Conquent: Without Limits
Conquent: Without Limits
Michael Bissell's Blog

They Know Where You Are: Privacy and Google Maps

2011-09-11 22:26:09
Shortcut URL: http://t.conquent.com/tD00

Every time I turn on the GPS on my HTC Android phone, I get this chilling message:

By selecting Standalone GPS Services, you are enabling access to all location information by any third party through the web, software or any peripheral components you install, download, add or attach to the device, or by any other means. Enabling this functionality could pose certain risks to users of this device.

The vagueness of the "certain risks" is what really makes me pause, so not knowing what I might be risking I keep it off for the most part. I turn it on when I want to look for something around me using Google Maps or if I want to check in at a location on Facebook Places.

Without the GPS, my phone still has a vague idea about where I am based on the cell tower I'm connected to -- they guess direction and location by signal strength and bouncing off more than one cell tower to triangulate with 1000 meters, sometimes less, sometimes more.

Except I noticed something odd at home the other day. GPS was off, but Google Maps knew EXACTLY where I was. By "exactly" I mean it showed the little arrow placed squarely on our house, and the arrow was even facing the same direction I was.

So, if they aren't using GPS, what are they using? Skyhooks... Well, actually a company called Skyhook Wireless which has built a database of wireless access points by driving around with a wifi radio receiver and recording the unique serial number (or MAC address) that every wifi access point broadcasts. When they get a MAC address, it goes in the database along with the GPS location they recorded for that spot.

I was surprised because I knew Google had stopped collecting Wifi data because of complaints about privacy, (see Google's May 14 blog, WiFi data collection: An update). Not only were they getting MAC addresses, but because so many people don't bother setting a password on their Wifi access points they were getting actual data people were surfing -- you know, like Youtube videos of a kitten playing with yarn or BDSM porn.

Seems no one complained about Skyhook's data collection. Maybe because they weren't taking a picture of your house at the same time they took a picture of your Wifi data signature. That big camera on the Street View car makes people jittery -- although unmarked vans with radio antennas make me more nervous.

This is another example of how you THINK you have privacy, but you don't. I turn off my GPS (because Android warns me that all my apps can use it if it's on), but the "coarse location" is always on -- triangulating from cell towers is one thing, but even if I turn off my GPS and my cell signal, they know exactly where I am because I'm using Wifi. Even if Google warned me about that, it would make my phone useless to turn EVERYTHING off...

Oh, and they know which way I have my phone pointed because there's a compass in it... So that's not so creepy, but I can't turn it off.

In other words, if you're connected to the Internet, you're in the Matrix...




Next
The Case of the Identical Tablet: Apple vs. Samsung
Previous
Lazy logo design and a naked blue guy


Eric Weaver: RE: They Know Where You Are
2011-09-12 08:58:30

hold on. They only get your IP address. How could they get you IP address unless they associated and sent a packet in, in other words, your wifi was un-restricted?


Michael Bissell: Re: Eric Weaver
2011-09-12 08:58:59

They get your MAC address for your wireless router because they came to your house... Which is what makes it extra creepy.

See the Wiki about Skyhook Wireless where it says

"Skyhook Wireless (formerly known as Quarterscope) is a Boston-based company that developed a technology for determining geographical location using Wi-Fi as the underlying reference system. Using the MAC addresses of nearby wireless access points and..."

http://en.wikipedia.org/wiki/Skyhook_Wireless


Kristen Fife: RE: They Know Where You Are
2011-09-12 08:59:53

People laugh at my old clamshell phone that doesn't have apps; but I have an iPod Touch for all the things *I'm* interested in and I have a modicum of privacy.


Michael Bissell: RE: They Know Where You Are
2011-09-12 09:00:22

Except that's the point, Kristen. Your iPod Touch uses the same Wifi technology to tell Apple or Google where you are. Use anyone's Wifi hot spot and it's as good as having your GPS turned on.

And, Eric, I think I didn't explain -- Skyhook or Google drives by your house, gets the MAC address, records it with GPS data. But what's also surprising is that I'm giving Google Maps my wifi hotspot MAC address.

I suppose if I moved my Wifi it could screw with the database because they're just assuming 00-0C-F1-56-98-AD is still at 37.422028,-122.084068; which is probably a good assumption.



Eric Weaver: Re: Michael Bissell: They Know Where You Are: Privacy and Google Maps
2011-09-12 10:03:47

Your router's MAC address doesn't get past the ISP's first router, if they can get it at all from the wireless side (which I still doubt). Something else is going on. Maybe correlating IP address with the Goolag Maps directions queries you do...


Michael Bissell: Re: Eric Weaver
2011-09-12 10:04:42

There are lots of wireless sniffing tools out there that let you grab the MAC address from the router -- it's part of the payload along with the SSID (which is the human readable name you can set yourself). So Google and Skyhook get that MAC address initially by driving by, querying your router from the INSIDE (that is, not even touching your ISP -- hell, you could have a local wifi network that isn't even connected to the Internet...)

You're right your MAC address does not get past the ISP's router -- but Google Maps has access to that information on your device, again inside the network. In my case, my Android's programming environment makes it available, but a web page can actually grab your whole network routing table via JavaScript and any browser.

My local device, not the Wifi router, then checks in with Google and says, "Hey, here's the Mac address I'm coming to you from" completely sidestepping any firewalls and NATting you may have going on.


Comment on this blog
Your name:


Your email (will not be displayed):


Subject


Message



Enter the text above to help us filter spam: