Linked by Howard Fosdick on Mon 21st Nov 2011 07:48 UTC
Google Last June, CNET disclosed that Google collects and publishes the estimated locations of millions of phones, laptops, and other Wi-Fi devices. All without their owner's knowledge or permission. Google has finally announced how to exclude your home network from this database. Simply append "_nomap" to its name. Details over at CNET. Left unsaid is why the burden is placed on millions of individuals to opt-out, instead of on perpetrator Google.
Thread beginning with comment 497861
To view parent comment, click here.
To read all comments associated with this story, please click here.
Soulbender
Member since:
2005-08-18

In other words, *anyone* who wants to can pinpoint it if they really wanted to and try cracking.


The SSID is not needed for attempting to crack it, they'd need the IP address for that and afaik Google does not show the IP address. In fact, knowing the SSID makes no difference for anyone not in your local vicinity and those who are in your vicinity could find it out by themselves.

Someone traveling to my state from the other side of the country? No problem, just check Google to see that I have a router set up at this address.


Yea, cuz that wouldn't show up ANYWAY when he got to where you live. Besides, knowing that there's a router/access-point with a certain SSID in a certain location is useless information for this purpose.

Google is making it easy for a traveling cracker to breach into people's home networks and computer systems.


The information Google provides does in no way make this easier. As long as you're not in the local area the information is meaningless and once you are in the local area the information is already available without Google.

And you know, some people actually pay extra to NOT have their phone/address posted publicly in the phone book. You know, unlisted. Some people do actually care about privacy and security.


Why is that you have to request explicitly to not be listed? Why would you have to pay to not be listed?
This is even more complicated than just adding _nomap and at least Google isn't charging you.

Reply Parent Score: 3

UltraZelda64 Member since:
2006-12-05

The SSID is not needed for attempting to crack it, they'd need the IP address for that and afaik Google does not show the IP address. In fact, knowing the SSID makes no difference for anyone not in your local vicinity and those who are in your vicinity could find it out by themselves.

Let's say I'm an amateur cracker. I would possibly:

1. Look up the now public SSIDs of pretty much any device within whatever distance I felt like traveling.
2. Pull out a GPS and start heading to it.
3. Do an attack on the password/passphrase to try and break in.

Quick and incredibly easy to locate, and a cracker skilled and determined enough can probably break into whatever the he wants with ease, using whatever information he can get. It's the bad guys who will be using this data and will be trying to cause damage, not the local people going on their daily walk in most cases.

Yea, cuz that wouldn't show up ANYWAY when he got to where you live. Besides, knowing that there's a router/access-point with a certain SSID in a certain location is useless information for this purpose.

But would he have *ever* stumbled anywhere near my place and found my router's wireless access point if it wasn't for Google? You don't seem to get the point: Very few people around here know a damn thing about computers and networking in the first place, and they're for the most part no threat. Give some random cracker asshole who lives 100 miles away my router SSID and approximate location (as Google is doing), and if the cracker really wanted to, he could try to break in.

The information Google provides does in no way make this easier. As long as you're not in the local area the information is meaningless and once you are in the local area the information is already available without Google.

How does it not make it easier to find potential targets for attack? If you know there is a router somewhere 25 miles away and accurate to the street, you know there is a potential target for attack. Just pull out your trusty GPS if you need to, take off and crack away once you've reached your destination and are in range.

Why is that you have to request explicitly to not be listed? Why would you have to pay to not be listed?
This is even more complicated than just adding _nomap and at least Google isn't charging you.

It's my router. It's my internal network. I should be able to name it as I damn well please and not have to add shit to it just so Google doesn't advertise my location and to keep my privacy. Is that really so hard to understand? My SSID has been the same for years, I like it, and I should not have to modify it just so Google doesn't publicly list it for everyone else in the world.

Not to mention, even if I did *not* have an Android phone myself, I would still have to take in consideration all the otherwise innocent people walking down the street with Android phones, because their phones will unknowingly be adding every wireless access point they come near... and putting it all up in Google's big online database.

Meanwhile, I'm still trying to work out connecting to my newly-SSID-broadcast-free network with my Android phone manually. What a royal pain in the ass. Thanks, Google.

Reply Parent Score: 2

Soulbender Member since:
2005-08-18

1. Look up the now public SSIDs of pretty much any device within whatever distance I felt like traveling.


Sure, or he could just do that where he is.

2. Pull out a GPS and start heading to it.


Why travel untold miles to some random access point just because it's on Google?

3. Do an attack on the password/passphrase to try and break in. [/q]

So? The fact that an SSID appears in Google does not mean it's open or using WEP or whatever.

Give some random cracker asshole who lives 100 miles away my router SSID and approximate location (as Google is doing), and if the cracker really wanted to, he could try to break in.


Dude, do you seriously think some guy would travel 100's of miles to break into your access point when there's most likely hundreds of access point in his immediate vicinity? Seriously?
You shouldn't worry about some cracker 100 miles away, you should worry about the cracker next door.

But would he have *ever* stumbled anywhere near my place and found my router's wireless access point if it wasn't for Google?


What makes you think he gives a damn about your access point? What makes you think you're a high-profile target? Is the SSID named NORAD? Is your location the White House? Even if the answer is yes your location is already known and an interesting target, regardless of Google.
There's no compelling reason for crackers to randomly travel around the country attacking access-points that happens to occur in Google's data. They could just as easily just drive around at random and get the same result. Also, taken into account that many access points retain the factory SSID knowing that there's an access point in a certain location with SSID "Linksys" isn't really news to anyone.

If you know there is a router somewhere 25 miles away and accurate to the street, you know there is a potential target for attack.


So what? It's easier to just to attack the local access-points.

Reply Parent Score: 3

Alfman Member since:
2011-01-28

UZ64,

I agree with you and everyone else that google's opt out proposal is stupid, but your argument against the database is quite different from everyone else's. It seems like you object to the mere fact of your WiFi's existence being published, regardless of whether it includes your personal MAC addresses?

If so, I think that logic is going way too far. I don't care if anyone knows how many WiFi devices are around my area - it doesn't reveal anything about me. My objection only crops up when equipment can be individually tracked.

Reply Parent Score: 2