Microsoft locks down Wi-Fi geolocation service after privacy concerns
By Peter Bright | Published about 10 hours ago
http://arstechnica.com/microsoft/news/2011/08/microsoft-locks-down-wi-fi-location-service-after-privacy-concerns.ars
Microsoft has restricted its Wi-Fi-powered geolocation database after a
researcher investigating Wi-Fi geolocation and position tracking raised privacy
concerns about the information recorded. This follows a similar move from
Google, amidst identical privacy complaints.
A number of companies including Microsoft, Google, and Skyhook operate Wi-Fi
geolocation databases as a means of providing quick and reasonably effective
location information to phones, tablets, and laptop computers. Every Wi-Fi and
Ethernet device has a unique identifier called a MAC address. Wi-Fi access
points broadcast their MAC addresses so that any nearby machines can see the
access point and connect to it. Companies building geolocation databases
collect access point MAC addresses and GPS locations, then publish this
information online. (Community projects such as Wigle accumulate similar
databases.)
Smartphones and laptops can use these databases to perform quick location
finding whenever they're connected to a Wi-Fi access point. They do this by
querying the database for the location of the access point that they're
currently using. As long as it's in the database—and hasn't moved too far from
wherever it was when its information was recorded—they then know that they're
close to the access point's location.
The initial data to populate these databases comes from two main sources. Both
Microsoft and Google have vehicles that are driven around to listen for access
points and note their MAC addresses and locations. The companies also use data
from smartphones; Windows Phone and Android devices can all send access point
MACs and GPS co-ordinates to the companies' respective services, so that the
databases can be expanded to make them more accurate and useful. They also send
cell tower IDs, if available, for the same reason.
This data collection has itself come under scrutiny, after both Apple and
Google were found to be storing the data on-phone, potentially allowing other
software on the phone (or software with access to handset backups on a
computer) to determine not only your current location, but everywhere you have
been in the past. Microsoft sidestepped this particular issue, as Windows Phone
doesn't keep such a history (and the company even released the source code to
prove that it does nothing untoward).
The new privacy concern is that these databases can capture MAC addresses that
belong not to access points, but rather to smartphones themselves. Many phones
have the ability to act as a mobile hotspot—converting themselves into a
miniature access point to share their connections. If an Android or Windows
Phone connects to one of these access points and sends the data to the central
database, the information recorded is not merely the location of a mobile
access point; it's the location of someone's phone, and by extension, the
person themselves.
CNET reported on Google's database in June after it was discovered to be chock
full not only of access point MAC addresses but also laptop and smartphone
addresses. A couple of weeks after that report, Google modified its service to
restrict access. Specifically, Google changed the service so that it required
two nearby MAC addresses to be entered instead of just one. This alteration
meant that it was no longer possible just to query a particular phone's MAC
address to find out where the person was.
Microsoft altered its service in response to a similar CNET report, based on
work from researcher Elie Bursztein. Bursztein was investigating the ability to
track where a laptop had been by analyzing the Wi-Fi data stored by Windows
whenever it connects to an access point. To do this, he needed a MAC location
database. Initially he used Google's but had to revert to using Microsoft's
after Google made their change.
Now Microsoft's service isn't an option, either; with the change Redmond has
made, its service too requires multiple MAC addresses to be sent before it will
return a location. If you want an approximate location when only one access
point is visible—perhaps a rarity in the city, but far from unheard of in less
built-up areas—Microsoft isn't going to give you one.
The best solution?
In many ways, the change is unfortunate. Wi-Fi-based positioning is a useful
feature to have, especially for laptop computers that are regularly Wi-Fi
enabled but usually lack GPS hardware. Geolocation is a feature found in HTML5
and supported by all modern browsers to enable services such as foursquare and
location-based search. Instead of restricting the feature, a move in the
opposite direction—publishing the API, making it readily accessible to third
parties, and building in system-wide support for it—would be a valuable
improvement both to Windows and the Internet-connected world as a whole.
Windows 7 offers a standardized API for GPS and other sensors, but it's not
widely-used. A third-party Wi-Fi positioning module exists, which enables
Windows to, for example, automatically pick the right location for its weather
widget, but it suffers from a lack of high quality databases. A first-party
equivalent, using Microsoft's database, would be a welcome addition to the
platform.
It's also not clear just how big the privacy issue even is. The MAC addresses
of stationary Wi-Fi access points are not in any meaningful sense
"private"—they're broadcast to the world, and the only information they can
communicate is the device or chipset's manufacturer.
CNET claims that "hundreds of milions" of smartphones are used as mobile access
points. With many network operators making Wi-Fi tethering a paid extra, and
the popular iPhone not even supporting tethering until earlier this year,
that's a number that feels more than a little high. 3G base stations are also
susceptible to this tracking issue, but equally, there aren't hundreds of
millions of those in circulation. So long as Microsoft's database isn't
routinely recording the whereabouts of every MAC address it sees but only those
belonging to access points, then smartphone entries in the database should be
unusual. There's no evidence that Microsoft is indiscriminately recording MACs
(though there is some evidence that Google has done so), and so its database
ought to be relatively "clean."
If the company were to automatically remove those access points that appear to
move around—as Google does—then the ability to track phones, laptops, and 3G
base stations would be diminished further still. A blacklist feature to allow
privacy-conscious users to forbid the recording of their access point or
smartphone MAC addresses would appear to address any remaining privacy
concerns. And since MAC addresses do generally identify manufacturers, some
entries—those from companies which make smartphones but not Wi-Fi access
points—could also be rejected; there's no reason to ever accept a MAC
originating from HTC, for example.
Google and Microsoft have, however, made their choices; they've plumped for
privacy over convenience and robustness.
_______________________________________________
Infowarrior mailing list
[email protected]
https://attrition.org/mailman/listinfo/infowarrior
