Risk
11/15/2011
08:58 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Wi-Fi Privacy Fix, Explained

Workaround stops Google from storing your network's location in its database of Wi-Fi access points, but there's a naming catch.

After discovering early last year that its Street View cars had inadvertently been vacuuming up swaths of data traveling over unprotected Wi-Fi networks since 2007, Google said that it was mortified and took a series of steps to improve its internal privacy and security practices.

And when it settled with the Federal Trade Commission in March over privacy problems arising from the launch of its Buzz social networking service, Google's director of privacy, product, and engineering Alma Whitten said the company is "100% focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

Monday, Google took what it suggested was an additional step toward addressing privacy concerns related to its data collection practices. Peter Fleischer, the company's global privacy counsel, said that Google will honor a method that it is proposing to prevent location data associated with Wi-Fi networks from being stored in the Google Location Server, a database of Wi-Fi access points used for delivering location-based services.

[For more background, read Google 'Mortified' Over Wi-Fi Data Gathering.]

Google said in September it was developing a way to opt out of its Wi-Fi network data collection.

Wi-Fi network owners who wish to prevent the location of their network from being gathered and stored must append the suffix "_nomap" to the SSID they have chosen to identify their Wi-Fi network.

"As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse," Fleischer said in a blog post. "Specifically, this approach helps protect against others opting out your access point without your permission."

Google's approach, however, seems certain to diminish the humorous potential of using SSID names as medium of free expression. Witty SSID names become less so with a punchline that ends in "_nomap."

Of greater concern to privacy advocates is the fact that while Google isn't storing location data associated with Wi-Fi networks that have opted out, it is storing the MAC addresses associated with Wi-Fi networks. MAC, or Media Access Control numbers, are unique numbers assigned to networkable devices by their manufacturers.

Google suggests this is not a privacy concern: "A MAC address tells you nothing about the owner or user of the equipment concerned. It's just a string of characters that's technically necessary for Web pages and other content to be properly delivered to your device over the Internet."

Not everyone agrees. As IT systems engineer Joe Mansfield put it last year in a blog post, "MAC addresses can tell far more about you than you think and keeping databases of where and when they've been seen can be extremely dangerous in terms of privacy."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hguckes193
50%
50%
hguckes193,
User Rank: Apprentice
11/17/2011 | 9:41:08 PM
re: Google Wi-Fi Privacy Fix, Explained
An opt-in option would truly protect privacy.
iWkRdr
50%
50%
iWkRdr,
User Rank: Apprentice
11/17/2011 | 5:42:55 PM
re: Google Wi-Fi Privacy Fix, Explained
Everyone should change their SSID to googlesucks
Liz Coker
50%
50%
Liz Coker,
User Rank: Apprentice
11/16/2011 | 11:43:22 PM
re: Google Wi-Fi Privacy Fix, Explained
Really? The average home user doesn't name their Wi-Fi network. They just leave it on the factory default (I don't know the numbers but I bet "linkys" is the most popular Wi-Fi name for the average household network. While I give Google credit for doing something, this seems pretty half-hearted. The proof will come in how and how broadly they communicate the opt-out option. If you are talking about a goal of simplicity and broad adoption, this is not the solution.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/16/2011 | 9:09:53 PM
re: Google Wi-Fi Privacy Fix, Explained
I agree with Joe on his point about MAC addresses. They are globally unique for every network device and therefore act much like a finger print does.
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
11/16/2011 | 9:03:55 PM
re: Google Wi-Fi Privacy Fix, Explained
Most of this vacuuming of data by Google makes little sense. It must provide some form of profit for them, since they are fighting so hard to continue doing this. The biggest joke is that most open WiFi hotspots are from people not sophisticated enough to protect their network, which means they aren't sophisticated enough to add nomap to their SSID (SSI what??)

Jim Rapoza is an InformationWeek Contributing Editor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.