This Does Not Compute

Technology, gaming, music and things that just don't compute

The privacy invasion nobody thinks about: Wi-Fi geolocation

As always, it begins with a story:

I just got in the mail some RAM I had ordered for my new MacBook. As part of installing it, I disconnected the internal, “non-removable” battery from the machine so as to not fry the hell out of the motherboard. When I got the machine buttoned up and powered on, I found that the system clock had reset to December 30, 2000. Apparently, since the internal battery is never supposed to be removed, Apple decided to ditch the PRAM battery — so if you disconnect the big internal battery, the PRAM loses its contents.

No big deal, I’ll just reconnect to my Wi-Fi network at home and turn on network time synchronization. I flipped over to the Time Zone tab in the preference pane to make sure the time zone was set correctly, and was surprised to find that it had populated my exact city for the time zone. Not the next-closest big city (Minneapolis), but my specific suburb. Thinking they must be doing IP geolocation or something, I looked at the same pref pane on my iMac, and found that when I turned on the option for “Set time zone automatically based on current location”, it asked me to enable AirPort — which I normally keep turned off since the iMac is connected to my router through Ethernet. Then the story gets even spookier…

I seemed to remember a similar trick with the iPad. I opened the Maps app, tapped the crosshairs icon at the top, and within a few seconds it put the pin for my current location on my driveway. I don’t own a 3G iPad, just the regular Wi-Fi one. IP geolocation can’t be that accurate, all the closer they’d be able to get is the nearest router for the ISP (which, after I ran some IP geolocating tools myself, is apparently about 10 miles away in downtown St. Paul).

I sat and thought for a minute. How would any service be that accurate without some method to triangulate from? My MacBook and iPad don’t have 3G or GPS, just Wi-Fi. Wait a minute, I thought, didn’t Google get in trouble for collecting Wi-Fi data while sending the Street View cars around?

I got going with some Googling, and found a couple tidbits here and there that reference Skyhook as the engine for Apple’s Wi-Fi based geolocation. And sure enough, on Skyhook’s site I found this interesting page that says, basically, they do the same thing as Google Street View (minus the taking pictures part):

To pinpoint location, the Core Engine uses a massive reference network comprised of the known locations of over 100 million Wi-Fi access points and cellular towers. To develop this database, Skyhook has deployed drivers to survey every single street, highway, and alley in tens of thousands of cities and towns worldwide, scanning for Wi-Fi access points and cell towers plotting their precise geographic locations.

So they cruise around, scan for Wi-Fi networks and tie them to GPS coordinates. But there’s more to that than just picking up and cataloging SSIDs; what if an area has a ton of access points named “linksys” that operate on channel 6? The regular beacon that every access point broadcasts every 100ms includes a good deal of information — not just SSID, but also the kind of encryption used on the network as well as the access point’s MAC address. And it’s the MAC address that Skyhook uses to differentiate all those AP’s it picks up.

Now, as apprehensive as I am about having some identifying information get scanned and put on the Internet without my knowledge, and can easily think up a couple of privacy-invading things people could do with Skyhook’s database, I at least appreciate that Skyhook owns up to, and explains, exactly how it collects and uses its data.

Google, on the other hand, I’m a bit more skeptical about. Until the story broke, nobody knew it was scanning for networks while driving around for Street View imagery. You couldn’t find the info on its site anywhere, and furthermore, Google doesn’t even have a service that uses the data (yet). What are its plans? How much data did it collect? Nobody knows, and that’s what’s scary.

Sadly, I think this sort of thing will become more and more common as we increasingly rely on wireless networking (whether it be Wi-Fi, WWAN, 3G, or whatever comes next). Apple’s already gotten into some hot water about how it’s going to collect precise location information for targeted advertising. What’s next, you’re walking down the street, talking with someone on the phone, when suddenly the call is interrupted and an ad plays for the restaurant you’re walking past? And if that sort of invasion of privacy does occur, surely the carriers will switch to an ad-supported model and no longer charge consumers for services, right?

Yeah, I didn’t think so either.


Comments are closed.

%d bloggers like this: