Nice Start Google – But Not Enough

Many people will remember the “storm in a teacup” that was the inadvertent possible collection by Google of data from wireless networks, when performing photographic and geo-spatial data collection for their Street View product early last year.

Even our good friend Senator Stephen Conroy got in on the act, labelling it the “single biggest privacy breach in history”, a statement the Privacy Commission of course distanced itself from.

Indeed, Google was investigated by many legal bodies around the world in relationship to these incidents and were invariably found to have no case to answer. Any data that was collected was found to be inadvertent, and was most likely useless to anyone anyway.

Google also agreed to dump any of this data.

It is still reasonable however, to ask why they were collecting any wireless information in the first place, since the data was always going to be completely useless to them. The answer is that they were in fact collecting location information.

As they drove down my street, they would have spotted my wireless network as they drove past my house.

When they found “FAB_WIRELESS_NETWORK” – (obviously, not the real SSID of my network) – they would have recorded the GPS coordinates of the Street View car, and filed it away.

It is quite straightforward to deduce that if ever a mobile device accessing Google Maps and/or Google Street View ever came across the MAC address of the access point broadcasting “FAB_WIRELESS_NETWORK“, then it is more than likely that they are at or very close to the location the Street View car was when it first detected my network.

Basically, all it is doing is helping to refine and improve location detection services on that mobile device, by adding another reference point to the calculation.

The name of the network doesn’t pop up in Google Maps – the information is simply used in the background to assist in geo-locating the device.

That’s all they were doing.

Now, many people will still feel uncomfortable with this, and Google has responsibly provided a “solution”:

“Android devices collect [these] MAC addresses, and beam them back to Google to be used in the company’s geolocation database — a useful feature that allows faster location fixes for mobile phones.”

The solution is to append “_NOMAP” to the end of your SSID, and next time around, they won’t retain any information when they detect your network. It is an elegantly simple opt-out mechanism.

However, the problem is they still have the MAC address in their database, and mobile devices will still be able to collect that information and beam it back to Google to assist in geo-location.

Changing the SSID of your wireless network does not change the MAC address of your access point.

Presumably when they next come past, they will have cleared out the database and they will ignore your network. However Street View only comes by and re-collects information every two or three years – so for two or three years, you’re network information is still in there, even if you append “_NOMAP” to your network name today.

It’s a start – but in my opinion, it would be much better to allow people to provide their MAC address/SSID combination, so people can have their networks removed now, instead of two or three years from now.

Personally, I don’t have a problem with my network being in there, but many people will care and will think that changing the name of their wireless network – (if they even know about this solution at all) – will fix the issue immediately.

It won’t.