Wifi Location Tracking is killing Privacy

<tinfoil hat>

When Google’s “streetview cars” roamed around the world, they were performing wifi scans of their surrounding areas. By mapping the MAC address of your location to the van’s GPS coordinates, they built a map of locations that can accurately find your location, just by knowing the wifi router you’re connected to.

Google claimed this was “by accident”, and many countries objected to the collection of the data and the invasion of privacy.

As of 2010, Google had collected 600 gigabytes of data from over 30 nations. That list is now growing, as each new Android phone that gets purchased has the built-in ability to transfer locations of wireless networks to and from Google’s servers, to help aid in location services on the phone. The unfortunate part is even if you aren’t using these services, Google is still collecting this data via your phone.

So who has your wifi router’s location?

  1. Google

    Every Android phone can collect wifi data for Google. If you’ve enabled “Use Wireless Networks” in the “Location and Security” settings, your phone is phoning home to Google to tell them where you are, and all the wifi networks around you.
    The first time you check the “Use Wireless Networks” option in Android, a pop-up appears saying “Allow Google’s locatino service to collect anonymous location data. Collection will occur even when no applications are running.
  2. Skyhook

    Skyhook was the main company that started Wifi location services. They were collecting data in 2003, years before other companies on this list cared. Apple’s iPhones used this technology until Apple made their own. Skyhook even claimed Google infringed on their patents.
  3. Apple

    Apple originally used Skyhook, but they developed their own internal wifi database and technology for iOS 3.2. Your iPhone works just like Google’s Android phones do, but this time they told Steve Jobs where you were instead of telling Google. Apple got into privacy trouble when it was revealed in April 2011 that the iPhone recorded every location the iPhone went to. Apple “fixed” this shortly after the “flaw” was discovered.
  4. Microsoft

    Not to be left out by the others, Microsoft made sure their Windows Phone 7 devices tracked wifi locations and phoned them home to Microsoft. Amid a security leak, and strong questions, Microsoft reported that they stopped collecting wifi data! I don’t know why people were scrutinizing Microsoft more than the other companies in this list, because Microsoft is arguably doing the least evil with the data.

So how do you protect your privacy, and not share your router’s location to these services?

  1. Try hiding the SSID of your wifi router, so phones don’t detect it. (I can’t confirm this will work, but it should.)
    This only works though if you don’t turn around and use your wifi with a phone that sends this data back to the companies.

… and that’s about it.  If you thought you might try to remove your wifi router’s location from the databases, here’s your lack of options:

  • Google: You can’t remove your wifi router from their database.
  • Apple: Apple has kept quiet about their database, but there’s no known way to remove your router from their database.
  • Skyhook:
    “There is no way for a customer to remove their AP from our database publicly.
    We ask that you send your wireless mac address that you submitted to
    support@skyhookwireless.com (or reply back to this email) that you want
    removed, then we quarantine it from the database, and it will no longer receive
    location from Skyhook.”
  • Microsoft: With the database being shelved, I don’t think they’ll be offering a way to get into the data to remove devices.

Unfortunately, tools that work to reveal if your router is in the databases quickly break when Google/the rest stop giving access to those tools or fix their security flaws.

Samy Kamkar is one of the leaded people in this topic, and his blog has more details about this and the tools he’s made to tap into the databases.

So at the end of the day, why does this matter?  

It matters because companies can now trace where you’ve been to a few meters, simply by checking what wifi network you’re located nearby. Since they know where the wifi routers are, they don’t need to know where you are; they just need to know what wifi networks you’re connected to, and they have that same information (all without GPS).

Government can subpoena the databases and if they have a list of wifi networks you’ve been to (say physical access to a phone), they can easily cross reference and find where you are and where you go.

It all comes down to privacy, and as location technology advances your location will be known to more and more companies. I am highly skeptical of any company that makes me and my private data their product. The frightening part is that Apple, Google, Facebook, and Twitter get people to volunteer this data every day…

</tinfoil hat>