How does Google Latitude know where I am?

This worries the hell out of me. Google Latitude knows my exact location just from me using the internet on my own wireless network. How on earth do they do this?

What do you mean by exact? The address?

Your IP address usually locates you fairly closely.

On the map Google pinpoints my house exactly. How could they do this with my IP address surely that info is known only to my ISP?

So what are you doing in Google that tells you where you are?

The Google Latitude gadget shows a map with an arrow showing my exact location.

OK, I had to google Google Latitude to find out what it was.

The gadget is on your computer?

On a GPS phone it is easy of course. Mine tracks me on Nokia Ovi maps.

On a computer maybe it can pick up the GPS signals through your wireless card? I confess I don't know, but I wouldn't think that impossible.

(Edit - added the missing n't).

Edited by RobertoS (Sun 29-Aug-10 22:35:28)

Err if you are signed up to google services and google lattitude its your mobile phone it tracks, google lattitude AFAIK is nothing to do with your computer, try leaving you phone at work one day and then running google lattitude at home..... More than likely it will point to works location not your home.

You can also disable the service see nobody can see your location once you have signed up to it. Thats what privacy settings are for!

It can work via GPS and you have to tell it your location initially anyway, so maybe that why it knows you are at home, because you told it LOL
http://www.youtube.com/watch?v=Q-Oq-9enE-k

Edited by deleted (Sun 29-Aug-10 22:49:33)

It runs off your phone, and either uses GPS, or the mobile network AGPS and triangulation stuff, or both. Even with GPS itself off, mine is normally accurate to within a few meters.

They are not using my phone so they must have scanned and picked up my wireless network somehow. Then they have linked it to my IP address though how I don't know. All a bit sinsiter really...

Edited by deleted (Mon 30-Aug-10 08:51:34)

It probably works off the MAC address of your wireless router. When the Google cars went around the world photographing for streetmap they also sniffed local wireless traffic. They have a massive database of MAC addresses and locations. Ironically if you google for this you will find a lot of hits. The Germans were particularly upset.

I forget how they (later) find your MAC address when you are on-line and normally only reveal an IP address. There is a hack to make your machine reveal its MAC address against your wishes but in your instance you've probably ticked a box somewhere.

In reply to a post by john2007:

It probably works off the MAC address of your wireless router. When the Google cars went around the world photographing for streetmap they also sniffed local wireless traffic.

No probably about it.

If you move house and take your router with you it will confuse Latitude, if it has no other way to get your location (e.g. GPS) it will base your location off your router MAC address.

Edited by deleted (Mon 30-Aug-10 09:15:40)

maybe Google's streetview camera cars with their wifi sniffers recorded the SSID and the location ?

I wonder how they then link my IP address when I'm online to the MAC they sniffed out? Is there something in Chrome/Chromium which is sending information about my computer back to "Google HQ"?

No maybe about it.. they did.. and then claimed it was a purely accidental thing - and while our tame privacy watchdog waved it through (rather like Phorm) other countries are really annoyed about it and are investigating the possibility thet Google has deliberately infringed privacy laws. IMHO Google is getting too big for its boots and needs to be slapped back into line - along with a couple of other "cyber entities". be interesting to see if they have me pinned won like that.. I would never sign up to any Google services, they want too much of my privacy.

Have you got a dynamic or static IP address?

I think it more likely triangulation on mobile masts is being used, as someone already suggested.

"maybe Google's streetview camera cars with their wifi sniffers recorded the SSID and the location ?"

As Warweezil already said, there's no maybe about it, that's what they did; I thought this was widely known these days?

One of Germany's equivalents of Top Gear (except with real content) yesterday ran a whole feature on Street Map and its privacy implications: http://www.vox.de/cms/sendungen/auto-mobil.html

I would be very interested to know what data is uploaded from Google Maps for Mobile or equivalent smartphone apps. It too could sniff for SSIDs, it too knows where it is (either via GPS or via Skyhook WIreless or similar database of SSID->location), and unllike the streetview cars, GMM can be used for frequent high-volume updates. Anyone seen any writeups on whether GMM "phones home" about where it is and what it can see?

https://services.google.com/fb/forms/wifibugs/

You need Google Gears installed (Chrome has it built in) then you could follow the test link in the above Google page.

In reply to a post by infra_red:

I wonder how they then link my IP address when I'm online to the MAC they sniffed out? Is there something in Chrome/Chromium which is sending information about my computer back to "Google HQ"?

I doubt its anything to do with your IP address, an IP address does not resolve direct to your exact location (IE street name and house number) which is what you claimed in your posting.

My IPaddress for example resolves to a town 30(ish) miles away from me (or it used to cant be bothered to go do a look up at the moment).

An IP address will not reveal your personal location right down to road and house number.

If it were doing that, you could in theory track passenger planes as they fly around the world, (Providing its got internet onboard and you had the IPaddress) and i doubt any defence department would be happy such a simple google tool allowed that.

The MAC theory of your router is possible, assuming you run an open non-encrypted network, they could had grabbed that.

I doubt its anything to do with the SSID, as thats easily changed in a router, so if you changed that suddenly it wouldnt know who you were. (assuming it was pure SSID identification).

This is more likely down to GPS marking, tracking as others have also stated.

Whatever it is either you gave them your location or you are running things open see they and anyone else could of grabbed the info.

Edited by deleted (Mon 30-Aug-10 19:15:13)

In reply to a post by CARPETBURN:

The MAC theory of your router is possible, assuming you run an open non-encrypted network, they could had grabbed that.

I think you can see the MAC of wireless routers even with encryption (WPA2-AES) enabled, and of course if its in use, disabling beaconing (SSID broadcast) is pointless.

SkyHookWireless did it long before Google. Just anyone with an original iPhone or iPod Touch how the Maps application knew where it was. Back in 2007. Without GPS.

In reply to a post by CARPETBURN:

you could in theory track passenger planes as they fly around the world, (Providing its got internet onboard and you had the IPaddress) and i doubt any defence department would be happy such a simple google tool allowed that.

You can track aircraft already without any onboard interaction .... http://www.flightradar24.com/

In reply to a post by CARPETBURN:

This is more likely down to GPS marking, tracking as others have also stated.

So my wireless router is acting as a GPS device? And Google is matching it to the MAC address they sniffed when they drove past my house under the auspices of creating Streetview?

In reply to a post by infra_red:

So my wireless router is acting as a GPS device? And Google is matching it to the MAC address they sniffed when they drove past my house under the auspices of creating Streetview?

I reckon it is simpler than that and Latitude is just triangulating from mobile masts, feeding that info into Google Maps.

Just added latitude to google and it maps me.

Google doesn't know my mobile phone as I only have a work mobile that is only known to work people and has no signal at my house. I have a dynamic ip.

Google also didn't streetview my road it only mapped the road at the top my road. It is pinpointing me on the road at the top of my road.

Will change router this week to see if it changes things.

Edited by deleted (Mon 30-Aug-10 22:14:12)

In reply to a post by RandomJointer:

Just added latitude to google and it maps me.

Google doesn't know my mobile phone as I only have a work mobile that is only known to work people and has no signal at my house. I have a dynamic ip.

Google also didn't streetview my road it only mapped the road at the top my road. It is pinpointing me on the road at the top of my road.

Will change router this week to see if it changes things.

So it isn't using the wireless card to triangulate you from masts. Casts doubt on my theory.

Edited by RobertoS (Mon 30-Aug-10 22:18:02)

That's just brilliant!

Others have said it is mapping from router wifi signals streetview has picked up.

I can't see any other explanation. Google certainly don't know my mobile number. Even if they did it has no signal in my village.

Doesn't map me. It says I have to install something called Gears.

In reply to a post by Anonymous:

In reply to a post by CARPETBURN:

you could in theory track passenger planes as they fly around the world, (Providing its got internet onboard and you had the IPaddress) and i doubt any defence department would be happy such a simple google tool allowed that.

You can track aircraft already without any onboard interaction .... http://www.flightradar24.com/

Not sure how accurate that is, Scotland has four international airports: Edinburgh, Glasgow, Glasgow Prestwick and Aberdeen. Ive just looked at there only appears to be 2 planes on the ground in the whole of the area. Heathrow and Gatwick even looked a little sparse of planes.

A great site though very nice find, interesting and potentially scarey at the same time.

Edited by deleted (Mon 30-Aug-10 22:38:36)

In reply to a post by infra_red:

In reply to a post by CARPETBURN:

This is more likely down to GPS marking, tracking as others have also stated.

So my wireless router is acting as a GPS device? And Google is matching it to the MAC address they sniffed when they drove past my house under the auspices of creating Streetview?

NO if its tracking via MAC they either got that info from your wireless router when they did street view or you signed up to one of their location apps and gave them that info (maybe unwittingly) when you signed up...... I frankly doubt either though, it wouldnt be a reliable way to track a location.

The easiest way to find out if it is actually tracking a modem/router and not just recalling info from wirelessly detecting it possibly months ago would be take your router to work one day if possible plug it in and then see where it thinks you are.

Or even easier turn the router off and totally unplug it, access the net elsewhere and see what it says about you then.... If it tracks you and your router personally it obviously wont be able to find you if the thing isnt plugged it.

I suspect it tracks you based on the apps account and info you feed it, or it will still say your router is at home even though it will be switched off and unplugged so they cant possibly be actually real time tracking it.

One things for sure if it is in any way accurate for many people it definately is not done via IP address, IP address unless you live in a big server room wont track right down to your household. For many if you lookup your IP address it wont even be your home town.

Edited by deleted (Mon 30-Aug-10 22:51:28)

In reply to a post by CARPETBURN:

Scotland has four international airports: Edinburgh, Glasgow, Glasgow Prestwick and Aberdeen. Ive just looked at there only appears to be 2 planes on the ground in the whole of the area.

I don't think it shows the ones on the ground.

In reply to a post by RobertoS:

In reply to a post by CARPETBURN:

Scotland has four international airports: Edinburgh, Glasgow, Glasgow Prestwick and Aberdeen. Ive just looked at there only appears to be 2 planes on the ground in the whole of the area.

I don't think it shows the ones on the ground.

Sorry yep you are correct, it also does not show all flights or model of plane after a bit more reading which would explain why when i looked in various areas things seemed a bit sparse. And i gather its only stuff leaving Europe it tracks and nothing else..... Unless every airline in the states are basically on strike

EDIT: Still a pretty cool site though

Edited by deleted (Mon 30-Aug-10 23:19:02)

We know that Google travelled around the country collecting data about wireless home networks.

Some things I'm unsure of:

1) Can mobile masts detect wireless home networks and collect data from them?
2) Does Google Chrome/Chromium contain software that sends information about your home network (including MAC addresses and other hardware info) back to Google?

This might help a bit. We were looking at this at work a few weeks ago. Our wireless network uses the same SSIDs for the full network. All users go out on the same IP address no matter where they are on the network.

So, in one building clicked the location button and it found it to within a few yards. Take the same laptop to another building 2 miles away and once again it is able to find where it is to within a few yards.

However, turn off the wirreless card and connect via a physical wire and it cannot locate. So, it is definitely the wireless card it is using.

I believe it uses the wireless card to scan the available wireless networks. Based on which networks it picks up allows it to triangulate position. It has to do this via MAC of wireless access point not via SSID (as the same SSID is used on both sites).

An encrypted connection can still advertise it's SSID and for a laptop to negotiate login with it it has to have a MAC address to talk to - therefore it is possible to grab MAC address from encrypted routers.

What I'm not sure is how google keep it up to date. Obviously they had the cars go around but that wouldn't take account of routers moving/changing. However, the iphone, android, etc all have location awareness - they themselves could collect all the local WAP details along with GPS and send it to google. That would let them keep their databases well up to date (but I've never seen anything stating that they do this).

I do not have a mobile phone switched on. I live in a fairly remote location and I am the only wireless network around. I wonder if for this to work you have to have a Google application like Chrome installed? If it does maybe the way it works is like this:

1) Google has a database of home wireless networks which it collected under the guise of Google Streetview by driving past houses.
2) When you go online Chrome/Chromium phones home to say that a particular network is online and uses the Streetview database to get your location.

Maybe if you do not use any Google software and/or Google did not drive past your house with your router switched on you are safe?

Deep within Chrome/Chromium there is an option to tick "Do not allow any site to track my physical location" which by default has Google as an exception.

Edited by deleted (Tue 31-Aug-10 12:15:32)

But if they are able to collect it from the location apps on iphone, android, etc then potentially you would need to frisk anyone getting anywhere near your house to ensure they don't have their phones enabled for location. Maybe get all visitors to turn phones off before they get within 200 yards of the house.

Of course it may be that the phones don't collect the data but I can't see how they could keep the database up to date if they didn't have a source like that (so when google asks if it is OK to use your location maybe it is also really asking if it is ok to scan for wireless in your location and upload any that exist in the area to their database?). Have to say if I was writing an app for it it's how I would want to do it - millions of data collection devices out there, massive potential.

sounds a bit worrying to me.

thankfully I have nothing to do with Google or their Latitude and if they do it by router, then they would be in for a shock as I have a different router now.

I think if Google uses your mobile to track you they can only use mobile masts - they will not be able to locate you precisely. But if you access the internet via a wireless modem they can pinpoint your house because they can use the database they developed when they did the Streetview drive pasts.

I'm afraid I don't believe that is the case.

The smartphones I mention have wireless, 3G/GSM and GPS. Therefore they can use any of those methods to get your location. So, say an iphone is near your house. The GPS and GSM methods give a pretty precise location. They can then upload all of the wireless access point data they collect to a central database - which therefore also has the location.

Another user then comes by with just wireless and is able to get their position from that.

Using this method GPS, GSM triangulation and wireless access points can all be used on their own or in combination to get a pretty accurate position.

In reply to a post by infra_red:

Does Google Chrome/Chromium contain software that sends information about your home network (including MAC addresses and other hardware info) back to Google?

See my earlier post.

Chrome has 'Google Gears' built in so if you have 'latitude' settings to allow it then it will show your location. Working it out from MAC addresses of wireless access points - see earlier link.

In reply to a post by b4dger:

In reply to a post by infra_red:

Does Google Chrome/Chromium contain software that sends information about your home network (including MAC addresses and other hardware info) back to Google?

See my earlier post.

Chrome has 'Google Gears' built in so if you have 'latitude' settings to allow it then it will show your location. Working it out from MAC addresses of wireless access points - see earlier link.

Well i been looking into this a bit more and ive figured out what it does and how it does it.
basically it sends...

1*your computer�s IP address,
2*your MAC address
3*information collected about nearby wireless points, and
4*a client identifier, which is assigned by Google, that appears to expiry every 2 weeks.
(YES i agree sounds like malware)

Google Location Services then returns your estimated geolocation (e.g., latitude and longitude). The accuracy varies depending on all the above information it had to collect and compare. The more wireless spots in your area the more likely its going to be close to getting your exact location (assuming google have info about those wireless spots). Same is true if theres only one strong hotspot in your area (say you are in a field and only the farmer is nearby with a wireless router, it will find you).

Depending on browser it doesnt even need an app or plugin to do it, the code is built into the browser you could just visit a site that switches geo location to on and tracks you (all the google things are, are basically nice frontends).

Fortunately for Firefox atleast there is a way to turn it off (dunno about IE and chrome not looked at those yet). To stop it with firefox.......
1 In the URL bar, type about:config and press enter
2 click ill be careful i promise
3 Type geo.enabled in the filter bar
4 Double click on the geo.enabled preference see it reads as disabled
5 Type browser.geolocation in the filter bar and make sure thats disabled also

Voila no more tracking, (should also stop those web ads if you have ever seen them about overly sexed people in your specific area/town wanting to meet you <<< yep they are done in the same sort of fashion).

Chrome and IE should in theory also have similar hidden away settings, though i spose it is possible you just cant turn it off in those browsers. (though i doubt it).

HTH people

Edited by deleted (Tue 31-Aug-10 17:13:56)

I am running IE8 and it can't seem to find me.

Bung your wireless AP MAC in http://samy.pl/mapxss/

Thanks I had on idea browsers had this built in! This link shows how to turn it off in Opera:

http://www.tothepc.com/archives/disable-geo-location...

In reply to a post by infra_red:

Thanks I had on idea browsers had this built in! This link shows how to turn it off in Opera:

http://www.tothepc.com/archives/disable-geo-location...

Nice find, hopefully options like that can also be accessed in chrome and other browsers and that should be the end of your worries

Scroll down below the instructions:

You can also disable Geo Location feature in Safari, Google Chrome and Firefox web browsers.

Just click your browser....

Great, IE8 does not have this geolocation ability

Browser geolocation test
If your browser supports HTML 5's geolocation functionality, and you allow this page to have access to your location, a breakdown of the data provided will be displayed below.

This is provided for:

Privacy-conscious web users, so you know exactly the kind of geo-data your browser is reporting to web applications that request it
Developers (the code for this page is public domain)
Your browser does not support geolocation.

In reply to a post by CARPETBURN:

In reply to a post by infra_red:

Thanks I had on idea browsers had this built in! This link shows how to turn it off in Opera:

http://www.tothepc.com/archives/disable-geo-location...

Nice find, hopefully options like that can also be accessed in chrome and other browsers and that should be the end of your worries

The best I can say about Google is they have been less than transparent about this. They have driven round the country deliberately gathering MAC addresses to build up a database - we heard all about Streetview's clever pictures of people's houses but not so much about Google's little sideline.

I used to wonder how some websites knew more or less where I lived - they could not get that from the IP address - well now I know.

Edited by deleted (Tue 31-Aug-10 22:37:20)

In reply to a post by infra_red:

I used to wonder how some websites knew more or less where I lived - they could not get that from the IP address - well now I know.

Mine shows me up straight away by looking it up here. It puts me in Bethere Zone 12. So any site I visit can easily place me in the Greater Manchester area.

Closer than that is another matter.

In reply to a post by RobertoS:

Your IP address usually locates you fairly closely.

Not in the UK it doesn't. The blocks are registered in such a way that you can't really pin-point which part of the country someone is in.. Virgin Media are a good exception to that but even then it's generalities.

seb

In reply to a post by infra_red:

This worries the hell out of me. Google Latitude knows my exact location just from me using the internet on my own wireless network. How on earth do they do this?

If it can see which wireless networks are in range, it can send that data to Google which has logged that in their Streetview cars so they can work out where you are based on that.. i.e. they have a "wireless network -to- physical location" database

seb

Do you really think they only got the data from the streetview cars? If so they would need to keep sending the cars around. I think the database updates everytime a request is sent to it - if a new hotspot pops up then as long as there are enough others to pinpoint your location then the sending of the data to find out your location is enough to then update the database with the new access points.

When done from a smartphone you have the addition of GPS and GSM location facilities to pinpoint the position of you and the hotspots even more precisely. I believe this is likely how they keep the database up to date - the initial collection via the streetview cars was just seeding the database.

In reply to a post by ian72:

Do you really think they only got the data from the streetview cars? If so they would need to keep sending the cars around. I think the database updates everytime a request is sent to it - if a new hotspot pops up then as long as there are enough others to pinpoint your location then the sending of the data to find out your location is enough to then update the database with the new access points.

Yes you are probably right about the updating using hotspots. I have tried my new "spare" router which would not have been in the "wardrive" database. Google found me immediately so either (1) they are assuming my laptop is in the same place it was before or, more likely, (2) Google Gears is using my laptop's wireless adaptor to scan for other wireless networks nearby - in my case there is only my neighbour's unencrypted wireless which is always on and would have been picked up by the original wardrive.

In reply to a post by billford:

Scroll down below the instructions:

You can also disable Geo Location feature in Safari, Google Chrome and Firefox web browsers.

Just click your browser....

Oh yeah you are right I didnt spot that last paragraph, thanks for the heads up im off to do chrome also right now... Good news indeed

In reply to a post by seb:

In reply to a post by RobertoS:

Your IP address usually locates you fairly closely.

Not in the UK it doesn't. The blocks are registered in such a way that you can't really pin-point which part of the country someone is in.. Virgin Media are a good exception to that but even then it's generalities.

seb

Indeed i remember when i was with Pipex my ip didnt resolve to anywhere near me. Think it was the same with wannado (though thats going back too far to remember clearly).

You cant pinpoint a persons exact position just from their ip address.

Unless im wrong it normally resolves to where your ISPs backbone/servers or whatever the right term is located.

In reply to a post by ian72:

Do you really think they only got the data from the streetview cars? If so they would need to keep sending the cars around. I think the database updates everytime a request is sent to it - if a new hotspot pops up then as long as there are enough others to pinpoint your location then the sending of the data to find out your location is enough to then update the database with the new access points.

When done from a smartphone you have the addition of GPS and GSM location facilities to pinpoint the position of you and the hotspots even more precisely. I believe this is likely how they keep the database up to date - the initial collection via the streetview cars was just seeding the database.

ID agree with all that which is probably why the google client identifier seems to have a validity period of 2 weeks, i guess after that time, it renews, looks at your location again and any new wifi spots etc are recorded and logged.

In reply to a post by infra_red:

In reply to a post by ian72:

Do you really think they only got the data from the streetview cars? If so they would need to keep sending the cars around. I think the database updates everytime a request is sent to it - if a new hotspot pops up then as long as there are enough others to pinpoint your location then the sending of the data to find out your location is enough to then update the database with the new access points.

Yes you are probably right about the updating using hotspots. I have tried my new "spare" router which would not have been in the "wardrive" database. Google found me immediately so either (1) they are assuming my laptop is in the same place it was before or, more likely, (2) Google Gears is using my laptop's wireless adaptor to scan for other wireless networks nearby - in my case there is only my neighbour's unencrypted wireless which is always on and would have been picked up by the original wardrive.

Interestingly my neighbour's WIFI is currently not detected by my laptop and Google can't find me so this seems to confirm Google were using that. It also suggests that they have not yet updated their database with the details of my new router that I have only started using today.

Edited by deleted (Wed 01-Sep-10 11:34:34)

In reply to a post by seb:

In reply to a post by RobertoS:

Your IP address usually locates you fairly closely.

Not in the UK it doesn't. The blocks are registered in such a way that you can't really pin-point which part of the country someone is in.. Virgin Media are a good exception to that but even then it's generalities.

Fair enough .

I think you can possibly add O2/Be to your exceptions list though. I believe the Zone is geographic.

InSSIDer shows up far more wireless networks than my laptop's own reporting does.

In reply to a post by ian72:

Do you really think they only got the data from the streetview cars? If so they would need to keep sending the cars around. I think the database updates everytime a request is sent to it - if a new hotspot pops up then as long as there are enough others to pinpoint your location then the sending of the data to find out your location is enough to then update the database with the new access points.

When done from a smartphone you have the addition of GPS and GSM location facilities to pinpoint the position of you and the hotspots even more precisely. I believe this is likely how they keep the database up to date - the initial collection via the streetview cars was just seeding the database.

Quite possibly they update it that way too.

seb

In reply to a post by infra_red:

Google Gears is using my laptop's wireless adaptor to scan for other wireless networks nearby - in my case there is only my neighbour's unencrypted wireless which is always on and would have been picked up by the original wardrive.

Indeed--that's what it would do.

seb

In reply to a post by CARPETBURN:

In reply to a post by seb:

In reply to a post by RobertoS:

Your IP address usually locates you fairly closely.

Not in the UK it doesn't. The blocks are registered in such a way that you can't really pin-point which part of the country someone is in.. Virgin Media are a good exception to that but even then it's generalities.

seb

Indeed i remember when i was with Pipex my ip didnt resolve to anywhere near me. Think it was the same with wannado (though thats going back too far to remember clearly).

You cant pinpoint a persons exact position just from their ip address.

Unless im wrong it normally resolves to where your ISPs backbone/servers or whatever the right term is located.

Exactly.

I'm based in Lincolnshire, my IP adress says I'm Cheshire and I'm using a central in Sheffield!

Exactly.

I'm based in Lincolnshire, my IP adress says I'm Cheshire and I'm using a central in Sheffield!

Location West Wales, Connected via ISPC in Birmingham, IP usually identified by sites as being Telford (enta)

The secretive nature of this is worrying. Even more worrying is the lack of concern and curiosity about what they're doing. By early on positioning themselves as the champion of freedom in oppostion to Microsoft Google seemed to have obtained themselves a free pass to do things like this. If Microsoft were doing it I doubt the response would be so quiet.

In reply to a post by infra_red:

The secretive nature of this is worrying. Even more worrying is the lack of concern and curiosity about what they're doing. By early on positioning themselves as the champion of freedom in oppostion to Microsoft Google seemed to have obtained themselves a free pass to do things like this. If Microsoft were doing it I doubt the response would be so quiet.

I dont blame google, its not just their browser with the function built in as we have seen, all google did is build a front end app.

Blaming google and only google is like blaming a singular mobile phone company for every modern model having gps built in.

In reply to a post by CARPETBURN:

I dont blame google, its not just their browser with the function built in as we have seen, all google did is build a front end app.

But isn't it only Google that have created the wifi AP MAC / physical location database???


EDIT: For example here's how Mozilla say it works in FireFox:

"How does it work?

When you visit a location-aware website, Firefox will ask you if you want to share your location.
If you consent, Firefox gathers information about nearby wireless access points and your computer�s IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location. That location estimate is then shared with the requesting website.
If you say that you do not consent, Firefox will not do anything."

Edited by b4dger (Fri 03-Sep-10 11:14:20)

Not wishing to defend Google at all, but no they're not the only ones with a WiFi->location database, they weren't even the first. Go read about e.g. SkyHook Wireless, which predates Google's own database and is what Google used before their cars went sniffing around.

Looks like they use a combination of GPS/mobile/wifi APs. They also say they've only scanned 'metro' areas - so I guess Google have taken the wifi APs another stage forward.

NB. I'm also not blaming/defending anyone I think it's all interesting and just like to see how it works.

In reply to a post by CARPETBURN:

In reply to a post by infra_red:

The secretive nature of this is worrying. Even more worrying is the lack of concern and curiosity about what they're doing. By early on positioning themselves as the champion of freedom in oppostion to Microsoft Google seemed to have obtained themselves a free pass to do things like this. If Microsoft were doing it I doubt the response would be so quiet.

I dont blame google, its not just their browser with the function built in as we have seen, all google did is build a front end app.

Blaming google and only google is like blaming a singular mobile phone company for every modern model having gps built in.

Mobile phone companies didn't drive past people's houses collecting private information about people's routers without permission and using it to form a database. They also don't keep it quiet that when you use their browser (or Firefox for that matter) they will use your wireless adaptor to scan for networks and send this information back to HQ.

Edited by deleted (Fri 03-Sep-10 12:31:53)

In reply to a post by infra_red:

In reply to a post by CARPETBURN:

In reply to a post by infra_red:

The secretive nature of this is worrying. Even more worrying is the lack of concern and curiosity about what they're doing. By early on positioning themselves as the champion of freedom in oppostion to Microsoft Google seemed to have obtained themselves a free pass to do things like this. If Microsoft were doing it I doubt the response would be so quiet.

I dont blame google, its not just their browser with the function built in as we have seen, all google did is build a front end app.

Blaming google and only google is like blaming a singular mobile phone company for every modern model having gps built in.

Mobile phone companies didn't drive past people's houses collecting private information about people's routers without permission and using it to form a database. They also don't keep it quiet that when you use their browser (or Firefox for that matter) they will use your wireless adaptor to scan for networks and send it back to HQ.

A poor example, google are not the only ones to do location mapping of hotspots, you dont even need to "drive" pass anyones home to do it. All it needs is one hotspot in a database to see your wireless signal and then your signal is recorded....... In theory anyone could do it, you could record all the wireless spots in your area, Its nothing new.

I get location aware ads on certain websites all the time (even though they get my location wrong).

Nobody is keeping anything quiet, google are clear what their app does (IE finds your location) Mozilla are clear that firefox has location awareness built in.

If you dont want to be assimilated into a location database dont use apps that do it and say no when it asks, on any web site, hardly rocket science.

In reply to a post by CARPETBURN:

In reply to a post by infra_red:

In reply to a post by CARPETBURN:

... nested quotes trimmed ...

I dont blame google, its not just their browser with the function built in as we have seen, all google did is build a front end app.

Blaming google and only google is like blaming a singular mobile phone company for every modern model having gps built in.

Mobile phone companies didn't drive past people's houses collecting private information about people's routers without permission and using it to form a database. They also don't keep it quiet that when you use their browser (or Firefox for that matter) they will use your wireless adaptor to scan for networks and send it back to HQ.

A poor example, google are not the only ones to do location mapping of hotspots, you dont even need to "drive" pass anyones home to do it. All it needs is one hotspot in a database to see your wireless signal and then your signal is recorded....... In theory anyone could do it, you could record all the wireless spots in your area, Its nothing new.

I get location aware ads on certain websites all the time (even though they get my location wrong).

Nobody is keeping anything quiet, google are clear what their app does (IE finds your location) Mozilla are clear that firefox has location awareness built in.

Google won't say how they formed their database - but the fact is they drove round the country recording router information without obtaining permission then used it for their own purposes

If you dont want to be assimilated into a location database dont use apps that do it and say no when it asks, on any web site, hardly rocket science.

Noone asked my next door neighbour if they could record the details of his router and use it to locate the people living near him. But that's exactly what Google did.

Noone asked my next door neighbour if they could record the details of his router and use it to locate the people living near him. But that's exactly what Google did.

Google only captured details for wifi APs that were freely broadcasting their SSIDs.

If you don't want people to see your wifi AP then you shouldn't broadcast your SSID.

In reply to a post by b4dger:

Noone asked my next door neighbour if they could record the details of his router and use it to locate the people living near him. But that's exactly what Google did.

Google only captured details for wifi APs that were freely broadcasting their SSIDs.

If you don't want people to see your wifi AP then you shouldn't broadcast your SSID.

Most people don't even know their routers are doing this. In a number of ways Google has taken advantage of people's ignorance here - "Wow how do Google do this! It's so clever!!" If more people knew how it was being done they wouldn't be so happy.

In reply to a post by b4dger:

Noone asked my next door neighbour if they could record the details of his router and use it to locate the people living near him. But that's exactly what Google did.

Google only captured details for wifi APs that were freely broadcasting their SSIDs.

If you don't want people to see your wifi AP then you shouldn't broadcast your SSID.

EXACTLY, google have not collected any data from the neighbour which isnt freely available to anyone.

In reply to a post by infra_red:

In reply to a post by b4dger:

Noone asked my next door neighbour if they could record the details of his router and use it to locate the people living near him. But that's exactly what Google did.

Google only captured details for wifi APs that were freely broadcasting their SSIDs.

If you don't want people to see your wifi AP then you shouldn't broadcast your SSID.

Most people don't even know their routers are doing this. In a number of ways Google has taken advantage of people's ignorance here - "Wow how do Google do this! It's so clever!!" If more people knew how it was being done they wouldn't be so happy.

Maybe they should turn wireless off if they dont use it.

If they do use it and they claim they didnt know their router broadcasts that info, then maybe they should ask thereself how they knew which wireless point was theres to connect the other stuff in their home to.

Arguing google has invaded your privacy when you broadcast the data they collect is like blaming a criminal for identity theft if you deliberately gave them your life history and all your personal documents.

Does your neighbour use different passwords for each website? If not i suggest they do incase someone one day sits next to them and watches them type their password openly without hiding the fact they are recording it.

Seriously im all for privacy but if you willingly hand that information out over the airwaves, you have no right to complain when someone takes it.

In reply to a post by seb:

The blocks are registered in such a way that you can't really pin-point which part of the country someone is in.. Virgin Media are a good exception to that but even then it's generalities.

UK Online/Sky are another exception. You can work out what exchange someone is on with Sky/UKO LLU services. Just do a reverse traceroute to the IP - the hop before the customer gives the exchange code.
I believe the netblock also gives the exchange code.

Matt

In reply to a post by b4dger:

If you don't want people to see your wifi AP then you shouldn't broadcast your SSID.

Also don't use the network. Not broadcasting SSID doesn't mean its not visible.

Many tools (including inSSIDer, and WiFiFoFum on Windows Mobile handsets) can show hidden SSIDs......

In reply to a post by jchamier:

In reply to a post by b4dger:

If you don't want people to see your wifi AP then you shouldn't broadcast your SSID.

Also don't use the network. Not broadcasting SSID doesn't mean its not visible.

Many tools (including inSSIDer, and WiFiFoFum on Windows Mobile handsets) can show hidden SSIDs......

Just turn damn wireless off, buy a 2 quid cat5 network cable and be done with it i say LOL
I dont run wireless, its slow, always has been slow and why would i want slow performance on a machine in another room when im paying money for a service i could get better service from just buying a cable??
One cable equals better performance, better security, and two fingered salute to google tracking, problem solved LOL

"google are clear what their app does"

O'really?

So, wise one, answer me this.

Google Maps for Mobile on a smartphone can work out where it is based on WiFi info (no GPS necessary). Does it (or anything similar from Google) then upload the "where I am" and "what services I see" info back to Daddy to help keep Daddy's database up to date, thus requiring the user to unknowingly act as an unpaid data collector for Google (in return for the benefit of using GMM or other Google app)?

If Google are clear on what their apps do, this question should be easy to answer shouldn't it?

Yesterday my Google account asked me to fill in more "account verification" info. One of the bits they wanted was my mobile number. Two years ago they'd have got it. Now I'm older and wiser there's no way they're having any more identifiable info about me than they already have, and as time goes by I will do my best to reduce the usefulness of what they already have. I already gave up on Gmail for example.

It's the *unknowing* bit, the inability to make a reasonably informed decision, that's a big problem. The scale of the information gathering is another factor.

"Google only captured details for wifi APs that were freely broadcasting their SSIDs."#

Are you sure about that? There have been many reliable reports that their snooping receivers didn't just record the (e)SSID and location, but also recorded packet contents. If your intention is to solely listen to broadcast SSIDs, netstumbler style, you can do that very simply.

If your intentions also include capturing SSIDs where "SSID broadcast" is disabled, that's not difficult either, you simply listen to (and record) *all* the traffic (go read about Kismet, for example).

It's trivially easy for an unauthorised bystander to get SSIDs even when SSID broadcast is disabled. Disabling SSID broadcast is *not* an effective security or privacy measure, though it may help avoid some accidental/unwanted connections.

Its all clear the moment you go to use their apps, my god it even asks you almost in complete idiot terms do you want to be tracked........ Obviously some have difficulty understand the question an app on a screen asks and answering yes or no.

I suggest some people do not touch anything which involves radio waves........ Or put on your foil hat

Edited by deleted (Sun 05-Sep-10 22:50:39)

yes, in a 'sinister' sense, it does count. but for all reason, it's for information. but some people just abuse that information. and some of us needs to have all the privacy they want/need.

The Czechs have the right idea

http://www.theregister.co.uk/2010/09/14/czech_privacy/

No chance of the British government stopping Google from doing whatever they want though.

In reply to a post by CARPETBURN:

In reply to a post by infra_red:

In reply to a post by b4dger:

... nested quotes trimmed ...

Google only captured details for wifi APs that were freely broadcasting their SSIDs.

If you don't want people to see your wifi AP then you shouldn't broadcast your SSID.

Most people don't even know their routers are doing this. In a number of ways Google has taken advantage of people's ignorance here - "Wow how do Google do this! It's so clever!!" If more people knew how it was being done they wouldn't be so happy.

Maybe they should turn wireless off if they dont use it.

If they do use it and they claim they didnt know their router broadcasts that info, then maybe they should ask thereself how they knew which wireless point was theres to connect the other stuff in their home to.

Arguing google has invaded your privacy when you broadcast the data they collect is like blaming a criminal for identity theft if you deliberately gave them your life history and all your personal documents.

Does your neighbour use different passwords for each website? If not i suggest they do incase someone one day sits next to them and watches them type their password openly without hiding the fact they are recording it.

Seriously im all for privacy but if you willingly hand that information out over the airwaves, you have no right to complain when someone takes it.

You probably think if someone invades someone's privacy by sneaking up and looking through the window it's their own fault for not having the curtains permanently pulled.

In reply to a post by infra_red:

You probably think if someone invades someone's privacy by sneaking up and looking through the window it's their own fault for not having the curtains permanently pulled.

Errr what privacy would they have if they dont draw the curtains?
While the person sneaking up may be a pervert, its not the same. Google basically give you the choice if you want to be seen or not when you use their apps.

If a streaker ran through the streets and you sneaked a peak are you invading their privacy? They choose to ran naked through the streets, just as you or your neighbour chooses to air their wireless signal through the streets.

You cant accuse someone of stealing privacy if you give it to them.

At last the authorities are looking into this:

http://www.bbc.co.uk/news/technology-11614970

Amazingly though Google claim this:

Google's director of privacy Alma Whitten said the company would work with the ICO to answer its "further questions and concerns".

She added that the data "has never been used in any Google product and was never intended to be used by Google in any way".

Maxmind as discussed on here before seems to have depending on country accurate GeoIP data.
When taking in all the methods of data collection, it wouldn't be that difficult to have very accurate data on physical location. You can check what location info is held in connection with your IP address:-

www.maxmind.com

In reply to a post by Vorlon:

Maxmind as discussed on here before seems to have depending on country accurate GeoIP data.

Not for me! As discussed earlier IP addresses are not a reliable way to find someone's location. The address just relates to where your provider is 'registered' - so for me on my Freeola/Entanet connection that always relates back to around Telford. I'm quite a few hundred miles from there!

GEO Location using 'Google Location' (my demo page) has me spot on using the Wireless Access Points of my neighbours!

In reply to a post by b4dger:

In reply to a post by Vorlon:

Maxmind as discussed on here before seems to have depending on country accurate GeoIP data.

Not for me! As discussed earlier IP addresses are not a reliable way to find someone's location. The address just relates to where your provider is 'registered' - so for me on my Freeola/Entanet connection that always relates back to around Telford. I'm quite a few hundred miles from there!

GEO Location using 'Google Location' (my demo page) has me spot on using the Wireless Access Points of my neighbours!

"The address just relates to where your provider is 'registered"

This is not neccessarily true. GeoIP is a "tool" used to connect the person who uses a static IP address with a physical location.
This data can be collated when you sign up from free to chargeable services and can provide an extra layer of security for your benefit in the case of online banking and general web transactions.

Not all GeoIP companies are the same with some indentifying the ISP's address, but I've found Maxmind to be accurate and not just for me either.

Edited by Vorlon (Mon 25-Oct-10 01:43:09)

Google's UK Head of PR having a very uncomfortable time being interviewed on the radio this morning. Wriggling like an eel. Not at all convincing.

Post deleted by billford

Post deleted by billford

Advertising is not permitted.

that explains why the router I used in Hong Kong, and have re-activated here in Milton Keynes has cause Latitude to show I am in HK, near enough to where it was last used November2010...

In reply to a post by concretecow:

that explains why the router I used in Hong Kong, and have re-activated here in Milton Keynes has cause Latitude to show I am in HK, near enough to where it was last used November2010...

More people should do this kind of thing, just to mess up the database.

I will be doing so shortly once I've got one more DSL modem than I need, so I can periodically rotate 3 modems between 2 far-apart places...

was anyone asked if they could be included on a post code database, used for location services? I think not, the principle is the same, Google just got smart. Really nothing to worry about., I certainly dont.

I am not on the postcode database. The postcode of my house is.

http://www.theregister.co.uk/2012/07/27/google_still...

They're still at it

Just read most of this thread, seeing as you woke it up and for a week now I've had an Android phone which I've used with "Navigation". (Looks as though that's going to be another can of worms like this, but better in a new thread).

This post made me chuckle. Toddling off to HK and back isn't an easy security measure for me .

How they find a mac address is easy !!!
Every time you log onto a wifi your phone or computer transmits your mac address assoicated to the ip address that the DHCP server just assigned you when connected to a wifi