[LINK] Introducing geoloc

Jon Seymour jon.seymour at gmail.com
Fri Dec 31 00:29:08 AEDT 2010


A few days ago, I posted about the pervasive nature of WiFi MAC-based
location fixing services and ruminated on the very real dangers these
services present to individuals privacy.

To make the arguments seem a little less theoretical, I have developed
a tool that allows anyone with sufficient Unix knowledge to build
their own maps of WiFi access point MAC addresses.

The blog pos describing the tool is here: http://goo.gl/Ox6PP

Text reproduced below for convenience.

In the next day or two, I will be posting some suggestions about how
this problem can be fixed without sacrificing the convenience of
location based services.

Regards,

jon.

----

I've created a tool called geoloc which uses publicly available
information in the form of WiFi packet headers and Google API lookups
to build Google maps of WiFi access points.

Here are two examples from Stanley St, East Sydney and outside QVB Jet
also in Sydney.

Anyone who has Unix knowledge can install, download and run the tool
and build their own maps using kismet outputs. For more information
about this, see the HOWTO.

Please note that I have only plotted locations of MAC addresses as
reported by Google for WiFi access points I observed when I was at
these two locations. If the locations are inaccurate, this is because
the data in the Google database for this MAC address is stale. I also
collected client device MAC addresses (e.g. iPhones, iPads, other
kinds of smart phones, laptops, etc), but I have not plotted this
information nor have I published it any other form (nor do I have
plans to).

Please also note that I have not hacked into any systems to collect
this information. This information was obtained merely by listening to
broadcast WiFi traffic and by using this information to drive calls to
the Google location APIs. This is exactly the technique that Google
(and others) use to build their database of WiFi MAC address locations
and to provide location information to mobile applications.

I am aware that publishing this page and associated tool may scare the
willies out of some people. Perhaps it should. I have discussed the
implications of these kinds of technological capabilities in other
recent posts on this blog. In future posts, I will discuss what
options might be needed to prevent potential gross violations of
privacy implied by these capabilities.



More information about the Link mailing list