[kwlug-disc] [OT] Google sniffing wifi, collecting emails and passwords.

Chris Irwin chris at chrisirwin.ca
Fri Jun 25 13:00:56 EDT 2010


On Fri, Jun 25, 2010 at 06:35, Richard Weait <richard at weait.com> wrote:
> But on the wifi router MAC addresses.  Would a router Swap Meet be an
> act of commercial disobedience?

What is the actual privacy concern of having a third party know your
router's private MAC address? If somebody actually managed to explain
it logically, I'd like to see that message. This thread is somewhat
long, and I skimmed the best I could, but may have missed an actual
reason.

Knowing the WLAN MAC address by itself can't link your physical and
logical locations (i.e. your router on the public internet) since your
router has multiple MAC addresses (at least public & private). Even if
they knew your public-facing MAC, it only makes it to your ISP, not
beyond, so it is still useless for "logical" location.

So all we have is MAC address ABC is at (roughly) coords X:Y:Z. There
is still no link to *who* that is, or *where* on the internet that is.
Just an approximate physical location. To actually pin this location
to a person, that person has to be using software they have allowed to
do this lookup. To put that another way, *you're* using software that
is disclosing your physical location. The privacy leak is you, not a
list of MAC addresses.

Even if your router's MAC was unknown, wifi geolocation would still be
successful based on your neighbours visible APs around you. But the
privacy concern is not from knowing your MAC address, it's using
software that wants to know your location (or more specifically,
software that wants to disclose your location). This is why the new
geolocation features in browsers typically prompt when a website wants
to access that data. There is an understanding that it can be handy:
You may want to say to flicker "Show me photos that were taken around
where I am", or to weather.ca "Show me the forecast for where I am",
but not generally disclose your location to every website. The main
issue is control of that disclosure.

Google mapping MAC addresses does not negate that control, it just
another method of finding physical location *if you chose to use that
function*. So again, what is the actual privacy concern with knowing a
MAC address? Am I missing something somewhere?

-- 
Chris Irwin
<chris at chrisirwin.ca>



More information about the kwlug-disc_kwlug.org mailing list