Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/15/2011
08:58 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Wi-Fi Privacy Fix, Explained

Workaround stops Google from storing your network's location in its database of Wi-Fi access points, but there's a naming catch.

After discovering early last year that its Street View cars had inadvertently been vacuuming up swaths of data traveling over unprotected Wi-Fi networks since 2007, Google said that it was mortified and took a series of steps to improve its internal privacy and security practices.

And when it settled with the Federal Trade Commission in March over privacy problems arising from the launch of its Buzz social networking service, Google's director of privacy, product, and engineering Alma Whitten said the company is "100% focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

Monday, Google took what it suggested was an additional step toward addressing privacy concerns related to its data collection practices. Peter Fleischer, the company's global privacy counsel, said that Google will honor a method that it is proposing to prevent location data associated with Wi-Fi networks from being stored in the Google Location Server, a database of Wi-Fi access points used for delivering location-based services.

[For more background, read Google 'Mortified' Over Wi-Fi Data Gathering.]

Google said in September it was developing a way to opt out of its Wi-Fi network data collection.

Wi-Fi network owners who wish to prevent the location of their network from being gathered and stored must append the suffix "_nomap" to the SSID they have chosen to identify their Wi-Fi network.

"As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse," Fleischer said in a blog post. "Specifically, this approach helps protect against others opting out your access point without your permission."

Google's approach, however, seems certain to diminish the humorous potential of using SSID names as medium of free expression. Witty SSID names become less so with a punchline that ends in "_nomap."

Of greater concern to privacy advocates is the fact that while Google isn't storing location data associated with Wi-Fi networks that have opted out, it is storing the MAC addresses associated with Wi-Fi networks. MAC, or Media Access Control numbers, are unique numbers assigned to networkable devices by their manufacturers.

Google suggests this is not a privacy concern: "A MAC address tells you nothing about the owner or user of the equipment concerned. It's just a string of characters that's technically necessary for Web pages and other content to be properly delivered to your device over the Internet."

Not everyone agrees. As IT systems engineer Joe Mansfield put it last year in a blog post, "MAC addresses can tell far more about you than you think and keeping databases of where and when they've been seen can be extremely dangerous in terms of privacy."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
hguckes193
50%
50%
hguckes193,
User Rank: Apprentice
11/17/2011 | 9:41:08 PM
re: Google Wi-Fi Privacy Fix, Explained
An opt-in option would truly protect privacy.
iWkRdr
50%
50%
iWkRdr,
User Rank: Apprentice
11/17/2011 | 5:42:55 PM
re: Google Wi-Fi Privacy Fix, Explained
Everyone should change their SSID to googlesucks
Liz Coker
50%
50%
Liz Coker,
User Rank: Apprentice
11/16/2011 | 11:43:22 PM
re: Google Wi-Fi Privacy Fix, Explained
Really? The average home user doesn't name their Wi-Fi network. They just leave it on the factory default (I don't know the numbers but I bet "linkys" is the most popular Wi-Fi name for the average household network. While I give Google credit for doing something, this seems pretty half-hearted. The proof will come in how and how broadly they communicate the opt-out option. If you are talking about a goal of simplicity and broad adoption, this is not the solution.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/16/2011 | 9:09:53 PM
re: Google Wi-Fi Privacy Fix, Explained
I agree with Joe on his point about MAC addresses. They are globally unique for every network device and therefore act much like a finger print does.
jrapoza
50%
50%
jrapoza,
User Rank: Apprentice
11/16/2011 | 9:03:55 PM
re: Google Wi-Fi Privacy Fix, Explained
Most of this vacuuming of data by Google makes little sense. It must provide some form of profit for them, since they are fighting so hard to continue doing this. The biggest joke is that most open WiFi hotspots are from people not sophisticated enough to protect their network, which means they aren't sophisticated enough to add nomap to their SSID (SSI what??)

Jim Rapoza is an InformationWeek Contributing Editor
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.
CVE-2021-32681
PUBLISHED: 2021-06-17
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`Ch...
CVE-2013-20002
PUBLISHED: 2021-06-17
Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.
CVE-2020-19202
PUBLISHED: 2021-06-17
An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges for the affected p...
CVE-2020-35373
PUBLISHED: 2021-06-17
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.