Forgot your password?
typodupeerror
Google Privacy Your Rights Online

Google Grabbed Locations of Phones, PCs 230

Posted by Soulskill
from the gift-that-keeps-on-giving dept.
1800maxim writes "As it turns out, Google didn't only grab the hotspot SSIDs and MAC addresses with its Street View cars. As this article at CNET notes, Google also recorded location data of computers using wireless cards, as well as cell phones and other Wi-Fi devices. Google's explanation is that the data collection was accidental, and they declined to answer further questions from CNET."
This discussion has been archived. No new comments can be posted.

Google Grabbed Locations of Phones, PCs

Comments Filter:
  • I don't think this activity is limited to 'street view' cars - I don't live in a country where there are any roaming the city at all, yet every mac address for all the access points I own can be located by entering them in to sites like: http://samy.pl/androidmap/index.php [samy.pl]

    I would assume Android is the culprit here. I expect Google buried some lawyer speak deep in an EULA making this activity perfectly legal. I'm not okay with it though.

    • by siddesu (698447)

      Not really. My home (static, used for a long-long time) ip address was paired with coordinates roughly three years ago, long before I used an android phone at home. It locates me with a scary precision ~10 meters. I live 10 meters away from the street.

    • Then change the MAC addresses. It's public information that you broadcast. If you're not OK with it, don't do it. Put your network on silent mode, or set up some encryption. Skyhook has been doing this for years before Google was doing it. This is how it's possible to Geolocate a person when their on Wifi with a Wifi-only device. iPad's, for instance, depend on it.

      But the fact is, your MAC address is not tied to you in the same way your IP address is. I can't go to your ISP and demand they tell me wh

      • by wgoodman (1109297)

        Actually, considering cable operators require the mac of the modem to provide service, and others can simply check via ARP if they don't have it on file, An ISP can pass out your external MAC with ease. Your internal less so, but that's not the issue here is it?

        • Yes, it is. Google captured internal addresses, which are those 'floating around' through Wifi.

        • And how is someone going to sniff your cable modem's wired MAC address over WiFi? Each connection has a separate MAC address.

      • I used to have an ipod touch on loan, and to help it finds its location, I entered all the wifi access points I could find into skyhookwireless's database.

        So, just because your access points appear in a database doesn't mean that the operators of that DB went snooping, it could be an independent third party providing the data for innocuous reasons.
    • by mcgrew (92797) *

      If it's illegal, putting it in a contract doesn't make it legal.

      • Unless it's illegal to do it "...without permission," which a contract can do.

    • I expect Google buried some lawyer speak deep in an EULA making this activity perfectly legal. I'm not okay with it though.

      It's hardly buried deep. There's a whole section in Android settings panel to control it - "Location and Security Settings". You can just turn off certain location service types if you want. If there even was anything evil and unwanted going on, people will bring out some ROMs with all that crap disabled for those that don't want to help improve the location databases. I think when you first connect up your account it asks you if you want to enable your location in Latitude and allow the phone to connect lo

      • ...which would be handy if I actually owned an android device at all.

        • Okay, so you're bothered about them recording public information rather than them secretly tracking your phone no matter what settings you choose.

          If you don't want your internal MAC addresses being publicly broadcast, use cables instead of WiFi. Pretty obvious and simple. If you were singing loudly with your window open, you couldn't complain about people recording the noise from the street. Likewise you can't complain about people recording radio transmissions and identifiers that you're knowingly spewing

  • by Anonymous Coward on Wednesday July 27, 2011 @05:30AM (#36892470)

    Google's business is built on having data about people. Google drives around and collects even more data about people from personal WiFi hotspots, PC WiFi cards, and phones. Only the truly naive can possibly believe this is accidental. The whole "big clumsy cuddly bear stumbling around doing silly things" excuse is getting very old, Google. Stop playing us for stupid.

    • Of course it wasn't accidental. But it was for only for geolocation purposes. You think they don't have enough personal data from people's email etc anyway if they really wanted it? They could do keylogging from Chrome on specific targets if they wanted to. They could hire private investigators to place cameras. They could use people's Gmail usernames and passwords to log into paypal accounts, etc, etc, etc, blah blah blah.

      They are making money hand over fist from ads and Android already. It's moronic to se

    • by SuperQ (431) *

      No, Google's business is about having data to GIVE to people. Then display ads relevant to the information you asked for.

      Being able to give people accurate location information based on what wifi AP they're near by is good information. It's far easier and requires a lot less battery power than GPS. It's also less accurate than GPS which is a good thing if you're worried about location privacy.

      Having accurate location information allows me to search for "tacos" and get some kind of local result. Cell phone t

  • by Cyberllama (113628) on Wednesday July 27, 2011 @05:40AM (#36892504)

    We've already heard the method they were using for capturing MAC addresses and how sloppy it was. We already knew they were collecting random packets, then truncating them to include the MAC Address and a small portion of the payload and then saving them. We know some of those payloads include packets sent by people GASP on their phones or laptops, therefore it stands to reason some of the MAC addresses must also be from those phones and laptops. We knew this months and months and months ago, but apparently CNET didn't make the connection so easily.

    It's like we just keep rehashing the same old story over and over and over because nobody understood it the first time, and someone comes and puts a new spin on old data and suddenly it lives again. The thing is, you can change a registry key and change your MAC address. There's no big table of data somewhere that connects your MAC address to specific person. It's not even remotely the same as an IP address. Oh sure, you can say "Hey the MAC address of this device on my network matches the one on my network yesterday" but not "Hey, that's my neighbors MAC address" unless you've got some sort of access to the device in question.

    So Google may know that a certain device was one place and also another place, but that's about the extent of the correlations they can really make with this data. Again, just as before, there's no reason to assume malice when sloppy coding is much more logical explanation. Google has nothing to gain and much to lose (PR-wise) by doing something like this on purpose, and a very reasonable and believable explanation was offered. Conspiracy theorists can continue to beat this dead horse if they like, but I'm an Occam's razor fan.

    • There's no big table of data somewhere that connects your MAC address to specific person.

      I'm sure that's true for most MAC addresses, but I have to wonder if it isn't for a large minority. It's technically easy enough to do it for hardware supplied by the network provider (some routers, cell phones). And I'd assume in many cases companies like Appie also would have an easy time making the connection between a unique serial no and the devices MAC, if a piece of hardware is registered with them either explici

    • by djdanlib (732853)

      The news keeps rehashing this story because it's sexy as heck, and gets lots of attention. Got a new angle on it? Republish as if it were a brand new news item and profit from the new attention and uproar. Advertisers love it, too.

      That being said, I'd be a lot more okay with this if there was actually a stated reason for it, because then I could know whether I should do something about my wifi's visibility...

  • Isn't it obvious? (Score:5, Insightful)

    by ThunderBird89 (1293256) <zalanmeggyesi@@@yahoo...com> on Wednesday July 27, 2011 @05:42AM (#36892522)

    Why is this new? The StreetView cards were set to promiscuous mode, since they sniffed data packets not intended for them. It stands to reason they recorded responses from the end devices too, not just the AP->device traffic.

    • by Barryke (772876)

      Sir, i comment on this comment so it stands out a little bit more over the ignorant comments.

      We already know Streetview captured all packets it received, didn't we? It dropped those containing privacy sensitive data. It kept those packets that identify devices. It just so happens not all devices where geo-stationary. Why is this news, again, Slashdot??

  • So we have had Google's explanation for what happened, and how a coder got lazy and just modified some existing packet capture software (which captured all packets, instead of just the ones used by networks to announce themselves). Rather than actually writing some simple routines to select which packets to record and properly remove all the payload data, he simply let it record every packet with *most* of it truncated. This left the MAC address and sometimes a portion of the payload data behind.

    We all kn

    • Well, if it was just a data dump, they couldn't know _where_ the client was.

      But apparently they used Kismet, which creates an XML file (.gpsxml) with a list of networks (and their clients) and the coordinates at which they were seen.

    • by AHuxley (892839)
      1. It it was with so "*most* of it truncated" they still got details like- username and password.
      http://www.macworld.com/article/158671/2011/03/google_streetview.html [macworld.com]
      "There's absolutely 0 new information here" - they got fined in court 100,000 euros, about $143,000 i.e. the nothing wrong line repeated so so many times is now 'old'
  • ...but shouldn't the real story be about how much information your gadgets are just leaking all over the place? Google didn't break into people's homes and write down the MAC addresses of every piece of tech they could find, they just recorded what was already being blasted through the airwaves. Now, I'm not saying this makes it all ok, but at least we KNOW Google is doing it - what's to stop other companies/groups/individuals from doing the same? The real issue is that the information is out there, not tha

    • by Hatta (162192)

      Now, I'm not saying this makes it all ok

      I am. What you broadcast on public spectrum is public information. It is OK for anyone to do anything with that data.

  • afaik, your street address is NOT private information. Barring the boonies and any illegal housing projects youre on a map somewhere. I havent seen a dead tree copy of yellowpages in a few years, but in some places residential addresses are listed in the book along with name and landline #
    • A street address does not reveal what your online activities may be. But between you and your hardware mac addresses and your isp with their assigned ip address, one can most certainly sniff out passing packet information. A I am sure you know there are federal laws that prevent others from accessing your mail and reading it. IMHO any packet passing through your router via modem via your isp should have the same outright protection as a letter in your mailbox. Regardless if your wifi is password protected.
      • Sure, but this article complains to what is essentially taking mail from the postman, recording the address block, and putting the mail in the box untouched.
        • by maeka (518272)

          Sure, but this article complains to what is essentially taking mail from the postman, recording the address block, and putting the mail in the box untouched.

          Which, at least in the USA, is illegal. ;)

        • by Barryke (772876)

          Fixed that for you:

          Sure, but this article complains to what is essentially looking at mail from the postman while walking past on the curb, recording the address

  • by pedantic bore (740196) on Wednesday July 27, 2011 @07:13AM (#36892950)

    They sure seem to be collecting a lot of data by accident...

    My friends at Google swear up and down that every line of code in the Google codebase is reviewed several times before it is signed off and released for any purpose. Some would have caught this; it's obvious from the data what is happening. So, either my friends are liars, or Google is. I trust my friends more.

    • by AHuxley (892839)
      Yes cars all over the world getting all that data and nobody 'found' it during local beta testing ... or during a review. They just signed off on it, stage after stage ...
      Its all just that "one" person using net code that one time ... just once and it got past all the smart people all over the world looking after data collection in all the cities ... all the trials, testing, reviews - they all missed it.
      How strange was that.
    • by joh (27088) on Wednesday July 27, 2011 @08:57AM (#36893690)

      They sure seem to be collecting a lot of data by accident...

      My friends at Google swear up and down that every line of code in the Google codebase is reviewed several times before it is signed off and released for any purpose. Some would have caught this; it's obvious from the data what is happening. So, either my friends are liars, or Google is. I trust my friends more.

      I'm sure they do this reviewing and testing for production code running on their servers. But for tools that will never run anywhere near the net and which are basically one-off affairs to gather data? I bet "seems to work so far" is all that's needed then.

    • by Nerdfest (867930)
      This [kismetwireless.net] is the code. Google didn't write it, from what I understand, they just used it in the default configuration.
  • It might be good if some of the smart people commenting here would become familiar with MAC addresses and what they're used for.

    You seem to understand that DNS maps domain names to IP addresses - but what maps that IP address to your specific hardware?

    Those who say you can change the MAC address to anything you want - maybe they understand that they're assigned in such a way that duplication is rare to impossible. For extra credit, describe what would happen if two devices shared the same MAC address.

    • by AHuxley (892839)
      Interesting http://news.cnet.com/8301-10784_3-9920665-7.html [cnet.com] was about the P2P illegal file hunt.
      They hinted at "software captures "unique serial numbers" from the person's computer".
    • by Lehk228 (705449)
      Unless the two devices are on the same network segment, nothing happens at all, if they are on the same segment (I heard there was a chinese NIC manufacturer that was shipping cards with all the same MAC addresses) then your network becomes a netdoesn'twork
  • has come to life! Or whatever they called it on southpark. I for one, will not be on google+ as from the beginning it reeked of snooping, and since its designed to be one better than facebook, well... of course its going to do that.

    From the makers of The Bomb - they set us up, and Anal Lube.
  • by BlueCoder (223005) on Wednesday July 27, 2011 @09:49AM (#36894378)

    They recorded either all raw radio wave data or minimally converted everything to digital according to the WiFi protocols. So if someone accessing their bank at the the time Google drove by then Google captured their bank data. If someone used weak pass phrases for their WiFi then the stored data is easily decoded.

    I am very libertarian. It doesn't matter if a law says I can't listen into a radio wave, the truth is I can and so can anyone else. It's my fault for not encrypting my data securely. It's my responsibility to know that encryption has it's best practices and to use them as well as to be informed that I am taking a calculated risk in transmitting data wirelessly since nothing is guaranteed.

    Radio signals are public.The trick is decoding them. Decoding them should not be illegal since bad guys don't obey the law. To me it's like arresting people for eves dropping at the next table when people can clearly hear them at the other end of the room. If you want privacy, go somewhere private and secure.

    • The information is BROADCASTED publicly -- if you don't want them to see you then Wifi has the option of hiding the network name; which is clearly indicating that you don't want others seeing you - without doing that you are willfully going naked from view of a PUBLIC SPACE -- so its 100% fair game they snap your photo and there is nothing you can do about it (or should expect to.)

      One could argue that merely broadcasting things into the public space is enough; however, due to the nature of the technology th

"Stupidity, like virtue, is its own reward" -- William E. Davidsen

Working...