Is Google Recording your Router’s Traffic when they Drive by?


Update 5/14/2010:

Google just today announced it was suspending this data collection (not that my blog had anything to do with it). Google had previously and erroneously claimed they didn’t collect any wireless traffic, just SSIDs and MACs, but are stopping the entire practice (and intending to delete this data) just the same. This both shows good faith on the part of Google, but also highlights the dangers of unchecked data collection over personal privacy. It’s all too easy for mistakes and abuses to happen, even for well-intentioned companies in a hurry.

In the same original post in which they made the now-erroneous claim, they explained the geo-MAC-PC connection method I imagined (in my response to some ill-informed commenters not understanding how one might connect location to a user’s identity via MAC address). It’s basically this: when you click the "locate me" function, your local network can find the MAC address of your router, which Google (and Skyhook, Microsoft, and others) have previously cached with its geo location. Presto. Your location is known.

They also wrote this:

"However, we do not collect any information about householders, we cannot identify an individual from the location data Google collects via its Street View cars."

I believe this is true in a narrow sense but incomplete and thus misleading. Simply connecting these two datums gives your location, but could (opposite of cannot) yield your identity if you’ve used Google’s services or otherwise revealed it to them in association with your IP address (which would be the public IP of your router in most cases, visible to web servers during routine queries like HTTP GET). If Google remembered that connection (and why not, if they remember your search history?), they now have your likely home address and identity at the same time. Whether they actually do this or not is unclear to me, since they say they can’t do A but surely they could do B if they wanted to.

A less scrupulous company could collect this information without consent via many kinds of apps run on your local machine, such as a toolbar or desktop search accelerator and it might or might not be illegal, but certainly would be wrong.

The fact that they’re suspending this is good and should be commended. Outcry from German privacy advocates was a strong incentive, I expect. But Google I’m sure realizes that to be trusted shepherds of user data, they have to really treat the data as being owned by the users, subject to the user’s individual and collective wishes. I’ve seen some of Microsoft’s PII (personal identifying information) review policies and I expect they’re well designed to prevent exactly this sort of problem.

There’s plenty of profitable business to be done in a way that sacrifices no one’s civil rights.

 

Note: Google seems to also try to make clear that encrypted routers were not subject to this erroneous data collection, but I’m not clear from the wording whether that means they didn’t collect MAC addresses or just didn’t snoop on wireless data here.

 

Original:

It’s somewhat expected for Google to log my IP address and/or place a cookie when I use Google.com, even if I’m not logged in to my Google account (which I rarely do anymore for the sake of privacy).This "feature" can be revealed in their privacy policy, clickable at the bottom of every page. I can find out, via some clicks, that Google will keep this info (esp. if I’m logged in), correlated with whatever searches I do, for many months. If I use a mobile device with Google, their privacy policy clearly states that they might learn my location, and even my battery life.

But where in their privacy policy does it state that Google will collect the MAC address of my router when they casually drive by my house for Google StreetView?

That idea, if true, seems to fly in the face of their main privacy assertions:

  1. Use information to provide our users with valuable products and services.
  2. Develop products that reflect strong privacy standards and practices.
  3. Make the collection of personal information transparent.
  4. Give users meaningful choices to protect their privacy.
  5. Be a responsible steward of the information we hold.

How can any of the bold statements above be true if they don’t even reveal that it’s happening? It’s certainly not on the "maps" privacy page.

The reason they would collect this info, I’d expect, is so they can tell where you are when you use their site. Me asking them to find me is an opt-in sort of thing, presumably. But it’s a major cheat, hardly opt-in or even out, if they already know and simply wait to tell me until I ask.

That’s not cool. In fact, if I use encryption on my router, I am explicitly stating that I do not want any information from my home network recorded. The fact that the MAC address and SSID is still available is unfortunate, but not an invitation or permission for anyone to record or exploit this information.

If Google wants to catalog unencrypted routers, ones that are open for anyone to use, I’d personally have less of a problem with it. But what they are reportedly doing would seem to be a clear violation of their own policy and, if true, in my opinion* would constitute an unacceptable and potentially illegal invasion of my private residence, akin to tapping my phone to discover my phone number and location by secret observation instead of asking me to simply opt-in to their program.

So, Google friends who may read this blog, is it true?

*my personal opinion. This blog is entirely unconnected to my employer or its opinions.

  1. #1 by Barry hunter on April 23, 2010 - 11:34 am

    How is this any different to Skyhook, or the verity of other providers who ‘wardrive’ to create geolocation database – and have been doing so for years.

    Google also published this:
    http://google-latlong.blogspot.com/2010/04/importance-of-geolocation-services.html

  2. #2 by Barry hunter on April 23, 2010 - 11:50 am

    Reading your post again, parhaps could clarify one point.

    Google is recording the SSID and MAC of your Wireless AP (which may or may not be provided by a router)

    … the primary reason for this is devices can then ‘lookup’ their position by observing nearby Wi-Fi AP’s sending the idenifir to a central db – which already knows their location. So Google maps on said device etc can show its locallity.

    This can’t be used to track users really. For example you now connecting to a google website from your desktop computer can’t be geolocated by the previouslly recorded ‘wifi’ data.
    the Mac address of the router is not propogated though the internet (only the IP) and even if it was, would only be the upstream MAC address, not that of the wireless AP.

    Even if you (or someone else) connect though the Wi-fi connection to Google, google still doesnt know where you are. The only way is for the device to seperately query the geolocation database which what IT knows, retrive that, and then send it again to the Google website you using.

    So no data not already know is revealed. Yes it now knows the location of your wi-fi hotspot – but it may know that already.

    Only if you connect though your connection, and have geolocation technology on your device – and a device that links the too, is a linked formed.

    Well that probably made it no clearer, I rubbish at explaining. But I really beleive its not as bad as you seem to make out.

  3. #3 by Avi on April 24, 2010 - 8:33 am

    Thanks, Barry. Indeed they published the practice at least once, though not in the privacy policy or any place a normal user would find it, from what I can tell, nor can I find a way to even opt out, let alone opt in, or see what info they have.

    I don’t see how the Skyhook wardriving makes it ok. If it’s wrong for one, it’s wrong for all, and I recall some uproar when the Skyhook practice was revealed.

    But it’s worse if you have enough info to connect the MAC to the IP. By analogy, if credit card companies were also in the business of marketing products, I’d be similarly concerned that they’d exploit my data against my wishes. The fact that CC companies DO exploit my data in other ways also doesn’t make this okay. That needs to stop as well. It’s MY data.

    As far as connecting me to my location, all Google needs to do this is to run some local software on my PC, say inside G.Toolbar or G.Desktop that can ping and get the ARP table for my router’s MAC address. Instantly, they would know my local IP and Mac address connected to my web queries and/or google account, and my identity and location would be linked.

    So essentially, they have both sides of the information already and it’s up to them to restrain themselves from connecting these two bits of lucrative and useful information until I hit the “locate me” button. It’s only the fact that ARP doesn’t work outside my LAN that holds them back from doing this automatically.

    Here’s how it should work. My Personal and Private Information should be locked in a vault, where I alone have the key and can tell if/when/why anyone has accessed it. And if my router uses encryption, then I am implicitly saying that I do not want any information it transmits to be available to anyone but me.

  4. #4 by bd_ on April 28, 2010 - 1:34 pm

    Linking wireless MAC identity and location via google desktop and the like isn’t possible – they need actual GPS coordinates, not “Oh, the first hop has a DNS name that sounds like it’s in this state.”

    In any case, in order for this information to be useful to break your privacy, you’d need to:
    a) Correlate the MAC with an actual, real, _identity_. MACs are assigned basically at random, so just asking where a particular MAC is isn’t of much use. Google does not actually link the MACs with your real identity like that.
    b) The owner must move somewhere and redeploy the same router. If someone’s looking for you, and they go by once and record (name, location, MAC), they can just throw out the MAC if you don’t move. And again, google doesn’t collect the name portion of that tuple.
    c) Release before-and-after MAC data, based on queries for the name of the owner. As far as I know, google never actually releases this MAC data – they just allow users to give a list of devices nearby, and provide a (somewhat inaccurate) estimate of location.

    So I have a hard time seeing how this is a violation of privacy – it’s only useful to get additional information about someone under a lot of hypotheticals, and assuming google collects even more data than it really does.

  5. #5 by Avi on April 28, 2010 - 9:38 pm

    BD, your logic doesn’t make sense.

    Why record the wireless router’s MAC address along with the GPS coordinates from the google street view car if it isn’t useful for determining someone’s location?

    Again, I’ll make it really simple. If a wireless router is encrypted, it isn’t something anyone outside the home should be listening to. I mean, what’s the harm in a company tapping my physical phone line (in the street) to determine my phone number or whom I call ? Yet, we have laws against it for some reason.

  6. #6 by G. Oogler on May 14, 2010 - 10:22 am

    Why are you broadcasting your MAC address if you don’t want people to see it?

    Also, “all Google needs to do this is to run some local software on my PC” – that sounds a bit like “all a burglar needs to do is break into my house” or whatever. There are laws against Google reporting your router’s MAC via a plugin or a toolbar (DMCA, for example), and there is no evidence that they are breaking them.

    What is the actual problem you are having? Or is your tinfoil hat just one size too small?

  7. #8 by G. Oogler on May 15, 2010 - 4:29 pm

    I am not affiliated, it’s just that your blog requires a name when commenting. :)

    I think you are confusing the wardriving data collection (where they drive around and collect geographic wifi information) with potential automatic geolocation and geoidentification.

    Your concern, specifically, is that the Google Toolbar could query your AP/router/etc for its MAC, and then use this information to geoidentify you. There is no evidence that this is happening, and I still believe this would be in violation of, for example, the DMCA. (In other parts of the world, it would certainly be in violation of oher cyberlaws, perhaps pertaining more to privacy than copyright.) Google products require user permission to automatically geolocate; don’t you think that’s at least partly to keep the vote of confidence from their users? If Google Chrome automatically geolocated, for example, then its userbase would certainly shrink, IMHO.

    Disregading your hateful name-calling (“ridiculous”, “don’t make any sense” etc) I re-state my original question: what actual problem are you having? And why are you broadcasting your MAC if it’s private to you? You seem to know how 802.11 works, so why not opt out if your MAC is secret? Certainly there are other ways of maintaining a home LAN without exposing your MAC to the world – which is the whole point of an SSID broadcast. The Googlemobile could easily gather much more information (crack WEP, sniff data, geoconnect data, …), but it doesn’t.

    Also, the wifi data collection update is irrelevant. It doesn’t pertain to what you’re addressing. And you know it! (Actually, the whole post makes little sense, and the part about “grounding the car” feels extremely far-fetched.)

    GO LEGO!

(will not be published)