{"id":1133,"date":"2010-06-20T01:41:26","date_gmt":"2010-06-20T09:41:26","guid":{"rendered":"\/?p=1133"},"modified":"2010-06-20T02:10:39","modified_gmt":"2010-06-20T10:10:39","slug":"harvesting-phone-and-laptop-fingerprints-for-its-database","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1133","title":{"rendered":"Harvesting phone and laptop fingerprints for its database"},"content":{"rendered":"<p>In\u00a0<a href=\"\/?p=1116\">The core of the matter at hand<\/a>\u00a0I gave the example of someone attending a conference while subscribed to\u00a0a geo-location service.\u00a0 I\u00a0argued that the subscriber&#39;s cell phone would pick up all the MAC addresses (which serve\u00a0as\u00a0digital fingerprints) of\u00a0nearby phones and laptops and send them in to the centralized database service, which would look them up and potentially use the harvested\u00a0addresses to further increase its knowledge of people&#39;s\u00a0behavior &#8211; for example, generating a list of those attending the conference.<\/p>\n<p>A reader wrote to\u00a0express disbelief that the MAC addresses of non-subscribers would be collected by a company like Google.\u00a0 So I close this series on WiFi\u00a0device identifiers with this quote from what Google calls its &#8220;<a href=\"http:\/\/googlepolicyeurope.blogspot.com\/2010\/04\/data-collected-by-google-cars.html\">refresher\u00a0FAQ<\/a>&#8221; (emphasis in the quote below is mine): \u00a0<\/p>\n<blockquote><p><strong>How does this location database work?<\/strong><\/p>\n<p>Google location based services using WiFi access point data work as follows:<\/p>\n<ul>\n<li>The user\u2019s device sends a request to the Google location server <em>with a list of MAC addresses which are currently visible to the device<\/em>;<\/li>\n<li>The location server compares the MAC addresses seen by the user\u2019s device with its list of known MAC addresses, and identifies associated geocoded locations (i.e. latitude \/ longitude);<\/li>\n<li>The location server then uses the geocoded locations associated with visible MAC address to triangulate the approximate location of the user;<\/li>\n<li>and this approximate location is geocoded and sent back to the user\u2019s device.<\/li>\n<\/ul>\n<\/blockquote>\n<p>So certainly the MAC addresses of all\u00a0nearby phones and laptops\u00a0are sent in to the geo-location server &#8211; not simply\u00a0the MAC addresses of wireless access points that\u00a0are broadcasting SSIDs.\u00a0 And this is\u00a0significant from a technical point of view.<\/p>\n<p>Why\u00a0not edit out the MAC addresses you don&#39;t need prior to transmission, reducing transmission size, cost\u00a0and the amount of work\u00a0that the central database server must do? Clearly, it was considered useful to collect\u00a0all the\u00a0phone fingerprints\u00a0&#8211; including those of non-subscribers.\u00a0\u00a0Of course Google&#39;s\u00a0 WiFi cars also collect the same fingerprints\u00a0&#8211; while driving past peoples&#8217; homes.\u00a0 So it is clearly possible for their system\u00a0to match the fingerprints of non-subscribers to their home locations, and thus to their natural identities.\u00a0<\/p>\n<p>Is this matching of non-subscribers\u00a0being done today?\u00a0 I have no idea.\u00a0 But\u00a0Google has put in place all the machinery to do it and\u00a0pays a premium to operate its geolocation service so as to gather this information.\u00a0 Further, if allowed to mature, the\u00a0market for\u00a0the extra\u00a0intelligence collected about our behaviors\u00a0will be\u00a0immense.<\/p>\n<p>So there is nothing unlikely about the scenario I\u00a0describe.\u00a0\u00a0 I have now examined all the issues I wanted to bring to light\u00a0and I&#39;ll move on to other matters for a while.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google says the user\u2019s device sends a request to its location server with a list of all MAC addresses currently visible to it.  Does that include yours?<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,47,11,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1133"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1133"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1133\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1133"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}