My Location the Next Google Privacy Controversy? 167
theodp writes "While Google boasts one of its Privacy Principles is making the collection of personal information transparent, even techies are left guessing about what's going on behind the scenes of certain products. The American Dictator points out that Google's Wi-Fi collection efforts don't stop with its Street View cars, offering up this explanation of Google's My Location: 'When you allow Google to "know your location," what you are really agreeing to is to send to Google's computers your Wi-Fi environment — not only the name of the Wi-Fi hotspot you are logged into, but also the names and signal strengths of every Wi-Fi hotspot around you. In other words, the same things that those Google Street View cars were sucking up as they drove by your house.' So, will changes in privacy attitude prompt changes in Latitude?"
Does anyone actually use that? (Score:1, Insightful)
I thought the "My Location" had long been considered a massive privacy breach,
Who actually uses it?
Not unusual (Score:5, Insightful)
That information is all being broadcast. (Score:5, Insightful)
That makes it public. Google is merely asking you to forward some public information to them. You may, if you wish, decline.
Re:It's astonishing how people don't understand ra (Score:3, Insightful)
Re:That information is all being broadcast. (Score:5, Insightful)
Not to mention the summary is a troll. What google did wrong with its earlier program was actually capture unencrypted packets. These location services (google is not the only one) simply create a database of wifi names and correlate them to GPS. I don't see the problem here. If you dont want me to write down your hotspot's ssid then I suggest you stop broadcasting it.
Re:That information is all being broadcast. (Score:5, Insightful)
Not quite. While the SSID's are public information, the signal strength relative to me isn't. That's something you have to be me to know or at least be standing next to me. I hardly call that public information.
It's broadcast, it's measurable by just about anyone, you don't have to be on private property or in a private building to detect it. I'd say that information is public.
Re:It's astonishing how people don't understand ra (Score:4, Insightful)
How many people have scanners these days?
How many people have the Internet?
Now do you understand why there might be concern about putting the dispatches in a central location on the Internet?
There are a lot of idiots out there, and they can really waste your time. That really is the biggest pitfall of open information, imo.
Re:That information is all being broadcast. (Score:4, Insightful)
>While the SSID's are public information, the signal strength relative to me isn't. That's something you have to be me to know or at least be standing next to me. I hardly call that public information.
What? The signal strength of your SSID broadcast is as public as anything. If my ability to see your SSID and how strong it is offends you so much, please unplug your WAP.
Re:Google already does this - sort of (Score:3, Insightful)
> ...I am concerned about them capturing packet data.
Then don't broadcast it.
Re:That information is all being broadcast. (Score:4, Insightful)
Eh, I honestly don't know about that. It's happening in public, but does that make it public in a narrow sense?
Imagine you're chatting with a friend while you're walking down the street. Is it OK if anybody records your conversation (perhaps even without your knowledge and/or approval), stores it indefinitely, and does - well - basically anything they want with it? Is it OK if it's being sold or otherwise passed on? Is it OK if private companies do this? Your employer? The government?
I'm not sure where the line should be drawn, but "it's happening in public, therefore anything and everything is automatically fair game" strikes me as overly simplistic.
Re:Google already does this - sort of (Score:2, Insightful)
You've said that half a dozen times or so.
There really is a fundamental difference between traditional surveillance and cheap, mass technological data collection (At a minimum, cost!). It makes sense to acknowledge that difference in our laws, rather that just spitting on people when they don't understand how pervasive the monitoring is, or what the full implications of their actions may be.
Re:OP is confused... (Score:4, Insightful)
No ISP is going to give Google access to their address database.
No residential ISP. Commercial guys usually fill out the WHOIS form when they assign addresses. Otherwise ARIN gets agitated and may or may not give you more IP space when you ask for it. (Response will read something like: You want another /18? WTF? whois claims your most recent /18 is only 1% utilized?)
Re:Holy shit! (Score:3, Insightful)
Wait, you mean those words I type into the text field actually GO somewhere?
I thought Google worked like something out of Harry Potter.
Re:Location (Score:3, Insightful)
I'm in the US, but today Google shows my location as a town in Norway. Last week it said I was in Malaysia. Every so often it puts me in my actual office location. I'm guessing my corporate proxy has something to do with the confusion, since I'm not using wifi on my laptop.
Yeah, IP-based location is very poor, often choosing the wrong city. Wifi can vary from bad to good, but it's often reasonably accurate (e.g. to a few blocks).
I once had wifi location tell me that I was hundreds of miles away - I was at an exhibition, and I assume that the wifi access points were used at different exhibition and conference halls throughout the country.
Re:I don't understand either side of this (Score:4, Insightful)
They, or someone with access to their data, might abuse the information. If Google were a small, local company, doing this sort of thing for a single locale, it would not be so terrible -- but they are a huge, international operation, tying information together from all over the world, and using that information to determine more details about a person than that person agreed to reveal. There is a very high potential for abuse, and this is one of those situations where once the abuse starts, it will already be too late.
Re:It's astonishing how people don't understand ra (Score:2, Insightful)
How many people have scanners these days?
How many people have the Internet?
Now do you understand why there might be concern about putting the dispatches in a central location on the Internet
I have got to study my logical fallacies again. I can tell that this is one, but not which one it is.
Put in simple English, however, it might go something like this: Scanners are cheap, especially the ones which can only handle a couple of frequencies, which is all you need to monitor dispatches. In fact, I have not only regularly seen them on Craigslist for $10, but I occasionally see them on Freecycle for nothing. Anyone who is motivated to scan these dispatches, therefore, can do so. You could panhandle for the cost of a used scanner in most American cities in just one day, or substantially less if you're any good at spanging. So realistically, passwording the web dispatch log accomplishes basically nothing.
Your argument would only be valid if the bar to intercepting those radio broadcasts were high, which it isn't. Odds are that you could actually buy a radio used that was already programmed/crystal'd for the frequencies you want. Shit, for less than what it costs to get a computer that can run a modern web browser you could probably get one that would permit you to transmit on those frequencies.
Re:That information is all being broadcast. (Score:3, Insightful)
Imagine you're chatting with a friend while you're walking down the street. Is it OK if anybody records your conversation (perhaps even without your knowledge and/or approval), stores it indefinitely, and does - well - basically anything they want with it? Is it OK if it's being sold or otherwise passed on? Is it OK if private companies do this? Your employer? The government?
yes, actually whatever you do in public is in the public domain.
don't like people knowing your SSID? don't broadcast it. don't like people knowing your get sloppy drunk every day after work? do it in the privacy of your own home.
Re:I don't understand either side of this (Score:1, Insightful)
They have the MAC, IP.
...of the access point, not the offending machine.
Trace the MAC as the unit was paid for by credit card ("cop" makes a few calls)
They would only find out which cafe you uploaded from. Why do both google and the credit card company give out their combined information easier than an ISP would?
and get the local surveillance tapes.
Well, there's your problem; If you have enough cameras that your local government can know everyone who passed through a particular cafe, you have a problem quite independent of wifi-geolocation. Even if such surveillance is the case, I don't see how you make the jump from "anyone in the cafe" to a particular person in the cafe.
No warrant, much less paper work needed
You are assuming various groups turn over information as convenient to your scenario, while the ones that existed prior to wifi-geolocation would not. You do not back any of these up, so it is a pretty flimsy stack on which to base your assertion here.
and they have Googles GeoAds v3.1 wifi coupon and banner software to light up all MACS in their city.
Here you are assuming software which does not exist, passing out information that current systems to not (client machine MAC data, passed back to advertisers/clients/governments). If you're going to walk this far into the tinfoil forest, you could also assume that the government has convinced your OS vendor to install keyloggers on every machine as part of a security update. Or maybe that has already been built into the compiler [bell-labs.com].
A known face is noted, no more leaks ever again.
Your scenario reads like a cheap spy novel.
Your ISP is very protective of your IP and home address, why just gift a cities open MACs and locations over to a US corp to sell to anyone?
You assume that ISPs will remain "good", while google will become "bad". Both have a history of turning over information only when ordered to by courts (warrantless wiretapping aside), though both are also at the mercy of the government and recent crappy laws (patriot act etc). I don't see why you would trust your ISP more than google, as both have access to similar amounts of information. I can understand trusting neither company, but in that case you shouldn't be using the internet if you really that worried about privacy.
Also, I see many posts claiming google will "sell to anyone", yet nobody ever seems to come up with any evidence of google actually selling non-aggregated information. They use it themselves for ad products, but that's not the same thing as selling data profiles of individual people. You must be confusing them with Acxiom or similar companies.