Linked by Howard Fosdick on Mon 21st Nov 2011 07:48 UTC
Google Last June, CNET disclosed that Google collects and publishes the estimated locations of millions of phones, laptops, and other Wi-Fi devices. All without their owner's knowledge or permission. Google has finally announced how to exclude your home network from this database. Simply append "_nomap" to its name. Details over at CNET. Left unsaid is why the burden is placed on millions of individuals to opt-out, instead of on perpetrator Google.
Thread beginning with comment 497782
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by clhodapp
by Alfman on Mon 21st Nov 2011 10:58 UTC in reply to "Comment by clhodapp"
Alfman
Member since:
2011-01-28

clhodapp,

"If you don't want people to know about something, don't have it send out 'Here I am' radio messages..."

I see two issues with this:

1. Just because something is broadcasted over radio doesn't mean it's intended to be public. The mac address is one of those examples, it's how the technology works, people can't just turn it off.


2. There are both legitimate and illegitimate uses of public information.

For example, you may want your phone number in a telephone book for friends to look you up, this is undoubtedly very useful. But while this is technically "public", I don't think it's unreasonable to have laws in place to prohibit unwanted uses of the information - like being automatically registered into telephone solicitation database.


Cell phones have unique radio markers too, would you be ok if a 3rd party corp was willing and able create a large database to track them? Maybe, maybe not. What about tracking vehicle license plates? Again, maybe maybe not. What about face tracking? We're not going to solve these problems on this board, but I do think we should be keen on having a public debate about them.


Regardless of our opinions on whether these should be permitted or not, the resulting privacy concerns are real. If the engineers had known that widespread physical tracking of unique MAC addresses would become reality, they may very well have designed WiFi differently to protect against it.

Reply Parent Score: 2

RE[2]: Comment by clhodapp
by Soulbender on Mon 21st Nov 2011 20:55 in reply to "RE: Comment by clhodapp"
Soulbender Member since:
2005-08-18

If the engineers had known that widespread physical tracking of unique MAC addresses would become reality


In practice MAC addresses are not unique (and don't actually have to be).

And seriously, at least Google is public about collecting this data. It's not exactly rocket science for anyone, private or as a company, to collect this information without telling anyone about it. In fact, i bet there are companies doing exactly this. They might even label themselves "security" companies.

If the engineers had known that widespread physical tracking of unique MAC addresses would become reality, they may very well have designed WiFi differently to protect against it.


Probably not because it would have been impossible or at least not practically feasible. How would your devices locate each other without a unique, visible address?

Reply Parent Score: 2

RE[3]: Comment by clhodapp
by Alfman on Mon 21st Nov 2011 22:32 in reply to "RE[2]: Comment by clhodapp"
Alfman Member since:
2011-01-28

Soulbender,

"In practice MAC addresses are not unique (and don't actually have to be)."

I really would like to know what you mean here, because in practice having duplicate MAC addresses will break things like DHCP and switching hubs which rely on a MAC address's uniqueness.

Sometime adapters make it possible to spoof MAC addresses and do ARP spoofing - which can even have legitimate uses like automatic failover, but then original host will stop receiving packets.

"Probably not because it would have been impossible or at least not practically feasible. How would your devices locate each other without a unique, visible address?"

(Didn't you just say it doesn't need to be unique?)

I'm not here to re-engineer it, but the unique id doesn't need to be static between sessions, it just needs to be unique per AP at any given time.

Reply Parent Score: 2