Once upon a time the default privacy model used to be "opt-in". Which then became "opt-out" thanks in large parts to Google. Of course it helped that very few "lay people" take active steps to opt-out.
It appears "rename and opt-out" is the latest model. I'm guessing even fewer lay users will take this step.
Technically this allows Google to claim it gives people an easy way to opt out, but in practice nothing much is likely to change as those who were worried about privacy were probably not broadcasting their SSID publicly to begin with.
I assume you are referring to web crawling? When you put up a web page, your intention to make it public is pretty clear, barring a mistake. Your intention to have it crawled and indexed is a lot less clear, but you usually don't get a lot of say in how people consume things you make public. So I think opt-out makes sense for that.
When you put up a wireless network in your apartment, your intention to make it public is a lot less clear. You are putting it in public, so the argument for opt-out is at least coherent. But I don't buy it because it's clearly not most peoples' intention.
> those who were worried about privacy were probably not broadcasting their SSID publicly to begin with
Though it seems unintuitive Not broadcasting your SSID is actually less secure than broadcasting it.
Those truly worried about privacy never use wireless transmission directly, instead using a VPN (only allowing the VPN wrapped traffic go out over the air) and set their own APs to block any traffic that isn't to/from the VPN end-point(s).
Also once upon a time people knew what they were talking about before launching into a nonsensical speech filled with privacy cliches.
They are mapping public WiFi APs, public data, it's well within their right and that of other to do so. Offering an opt-out is just going over and beyond to appease the stubbornly misinformed.
You do know Google has a history of having helped themselves to much more data than just public SSIDs, right? The reason I bring these up is to point out that Google's past behavior in this space hasn't exactly fostered trust.
How is a signal generated by something owned by me, located inside my private residence, intended for use inside my house by my family and guests only, considered "publicly broadcast"? Are cordless phone transmissions publicly broadcast? Baby monitors? Burglar alarms? Home automation devices? Bluetooth headsets?
Ehh... It's pretty fucking ridiculous that I should have to change my networks SSID in order to NOT be mapped.
What if I had some established nomenclature. My old SSID was Nikola with a password some variant of Tesla... Nikola_nomap just doesn't have the same spark.
Because that would make their service completely useless, because not enough people would opt-in. I think ideally they should have some easier way to opt-out -- maybe submit your SSID/BSSID for removal directly to Google.
Why do you have to ruin anything? You aren't forced to use a technology that broadcasts your identification to everyone. If you do choose to use Wifi you can choose a name that Google won't track. Since the technology does broadcast it publically anyone else and every other company CAN track it.
Heh, after "Do Not Track" we now have "Do Not Map".
This hack does not resolve the ethical conundrum of indexing a huge amount of publicly available data for private use. We already have technical solutions if we want to make hidden access point, not having to rely on the good faith of an outsider.
What's next, if I don't want google street view to photograph my house I paint "Do Not Photograph" on the wall?
I don't even understand why google took steps to implement that. It means that they acknowledge there's a potential privacy issue but at the same time offer a solution they must know won't satisfy anybody who's concerned about this issue.
Everyone who's saying it should be opt-in need to realise that the majority of people won't care that people can collect this publicly available data. I don't care either. It helps people navigate more accurately. If you really care, you wouldn't be broadcasting your SSID.
I really dislike the new standard of making location tracking opt-out, not opt-in.
There's a startup that tracks the location of customers across stores using the MAC addresses of their cell phones, without their knowledge. In order to opt-out, you have to register your MAC address with them: http://nomi.com/privacy/
The key to both Nomi and (to a lesser extent) Google is that users don't even know when they are being tracked. Opt-out only makes sense when there is a reasonable expectation that the user knows that the tracking exists.
Anyone know a way to query the API for your BSSID and see if you're in their database, or do they just respond to queries with a location rather than per-network confirmations?
No. If there's someone on the street outside my home whose lost and can't get a GPS signal, I want them to stay lost!
Even though I'm happy with my AP broadcasting it's identity in the clear, the idea that anyone else might find that useful is just wrong and infringes on my privacy or something.
I'm pretty sure that SSIDs have a maximum length of 32 characters. If your SSID is already 32 characters long, then you can't append "_nomap" to the end of your SSID, since that would be too long.
Did you even read what this does? It's used to aid geopositioning. No data from the network is logged, other than its SSID/MAC address and its approximate location.
That problem is entirely due to you choosing to run Google/Apple software on a network attached computer that you carry with you everywhere (even, apparently, to poo).
Mapping the source of radio signals is common and expected. Your Wifi router is basically a big bright lightbulb that flashes with a unique pattern, and can be seen through walls. You can't legitimately ask the rest of the world not to notice it, the same way you can't request that no one use your porch light as a landmark.
No. It shouldn't be expected that a $410b market cap company is out mapping this data and selling it to advertisers. Just because you can, doesn't mean you should. Not a trustworthy company.
You may have missed the bits that came out about the capture going on with the knowledge of some Google employees. Th e original developer has plenty of experience with wifi data capture and knew exactly what you could do with the data as well as that you didn't need full packet dumps to snag SSIDs.
"Google long maintained that the engineer was solely responsible for this aspect of the project, which resulted in official investigations, some still unresolved, in more than a dozen countries. But a complete version of the F.C.C.’s report, released by Google on Saturday, has cast doubt on that explanation, saying that the engineer informed at least one superior and that seven engineers who worked on the code were all in a position to know what was going on."
- http://www.nytimes.com/2012/05/01/technology/engineer-in-goo...
That doesn't sound like very much data for a fleet of vehicles to collect over the course of a few years. Pretty sure it was just a handful of packets per (unencrypted) access point, but please correct me if I'm wrong.
Nowadays it shouldn't, no, but Google's had some lawsuits where their Streetview cars accidentally scooped up random bits of data crossing over the wifi lines. This measure was added afterwards, iirc.
Would it be possible to randomize the (non-vendor part of) the AP's MAC address periodically to defeat this? Perhaps getting AP manufacturers to add this as a feature would be difficult, though.
That would be semi-trivial seeing as how changing your mac is easy with Linux and many of the access points run Linux. The hard part would be reconnecting all of the clients each time you change the mac address.
Easy enough with DD-WRT I imagine, on most NICs you can set an arbitrary MAC. Sadly didn't work for the pile of Chinese ones I have that all use the same one.
