Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Privacy Your Rights Online

Google To Honor "Don't-Track-Me-Bro" Requests 129

theodp writes "Someday soon, Google will allow owners of Wi-Fi access points to opt out of a Google service that uses their data to determine the location of others' smartphones. The opt-out service will be available globally, although it was created at the instigation of European privacy regulators, Google Global Privacy Counsel Peter Fleischer explained in a blog post."
This discussion has been archived. No new comments can be posted.

Google To Honor "Don't-Track-Me-Bro" Requests

Comments Filter:
  • Good to know..
    • Re: (Score:2, Insightful)

      by vux984 ( 928602 )

      So... you can opt not to be tracked by registering with google your wifi access piont and contact information, including name, street address etc.

      Is that handing over the information we're asking them not to track, and then some?

      That would be like being able to "opt out" of a TSA groping by taking all your clothes off, bending over and separating your cheeks. Not much of a win.

      • by Artraze ( 600366 )

        While I didn't quite see that mentioned in the articles, you'll almost certainly be giving them your account name (so necessarily your contact information), which combined with the data they have gets your full name (via G+) and approximate GPS coordinates, etc.

        But in exchange they won't track you with your AP anymore (they'll just use your neightbor's, firend's, office's, ...)

      • by Anonymous Coward

        That would be like being able to "opt out" of a TSA groping by taking all your clothes off, bending over and separating your cheeks. Not much of a win.

        That's subjective. ;)

      • you can opt not to be tracked

        No, you can opt out of helping others be tracked with your AP. Whether you are tracked or not is a completely different issue.

        Personally, I'd prefer if people did not opt out, because people can already opt out of the tracking on their own cellphones*, and opting out of this is bad for anyone who is voluntarily trying to get their location.

        * tracking by the providers is impossible to disable on the cellphone, but this won't help with that either.

  • by billstewart ( 78916 ) on Wednesday September 14, 2011 @01:57PM (#37402018) Journal

    The service Google is talking about here tracks the physical location of Wifi hubs by SSID, and because of regulatory pressure they're letting the Wifi hub users opt out. But how are they going to do that? Let anybody fill out a web form saying "SSID '12345678' is mine" and opt out? (Or at least implement some minimal security by requiring you to also provide the street address, so they can validate that you know where that SSID is, though you could still forge an opt-out for your local Starbucks?)

    One thing they don't talk about is whether they're tracking anything by IP address, or just by SSID. I'd really like to tell them not to track anything from my Wifi Access Point's IP address :-)

    Meanwhile, I'm the owner of "linksys" - please opt me out!

    • by Jeng ( 926980 )

      Perhaps I should RTFA, but do they track hidden SSID's?

      If not, there is your opt out.

      • by Anonymous Coward

        Hiding your ESSID is not a security feature, and can be found with a trivial amount of effort. all one would have to do is drop your WLAN card into monitor mode, and get near the AP, and wait for a beacon. Chances are Google collected this info in this exact manner, as it would be a bit difficult to drive down the road and log all ESSID's any other way. Now, with that said, hiding your ESSID only stops the AP from sending out broadcast beacons unless necessary. If there were little to no traffic on your net

      • You would think that, and you'd be sort of right. But this is basically a retroactive opt-out. Say your SSID was public and now you want it out of their database. I honestly cannot imagine why. There are literally 0 privacy implications here. It's pretty clear this was done just to shut up some European regulator who had no idea what the hell Google was actually doing but thought it *sounded* like something he should be concerned about.

        Also, I think its not about SSID but rather MAC address of the rout

    • MAC address, most likely. The data is already collected (by StreetView cars), so you won't be giving them anything they don't already know. Presumably, anyways.
      • Good reason (or not) to mask your mac, given your philosophical bent...
      • And, so let's have some fun here:
        1. publish a well-known MAC address
        2. have thousands of people all change to use that one
        3. watch Google's geolocation algorithm go nuts!

        (And yes, you'll need to be reasonably careful to not do this if you are within wifi range of someone who's done it already).

    • by Anonymous Coward

      The idea that this data is somehow private is the crazy part, people are broadcasting on free access public spectrum. It would be like giving people the option to opt out of having their house on street view. Its the general public's own misunderstanding that their WiFi signal is not limited to their own private space that is the real issue.

      Just think if this was using a different method, where a phone user can snap a picture of a public road and google would given them their location based off street view

      • by 0123456 ( 636235 )

        The idea that this data is somehow private is the crazy part, people are broadcasting on free access public spectrum. It would be like giving people the option to opt out of having their house on street view.

        People leave their curtains open. That doesn't mean they expect someone to set up a webcam outside their house so anyone can watch what they're doing.

        • Right. I agree with this sentiment. There was, within the last year or so, a case involving a man who was naked in his home, but a side window was open. A girl and her grandmother walking past HIS house, on his property, using the side of the house as a sort of short cut, saw him and called the police. who did arrest him on public nudity charges. Charge were later reversed. Such is the society we live in.
          • In his place I would file charges against the women for being peeping toms and trespassing. Also I would NOT drop the charges.
        • Some people would find that erotic...

      • Are you trying to be funny? There was a huge outrage over street view in Germany and you do, in fact, have the ability to opt out of having your house on Street View. I've got a blurred house across from where I live.

        Being visible/receivable from the street is one thing, having that data recorded and redistributed on a mass -- almost exhaustive -- scale is something different.

        All that said, I don't really get the outrage over recording hash(BSSID) to location mappings. The hash of a BSSID can not be tied to

        • Being visible/receivable from the street is one thing, having that data recorded and redistributed on a mass -- almost exhaustive -- scale is something different.

          Certainly Americans don't see it that way, but I recall reading that the Japanese feel that things which occur in public still have some privacy because politeness dictates that people not stare/spy/etc. So, for instance, changing your clothes in front of an open window still, somehow, qualifies as private and when a streetview car drives by that suddenly puts it in the public because people viewing those pictures later will not feel the social pressure to politely look away.

          I think most cultures have a pr

          • My point was not so much that Street View itself is an issue, but that while recording public things may be unproblematic on a small scale, they may become problematic if technology enables us to do them on a large, ubiquitary scale.

            I'm not creeped out by Street View, I think it's pretty cool and -- as with BSSID collection -- the potential for abuse is very low. The outrage was really caused by an only vaguely informed public and fueled by politicians who were happy to finally have someone besides themselv

    • by Artraze ( 600366 )

      What bothers me is that this isn't really that important. Who cares if they know where the access point is? It's just another AP. Sure you can tie it to a location, but what's the matter with that? The only information being associated is a GPS coordinate and an (internal!) MAC address and maybe an SSID. Big deal. You know there's an AP at these coordinates, but you could probably have guessed that buy looking them up and seeing there's a house there. So now they know for sure (within a few houses) a

      • To be tracked, you need to have an application running on your cellphone/laptop doing the Wifi scanning and sending the results to their servers. Why don't you just disable it? More: at least on laptops, why did you install it in the first place?

        Cellphone tracking by AP or even GPS is a red herring anyway. You're always tracked by the cellphone towers.

      • Excellent point. Wired Internet access is already tracked. Now let's ask the next question:

        Who would benefit from being able to track people this way?

        On a side note, what would happen if someone modified the MAC address of their laptop/AP etc.

    • The service Google is talking about here tracks the physical location of Wifi hubs by SSID, and because of regulatory pressure they're letting the Wifi hub users opt out.

      If only IEEE 802.XX [ietf.org] devices like wifi access points had some sort of address [wikipedia.org] that was guaranteed to be unique to that particular physical device. You could then even print that address on some sort of physical sticker and affix it to the device so that the owner could discover that address and communicate to third parties.

      Oh, the things you could do!

    • by AmiMoJo ( 196126 )

      If Street View is anything to go by there wont be any security. You can get anything removed from Street View just by claiming you live somewhere in the image and supplying an email address. The place I used to work at removed all their competitors' shops that way.

    • Meanwhile, I'm the owner of "linksys" - please opt me out!

      linksys? Say, I do need your street address, but the rest I can get at the ChurchofWifi.

  • by Reverand Dave ( 1959652 ) on Wednesday September 14, 2011 @01:58PM (#37402034)
    ..that this has to happen at the behest of a government agency. Why didn't google just foresee this was going to happen and implement it originally?
    • Because Google will do what they can get away with until someone sues/complains load enough, ie Google Books, waiting for a DMCA request before not linking to copyrighted content etc.
      • by Fned ( 43219 )

        "It's better to beg forgiveness than to ask permission..."

      • by Anonymous Coward

        Don't talk crap. Mobile location can be extremely useful. You go to google, search for something, like skateboard, or restaurant, and you'll get the nearest offerings come up, on a map, with the option to navigate from your current location.

        When you grow up and leave home, have kids etc, you may discover there's a real world where the rest of the population lives.

        • by 0123456 ( 636235 )

          Don't talk crap. Mobile location can be extremely useful. You go to google, search for something, like skateboard, or restaurant, and you'll get the nearest offerings come up, on a map, with the option to navigate from your current location.

          What if I'm not looking for the nearest location?

          And what do I do when Google's idea of my location is not even in the same country, let alone the same town? When I was in Italy a couple of years ago Google was convinced that I was in Holland. Of course having the website come up in Dutch wasn't much worse than having it come up in Italian because I don't speak either language, so the 'user-friendly' location tracking was actively harmful either way.

          • Come on, wake up. Location is critical.

            Lets say you search for "sony". Their main website is sony.co.jp... which is completely useless to anyone who doesn't speak japanese.

            Fortunately, google knows this and gives me sony.com.au instead.

            If you're looking for something in another location, tack that other location onto the end of your search query.

            • by tftp ( 111690 )

              Lets say you search for "sony". Their main website is sony.co.jp... which is completely useless to anyone who doesn't speak japanese.

              That's not their "main" web site. It's their Japanese web site. It ends in .jp, of all things!

              Their global web site is www.sony.net, and the USA web site is - completely unsurprisingly - www.sony.com.

              Why do you need Google to help you in such a simple matter? Would you completely fail to find Sony on the Internet without Google nudging your mouse with its noodly appenda

        • And a Real Name can be extremely useful as well, AC, so we can reply to you better, track you better, make sure we know that you're not doing anything "dangerous", etc.

          How about they just make it an opt-in system?

        • So how does this relate to my post? I never mentioned location. I get that the main article is about location but the bottom line is Google has a long history of doing things of questionable legality until they are told not to. Just because they can figure out where you are doesn't mean they should until you opt-in. They are doing it both to make their service better but also because context specific ads pay better. Google will do anything they can to get more info about you so that your conversion rate wil
          • You pretty much named the only questionable thing I can think of, and even it, they were on the "good guys" side of it from most people perspective. Allowing people to search through books might be on legally shaky ground, but it was hardly an act of evil.

            • Um, continuing to scan books while it is publicly well known that the rights holders are seeking an injunction or whatever it is called I'd say is pretty evil. Might not be illegal but in my mind scanning and publishing a bunch of copyright material in industrial volumes without permission from all the right-holders (actually even after it was publicly known that one of the right-holder groups was pursuing legal means to stop you) is pretty shady. I think books are worse to copy and distribute freely than m
    • Google mapped SSIDs as a side project of driving their StreetView camera cars everywhere. If that had been all they'd done, they probably wouldn't have been bothered by the government, but as was widely reported, they also recorded a lot of actual Wifi user traffic at the same time, in addition to the SSIDs themselves. That really annoyed a lot of people, leading to government investigations into Google's data collection.

      So this was a project that was well-known for not foreseeing really obvious stuff :-)

    • Because its not the government's job to enact laws by caveat. If it did we'd have a real problem on our hands. Laws are introduced as bills by citizens. The local (state, county, whatever) legislature then votes on those bills and they become laws. Didn't you people ever see School House Rock?
    • ..that this has to happen at the behest of a government agency. Why didn't google just foresee this was going to happen and implement it originally?

      Because nothing else involving public broadcasts of personal information works this way in the USA. For example, I'd like to opt out of ANPR - automatic license plate reading systems but I don't have that option short of not using my car (same as not using wifi).

    • by Anonymous Coward

      Because this restriction is incredibly stupid, and you are stupid for wanting it.

      If you broadcast clear text data on the public airwaves, everybody should be able to receive it and use it. Google is the least of your worries.

    • Because its hysterical nonsense. There's no privacy issue here whatsoever. Even the summary calls it "tracking", which just shows the submitter has no idea whats going on here. It's not tracking. All their doing is paying attention to their location when a router announces its presence. So theoretically, somebody might be able to figure out if your address has a wifi router or not. Is that a privacy issue for you?

      Because if so, you can turn that announcement off and stay "private". You don't actuall

  • To say the least
  • by mrnick ( 108356 ) on Wednesday September 14, 2011 @02:03PM (#37402098) Homepage

    It's our service shouldn't we be opting in rather than out? Opting out would somehow imply that it is their right to do this? Didn't they get in trouble once already for scraping people's wifi for their own gain?

    • by Jeng ( 926980 )

      That would be inconvenient for them, it is so much easier for them, and they get more acceptance if they just don't bother to ask in the first place.

      They have forgotten to ask if it is right. Does that make them evil, or just lazy?

      • by pspahn ( 1175617 )

        They have forgotten to ask if it is right. Does that make them evil, or just lazy?

        Is it still evil if they ultimately use this information to create mesh wifi networks that support voip via Android handsets?

        To be quite honest, I'm surprised Google hasn't already entered the wifi router market. All they need to do is re-brand a router, add in some QoS stuff for Android handsets, and package a SIP app in Android and you have just given the masses *free cell phone service.

        I would be shitting my pants right now if I were a major telco executive. This is the meat and potatoes of the net-neu

        • by Jeng ( 926980 )

          My android phone has wifi calling, thought that was a standard feature.

          Still uses minutes though.

      • Also it would be pretty stupid considering there's no privacy issue here whatsoever.

    • Information collecting companies love opt-out - they know that the vast majority of their contributors won't bother. Google isn't the only one - every financial company I deal with sends me "You can opt out of us sharing your information" brochures, safe in the knowledge that I won't bother calling the toll-free number and punching in my account ID. They encourage this by making it hard to tell whether you've opted out previously or not.

      If my information is valuable to them, they should be required to ask

      • But Google is pretty good about opt-in compared to companies like Facebook. This particular issue, however, is not a privacy one. Some regulatory drone simply has no idea what Google is doing but doesn't like the sound of it so they demanded an opt-out. An opt-in would be *literally* impossible because MAC addresses are naturally anonymous. There's no way to take one and track it back to its owner by name. As such, there's no way to contact people and ask for permission--nor is there any need to since

    • One could say you opted in by broadcasting your SSID and BSSID to the public street.

    • You're broadcasting. Your choice. How do I opt out of your router grabbing a channel and filling my airwaves?

    • Imagine if you had a giant neon sign on top of your roof with your SSID on it, available for everyone within a quarter mile to see... and you got pissed when someone started keep track of the location of all of those neon signs. Maybe, just maybe, you shouldn't make something public if you want it to be private.

      The WiFi spec doesn't require broadcasting your SSID. If you want it to be private, don't shout it out; stop shouting your SSID to the world, and disable SSID broadcast in your router settings.

    • If you are going to install a radio in your house, that sprays data in every direction, then you have no right to privacy.

      You want security? Encrypt your network. That will keep all your data private.

      If you don't even want anyone to know whether or not there is a wifi network in your house, then too bad! That's like saying you don't want anyone to know you have a chainsaw, when you've got it running 24 hours a day 365 days a year. Anyone nearby is going to know you've got one, and they have every right to t

    • If your router is broadcasting an SSID announcement packet, Google grabs your MAC address and remembers the location. That's it.

      Your router is not your phone. You don't take it everywhere you go, so Google isn't tracking YOU when they record this. Moreover, your router's MAC address is not personally identifiable. They have no way to say look at that address and put a name to it.

      That announcement packet is not just on the public airwaves, it by design, is EXPLICITLY intended for the public. Everyone in

    • If webcrawling had been opt-in, Google would not have existed now.

  • iOS based devices do the same thing. I imagine W7 based phones have a similar mechanism as well.
  • How does one opt-out (Score:3, Interesting)

    by Stan92057 ( 737634 ) on Wednesday September 14, 2011 @02:08PM (#37402152)
    How does one opt-out of something they have no idea they belong too? And didnt Google say the data they collected was by accident?
    • You are broadcasting something unencrypted into spectrum defined as shared. Of course you should have to opt-out.

      So you also think everyone in the area should cover their ears when you talk so as not to collect your broadcasted message, unless you have opted-in to them being allowed to hear?

    • They intentionally grabbed the SSID and MAC addresses. They inadvertently grabbed non-encrypted data in the same packets (the default setting in the open-source software package they used).
    • You're confused. I'm too tired to give you the long explanation. Suffice to say, there was harmless stuff they were collecting on purpose when they ACCIDENTALLY collected stuff that might actually be private along with it. This is not about the accidental stuff.

      This is about the stuff they were collecting on purpose which is, as I said, completely harmless. There are literally 0 privacy implications to having this data collected. It does not track back to you, it's already completely public, and at the

  • In order to stop tracking the MAC address on my router, Google's going to have to keep track of the MAC address on my router. Got it.
    • No. In order to not use your router's MAC address to track other devices, Google's going to have to keep 'track' of the MAC address on your router.

      If you don't like that, you should consider not broadcasting it to the public street.

  • I'm all about privacy -- I always turn off every checkbox about "anonymous results will be submitted," etc., etc., but even I know my router's SSID is public. I don't care what happens to those on the outside of my network. :\

    • Most people don't understand how SSID broadcasting, network security, and encryption work, and also don't know that if they have an open network, not only are they sharing their bandwidth, but much of their data as well.
  • "The wireless access point signals we use in our location services don't identify people..."
    -Peter Fleischer, Global Privacy Counsel [blogspot.com] (9-13-2011)

    Q. "But doesn't this information identify people?"
    A. "SSIDs are often just the name of the router manufacturer or ISP with numbers and letters added, though some people do also personalize them."
    --Peter Fleischer, Global Privacy Counsel [blogspot.com] (4-27-2010)

    "What is the SSID for Google WiFi?
    The SSID for the Google WiFi service in Mountain View is GoogleWiFi (case-sensitive).
    T

  • This particular Google 'service' always struck me as a stalker's wet-dream.
    • what?

      When you enable network location services, do you even know what networks it uses to get your location?

      This is about fixed wireless AP's, not your phone, or anything that actually gets the location.

      Its about whether or not they can use your public wifi AP as a means of calculating someone's location. I'm pretty sure that someone wouldn't have any idea that the service was using your wifi signal strength, and they certainly wouldn't be able to identify you.

      These same people would be able to see your wif

    • How? Figuring out whether someone has Wifi in their house is a big turn on for stalkers? That's all anyone can do with this information. Unless people are carrying their Wifi routers around with them in their purse/briefcase all day long (while somehow keeping them plugged in) there's no way this equates to tracking. At WORST is merely reveals which addresses own wifi network

  • I moved a few months ago, and now whenever my phone can see my AP but not get GPS, it puts me in the wrong place. I don't mind having my SSID/MAC in the database, but I'd like to be able to update it with the current location.

    • by 6Yankee ( 597075 )
      Aha, that's it. I moved from the UK to Finland and took my AP with me; ever since I've got here, one of my apps has insisted on putting me at my UK address. I only ever use it at home, under two concrete floors... must try it somewhere else and see what it does.
    • Now I get it! I was so confused about why, when at my new condo, my phone often thinks I'm near my old house. WTF, Google. There needs to be some more rapid means of updating this. It's been almost a year.
    • The more interesting part of this - is how Google found out the location of your wifi access point in the first place?

      Your wifi router does not have GPS - only an internet connection (likely).

      I think it relies on the Google cars driving around and collecting this info - that's about the only reliable way to do it - so the delay could be because their street view cars haven't been past your new location since you moved...

      Unless they use more cars, or find a better way to update this stuff, I can see it getti

      • by tftp ( 111690 )

        Unless they use more cars, or find a better way to update this stuff, I can see it getting very jumbled and inaccurate.

        The snail mail databases that are sold and resold and sold again are so old that they are useless. I'm still receiving junk mail addressed to someone who doesn't live here for 10 years. Executives that sell and buy those lists don't care how bad they are since there is no feedback. A list with 10 million addresses is better than a list with 5 million addresses, even though 90% of entries

Help fight continental drift.

Working...