back to article Google Street View logs WiFi networks, Mac addresses

Google's roving Street View spycam may blur your face, but it's got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique Mac (Media Access Control) addresses, as the car trundles along. Germany's Federal Commissioner for Data Protection Peter Schaar says …

COMMENTS

This topic is closed for new posts.
  1. vcespon

    Nothing new

    Eeeehmm, this is nothing new, Google uses WiFi access points to locate you on Google maps when the device you're using has no GPS or you're inside a building.

    To do this they need a database relating each access point SSID to it's approximate GPS coordinates.

    Companies like Navizon collect this information too and then sell software based on the database they create, or sell the info to Microsoft and Yahoo.

    1. This post has been deleted by its author

      1. Gold Soundz

        It's called

        Skyhook and they've been using it for years - it's the technology they use to locate you when you don't have cell coverage or GPS (ie, on the iPod Touch).

        http://www.skyhookwireless.com/

        This is nothing new...

      2. James Henstridge

        Not just Street View vans

        Not only that, but if you have an Android phone with GPS, you are helping them keep the database up to date if you use the location service.

      3. Jamie Jones Silver badge

        why is this news?

        this was reported on the register over a month ago in relating to a verizon router hack.

        yep, put in my mac code to the api, and it goes straight to my house.. (presumably they use some sort of triangulation too)

        scared? no.

    2. Anonymous Coward
      WTF?

      Really...

      And there I was thinking they used a much more simplistic solution like cell triangulation...

      1. Anonymous Coward
        Headmaster

        aGPS

        Assisted GPS mixes GPS, Cell Node triangulation and known WiFi triangulation to better pinpoint your location within a few metres; without the WiFi, the accuracy can drop significantly.

        This has been known for sometime, other services offer the same service. Effectively they mesh the SSID with known GPS coordinates and use signal strength to further triangulate the required location. If the WiFi network is publically viewable (not accessible or accessed) then it will be logged using one of these aGPS solutions.

    3. Neil Hoskins
      FAIL

      Indeed...

      Not to mention Skyhook, used in the MapsBooster app.

    4. Rob Burke
      Pint

      Not the same

      Guessing your location based on where they think your ISP is located (typically an incorrect guess for most consumers who have dynamic IP's) and logging a record of your equipments MAC addresses are two completely different things.

      I guess with this type of information not only are they building records of where around the country has high concentrations of wifi (so they can show this in google maps), but also information like what router manufactorers are used where etc.

  2. Anonymous Coward
    FAIL

    Give him his privacy

    In Gaol!

  3. Aristotles slow and dimwitted horse

    For the sake of us all...

    It's about time that Google was put down - once and for all.

  4. Robert Moore
    Grenade

    A tip for Google

    Don't piss off the Germans. I seem to recall they can get nasty if you piss them off. I forget the details, but I seem to remember them being at the center is a really big war or two.

    I am sure you could find more information on yahoo somewhere.

    http://ca.search.yahoo.com/search;_ylt=A0oGk209dNBLdnkBkCPrFAx.?p=world+wars&fr2=sb-top&fr=yfp-t-715-s&rd=r1&sao=0

    You know it HAD to be the hand grenade.

    1. jjbd
      Unhappy

      FFS

      You know, I feel a bit like I'm on Wired when I feel the need to log in just to vote someone down. I recommend, however, that the author of this post reads what yesterday's mail ingeniously called a 'Nazi Smear':

      Or as the Guardian sub rather more straightforwardly called it at the time: Don't mention the war. Grow up.

      http://www.guardian.co.uk/world/2002/nov/19/eu.germany

      1. Thom Sanders

        Seconded

        posted a response in the same vein last night but somehow didn't get past moderation.

        It's one of the most embarassing things about this country. I've lived in Germany, have a german partner and consequently know a lot of germans. The amount of times I've been with them in the pub and overheard these kind of comments or been watching television and some attempt at comedy has turned up is frightening.

        It really is sad and makes us look like a bunch of ill-informed, xenophobic kids to people from other countries. Grow up indeed.

        1. Gaz Jay
          Thumb Down

          Thirded

          Went to Berlin just after the world cup in 2006.

          Met some very friendly people, a few even offered a tour around their very beautiful city who were very pleased to show us places damaged during the war, the Berlin wall, fallout bunkers etc.

          I wonder how people in future will think of the British when they remember the invasion of Iraq?

  5. Tom 64
    Alert

    Why are they doing this?

    simple answer - geolocation - so they can punt more relevant 'local' ads at you and get a quicker fix on your location in google maps on your phone.

    Wouldnt be surprised if they did this in every country.

  6. Tony S
    Black Helicopters

    @ Mr Schmidt

    " internet users shouldn't worry about privacy unless they have something to hide"

    So Mr Schmidt, when are you going publish online your bank account information, your credit card details, information about the school that your children attend, and the medical history of you and every member of your family? Oh, and how about publishing the algorithms you use to create the google rankings?

    His comments are the reason that everyone should seriously consider just what Google have to hide.

    "Don't it always seem to go, that you don't know what you've got till it's gone".

    1. Anonymous Coward
      Anonymous Coward

      Also...

      "Meet the new boss, same as the old boss."

  7. Anonymous Coward
    Anonymous Coward

    Needs more explanation

    Is Google recording the MAC addresses of access points (e.g. a domestic wireless router), or of any devices that happen to be switched on as their car passes (e.g. a laptop)?

    Are MAC addresses normally visible beyond the local network? I would have thought not.

    I can see why spooks might be interested in the MAC addresses of mobile devices, but why would they be interested in the MAC addresses of access points?

    1. rmacd

      MAC addresses

      Visible? Yes, that they are.

      Consider if two APs have the same SSID (happens fequently) - computer's got to know which one it's communicating with, right? :)

      1. Nexox Enigma

        (title)

        """Visible? Yes, that they are.

        Consider if two APs have the same SSID (happens fequently) - computer's got to know which one it's communicating with, right? :)"""

        Of course they're visible over the air, but that's only useful if you're physically nearby. What the original poster probably meant was that once you connect to Gmail, etc, any of your local MAC addresses (Devices, AP, or otherwise) have long been stripped and replaced with the MACs of each router along the line.

        So it's only a threat if Google happens to be your ISP...

  8. Nebulo
    Thumb Down

    Don't be Evil

    Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ...

  9. Gulfie

    I can't see a problem with this in the UK

    After all, we already have nowhere to hide, with the cameras and all.

    And now some git (recently ex) minister is telling us that ID cards won't cost the government anything - because we're going to pay for them. Does that mean we actually pay twice? Once through tax that the government pays to whoever is implementing the system, and again when we buy our lovely ID card?

  10. Anonymous Coward
    Big Brother

    Ditto...

    "Skyhook" as well - http://www.skyhookwireless.com/ - used (AFAIK) in the iPhone/iPod Touch...

  11. Anonymous Coward
    Anonymous Coward

    Er, Mac or MAC

    Capital letters too expensive?http://www.theregister.co.uk/Design/graphics/icons/comment/dead_vulture_32.png

  12. Peter Simpson 1
    FAIL

    Hardly worth the effort

    As most replace their computing kit every three or four years, unless Google plans on annual drive-bys, the information gathered will soon be out of date.

    Add to that, the fact that most MAC addresses and SSIDs can be changed at will, so the exceptionally paranoid will be updating theirs regularly.

    Anyway, it's not particularly useful to know the physical location of a MAC address, since it's not sent as part of the packet that goes out on the internet. It's the ISP-issued IP address you're interested in, but the one being broadcast by the access point isn't the same as the one on the other side of the NAT box, so what Google will end up with is a list of all the known locations of 192.168.1.1

    1. I didn't do IT.

      Annnual Automatic Updates

      It is my understanding that European countries where Street view is already rolled out will be updated at least once a year, just as they are in the US.

      Can only assume that slurping as much data as possible as they go by is some cunning plan to pay for the returfing somehow, eh?

    2. Anonymous Coward
      Anonymous Coward

      automatic updates

      I can imagine that when a phone running Google maps feeds Google a MAC address that is anomalous or not in the database then Google will add/remove/update it according to the phone's GPS data or whatever other wizardry they have up their sleeves.

      I'm a n00b to this tech as I prefer my maps without the fascism but it seems to me that a phone would feed Google GPS coordinates and a bunch of MACs and Google would say "you are there so MAC number 1, which isn't on our database, must be there as well. And MAC number 2 which according to us is 5 miles away must be wrong because MACs 3 and 4 agree with the GPS " etc etc

  13. Jerome 0

    Broadcasting

    Google's attitude to privacy and their laughable motto aside, how on Earth could this be construed as an invasion of privacy? People are transmitting radio waves from their house, then complaining when someone receives those radio waves? Sounds a bit odd to me.

  14. Peter Simpson 1
    Black Helicopters

    War-driving's not illegal if you're Google?

    Weren't the cops arresting (or at least, stop & questioning) war drivers a few years ago?

    1. Trevor Pott o_O Gold badge

      Nothing is illegal if you are Google*

      *Unless you piss off Apple. They pay the politicos more so they get preferential treatment.

      It isn't what you know, it's who you know**

      **and buy.

  15. Knasher

    Could be better.

    The only thing I see wrong with this is that it isn't all that effecient in terms of building a mac address database. After all it takes a lot of time to build up the streetview data and it goes out of date pretty quickly. A far more effiecent (and accurate as they can collect a far greater set of data) system would be to collect it from GPS equipped mobile phones, and if they were to do that I could understand why people might get angry about the loss of privacy (although it could be opt-in and still probably kick streetviews ass). Their lattitude system already tracks peoples location (if you opt into it) so there is no reason why they couldn't mine that.

    As it is you really can't do all that much with the data that they collect. You can't equiate someones ip address to the wireless mac address of their router, so therefore you can't figure out their location. Seems to me this guy just wants to be seen to give out about streetview invasion of privacy, and therefore seem like he actually cares about peoples privacy.

    1. Anonymous Coward
      Anonymous Coward

      Android

      "A far more effiecent (and accurate as they can collect a far greater set of data) system would be to collect it from GPS equipped mobile phones, and if they were to do that I could understand why people might get angry about the loss of privacy (although it could be opt-in and still probably kick streetviews ass)."

      Android does this. When the device is first setup, you are asked whether to allow it and can toggle it in settings.

  16. An ominous cow heard
    Thumb Up

    See also Skyhook Wireless

    The only news here is that this is news.

    Google Maps for Mobile listens for SSIDs [1] if your phone has WiFi. Does it also report SSIDs (or whatever) back to HQ, to keep their database up to date?

    [1] It presumably isn't SSID alone, otherwise a lot of places would have SSIDs of Netgear or whatever, and that would not be helpful.

  17. Simon 4

    UK?

    Did Google log this data in the UK too?

    1. Mike Flex
      Big Brother

      Re: UK?

      >Did Google log this data in the UK too?

      Oh, yes. To see it in action visit http://www.cyclestreets.net/ and try out the "detect where I am now" feature on the journey planner. It's got my location down to the house.

    2. JimmyPage Silver badge
      Black Helicopters

      If they did ....

      how would you know ?

  18. Neil Greatorex
    Happy

    Data "Octopus"

    So appropriate, I think we should now replace "The worlds biggest ad whatever" with:

    "DataKraken"

    Kraken: A sea monster of "gargantuan" size.

    1. Trevor Pott o_O Gold badge

      Fabulous

      I vote DataKraken up over "chocolate factory."

      El Reg; time for a nickname update!

  19. Disco-Legend-Zeke
    Pint

    If You Have Nothing...

    ...to hide, you have nothing to fear.

    Where have we heard that before?

    Me/hides the 211.

    1. Anonymous Coward
      Anonymous Coward

      If...

      If you have nothing to hide,

      you have nothing worth having.

  20. Nigel Whitfield.

    MACs could be useful ...

    If they really are gathering the details of all the MAC addresses in use, as opposed to just those of the access points, there are potential (though very likely pretty small) worries:

    How securely will Google keep the data they collect? If you're using MAC filtering on your network, you might not appreciate someone gathering a list of all the MACs that you have, and then putting it in a big data centre somewhere.

    While the MAC address wouldn't normally get outside the home network, if you're connecting to someone else's network, whether an office or a coffee shop, they're going to know your MAC address too.

    That comes back to the first point; what are they doing with this information? If there's any way that someone else (including law enforcement) can determine that the laptop used a hotspot X on a certain date may be kept at address Y, that's more information than many people may feel happy giving out.

    1. Nexox Enigma

      (title)

      """How securely will Google keep the data they collect? If you're using MAC filtering on your network, you might not appreciate someone gathering a list of all the MACs that you have, and then putting it in a big data centre somewhere."""

      If Google can get your device MAC addresses while simply driving by, then does it matter if they're published, since anyone else can as well?

      MAC filtering for security is about as effective as setting your SSID to "please_stay_out_thanks" - if you aren't doing WPA (preferably version 2,) then you aren't even trying to be secure. And MAC filtering adds so little additional protection that it's worthless to do it with WPA.

      1. Anonymous Coward
        Black Helicopters

        Surveillance is the motive here, again

        "If Google can get your device MAC addresses while simply driving by, then does it matter if they're published, since anyone else can as well?"

        Yes, it matters.

        "Anyone" is not driving by everybody and "anyone" is not storing that address and "anyone" is not selling that data to anybody or giving it to police for free.

        Another method of forced surveillance, again.

    2. Anonymous Coward
      FAIL

      Demolishing privacy, that's the objective

      "If there's any way that someone else (including law enforcement) can determine that the laptop used a hotspot X on a certain date may be kept at address Y, that's more information than many people may feel happy giving out."

      And this is why Google is gathering that data: To monitor and archive individual wifi-equipment (ie. user) whenever it is seen, where it was seen and when.

      "Oh yes, this mac-address was seen 2 years ago in this address and now we see it again in netcafe sending copyrighted material into network, catch the criminal asap!"

  21. Eduard Coli
    Grenade

    Don't do evil...

    So why has Eric Schmidt not aired his privates public?

    Does he have something to hide or is he just an asshole?

  22. Peter 39
    Go

    No big deal - nothing at all

    Hey dudeherren - it's just geolocation. Nothing to get your lederhosen in a twist about.

    If you don't want your SSID noted then don't broadcast it. Rather simple, really.

    Geolocation using WiFi is a useful service and doesn't compromise anything

    1. Anonymous Coward
      Go

      Huh?

      So you believe an SSID is hidden if the router's broadcast is turned off? If you think that's true you need to try out some [really simple] tools like what's embedded in Ubuntu. May not bet there now, but Ubuntu would "see" every router and AP in my neighborhood and that includes the "silent" ones.

      There are many free, downloadable sniffer tools that will do a whole lot more than Ubuntu.

      1. Peter 39
        Thumb Up

        probably not actively scanning

        I would expect that google is passively collecting SSIDs that are broadcast, and not using tools to cause no-broadcast routers to disclose their presence. They might grab it from existing traffic but I would expect that.

        After all, this is to support geolocation. So what you want is something that a W-Fi-enabled device can listen to (battery life says that you'd prefer not to be active). There's no point collecting SSIDs that aren't broadcast if your intended users won't be using that data.

        1. Brutus
          Pirate

          @Peter 39

          Mate, I think you're being a little naive here.

          Firstly, you are assuming that this is only to support geolocation; Google are well known for using any data that comes their way to improve their advertising service.

          and secondly, the scanner is part of the googlemobile, so battery-life is not an issue. Thus, active scanning is easily achievable.

  23. vincent himpe

    who cares

    i don't have wifi

    1. Anonymous Coward
      Big Brother

      Not quite on the same scale, but even so...

      http://en.wikipedia.org/wiki/First_they_came...

  24. spiderwebby
    WTF?

    how stupid can germans be?

    what people dont realise is that wireless routers have several MAC addresses; one for the modem, one for the LAN (and one for the WLAN(?)), so its actually fairly useless for anything other than a gps replacement/supplement.

  25. Anonymous Coward
    Anonymous Coward

    The BSSID

    The MAC address they are probably recording is the BSSID, which is the unique, publicly broadcast wireless MAC that identifies the wireless network (as opposed to the user-friendly SSID "network name" that people are more familiar with). The BSSID is only used over the wireless network however - it gets stripped from packets once they get forwarded off the wireless network. So, this MAC never makes it out onto the internet.

    However, most devices have sequential MAC addresses for each network interface (including wireless) - so given a known BSSID MAC, one could take its device vendor octet, compare that to known products from that vendor and how they map their MAC's across interfaces on their network devices, and derive a good guess at what the public-facing WAN MAC is. That's the MAC all traffic in and out of a router to/from the internet is using!

    While changing the MAC of a wireless device on your PC is frequently trivial, changing it on your router is another story.

    1. Anonymous Coward
      Anonymous Coward

      Yeah but...

      "So, this MAC never makes it out onto the internet."

      Well, yes and no. Sure, the MAC address is not transferred to the Internet as part of any routing function but this does not mean the the MAC address could not be obtained some code from a remote website. Consider these links relating to Google's Wireless Location :

      https://services.google.com/fb/forms/wifibugs/

      http://test-geolocation.appspot.com/

      The router MAC address is a bit like a perpetual cookie because you cannot (normally) change it. It might not only be useful in sharing your location with your friends and family - it might prove useful for others who might want to know where you are. It might be useful in marketing but it might also be useful to those governments with less enlightened views concerning criticism of their activities.

  26. Anonymous Coward
    Big Brother

    If you've nothing to hide...

    ...so the toilets at Google HQ have no doors?

    1. Trevor Pott o_O Gold badge
      Joke

      Better question:

      If no one at Google has anything to hide, does this mean Marissa Mayer wanders about the campus au naturel? Or that she at least has a playboy spread?*

      *Please don't kill me in the name of feminism Sarah, it is just a joke!

      1. TeeCee Gold badge
        Coffee/keyboard

        Re: Better question:

        Too right you are. That has to be one of the best questions ever asked round here.

        Purely from a Google / privacy standpoint you understand and in no way related to any mental pictures that may have been invoked as a result of reading it.

  27. Donald Becker

    MAC address doesn't leave the local network

    A detail mentioned by a previous poster (but gotten wrong by many others) is that the MAC address is a local identifier. It doesn't leave the local network. While it's possible for a protocol to retrieve and report it, it wouldn't serve a purpose so no common ones do that.

    The only straight-forward use of this information is approximate location when you don't have a GPS receiver. It would need to be combined with some simple criteria for throwing out bogus results to handle moved access points.

    I can see some secondary uses in understanding the local popularity of different brands of equipment, and overall communication use by access point density. But it's hard to consider any of that an intrusion of privacy, or having any impact on anonymous access to information.

    1. Anonymous Coward
      Anonymous Coward

      Client Addresses

      >A detail mentioned by a previous poster (but gotten wrong by many others) is that the MAC address is a local identifier.

      Kind of true in terms of general traffic, but MAC addresses often included in crash reports, auto generated support requests etc and almost always used when profiling hardware for per machine licenses etc so often do 'leave' the local network in this respect. I suppose in most cases where you are registering/licensing software, the company in question probably already has your postal address anyway and there's an element of trust/privacy in that relationship...

      The fact that hotspot ISPs will now in effect be required to keep logs including client mac addresses, or face liability for user activity, probably increases the odds they will look to ways of monetising such DBs. MAC addresses are the most obvious and useful route to any kind of user profiling/tracking whether thats by security services, market researchers or whoever - its trivial for applications to leak them and definitely worthwhile commercially if it can be achieved with sufficient breadth.

      Aside from the obvious advantage of not having to pay for commerical wi-fi hotspots, its another good reason to use apps like macchanger and the phys address of someone who just left.....

      1. James Butler
        Thumb Down

        Yeah, but ...

        As so few have noted ... these are ROUTER MAC addresses, not client machines, so the odds of seeing one of the MAC addresses in any public hotspot are zero. The MAC addresses being recorded are ONLY valuable when combined with GPS data to locate that particular router ... it in no way compromises any sort of "privacy" of any individual. Besides, any individual whose router has been so cataloged has already demonstrated that they don't care about sharing the identity of their network ... otherwise they would have locked down the router and disabled broadcasting its SSID in the first place.

        If someone is wandering around nude, they lose the right to complain when others look at their jumblies.

        1. Anonymous Coward
          Anonymous Coward

          Depends on what they used surely?

          >otherwise they would have locked down the router and disabled broadcasting its SSID in the first place.

          Standard wifi tools like airmon-ng will capture all MAC addresses, host & router - it isn't possible to 'hide' either. Given Google are in a moving vehicle it would be much more efficient to capture promisciously and so I doubt disabling broadcast would make any difference to whether or not they log your router, though maybe it will make a difference to whether or not they utilise it in the public DB.

          >so the odds of seeing one of the MAC addresses in any public hotspot are zero.

          My point was more generic than what Google have been doing. Wardrivers have been sharing/swapping their databases with GPS info for ages. Your physical address is a significant and inherent privacy risk. If you use wi-fi in a public hotspot, work in the City or other interesting and busy commercial districts/conference/hotel locations your machine's MAC address will already be on loads of illegitimate DBs along with GPS locations it has been seen and the AP it was paired with at the time.

        2. Roland6 Silver badge
          Happy

          I do love Mifi !

          Playing around with <http://samy.pl/mapxss/> I discover that GLS hold Mifi addresses - looks like there will be interesting times ahead ...

  28. Anonymous Coward
    Anonymous Coward

    Opt out?

    If I can opt out of having a pic of my house on the web, can I opt out of having my wireless in their database?

    1. Anonymous Vulture
      Black Helicopters

      Only if...

      ...you want your opt our request filed in their database. Actually, the spooks would probably prefer that.

  29. Anonymous Coward
    Anonymous Coward

    Simple answer to this....

    A desk and an ethernet cable to your router. Switch your wifi off. Simples

  30. Anonymous Coward
    Anonymous Coward

    Legality?

    I can walk down the (uk) street and do this, is it illegal for me to do so? (I'm asking as I don't know, but I am pretty sure it's a no).

    Not too worried, if you don't want your router to be visible, hide the SSID... I assume Google was only going for visible SSIDs?

    My Android phone already knows where I am in a few random locations based on wifi (not my home one, thankfully, but I live off the road). Makes me wonder where this reference is held... (and is it a google db being referenced?)

  31. Tom Maddox Silver badge
    Coat

    "I don't even use . . ."

    In keeping with the traditions of The Reg Luddite Brigade(TM), I don't even use Wi-Fi (presumably some sort of modern iteration of a sound system) or even Ethernet, as that is a far more modern and therefore inferior technology than what I'm used to. Rather, I prefer the "pigeon and a piece of string" network, wherein my pigeon receives a tiny electric shock when I press a key, causing it to tug a piece of string, which then pulls a wire on the far end of the house, closing a contact and illuminating a light, thus alerting my batsman that I would like him to perform a task such as write a letter or smoke me a kipper. There is clearly something wrong with anyone who would bother with a more modern, or indeed different, approach (see also: Facebook, smartphones, versions of Windows later than 2000). I'll stick with my "ancient" technology, thank you very much!

  32. Anthony Hulse

    Mac addresses LOL

    Does my MAC have a Mac address? :D

    1. frymaster

      a title is required

      no, but your Mac has a MAC address

      A Mac is a computer

      A MAC is a serial number associated with a networking device

  33. deadlockvictim
    Big Brother

    Google

    Time to start changing NIC cards methinks.

    Could we have an 'Eric Schmidt on the toilet'-icon please to represent privacy please?

  34. Armus Squelprom
    Stop

    That motto in full

    Don't be merely evil, go further

  35. Cheese
    Black Helicopters

    Random

    Doesn't anyone else randomize their laptop MAC address when using WiFi hotspots? Or is that just me being paranoid?

    I don't have a wireless home base station to worry about.

  36. kdrak
    Stop

    This post is ill informed

    The author is ill-informed about the facts of this article when asserting that MAC addresses could be tied to GMail accounts. MAC is a layer 2 protocol - this means it does not transmit beyond devices on the same 'wire' and on the same subnet - it is not transmitted over the internet. The MAC address is used to route between physically connected devices only and is lost when 'routing' which is layer 3. So this means, even between your home PC and the ISP, the MAC address is lost after is passes beyond you ADSL router. The reason you can scan for MAC addresses by sniffing wifi networks is that the wifi box is effectively 'on the same wire when you connect to it, but again this is just layer 2 and the MAC address is lost immediately once your packets leave your 'local network' and get onto the internet.

    1. Roland6 Silver badge

      Sorry, your wrong ...

      Yes MAC is part of layer-2 etc.

      However, if you have the Google Toolbar installed and have enabled the 'My Location' tool, the toolbar will be regularly sending the MAC details of routers on your network to Google (see Google Privacy Policy).

      If you also have a Google account etc. that you automatically log into from the same host then it would be possible to link them.

  37. Al 4

    Admission of guilt?

    So is this an admission by Eric Schmidt that Google is a criminal organization since it works hard to hide what it does from public scrutiny and is always claiming they're doing nothing wrong? Quack, quack

  38. Dan 55 Silver badge
    Big Brother

    @Google

    To make the minimum amount of changes to The Reg's server as possible, they could simply switch the Big Brother icon for an Eric Schmidt icon... Lately there seems to be very little difference.

  39. EvilGav 1

    As with ID cards . . .

    . . . it's not whats actually being/been collected, it's the database thats been created thats the problem.

    An ID card that holds my information and that information is stored nowhere but on the card, no-one has any major issue with.

    However, an all encompassing and searchable database - thats a problem.

  40. Anonymous Coward
    WTF?

    Burqa's all round..

    What is it with you people? I put a number on the front of my house and then complain if people use it? I've got a garden out front with plants and grass, it looks nice but I'll get angry if anyone looks at it.. Im broadcasting my unique number all over the place via wireless, but I'll bash anyone who tries to recieve it... I'll talk really loud on my phone whilst on the bus but I'll give threatening looks to anyone who is listening in..

    Where's my Pitchfork... (icon!)

    If you are worried about your privicy turn off your wireless, brick up your windows, erect a big fence around your garden (double decker bus height!) buy a large roll of tin foil (make use of that milliners course you did) oh and a burqa.

  41. Anonymous Coward
    Thumb Up

    Coming soon...

    Coming soon, Google Home View. They'll tap in to all the webcams, etc, in your home and take pictures. As a web user you'll be able to snoop around in Street View, find a nice house, click on the house and snoop around inside.

    1. BristolBachelor Gold badge
      Joke

      Home view...

      Yeah, but it currently only supports homes with school laptops.

      All right, all right, I'm leaving.

  42. Anonymous Coward
    Flame

    Appalling.

    Spoof your MAC address and regularly change your SSID. Provide as much disinformation as possible to Google when using any of their services that require registration.

    I like Google and think they have the best offerings for the services they provide. Completely trust them? Hardly.

    How about all the Google brass installing public webcams in every room of their homes? Surely they have nothing to hide and shouldn't be worried about privacy.

  43. Neil Hoskins
    Boffin

    Maps Booster / Skyhook

    I should declare that I'm on the "So what?" side rather than the "Wear a tinfoil had to defend yourself from Google" side. However, I've done a few tests with Maps Booster (Skyhook) on a Nokia, using both Ovi Maps and Google Maps, and it's not actually all that good, for my uses anyway. At my desk, it seems to calculate a compromise between my WLAN and one on the next street, placing me in the middle of a patch of waste ground. If you have it enabled while using Ovi Maps in the car, your indicated position largely follows the GPS as usual, but occasionally takes a sudden jump of a hundred metres or so when a WLAN is detected. I dropped them a line and asked whether, in the presence of a good GPS signal, the GPS should take priority, but apparently this isn't technically possible at the moment; I can only presume that S60 gives equal priority to all different positioning methods. I can see that it would be useful in a city surrounded by tall buildings, but I have it turned off most of the time.

  44. lukewarmdog
    Badgers

    I have nothing to hide

    Because burglars stole it all after seeing it in my garage on Street View.

  45. Liassic

    Google & MAC addresses

    Google do use the MAC address for geolocation - you can even update their database - https://services.google.com/fb/forms/wifibugs/ and they ask for all MAC addresses in that location.

    That's because it's not that accurate - my wifi router in South Wales is being shown as being located in Clydebank, Glasgow, several hundred miles away.

    But it's the old chestnut - function vs privacy, this is a really useful service - my android phone automatically gets the weather and sets maps to my location. But it does impact on my privacy as well. The important thing is knowing this is happening, then you can turn geolocation off when you want to be private. Just close the door when you want.

  46. Anonymous Coward
    Anonymous Coward

    We could set up a nice big database

    Everyone could post their ssid and mac address.

    Then every month or so we could take someone elses.

    It would throw out anything trying to locate position via this system.

  47. The First Dave
    Boffin

    Personal Info

    Surely this is personally-identifying info - an IP address is often regarded that way, despite the issue of DHCP etc, so this has to be flat-out illegal under European data laws - no justification (so far) in collecting the data at all.

  48. Edward Noad

    Privacy risk? What privacy risk?

    This makes no sense to me. Someone has collected a bunch of data that is blasted out across the radio spectrum across a fairly wide area by every wireless network router in the world. I can see 6 other wireless networks from the couch in my lounge on my reception-impared aluminium Powerbook G4 - have I violated the privacy of their owners by looking at the network selection drop-down menu?

    Bottom line: What complete idiot (with tosspot clusters) could ever possibly think that a wireless MAC address (or SSID) could ever be considered private?

  49. Arclight

    If its in the UK.....

    Lifted from the interwebs:

    Under Section 5(1)(b) of the WT Act 1949 it is an offence if a person "otherwise than under the authority of a designated person,

    either:

    (i) uses any wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of any message whether sent by means of wireless telegraphy or not, of which neither the person using the apparatus nor a person on whose behalf he is acting is an intended recipient;

    This means that it is illegal to listen to anything other than general reception transmissions unless you are either a licensed user of the frequencies in question or have been specifically authorised to do so by a designated person. A designated person means:

    the Secretary of State;

    the Commissioners of Customs and Excise; or

    any other person designated for the purpose by regulations made by the Secretary of State.

    or:

    (ii) except in the course of legal proceedings or for the purpose of any report thereof, discloses any information as to the contents, sender or addressee of any such message, being information which would not have come to his knowledge but for the use of wireless telegraphy apparatus by him or by another person."

    This means that it is also illegal to tell a third party what you have heard."

  50. Roland6 Silver badge
    Alert

    "Imitation is the Highest Form of Flattery"

    WiGLE.NET have been collecting WiFi BSSID (MAC) addresses since 2001. Recently the Android application WiGLEWifi was released, enabling this device to be used to collect and upload BSSID's etc. to the WiGLE database (applications do exist for the iPhone, but as previous reported by TheRegister, Apple has removed them from the iStore. such client applications enable the currency of the database to be enhanced, making it more useful.

    Hence Google Street View is only in the first stages of replicating what WiGLE has achieved. The only reason for doing so is to own the data and hence be able to freely develop commercial services based on it...

    1. bobzilla (wigle.net)
      Happy

      WiGLE Map of Germany

      WiGLE Map of Germany:

      http://wigle.net/gps/gps/Map/onlinemap2/?maplat=51.1656915&maplon=10.451526&mapzoom=6

  51. OffBeatMammal

    Navizon and Skyhook

    both Navizon and Skyhook do this already, and commercialize the database purely for geolookup

    I guess if you subscribed to their service, knew a SSID or MAC address you could request the location - assuming their peer-to-peer war-driving efforts had found it

    1. Anonymous Coward
      Unhappy

      Web API to Skyhook exists already?

      If I remember rightly, there's already at least one Web API (if that's what they're called) that allows a user to provide a MAC and (if lucky) get an address in return. It's free (as in no cost) and may have been mentioned the last time El Reg commenters covered Skyhook. Check that out.

      Personally I'm not a big fan of this whole concept, for a variety of reasons. E.g. when people move house sometimes they do it for good reason, and don't want their new whereabouts to be revealed. This is just one more thing they may have to consider...

  52. Ken 16 Silver badge
    Badgers

    Just in case

    I'm not particularly worried about Google's intentions or use of this information, but am generally with the German government that any information out there is really none of Google's business.

    I mainly am trying to imagine the conversation on the Google side. Do they just see all data as worth keeping 'just in case' they can find a use for it later? Carrying on from an earlier commenter, I imagine the Google photocopier uploads arse scans following the Christmas party, just in case they can figure how to tie them to employee number sometime in the future.

  53. Anonymous Coward
    Happy

    Router MAC Changing

    A few people have said that's it's not trivial to change the MAC on routers...

    My O2-supplied router is a thomson TG585 and one can telnet into it and assign it a new MAC very easily. I knocked up a little script to do it for me so that I can force a new IP address after I get banned for botting on Unreal Tournament servers :-) (Until they ban the whole range)

    #!/bin/bash

    routerip=192.168.99.1

    function h

    {

    printf '%02x' $(expr $RANDOM \% 100)

    }

    (

    echo SuperUser

    echo PASSWORD # O2 sets this to the serial code on the base of the router

    sleep 1

    echo -e "ip ifdetach intf=O2_ADSL2plus\r"

    mac="02:$(h):$(h):$(h):$(h):$(h)"

    echo -e "ip ifconfig intf=O2_ADSL2plus hwaddr=$mac\r"

    sleep 1

    echo -e "ip ifattach intf=O2_ADSL2plus\r"

    sleep 1

    ) | telnet $routerip

  54. Anonymous Coward
    Anonymous Coward

    Google responds to the FUD

    Google responds to the FUD

    http://google-latlong.blogspot.com/2010/04/importance-of-geolocation-services.html

  55. Matthew Collier
    Stop

    @kdrak

    I got a disturbingly long way into these comments before I found someone who seems to understand how MAC addresses are used, and due to that understanding, not being bothered much about this.

    I'm the opposite of a Google fan (I block most of their stuff), but they can't identify anybody, nor their computer, using this method so I think it's largely a non-story.

    Any excuse to bash Google though, so hopefully, the Germans have some law which Google *have* broken on this, and they can give them a good slapping, just 'cos, Google deserve it in general... ;) :D

  56. Ben H

    Data octopus

    Well, "Data Octopus" has now officially become my favorite expression. Love it!

  57. turnkit

    why is Google NOT collecting 3D sonar along with the photography (or are they)???

    I was looking at street view the other night researching some old family photos trying to place where an old photo was taken. I knew the city and the building number but not the street name.

    It struck me that with all this money being spent to drive every street, WHY ISN'T GOOGLE COLLECTING 3-DIMENSIONAL (3-D) SONAR DATA ALONG WITH PHOTOS???

    With 3D sonar and really smart programmers they could re-create building outlines in 3D within Google maps, sell the data for video games, and more importantly, for really spooky stuff: we could search on the image of a building facade and find all the buildings in a city that look just like it. Drop in your vacation photos and Google Image Location Finder could help tell you where you were.

    You guys that are worried about the power of computers and the power of people to find you or find information have no idea of the power that is coming in the future. Please stop fighting the inevitable and learn to ways to embrace the utility of it and yet still create a safe society, create safety laws that respect our society's need to use information technology.

    Asking people to stop collecting and analyzing what is already publically see-able, smell-able, hear-able just defers out ability as a society to take advantage of information technologies.

    Why isn't Google taking pollution level samples while they are at it? They are already driving around? Perhaps politicians would not want to be aware that sort of information either.

  58. TruthSerum

    TruthSerum

    Google routinely violates privacy rules and tracks virtually every user action. They are one of Obama's/Democrats biggest campaign contributors and CEO Schmidt is Obama's personal Technology Advisor. Their new Android cell phone will allow them to track users physical movements, communications, etc. Despite China's hack of Google's powerful web server, data storage and management software, Google will manage America's most intimate patient records as part of ObamaCare. Hey, What could go wrong?

  59. stanleymctavish

    Have a Google account? your IP and web activity are kept forever

    For those with a Google account (you have a Google account if you used Gmail, Picasa etc.) your IP and web activity are kept forever if you did not opt out of Web History. Not to be confused with Google's Search Engine terms and conditions, Web History is an "opt out" feature attached to the set up of a Google account e.g. Gmail such that if you did not opt out you are accepting Google's "Web History" terms and conditions, which are different than their Search Engine terms and conditions.

    Web History Terms and Conditions

    "What information do you collect when I use Web History?

    In order to provide the service, Web History saves information about your web activity, including pages you visit and searches on Google. Over time, the service may use additional information about your activity on Google or other information you provide us in order to deliver a better search experience. The Web History Privacy Policy will be updated to inform you of any substantive changes to the service. Also, as stated in the main Google Privacy Policy, when you use any Google service, we collect additional information including your Internet Protocol address, browser type, browser language and one or more cookies that may uniquely identify your browser.

    What happens when I pause the service, remove items, or delete the Web History service?

    You can choose to stop storing your web activity in Web History either temporarily or permanently, or remove items, as described in Web History Help. If you remove items, they will be removed from the service and will not be used to improve your search experience. As is common practice in the industry, Google also maintains a separate logs system for auditing purposes and to help us improve the quality of our services for users. For example, we use this information to audit our ads systems, understand which features are most popular to users, improve the quality of our search results, and help us combat vulnerabilities such as denial of service attacks"

    http://www.google.com/searchhistory/privacyfaq.html#edit

    The following is an excerpt from Google's Search Engine terms and does not apply to the Web History service:

    Search Engine Terms and Conditions

    "Why are search engine logs kept before being anonymized?

    We strike a reasonable balance between the competing pressures we face, such as the privacy of our users, the security of our systems and the need for innovation. We believe anonymizing IP addresses after 9 months and cookies in our search engine logs after 18 months strikes the right balance."

    http://www.google.com/privacy_faq.html#toc-anonymize

    Note for Chrome, Google Tool Bar etc there are yet more and different sets of terms and conditions, for example with Chrome each installation has a unique application (identification) number, which when combined with other Google services provides a significant amount of data about an individual user.

    Tool Bar provides an even deeper analysis of a users online activity. Then there are new products such as Google Voice. Every voice mail, phone number etc. (even if you cancel your account) is permanently logged.

  60. James Woods

    in case you didn't already know

    The company that wants to know everything about you wants nothing to do with you.

    Google's various business ventures for the most part will NOT talk to you if you need anything.

    Google Checkout sorta will, but they require you to jump through hoops

    Gmail won't talk to email administrators, at least not the small ones so if your email ends up flagged as spam your SOL with google.

    Adwords/Adense won't unless you spend an assload of money with them.

    Im not sure how long at least the American people will permit google to continue this type of activity. We know who google is, we know they are IN the whitehouse.

    We know they scrubbed 'obama birth certificate" from searches all the while other questionable search rankings remain because google "doesn't control the rankings - according to google".

    We know googles employees (and the government) select which articles hit google news.

    So why does a company that wants to know everything about you, want nothing to do with you?

    Perhaps they are reporting to a higher power, I have 1 guess who that higher power would be.

  61. Jamie Jones Silver badge

    this was reported back in january

    by the register, no less, as a compliment to the verizon router hack.

    http://www.theregister.co.uk/2010/01/05/geo_location_stealing_hack/

    http://samy.pl/mapxss/

    1. Roland6 Silver badge

      Not exactly ...

      The January post concerned a mechanism for an un-authorised website to obtain an end-users' router's MAC address and then demonstrate that it could be checked against Google Location Services (GLS) and if found obtain a geographical location for that address. Agreed, depending on the associated data held by GLS this location could be totally wrong, or somewhere between broadly accurate and accurate to a few tens of yards.

      The article here focuses on Google Street View being used to provide raw GPS and Wifi MAC address data to populate GLS. Obviously users of GLS will enhance this data everytime they use one of Google's location services - adding new AP's etc..

      1. Jamie Jones Silver badge

        well....

        The main article was about that, yes, but if you went to the site, it says this:

        This is an HTTP-based service where router MAC addresses are mapped to approximate GPS coordinates from other data sources.

        At THAT time, entering my MAC manually gave a location directly over my house

        1. Roland6 Silver badge

          Agreed !

          I think what you are getting at is that the researcher of the January article missed the obvious question "how did Google get hold of my MAC address", which would lead on to the more general discussion around consent and the use and abuse of geo-location databases.

          I liked Samy Kamkar's site ( http://samy.pl/mapxss/ ) as he has given us a very useful little tool to look up MAC addresses in GLS. I looked up my new home MAC (it went live after Google visited my neighbourhood) and also got a very accurate location fix. Then had a good laugh when I entered the MAC address of my Mifi (wifi/3G) router.

          1. Jamie Jones Silver badge

            yes!!

            I guess I didn't realise that that part of the story had been 'missed' - seems they only noticed the verizon part of the story.

  62. Anonymous Coward
    Pirate

    A Bulk Standard BSID MAC address

    Is identifiable, even as far as the person or organization that originally purchased it!

    (Wifi Hackers are still a small minority in this context.)

    **Now who has compiled large enough databases to potentially achieve this!**

    Although it would seem that Google may only want to use it for Geo-location purposes?

    -----------------------------------

    And another point made in a post earlier is not entirely true.

    Yes someone can simply note BSID's when strolling down the street, but when these items are collated & used for other/commercial purposes it becomes a DPA problem & even potentially "illegally monitoring communication systems" as there was obviously NO attempt to connect to the devices in question.

    -------------------------------------

    Google my house is a "PRIVATE" dwelling you are a "commercial business" not a casual passer by, do not take photographs of my premises or ME without MY express permission!

    (You are NOT a NEWSPAPER YET? & in many cases it is not in the public interest to abuse Laws or Rules purely for commercial reasons!)

    I also expressly forbid you to display any such images for any of your commercial purposes, accidentally or otherwise!

  63. nicholas_head
    FAIL

    Not that big of a deal.

    Other companies have done this, mainly in the U.S.-- one that I know of is "Skyhook Wireless", which is the database that Apple was/is using to make the "Locate Me" feature on your iPhone work much faster. The iPhone scans nearby WiFi hotspots, then looks up their lat/long via Skyhook's database, giving them a better point of reference to start finding you.

    I have made a public interface for checking if your router's MAC is in Skyhook's database: http://www.pdsys.org/skyhook-lookup/

  64. rockaway

    Privacy

    But what if you do have something to hide? That should be your choice, not Google's. I doubt Eric Schmidt would agree to me rifling through his personal info...

  65. JP19

    Parsons mouths the creed of tyrants

    "Google CEO Eric Schmidt recently said internet users shouldn't worry about privacy unless they have something to hide."

    Why, that's an excellent observation, Eric. So what's your home address, where do you bank, and what school do your daughters attend? What investments do you hold, and what is the combination to your safe?

  66. Gimmesomecoffee

    It's not a big deal, and it makes sense for Google to capture this.

    Google wants to create a database of lat/lon coordinates, WiFi SSID, MAC address of the wireless interface, and whether or not the WiFi network is "open" or secured. This way, Google can have a "find an open wireless network" layer to their maps.

    Several commercial companies have attempted, through various means, to create a similar database (GRIC, Boingo, iPass, etc.), and some user communities have tried to 'contribute' to an open database of this kind of info (such as Netstumbler). Would you all be complaining if only the SSID were being captured? The SSID alone does not qualify the network very well - having the MAC address improves the qualification a lot. Having the MAC address of the wireless interface isn't all that big of a deal, and to create a useful database like this, it makes good sense to capture the MAC address.

    The MAC address is not all that secret - after all, you've been broadcasting it to all of your neighbors and to anybody who drives by anyway (netstumbler has been capturing this for years).

    In fact, if you were like Google, spending the money to drive around with cameras and GPS receivers, you too would ask yourself "What other information can we capture during these unique drive-by opportunities?"

    I bet they're also capturing cellular coverage signal strength for various carriers and spectrum also.

    Chill out. Capturing the MAC address of your broadcast Wireless interface isn't all that big of a deal. You've been broadcasting it to your neighbors for years.

  67. StopNonsense

    Google Street View logs WiFi networks, Mac addresses

    Don't like the idea of Google doing the war-driving for its purposes. Traveling public roads and taking pics as a bystander is one thing but to gather wireless info from my house? It's like someone taking a telescopic picture through my bedroom windows. Allowing people to know information about me will take away everyone's privacy. One day, all the information about every person will be compiled into a giant database; they will know your phone number, computer addresses, get your computer cookies, what you buy on the Internet, who you converse with, what product brands you favor, etc.

  68. warsev

    This time too far

    This time Google has really crossed the line. I'm appalled. That last thing we need is a worldwide database of everyone's physical address and mac address(s). Kiss any anonymity you had on the internet goodbye.

  69. Reg Varney

    "Don't be evil"?

    For a simple mission statement, Google seem to really struggle to understand it. The ubiquitous Google worries me far more than MS or The Cult of Apple

  70. john__doe
    Linux

    Know thy WiFi router

    Turn off SSID broadcasting in your router. It's because peoples router by default, are set to advertise their information. (Like a radio, all google has to do is tune in)

    While we're on Wifi security. Make sure your router is set to use WPA2 (WEP, Wireless encryption Protocol can be cracked in less than 5 seconds). Also make sure your WPA-TKIP key is longer than twenty characters, up to sixteen has been cracked so far.

    Next, set up an ACL (Access Control List) to only allow connections from mac address you have listed.

    With the above said, I wounder how google is going to feel when they (or there employees) are cut by their own double edged sword. It's not about hiding anything, it's about protecting what we have, starting with our identities.

    GFY Google...

    1. Bod

      SSIDs and Nothing New

      1. SSID hiding - does nothing. You can still be found, your SSID can be found in traffic and your MAC address can be found also. Even a Nokia phone can spot a hidden WLAN, though it doesn't reveal any details in the UI. Though if Google only use public SSID WLANs then you may be able to hide at least from them, if you trust them that is. As you say though, good security, long keys, etc. ACLs don't really do much other than lock out casual attackers. Easy to grab a MAC off the unencrypted part of the traffic and spoof it.

      2. Nothing new. Google have been doing this for a long time, way before they were going round with their cameras. They bought some 3rd party war-driven databases as far as I know and have been using it to map WLANs on Google Maps for ages. They also can log your details when you use Google Maps on a mobile connecting to a WLAN if it has GPS and/or cell location.

      3. They aren't the only ones.

      4. Who cares? So I know a router named Linksys 12345 is located at a particular location with a MAC address that equates to some model made by Linksys. It's about equivalent to knowing that the house at number 52 has a red door. So what?

  71. john__doe
    Linux

    War driving made simple

    Say given Linksys 12345 has said exploit in its firmware. Rather than the traditional driving around and putting dots on your map for locations, now all you need is a Google search and Google maps.

    Now to take it a step further. Thanks to sites like pipl.com, doing a search on your name has a good chance of returning your address. Take that with google advanced search features, I can then cross check your address with exploitable routers found near you. Now all I need is my laptop loaded with backtrack, a determination, and I'm one step closer to gaining access to your network and your data. In the age of spear phishing, google is working hard, to make it easier.

    After google getting their development servers compromised by the Chinese, for them to tout "Well if you have nothing to hide" is an asinine PR approach.

  72. Anonymous Coward
    Anonymous Coward

    Who cares!

    So what, you broadcast the information publicly so who gives a RIP!

    If you don't want them to know then shut off your WiFi...

    In fact Google should create REAL street level maps of Cellular carrier service quality, this would be awesome!

  73. Bod

    People searches

    "thanks to sites like pipl.com, doing a search on your name has a good chance of returning your address"

    It failed to find much about me. Just twitter & flickr profiles. It couldn't even work out I had a Facebook account, various domains I own, or manage to get my address off the electoral role (though I'm opted out of the full register anyway, but that hasn't stopped some sites).

    Not that getting the SSID if it was publicly available via Google (which it isn't) would get any closer as there's nothing to link it with any of my online identities.

  74. VulcanV5
    Unhappy

    Secret Saucepan.

    Is paranoia more in vogue than ever?

    I've just run a Pipl search on a dozen names of UK-resident family and friends.

    Pipl didn't find one.

    I also ran the same search on 192.com. Nothing there either.

    As for Google storing stuff, well, er, it always has. As for it 'reading' Gmail emails, ditto.

    I never use Google to search for anything, but Scroogle instead. And my gmail accounts are operated on the basis of a trade-off: I get an excellent mail service for non-essential, non-confidential correspondence, and Google gets the chance to sniff around and make of it what it will.

    Yesterday it was probably possible for Google to read a highly sensitive email to me from Amazon UK, advising of the earlier than expected despatch date of a new saucepan. Should Google wish to cynically exploit that data, the implications are horrendous: it will be able to conclude that we have a kitchen and that we eat food.

    However, such conclusion is wrong. The saucepan is actually for my mother in law. She doesn't eat food nor has a kitchen and intends to use the saucepan as a fly swatter.

    So that's several $billionsworth of hi-tech surveillance stuffed, then.

    Sometimes the Orwellian nightmare gets just a wee bit over-stated.

This topic is closed for new posts.

Other stories you might like