data. An app sends in nearby SSIDs, and Google sends back a probable latitude/longitude. I don't think they keep a database of public access points.
The mapping is not done so people can find your WiFi and connect to it. It has nothing to do with whether your access point uses encryption or not. It's just a way to do triangulation using known anchor points.
Suppose there's 3 access point advertising their existence around you (most access points do by default). If you know their coordinates on earth and their relative signal strengths, you can pinpoint a pretty accurate position of yourself. Kinda like GPS.
Google screwed up by collecting more data than they should, and now they are doing a little dance to appease the lawyers.
The solution is indeed a joke, because there's no problem. It makes no sense to not want people to pinpoint an access point on a map, when it's actively advertising itself. The way I see it, there's no privacy breach whatsoever.
The real problem (Google collecting too much personal data) has already been fixed.
Is your argument that this is an invasion of privacy? If so how.
Or is your argument that Google is using the 'untapped resource' of Router location to build a business.
If the latter, do you have the same issue with atlas publishers who without my permission put my road into their big printed books - indeed mapped out the whole of London without a city-wide referendum to check whether this was OK.
That isn't the least bit of what's happening here. Google's streetview cars simply map your router's SSID (actually, as far as I can tell, it's the MAC address) to coordinates that the car's GPS provide. They allow for devices to determine their location more quickly than acquiring a GPS lock and more accurately than relying on cellular tower triangulation. When you combine all three, you get phones that can figure out their current location quickly and accurately.
At no level is google telling people where to find free WiFi. They simply provide a correspondence between MAC addresses of nearby routers and latitude-longitude.
Your assumptions are completely wrong. This is nothing to do with whether an access point is public, private, encrypted or not. It is not used to populate a database of public wifi points.
Instead it's used to correlate publicly transmitted SSIDs with longitude and latitude. Such a database allows wifi-capable devices (including your laptop's browser) to somewhat reasonably geolocate without GPS (or, more common, more quickly but less accurately before a GPS fix is available).
Anyone outraged about this needs to extend the same outrage to Apple, Skyhook, among many others doing exactly the same thing. With no mechanism of opting out at all (because, really, opting out is ridiculous anyways).
HN, to some degree, is hijacked (including its own administration that hellbans people who hold contrary opinions). Somehow this useless rant by Siegler -- about a complete non-issue -- sits at #4. Another useless article, quoting Gruber, hit the front-page yesterday.
If I could exclude the votes of anyone who hit up arrow on either of those, HN would be a much more interesting site.
I'm almost convinced that the Google solution is a demonstration of intent to overcome legal hurdles in places like Germany. It's not at all a real solution that real people will use.
1. So, how does this "solution" affect networks they've already mapped? It seems odd this would be proposed after the fact.
2. Why should I have to change my name to not be mapped? From a rights perspective, if you're doing something with my info, shouldn't the onus of changing primarily be on you?
My mother would fail to be able to do this. Not just because it's a technical challenge, but also because her ISP sends out routers which are preconfigured with a SSID to make setup _easier_, you just plug and play. No admin console, no telnet (TBH: I didn't look to hard for either).
Perhaps GOOG feel privacy is only the concern of people that have enough nouce to setup a wifi router? 100% of the routers at residential buildings I connected to wifi at on my recent trip to the UK were this type.
If you feel that strongly about this, you can learn how to configure a router or you can find someone to do it for you. If you don't want to do either, it doesn't seem like this is terribly high on your list of priorities.
When the wireless router broadcasts the SSID, is that all it broadcasts or does it also broadcast its MAC address, etc? How can you tell the difference between one "linksys" router and another one, also broadcasting "linksys"?
" Apple does the same thing. So does Skyhook (which is suing Google for ditching their location database to build their own). So do others. It’s a good idea. And it makes locations services much better."
versus
"The solution is a joke."
Then he rants about how opt-out is bad and opt-in doesn't work. So what is it?
If someone cares enough to opt-out then he'll be able to change his SSID. Be happy that Google doesn't let you register your access point with Google and opt-in/out there (and while doing that mapping your identity to your accesspoint and location).
I don't see an easier way of opt-out. And i understand that opt-in is not feasible.
By the way, you have to explicitly enable this data gathering while setting up your phone (on android), so part of the data gathering is to blame for the user that enabled it, i guess. ;)
This opt-in/opt-out is a false dichotomy in my opinion, because probably 90% of the population don't know this issue at all. So it doesn't seem to matter much, how difficult the opt-out mechanism is. Likewise, if you use an opt-in mechanism, practically nobody will opt-in, although if everybody could weigh the cost/benefits the result might be different.
Which is fine, it would be a huge price on society if everybody had to educate themselves on these small issues all the time.
This is an area where regulation is the best choice. As long as there is no law against it, I can't see how it google is in the wrong here?
That's a horrible solution, but I really don't know what the problem is. Yes, they inadvertently collected extra packets - and they stopped. Why no outrage against Apple or Skyhook?
Thought experiment: Imagine the same product, determining the location of a mobile device, through a different mechanism. How about we replace SSID with paint color of a building, and the mobile device's wifi antenna with the same device's camera. From there, the service works more or less the same. The sensor (camera) sends google a snapshot of its current surroundings. Google compares this pattern of colors to a map it has created by cataloging building colors around the world and makes a best effort to find a match and provide a location based on that.
Assuming you are ok with google street view (if you're not, I assume they same reasons would apply to SSID mapping), what then is the difference between the color of your house and your SSID?
And to head off one possible reply, the data collection issue is orthogonal to the mapping of SSIDs. I don't think anyone is saying that it was ok to capture data packets, but for the purpose of this thought experiment, let's pretend that google had properly performed the SSID mapping and stored only SSID and location of their collection vehicle.
Naturally opt-in < opt-out.
reply