[LINK] Introducing geoloc

[Jon Seymour]

I never did get around to the policy suggestions, but I suspect this
issue is about to get much more important.

The reason is that iOS4.3 is, finally, going to allow iPhones to act
as WiFi hotspots. Presumably Apple needs to enable this because
Android was killing them with this feature. So now most Android phones
and most iPhone 4's will be subject to being indexed by Google's
MAC-to-location database at their usual point of presence. The fact
that the SSID of such devices tends to be derived from their owner"s
name adds a further ingredient to the mix.

jon.




On Friday, December 31, 2010, Jon Seymour <jon.seymour at gmail.com> wrote:
> A few days ago, I posted about the pervasive nature of WiFi MAC-based
> location fixing services and ruminated on the very real dangers these
> services present to individuals privacy.
>
> To make the arguments seem a little less theoretical, I have developed
> a tool that allows anyone with sufficient Unix knowledge to build
> their own maps of WiFi access point MAC addresses.
>
> The blog pos describing the tool is here: http://goo.gl/Ox6PP
>
> Text reproduced below for convenience.
>
> In the next day or two, I will be posting some suggestions about how
> this problem can be fixed without sacrificing the convenience of
> location based services.
>
> Regards,
>
> jon.
>
> ----
>
> I've created a tool called geoloc which uses publicly available
> information in the form of WiFi packet headers and Google API lookups
> to build Google maps of WiFi access points.
>
> Here are two examples from Stanley St, East Sydney and outside QVB Jet
> also in Sydney.
>
> Anyone who has Unix knowledge can install, download and run the tool
> and build their own maps using kismet outputs. For more information
> about this, see the HOWTO.
>
> Please note that I have only plotted locations of MAC addresses as
> reported by Google for WiFi access points I observed when I was at
> these two locations. If the locations are inaccurate, this is because
> the data in the Google database for this MAC address is stale. I also
> collected client device MAC addresses (e.g. iPhones, iPads, other
> kinds of smart phones, laptops, etc), but I have not plotted this
> information nor have I published it any other form (nor do I have
> plans to).
>
> Please also note that I have not hacked into any systems to collect
> this information. This information was obtained merely by listening to
> broadcast WiFi traffic and by using this information to drive calls to
> the Google location APIs. This is exactly the technique that Google
> (and others) use to build their database of WiFi MAC address locations
> and to provide location information to mobile applications.
>
> I am aware that publishing this page and associated tool may scare the
> willies out of some people. Perhaps it should. I have discussed the
> implications of these kinds of technological capabilities in other
> recent posts on this blog. In future posts, I will discuss what
> options might be needed to prevent potential gross violations of
> privacy implied by these capabilities.
>