"if a tree falls in the forest and no one blogs about it, does it make a noise?"

If you’re wor­ried about the street address of your home Wi-Fi hotspot being pub­lic, Google has a solution.

The Moun­tain View, Calif.-based com­pany late today announced a way for the own­ers of Wi-Fi net­works to be removed from Google’s crowd­sourced geolo­ca­tion data­base, which it reworked this sum­mer after CNET drew atten­tion to pri­vacy con­cerns.

It’s sim­ple: all you need to do is append “_nomap” to the name of the Wi-Fi net­work. So “the­har­risons” becomes “theharrisons_nomap”.

“As we explored dif­fer­ent approaches for opting-out access points from the Google Loca­tion Server, we found that a method based on wire­less net­work names pro­vides the right bal­ance of sim­plic­ity as well as pro­tec­tion against abuse,” Peter Fleis­cher, Google’s global pri­vacy coun­sel, wrote in a blog post. “Specif­i­cally, this approach helps pro­tect against oth­ers opt­ing out your access point with­out your permission.”

Wi-Fi-enabled devices, includ­ing access points but also PCs, iPhones, iPads, and Android phones, trans­mit a unique hard­ware iden­ti­fier, called a MAC address, to any­one within a radius of a few hun­dred feet.

Android devices col­lect a sub­set of these MAC addresses and beam them back to Google to be used in the company’s geolo­ca­tion database–a use­ful fea­ture that allows faster loca­tion fixes for cell phones. (Apple, Microsoft, and Sky­hook Wire­less oper­ate sim­i­lar data­bases but do not pro­vide an opt-out mechanism.)

The pri­vacy risks arise when a device’s loca­tion can be tracked. CNET con­firmed in July that Google’s Street View cars recorded not just the loca­tions of Wi-Fi access points, but also the addresses of some lap­tops, cell phones, and other devices.

Android’s crowd­sourced data­base also can track loca­tions of some Wi-Fi devices, includ­ing those in use as a wire­less access point. One device spot­ted in a San Fran­cisco cof­fee­house showed up at a street address in an Atlanta sub­urb a few days later, for instance. Google took steps to curb that fea­ture in response to a CNET arti­cle in June.

Today’s announce­ment is meant to address one remain­ing pri­vacy issue: what if you don’t want the MAC address and street address of your Wi-Fi router to be in Google’s data­base at all? (Some­one flee­ing an abu­sive spouse, for instance, may not want their new, geolo­cated street address to be recorded.)

This par­tic­u­lar opt-out mech­a­nism came in response to pres­sure from Euro­pean offi­cials. The Dutch Data Pro­tec­tion Author­ity ruled in August that “Google is obliged to offer users the option to opt-out, so they can effec­tively object to the pro­cess­ing of data on their Wi-Fi routers at all times and free of charge.”

Google had pro­posed the “_nomap” suf­fix at the time, the Dutch gov­ern­ment said.

A few weeks later, in mid-September, Google’s Fleis­cher wrote in a blog post that: “At the request of sev­eral Euro­pean data pro­tec­tion author­i­ties, we are build­ing an opt-out ser­vice that will allow an access point owner to opt out from Google’s loca­tion ser­vices. Once opted out, our ser­vices will not use that access point to deter­mine users’ locations.”

Ashkan Soltani, an inde­pen­dent researcher who probedGoogle’s data­base, said “_nomap” was an awk­ward way to opt-out.

“While this is bet­ter than hav­ing to dis­cover and then reg­is­ter your access point’s Wi-Fi MAC address into a cen­tral data­base some­where, it’s still a bit much for those peo­ple that don’t know how to con­fig­ure their router — all the open Linksys access points,” Soltani said.

{ 0 comments }