NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] More on Google's Wi-Fi Location Database Opt-Out

More on Google's Wi-Fi Location Database Opt-Out

http://j.mp/s9vABx  (This message on Google+)

I received a pile of mail this morning in response to my quick discussion
of Google's new Wi-Fi location database opt-out procedures last night:

http://j.mp/uWyC6Y  (Google+) [My discussion of possible opt-out side effects]

Before I continue, a couple of quick notes:

First, I'm on record as considering Wi-Fi SSID ("ID beacon") data and
related location databases as not being a big deal.  Let's face it,
they're transmitting on public airwaves, and anyone who happens by in
range can record them and note where they were received.  Google was
unreasonably pilloried for the Wi-Fi data they collected accidentally
in the course of Street View operations.

Secondly, while you can turn off your SSID on most Wi-Fi access points,
doing so may cause association problems with some clients, and the lack
of broadcast SSID doesn't really increase intrinsic security anyway.

OK.  Now to the inbox.

The distilled summary of the vast majority of messages I received on
this topic amounted to this:

"Why the blazes should I have to screw around with my Wi-Fi network
and change my SSID by adding that silly _nomap thing, and have to
reconfigure all my clients using that access point as well?  Why should
the burden be on me to make such a permanent change to opt-out?"

Various people also noted concerns about the _nomap suffix attracting
unwanted attention -- one drew a comparison with "putting /private in
your robots.txt file."

As I noted yesterday, I don't feel that the "attention attracting" aspect
of _nomap is particularly onerous, but obviously there are some folks
who are much more concerned about this aspect.

A more fundamental question people posed to me was why this has been
set up as opt-out and not opt-in.  I'm not privy to Google's deliberations
on this, but I can take a good guess.  If it was opt-in you'd get only
a tiny fraction of people likely doing so, and the useful mapping data
that could otherwise be derived from publicly transmitted Wi-Fi SSIDs
would be unnecessarily and largely stymied.  

Opt-in vs. opt-out issues are often much more subtle than they may appear
to be at first glance, sometimes with unexpected collateral effects.

Especially given that Wi-Fi SSIDs are publicly transmitted, I believe
a reasonable case for the opt-out model can be made in regards to the
location database, though no doubt some observers will disagree with
me on this.

I am less enthusiastic about the specific _nomap suffix SSID approach,
however.  It seems unwieldy (and frankly, somewhat ugly) at best,
especially because a permanent, highly visible change is required by
this model by everyone who wants to opt-out.

While I appreciate the authentication issues that have likely driven
Google to choose this approach, I believe that less "intrusive" (and
not continually visible) methodologies may be possible, perhaps
involving a one-time registration opt-out database linking SSIDs and
access point MAC addresses.

This is definitely a very interesting topic area.

Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org 
 - Network Neutrality Squad: http://www.nnsquad.org 
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
 - PRIVACY Forum: http://www.vortex.com 
Member: ACM Committee on Computers and Public Policy
Blog: http://lauren.vortex.com 
Google+: http://vortex.com/g+lauren 
Twitter: https://twitter.com/laurenweinstein 
Tel: +1 (818) 225-2800 / Skype: vortex.com