Google is a Different Apple

[Langston Holland]

Time to show a little love to Google.

When the Street View camera and Wi-Fi tracking cars began operation I remember a global pond of happy croaking - the data would improve our lives and remain anonymous and off-limits to anything but our happy apps.

Google has since found a far more appealing method of router trackiang that lacks Street View's expense and the headaches from increasing privacy based legal threats. What to do? A growing user base of Android phones could do the tracking work of the cars at an exponentially quicker rate! With continuous updates! And the users would PAY Google for the privilege of tracking themselves! Corporate croaks all around!

Wouldn't it be lovely if you could tap into this database of worldwide tracking data to locate wireless router positions using a MAC address?

You can.

My router's MAC address targeted within a couple of hundred meters of my lilly pad - better than Apple's daemons:

http://samy.pl/androidmap/

 

[[waldo] Casey Williams]

Re: Google is a Different Apple

I do have a point here, but first I must say that I don't get your outrage in these two threads. Look, I'm a big fan of privacy and I don't want big brother watching me any more than you do. But in these cases of your phone/router/etc broadcasting data...do you not think that data is aggregated somewhere? Is that not obvious?

In the case of the iphone, I can click 'maps' and it will know my current location and generate a convenient map with me at the center. The price of that is, the location of my phone at this particular time has been recorded, for all eternity, in one or many databases somewhere. Again, isn't that obvious? You couldn't get A without B.

As was stated in the other thread, if you simply value your privacy very highly, or you plan some Tony Soprano-type activities, turn off your cell phone! Or don't have one. And don't have a credit card. No mortgage, bank account, use a P.O. Box for mail, etc.

And definitely don't post in any public forums that require your real name!:lol:

I'm not just being a jackass here; you can live a life of privacy without enormous sacrifice. (I did so myself, not too many years ago when I lived on a boat.) Or alternatively, you can use the map function on your iphone and enjoy that convenience, with its associated data-sharing. My point is that it behooves us as citizens of the modern world to know the costs associated with our technological doo-dads and make educated choices. If the iphone location logging came as a great surprise to you, consider that a wake-up call to contemplate all the privacy issues raised by your connectivity in the world.

On to my real point: does anyone know how quickly the images get updated in google street view? 3 times recently, I have been behind a street view vehicle, and still the images of those streets are not updated (some are 4-5 years old). Most recently, I was right on the ass of the google car while driving down the real curviest street in the world. Privacy notwithstanding, I'm excited for my 15 minutes of fame on google maps.

waldo

 

[Chris Davis]

Re: Google is a Different Apple

I do have a point here, but first I must say that I don't get your outrage in these two threads. Look, I'm a big fan of privacy and I don't want big brother watching me any more than you do. But in these cases of your phone/router/etc broadcasting data...do you not think that data is aggregated somewhere? Is that not obvious?

In the case of the iphone, I can click 'maps' and it will know my current location and generate a convenient map with me at the center. The price of that is, the location of my phone at this particular time has been recorded, for all eternity, in one or many databases somewhere. Again, isn't that obvious? You couldn't get A without B.

As was stated in the other thread, if you simply value your privacy very highly, or you plan some Tony Soprano-type activities, turn off your cell phone! Or don't have one. And don't have a credit card. No mortgage, bank account, use a P.O. Box for mail, etc.

And definitely don't post in any public forums that require your real name!:lol:

I'm not just being a jackass here; you can live a life of privacy without enormous sacrifice. (I did so myself, not too many years ago when I lived on a boat.) Or alternatively, you can use the map function on your iphone and enjoy that convenience, with its associated data-sharing. My point is that it behooves us as citizens of the modern world to know the costs associated with our technological doo-dads and make educated choices. If the iphone location logging came as a great surprise to you, consider that a wake-up call to contemplate all the privacy issues raised by your connectivity in the world.

On to my real point: does anyone know how quickly the images get updated in google street view? 3 times recently, I have been behind a street view vehicle, and still the images of those streets are not updated (some are 4-5 years old). Most recently, I was right on the ass of the google car while driving down the real curviest street in the world. Privacy notwithstanding, I'm excited for my 15 minutes of fame on google maps.

waldo

The biggest part that I have a problem with is most people out there don't tend to think things like this through. Many are oblivious. It almost seems that many prefer to be oblivious.

Here is where I come from: In my experience, people from my generation (and older) do tend to be more cognizant of changes to our privacy, than those brought up during and after these changes. Changes mostly for the sake of technology, cost savings, or convenience. For instance, we were instructed to never give our Social Security number to anyone. A social security card was issued to us during our high school years (late 70's for me), and most just put it away for safe keeping and certainly didn't need it for day to day activities. I worked for a few different employers in the 1980's, and the only time I recall ever digging it out was for the last of those employers in the 80's. We got along just fine back then too. I didn't really even commit my number to memory until about the mid to late 1990's when the practice of using it as a common verification technique was sharply escalated. Nowadays most people memorize their number and it is commonly requested over the phone, by computer transaction, or by postal mail. Huge difference.

Another quick example that comes to mind: Recently I received about 5 different emails from 5 different corporations that I do online business with. They all had a common third party email provider whose security got breached and exploited. The only risk in this case was the increased possibility of spam since our email addresses had been harvested. And sure enough, I did get some spam. Next time there could be something more substantial at risk.

So for me, my disposition is not based on just one or two different random types of events, but rather it is a result of all the loss of privacy that I have seen over the course of my lifetime.

I like Tim's reply here. I don't speak for him, and I certainly don't know that we would agree on anything else. But I did like this:

And my point is that it should be up to whomever owns the phone to determine how any information derived from its use can be retained, downloaded and/or used in any fashion by third parties.

I do not believe that a phone service provider "owns" the data it accumulates about their customers, either,m despite the user agreements. Constitution rights, by the very nature of words, should not be modifiable by contracts used to provide commodity-type services, and simply because a phone owner may not be overly concerned about his or her privacy should not make their right to privacy null and void.

Just my thoughts...

So my feelings in particular are not all directly connected to this one issue with the IPhone. If that were the case, then it wouldn't make as much sense. It might look stupid, and maybe that is what this looks like. But this is only a small part of a much bigger social engineering issue that I see. And overall it doesn't give me a sense of well being.

Do I have an answer for this? No. Am I going to become a hermit? Probably, but not quite yet. I still need to be a productive member of society and work on my 401K and my retirement just like everyone else. :twisted:

 

[John Roberts]

Re: Google is a Different Apple

I don't know if I am unusual, but I have been informed by companies or organizations I had dealing with, that my personal data may have been compromised several times in last ten years (once from the veterans administration, I think they lost a laptop).

So far this hasn't resulted in personal loss (that I know of), but there are bad actors out there.

From what i see behind the scenes the CC industry is pretty aggressive about securing data, but many companies are surprisingly lax.

Modern technology is a double edged sword and everything has unintended consequences... that's what makes the future interesting. The easiest way to lose a battle, is not knowing you are in a war.

JR

edit- teak comment

 

[Ryan Lantzy]

Re: Google is a Different Apple

I think we need to separate some of the issues here in order to have common understanding and useful discussion.

There are a couple of things I see going on:

1) Apple/Google/Verizon/AT&T using your phone as a data capture device, i.e. GPS on phone is reporting Lat/Lon of X,Y and it can see these three towers and 5 WiFi access points, then transmitting this data (a simple Lat/Lon to access point association) back to the mother ship without personally identifying information

2) Storing Lat/Lon to access point associations that your phone has made locally on your phone

3) Logging of Lat/Lon to access point associations made by 3rd parties at all

4) Personally identifiable information and/or any of the above available online and in a searchable form

There are other things that complicate this such as whether or not temporal data is stored along with it.

The combination of #1 with temporal data and a less-than-adequate anonimizing alogrithm could lead to public access to very personal data about someone's daily routine. This would help pretty much only those looking for it, but then that's exactly who you should worry about IMO. Even with perfectly anonimized data, someone with 3rd party knoweldge (an employer for example) could reconstruct a given string of locations based on the fact that they know a specifc person works for them and lives at X address. It might be fairly inconsequential to drill down on a big data set with these facts. Protection from this would require that no specific identifer (even though anonymous) be stored with multiple records. If any part of the identifier had commonality to it (i.e. all these records came from one handset) the records could tied together ex post facto.

The combination of #2 with time based data on your phone can be a very incriminating piece of data had you been accused of something (even though the evidence is merely circumstantial, it could just look bad), assuming someone could get access to it (*cough*, law enforcement). Additionally, regardless of an accusation of wrong-doing this data could be used for other nefarious purposes or "targeted monitoring" which I also find reprehensible.

Number 3 above is a little harder to prevent and I think is no different than typical mapping work, i.e. here's an address, and here's its physical location on a map. Granted, if someone knows the MAC address to your router, now they can find out where you live, but this is true of your street address to. Typically people that you would willingly give your MAC address to would also have your street address anyway (Cable/Telco). As for someone driving by and getting it... well they are physically there, so of course they know it. Someone could harvest MAC addresses from the internet I suppose, but that is no different than harvesting street addresses, so I don't see much difference there either. The last thing I can think of is maybe if you would be communicating over the internet and be worried about someone getting your MAC address that way. AFAIK, the MAC address is left out of the packet after it get's translated from Ethernet to the next type of network (typically ATM or Frame Relay). Remote networks have no use for this address, and only your local router would be keeping a table of MAC address to IP address associations. That said, researchers have been making lots of headway in geo-locating an IP address using the speed of light through fiber and copper and other known distances on the network graph so you are definitely out of luck there anyway. To put it simply, having your MAC address publicly known is a "who cares" at this point.

P.S. I could probably add in "using any of this data for targeted advertising" as a #5 above. This may or may not be anonymous depending on what scheme was used above and what information an advertiser is allowed to know about. I don't feel that targeted advertising is wrong... but certain methods of implementation may expose the public to unnecessary compromises to privacy.

P.P.S. In any case, users of the phones should have the ability to turn on and off these different things (use of a phone as a data collector, storage of location data on the phone, and location based advertising). Said control should be independent and none-the-less all of this data should be stored in an encrypted fashion and always properly anonymized.