A number of technical people have given Google the benefit of the doubt in the Street View Wifi case and as a result published information that Google's new “Gstumbler” report shows is completely incorrect. It is important that people re-evaluate what they are saying in light of this report.
I'll pick on Conor's recent posting on our discussion as an example – it contains a number of statements and implies a number of things explicitly contradicted by Google's new report. Once he reads the report and applies the logic he has put forward, logic will require Conor to change his conclusions.
Conor begins with a bunch of statements that are true:
- MAC addresses typically are persistent identifiers that by the definition of the protocols used in wireless APs can't be hidden from snoopers, even if you turn on encryption.
- By themselves, MAC addresses are not all that useful except to communicate with a local network entity (so you need to be nearby on the same local network to use them.
- When you combine MAC addresses with other information (locality, user identity, etc.) you can be creating worrisome data aggregations that when exposed publicly could have a detrimental impact on a user's privacy.
- SSIDs have some of these properties as well, though the protocol clearly gives the user control over whether or not to broadcast (publicize) their SSID. The choice of the SSID value can have a substantial impact on it's use as a privacy invading value — a generic value such as “home” or “linksys” is much less likely to be a privacy issue than “ConorCahillsHomeAP”.
Wishful thinking and completely wrong
These are followed by a statement that is just plain wishful thinking. Conor continues:
- Google purposely collected SSID and MAC Addresses from APs which were configured in SSID broadcast mode and inadvertently collected some network traffic data from those same APs. Google did not collect information from APs configured to not broadcast SSIDs.
Google's report says Conor is wrong about this, explicitly saying in paragraph 26, “Kismet can also detect the existence of networks with non-broadcast SSIDs, and will capture, parse, and record data from such networks“. Conor continues:
- Google associated the SSID and MAC information with some location information (probably the GPS vehicle location at the time the AP signal was strongest).
This is true, but it is important to indicate that this was not limited to access points. Google's report says that it recorded the association between the MAC address and geographic location of all the active devices on the network. When it did this, the MAC addresses became, according to Conor's own earlier definition, “worrisome data aggregations”.
- There is no AP protocol defined means to differentiate between open wireless hotspots and closed hotspots which broadcast their SSIDs.
This is true, but Google's report indicates this would not have mattered – it collected MACs regardless of whether SSIDs were broadcast.
- I have not found out if Google used the encryption status of the APs in its decision about recording the SSID/MAC information for the AP.
Google's report indicates it did not. It only used that status to decide whether or not to record the payload – and only recorded the payload of unencrypted frames…
I like Conor's logic that, “When you combine MAC addresses with other information (locality, user identity, etc.) you can be creating worrisome data aggregations that when exposed publicly could have a detrimental impact on a user's privacy.” I urge Conor to read the Gstumbler report. Once he knows what was actually happening, I hope he'll tell the world about it.