[kwlug-disc] [OT] Google sniffing wifi, collecting emails and passwords.

Fri Jun 25 13:45:16 EDT 2010

Chris Irwin wrote, On 06/25/2010 1:00 PM:
> On Fri, Jun 25, 2010 at 06:35, Richard Weait <richard at weait.com> wrote:
>> But on the wifi router MAC addresses.  Would a router Swap Meet be an
>> act of commercial disobedience?
> 
> What is the actual privacy concern of having a third party know your
> router's private MAC address? If somebody actually managed to explain
> it logically, I'd like to see that message. This thread is somewhat
> long, and I skimmed the best I could, but may have missed an actual
> reason.
> 
> Knowing the WLAN MAC address by itself can't link your physical and
> logical locations (i.e. your router on the public internet) since your
> router has multiple MAC addresses (at least public & private). Even if
> they knew your public-facing MAC, it only makes it to your ISP, not
> beyond, so it is still useless for "logical" location.
> 
> So all we have is MAC address ABC is at (roughly) coords X:Y:Z. There
> is still no link to *who* that is, or *where* on the internet that is.
> Just an approximate physical location. To actually pin this location
> to a person, that person has to be using software they have allowed to
> do this lookup. To put that another way, *you're* using software that
> is disclosing your physical location. The privacy leak is you, not a
> list of MAC addresses.
> 
> Even if your router's MAC was unknown, wifi geolocation would still be
> successful based on your neighbours visible APs around you. But the
> privacy concern is not from knowing your MAC address, it's using
> software that wants to know your location (or more specifically,
> software that wants to disclose your location). This is why the new
> geolocation features in browsers typically prompt when a website wants
> to access that data. There is an understanding that it can be handy:
> You may want to say to flicker "Show me photos that were taken around
> where I am", or to weather.ca "Show me the forecast for where I am",
> but not generally disclose your location to every website. The main
> issue is control of that disclosure.
> 
> Google mapping MAC addresses does not negate that control, it just
> another method of finding physical location *if you chose to use that
> function*. So again, what is the actual privacy concern with knowing a
> MAC address? Am I missing something somewhere?

My guess is you're forgetting, and Glenn can confirm ... Google 
remembers every search / lookup done. Combine their knowledge of your 
MAC address and your IP (from the searches), and you now become a 
potential victim for targeted advertising. You always have been, but 
now they know where you were, so the local plumbing  store's ads now 
come up.

Further, perhaps?, the local plumbing store knows from Google who's in 
the area, and rather than inevitably sending some ads to China instead 
of New Hamburg, they all go to New Hamburg. And they're crackable. 
(i.e. X number of ads sent, etc.)

Granted, I haven't made an exact correlation above between mac 
address, search, and location. But, there is some, if not 1:1. And, 
granted, some of this Google could do already.

Perhaps much of the noise is FUD, but it seems to me there is more and 
more distrust of Google.

In reading this thread I guess I have made the assumption that Google 
will be able to correlate mac address and physical location (from 
Google Maps data acquisition), with your internet searches. Perhaps I 
have made a leap from mac addresses to IP here that is not evident.

So: I have assumed mac + IP -> bad things, and assumed Google isn't 
operating in my best interest.