Microsoft locks down Wi-Fi geolocation service after privacy concerns

In response to privacy concerns over its Wi-Fi-based location database, Microsoft has restricted it, following similar moves made by Google a couple of weeks ago. That may not entirely be a good thing, however.

<a href='http://meincmagazine.com/microsoft/news/2011/08/microsoft-locks-down-wi-fi-location-service-after-privacy-concerns.ars'>Read the whole story</a>

 

[AdamM]

How come these articles never elaborate on what people should be concerned about with this data? Instead of just riding on the paranoia wave of made up scenarios that are unlikely to happen anywhere except the USSR?

Just curious.

 

[scottyo3921]

> They do this by querying the database for the location of the access point that they're currently using.

Umm, on my iPhone 3G, I just disconnected from my WiFi and told it to forget the network. Confirmed that I had been cut loose, my IP address all 0s. Opened Maps and tapped the "current location" arrowhead icon, and it jumped me to a location on the map very near where I'm seated; the "magic circle of probability" did enclose my actual position. The fact that the circle shrank after 1-2 seconds leads me to believe it wasn't just showing a stale "last-known position" but instead had computed a new WiFi-based position (GPS has not got a %$#$ fix for weeks now, despite my best efforts) and associated parameters.

I should get out and walk around the neighbourhood to verify, but it's now dark out, and anyway, this is Ars Technica, not Outdoor Life.

 

[scottyo3921]

> Wi-Fi access points broadcast their MAC addresses so that any nearby machines can see the access point and connect to it.

AFAIK they don't broadcast their MAC addresses per se, though the MAC address will be included in any packets they send, as part of the network protocol; they broadcast their SSIDs, which broadcast can be suppressed on most wireless routers.

 

[DrPizza]

> Wi-Fi access points broadcast their MAC addresses so that any nearby machines can see the access point and connect to it.

AFAIK they don't broadcast their MAC addresses per se, though the MAC address will be included in any packets they send, as part of the network protocol; they broadcast their SSIDs, which broadcast can be suppressed on most wireless routers.

For infrastructure mode APs, the BSSIDs is the device's MAC addresses.

For ad hoc networks, the BSSID is a randomly generated MAC with the "local" bit set to 1 (denoting it's not globablly unique) and the "group" bit set to 0 (denoting it's an individual address).

Even APs that are "hidden" will broadcast their BSSID during the handshake that occurs when clients connect to the AP. This is the major reason that hidden APs offer little or no actual security.

 

[DrPizza]

> They do this by querying the database for the location of the access point that they're currently using.

Umm, on my iPhone 3G, I just disconnected from my WiFi and told it to forget the network. Confirmed that I had been cut loose, my IP address all 0s. Opened Maps and tapped the "current location" arrowhead icon, and it jumped me to a location on the map very near where I'm seated; the "magic circle of probability" did enclose my actual position. The fact that the circle shrank after 1-2 seconds leads me to believe it wasn't just showing a stale "last-known position" but instead had computed a new WiFi-based position (GPS has not got a %$#$ fix for weeks now, despite my best efforts) and associated parameters.

I should get out and walk around the neighbourhood to verify, but it's now dark out, and anyway, this is Ars Technica, not Outdoor Life.

Cell tower IDs are also used for fast fixes, but are generally (in my experience, at least) less precise than Wi-Fi fixes.

 

[cecilroytoo]

This may or may not be pertinent to the discussion, but since Apple was forced (by the usual hysteria) to get rid of the geolocation database off my devices, geolocation has be both less accurate and lengthier.

 

[aldur]

You don't have to be connected to a Wi-Fi access point in order to query its location. Your device might have a local copy of the "radiomap" or it could use 3G to connect to a geolocation database.

A "hidden" access point will still broadcast the BSSID and the MAC address in every beacon frame, it simply masks the SSID. No handshake needed to discover it.

 

[stewski]

How come these articles never elaborate on what people should be concerned about with this data? Instead of just riding on the paranoia wave of made up scenarios that are unlikely to happen anywhere except the USSR?

Just curious.

That's a bit 50s America isn't it? Now days you could also say "terrorists" if you want to amp up government approved paranoia, Minitruth would be proud of you...

 

[Putrid Polecat]

There is a difference between recording just the most recent location of a MAC address (overwriting old values), and recording the entire location history of a MAC address. If they don't record the history there really isn't any behavioral information that can be gleaned from a single location, unless you happen to be temporarily supplying WIFI access to e.g. a local whore house.

This could be further mitigated by having mobile hotspots generate a new BSSID every time the hotspot is enabled. While this would prevent clients from remembering the connection info and automatically connecting, it would also make it more difficult to tie a given user to a BSSID (think, more or less, DHCP assigned IPs and piracy defenses in court). Now before people go ballistic over MAC address conflicts, there are 2^48 possible addresses, so it would operate similar to GUIDs, where there is a possibility of conflict, it just is hugely unlikely. Any conflicts that do occur would not degrade the location finding service in the aggregate.

 

[helel ben shachar]

Couldn't the list be filtered? The first part of a MAC address is an organizationally unique identifier that should be specific to a manufacturer. It seems, and I'm not an expert but just throwing this out here, that with a bit of Boolean logic and known manufactures of both items you want to list and not list, that one could weed out unwanted MACs.

 

[flerchin]

The attack used to look like this:
1. I know your phone's MAC address, and that you use it as an access point fairly regularly.
2. I send a query to <del>Google</del> or <del>Microsoft</del> with your MAC address.
3. I now know your current location, or the location where you last used your phone as an access point.
4. ?????
5. Profit

 

[fletc3her]

The attack used to look like this:
1. I know your phone's MAC address, and that you use it as an access point fairly regularly.
2. I send a query to <del>Google</del> or <del>Microsoft</del> with your MAC address.
3. I now know your current location, or the location where you last used your phone as an access point.
4. ?????
5. Profit

Obviously someone has to want to know where you are. Possibly this would be of use to private investigators, divorce lawyers, paparazzi, stalkers, bounty hunters, law enforcement, owners of stolen equipment. It could also be used by a school district to track the computers they lend to their students.

Generally, I question the need for these services. My desktop computers are always in the same place, right here at my address. My laptop moves around, but I know where it is, right here in front of me. It's hard for me to imagine a scenario where I'm lost with no landmarks around, using my laptop on Wi-Fi, and trying to geolocate myself.

Instead, the services are for marketers. They hope you'll turn on geolocation and then they can start sending you coupons for the stores in the same mall as the coffee shop you're at. I already get ads for websites I've visited, based on the products I viewed while I was there. Now, I can get ads based on the actual stores where I used my laptop. Of course, even when the public services go dark the marketers will still have their private services.

 

[stewski]

I was under the impression that software can easily change a MAC address, Im not sure what the fuss is about, get a tethering app that generates a random address each time and bob is indeed your fathers brother...

 

[jakem1]

Even if you completely ignore the privacy concerns, surely it makes no sense to record the location of mobile devices anyway. It's difficult to see how these changes make the system less robust and not more robust when they ensure that only reliable, fixed location data is recorded.

 

[DrPizza]

Even if you completely ignore the privacy concerns, surely it makes no sense to record the location of mobile devices anyway. It's difficult to see how these changes make the system less robust and not more robust when they ensure that only reliable, fixed location data is recorded.

They don't. Phones will still record the data from mobile access points. They can't readily avoid it; there's no generic way to tell if an access point is a fixed base station or a mobile 3G base station/tethered smartphone. As long as they're in infrastructure mode, they all look the same.

 

[Jokotai]

Woot. Creating horrible privacy vulnerabilities for the sake of getting an accurate weather forecast without having to bother to type in the name of the city you're vacationing in. That's progress.

 

[HiVoltRock]

Here's a thought: why don't companies just hash the MAC addresses before recording them? If everything is done in hash, there's no (or much less) privacy concerns? I realize there's some logistical and computational overhead involved in this, but it's not like companies like Google or Microsoft haven't had to handle things like this before

 

[N6NQR]

Not to sound paranoid... "They" really, really do know where you are!
(just because you're paranoid, doesn't mean "they" aren't out to get you!)
The easiest cure for this is aluminum foil wrapped around your devices. Aluminum coated mylar plastic potato chip bags will also work in a pinch. Lays and Ruffles work best. Don't forget to protect your head too.