On Sep 9, 2013, at 9:13 PM, Brian Smith <br...@briansmith.org> wrote:
> On Mon, Sep 9, 2013 at 2:58 PM, Chris Peterson <cpeter...@mozilla.com> wrote: >> Google's Location Service prevents people from tracking individual access >> points by requiring requests to include at least 2-3 access points that >> Google knows are near each other. This "proves" the requester is near the >> access points. > > I assume by "prevents people from tracking individual access points" > means the following: Some people have a personal access point on them > (e.g. in their phone). If somebody knows the SSID and MAC of this > personal access point, then they could track this person's location by > polling the database for that (SSID, MAC) pair. Google tries to limit > this type of abuse as much as practical while providing still > providing a location service based on such crowdsourced data. I wonder if it makes sense to ban specific MAC address ranges (vendors) from appearing in this database. For example I think it would be possible to detect specific chipsets as being mobile devices vs stationary access points. Also, when I tether my iPhone to my Mac, the Mac shows a different icon next to the network name. I think Android does the same. Maybe at a lower protocol level it is possible to see if an access point is a mobile device? Is that worth investigating? S. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
