Are we all handing to Google the SSID of our home routers?

Repeating the exact query I used last night with the same pair of MAC addresses this morning, the location returned has altered at the 7th decimal of precision so it seems it's a (near?) realtime process updating the MAC database with the GPS locations from the phones/tablets.

For several years google maps "satellite" imagery has had a reasonably accurate position for my postal address, but since they updated the imagery a few weeks ago (it shows my new lawn) they now think my address is four houses along and on the wrong side of the street, so 1/4 inch of precision for the MAC address, but 100 yard accuracy on the map!

Reply to
Andy Burns
Loading thread data ...

[snip]

I didn't login with a google account, and I didn't have to give any identifying information whatsoever. (Of course my IP address will show up in the server logs.) You open a new project (you can keep the default project name) and they give you a key. It's that simple.

Scott

Reply to
Scott Hemphill

The fact the Google database is near real time is VERY IMPORTANT! Thank you for testing that critical piece of data.

If I understand this scenario correctly: Let's say I turn my celphone hotspot on, so now my cellphone has an SSID and the guy next to me is stoopid enough to send my SSID/MAC to Google.

Then anyone can track my location in near real time.

Is that right?

Reply to
Alice J.

I understand why they would not want to add mobile device hotspots to their database but how would they differentiate between a router hotspot and a mobile device hotspot?

My phone is Android 4.3 and it can certainly act as a hotspot. So can my iPads, so you don't need Marshmallow for a phone to be a hotspot. T-Mobile allows it for free.

I guess what you're saying is that you need two nearby MAC addresses to make a query (that's probably to foil people looking up one).

If I'm in a library, the phone won't be all by itself. If I'm at home, it won't be all by itself either.

Thanks!

Yes. This is probably a crude "security" measure, that you need two nearby MAC addresses. But if you're fishing for a particular person's MAC address of their phone, then it seems that would be easier because you would know the MAC address of their router (since you know who it is you're fishing for where they are).

Isn't the adjacent MAC address on a router usually simple incremented by 1? That would make guessing pretty darn easy!

I wonder why they want the signal level if they're not using it?

Reply to
Alice J.

My point was that dual-band phones have existed for years, but only marshmallow allows you to choose which band to use for the hotspot, and even it can't provide concurrent dual-band hotspot ... so a single phone in hotspot mode can't provide two MAC addresses for geolocation.

Seems you already know where this person lives that you're stalking, if you know their phone and home router's MAC? You don't need google's help :-P

I think they probably would use it if you gave three or more MACs together with signal levels.

So, having been shown that google *do* use phones/tablets to geolocate access points, which in turn allows a device to report MACs from visible BSSIDs and geolocate itself, you could get yourself an API key and see if your MACs are in their database, then you could add _nomap to your SSID and see if that is sufficient to make your MACs get flushed from it (and after how long), then see how many other companies are collecting this data, and do they honour _nomap, and do you really care enough about it all to stop using WiFi at home?

Reply to
Andy Burns

I understand now that a single phone, alone, with no other data, won't let you geolocate.

However, let's say I know the mac address of the phone of person 1 and that I know the mac address of the phone or router of person 2.

Could I run the query with those two numbers where Google will actually tell me if those two people are together?

Reply to
Alice J.

I don't know if I have the technical skills, but I will go and get an "API key" from Google and I will see if my routers and phones are in their geolocation database.

I already added _nomap to all my SSIDs so I might have to temporarily remove _nomap to see if I'm in the database (and then add it back).

Since this thread is looooooong, if I have questions, which newsgroup are you on of the three in this thread?

comp.mobile.android? alt.internet.wireless? alt.cellular?

Reply to
Alice J.

also grab yourself a copy of cURL suitable for your machine

here

Reply to
Andy Burns

It would be more efficient to store only the MACs.

Nuke Google's servers. And Apple's and Microsoft's and Nokia's ...

Reply to
Whiskers

Whoever walks around and queues in a supermarket with their mobile phone operating as a WiFi access point, is the stoooopid one. I'm sure Google et al are clever enough to notice which routers are mobile &/or intermittent and exclude them from their navigation databases, for which they are of course useless. The other people in the shop are just people (some of whom may be using the shop's WiFi).

Reply to
Whiskers

Exactly why all this concern regarding 'privacy' is wasted effort. Google may know the latitude and longitude of a static WiFi access point with enough accuracy to get you within range of its signal but they don't know its postal address - and they don't know the latitude and longitude of house numbers (mostly [1]); they infer from the number roughly where on the street/road/avenue/close/alley/whatever it's likely to be, using an algorithm that includes such things as the highest and lowest numbers in the street and the length of the street and the size of each plot and the postal sorting codes or any other data they may have for that street or region or city or whatever. Like all other geo-location services they can be a long way out in rural areas.

This means that for instance Google Maps is quite sure my router is located in someone else's home and that I live exactly where I don't - and those two places are not only both wrong but also different. They aren't far apart though - this is a highly built up area and I can 'see'

15 WiFi routers from my arm chair - but it looks as though Google haven't associated my router with me; they've merely associated both the router and my home to the same crowded vicinity. [1] It's just a guess but I expect they do know the co-ordinates for 1600 Pennsylvania Avenue and some other addresses.
Reply to
Whiskers

Why would you care about this?

The information is useless unless you actually come to your location. Once you're there you only have to scan for SSID's in the normal way with a WiFI enabled device to get exactly the same information.

So why on earth do you ask this question?

Why not ask the obvious more concerning question about other data Android saves on Google servers relating to WiFI connections you have used?

Reply to
Brian Gregory

You really are stupid aren't you.

Reply to
Brian Gregory

It turns out that the MAC is certainly stored, as Andy Burns, later in this thread, has run the public API to access it.

  1. You need two nearby SSIDs for Google to spit out the location
  2. It should be easy to do that if you do a little spying
  3. You need a Google API which will track your lookups
Reply to
Alice J.

I don't know if Google saves the SSID/MAC of a cellphone hotspot, but I've known people to have them when I go to Starbucks.

So, people do it (one, I remember, was a friend who calls his "Bills Pocket AP", for example).

So, people do it. The question is whether Google stores it. I suspect they store *everything* they can, so, I wouldn't put it past them.

Reply to
Alice J.

I have curl.

There are three different "heres"... :)

Reply to
Alice J.

It's a clear privacy violation, and, the law says so as they're the ones who made Google allow us to opt out (we discussed that in detail already, so there's no need for me to rehash it).

You didn't read this thread. The information is downright scary and creepy.

For the same reason that some governments made it a law that Google had to allow us to opt out of this spying on us.

What other data are you alluding to?

Reply to
Alice J.

Internet services may not be able to geolocate you using a single phone call but, of course, the phone network can do it without even a phone call.

I haven't followed all the details in this thread so it may have already been mentioned.

Reply to
pamela

Did you know that the government has a database of the physical location of your mailing address and postcode too. Does that upset you too?

Some governments are weird. For instance I heard that in the US almost anyone can buy a gun, no questions asked. That's beyond weird.

Well mainly that Google normally has the password to your WiFi as well. That theoretically would mean a Google employee could come and use your WiFi to do something illegal and get you in to trouble.

Andy Burns pointed this out at 0936Z on 29th Jan but you seemed to forget it pretty quickly and go back to this weird thing you have about your SSID.

Reply to
Brian Gregory

You don't mind having to pay for all your apps again then? Or alternatively never updating them beyond their current version when you switch accounts.

Reply to
Brian Gregory

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.