Bernie Gunther
Fundamentalist Druid
Because the more thoroughly they violate your privacy, the more accurately they can target you with ads, so the more their ad-space is worth, which is their core business.
Apple's iPhone <eta: and other smartphones?> tracks users every movement
- Thread starter Kid_Eternity
- Start date
editor
hiraethified
As you know, I'm the first to start ranting when I feel my privacy is being comprised without my consent, but how is it being "violated" here? What privacy-compromising information might be contained within the approximate physical location of MAC address 00:21:9B:2...
(I say "might be" because Google returns zero results for my router anyway. Nothing. Nada, so this is all academic.)
Have you tried it on your router, btw?
Yes I have, and it's pinpointed my location very accurately.
editor
hiraethified
I wasn't asking you because you've already told us that.
Bernie Gunther
Fundamentalist Druid
There are a variety of potential threat models, depending who you are.
The first thing I'd say is that when anyone starts collating information on individuals, you have to look at the potential for malicious use of that info, not the best-case scenario.
Google has 20,000 odd employees and while they may well have sensible security controls over the data that they compile, so do other organisations that have leaked sensitive data in the past (banks, cops etc) so our threat model has to take into account the possibility that any data they compile is accessible to sufficiently motivated criminals or to any cop with a warrant.
Google (and Apple et al) also have an obligation to their shareholders to maximise profit and if a use of compiled data on customers isn't obviously criminal or so potentially damaging to their reputation that it'll hurt their profits via brand damage more than it yields in ad-sales or whatever, then they're going to do it whether you like it or not. So while they might not compile a list of sexually precocious children from search queries, tie that to personal information, phone and email, favourite chat-rooms, photos from Facebook etc, and sell the result to Gary Glitter, there's a line somewhere that they will cross and it probably won't be where most people would like it to be.
Programming their phones to wardrive for MAC addresses has a couple of potentially worrying implications that I can see right off the top of my head.
First location information, like information culled off Facebook or wherever can be used to make phishing-type attacks far more plausible and effective. I've seen (and can probably dig out if necessary) some experimental data on this, but from memory the difference goes up from <10% effectiveness up into the >70% range depending on the quality of information used. If I know your street address and can tie it to all the other stuff Google knows about you, I can spoof you or your bank or whatever far more plausibly.
Secondly, there are legal but dodgy things that info can be used for. An obvious example would be price discrimination based on street address such that you, living in a trendy area of London get charged more for certain goods or services than I would living in some shithole in the North.
More interesting than private router MAC addresses are public ones here, a malicious node (or even better, cooperating multiple malicious nodes) can sniff or actively elicit further information from other nodes on such WLANs allowing someone controlling such a group of phones or other nodes to identify, locate and even trace the movements of individuals through areas containing a high density of accessible WLANs (such as any big city) In this way, you should be able to get a finer-grained trace on someone's movements than you get with mobile cells. Of course, if you're Google, you probably don't need to do all of that, because you already almost certainly recognise the ip address and may well have it tied to an identity, making it easy to follow it through a series of WLANs whose MAC addresses you can locate very precisely in space.
It's pretty easy to come up with some very nasty, even deadly, threat scenarios for that kind of capability. Especially when you consider e.g. the situation of a human rights worker perhaps dealing with clandestine union organisers in Burma, gay activists in Iran or whatever. I'm sure our own dear police would also love to have the capability to trace the movements of known political activists in that way. The News of the World would also no doubt like to be able to tell which celebs were visiting the STD clinic when.
editor
hiraethified
You can turn off location information on Android phones and Facebook phishing attacks are only made possible by people posting up detailed personal information about themselves and having an open profile. Mine is locked and I don't use my real name or date of birth.
I'm not the most trusting of f folks when it comes to corporations, but I really do feel that the rest of your post goes somewhat over the top, with no real UK precedents to support some of the rather wild scenarios expressed.
And I'm really not convinced by your suggestion about price discrimination being introduced by MAC address. That really makes no sense at all - it would cost companies far more to start fucking about with different, geographical-based tariffs and they'd soon come under the scrutiny of regulators for such actions.
Bernie Gunther
Fundamentalist Druid
Well, airlines do price discrimination all the time, based on demand for a flight. They don't see it as "fucking around", they see it as a way of maximising their profit. If you have the location data Google (or Apple) have, there's no reason not to try to turn it into a revenue stream that way that I can see, unless there's some applicable legislation that I'm unaware of.
You can call the other threat scenarios I proposed 'wild' if you like, but it doesn't make them go away. Its just an argument about how probable they are in any given time and place, which in effect comes down to economics.
How motivated is the actor in question relative to the difficulty of doing it?
If there's a lot of money at stake, e.g. the ability of organised crime to skim bank accounts, then I suggest the motivation is high enough to try to subvert the security controls on that data.
If it's relatively easy to do, e.g. Google/Apple/whoever using it commercially in a legal-but-anti-social way, or the cops getting a warrant to make them hand the info over, then again, it's fairly likely to happen.
You can call the other threat scenarios I proposed 'wild' if you like, but it doesn't make them go away. Its just an argument about how probable they are in any given time and place, which in effect comes down to economics.
How motivated is the actor in question relative to the difficulty of doing it?
If there's a lot of money at stake, e.g. the ability of organised crime to skim bank accounts, then I suggest the motivation is high enough to try to subvert the security controls on that data.
If it's relatively easy to do, e.g. Google/Apple/whoever using it commercially in a legal-but-anti-social way, or the cops getting a warrant to make them hand the info over, then again, it's fairly likely to happen.
editor
hiraethified
Could you give some examples of variable, location-discriminating tariffs being applied to mainstream services in cities? I cant see any relevance in a comparison with flights, tbh.
Bernie Gunther
Fundamentalist Druid
Actually, there is one way in which Apple's retention of location data on their phones is more henious than Google sending it back to the mothership and then deleting it relatively quickly.
Currently the major area of interest for crimeware is mobile operating systems. There's been a huge explosion of attacks, although a lot of them look like proof-of-concept stuff compared to the mature web crimeware like Zeus/Spy-Eye.
By keeping that stuff on your phone for longer, Apple are facilitating location privacy attacks via subverted phones.
Currently the major area of interest for crimeware is mobile operating systems. There's been a huge explosion of attacks, although a lot of them look like proof-of-concept stuff compared to the mature web crimeware like Zeus/Spy-Eye.
By keeping that stuff on your phone for longer, Apple are facilitating location privacy attacks via subverted phones.
Bernie Gunther
Fundamentalist Druid
Obvious one is train fares. An international example is DVD prices, that's why they have that region encryption stuff, to stop people buying digital content in India and selling it in the US to arbitrage the price discrimination that's in place.
I think that you meant *within* a city though, so I'd suggest comparing prices for similar meals between restaurants in W1 vs Colindale or someplace. There the location information is implicit in your willingness to go to that restaurant.
Kid_Eternity
Quis custodiet ipsos custodes?
Yup. Google likes to take then worry about your rights of privacy later...
sunnysidedown
caput mortuum
Location: a google maps dot
lol.
lol.
editor
hiraethified
Obvious how? How would Google's location information have any impact on my choice of train fares to, say, London to Edinburgh?
Bernie Gunther
Fundamentalist Druid
It was an example of real-world price discrimination, which is what you appeared to be asking for. I was supporting the point that price discrimination is a real-world phenomenon, not some imaginary thing.
If you look back to what I was actually saying, it was that Apple/Google et al collecting location information offers a *new* way to do price discrimination and this is one of several potential reasons we might not want them collecting location information on us. You appeared to be arguing that nobody would bother to do price discrimination or that it wouldn't be worth them bothering doing it based on location.
I was showing:
a) businesses of certain kinds regularly do price discrimination in the real world,
b) some of them actually do it based on location,
c) that Apple/Google whoever collecting such data would offer a potentially attractive new way to do price discrimination, that many people might dislike.
editor
hiraethified
I was asking for some examples that bore some relevance to Google's wi-fi database and I still can't see any.
And how am I "discriminated" against by virtue of my location when I'm booking train tickets online? I've really no idea what your point is here, sorry. Train tickets being priced by demand or availability is not "discrimination" and it's certainly got bugger all to do with your location, or if Google has your MAC address in its database or not.
Bernie Gunther
Fundamentalist Druid
Well the relevance to Google wasn't intended to be direct.
It was kinda
step 1 ... show that price discrimination based on location isn't just a figment of my imagination. That's where my examples were supposed to be helpful.
step 2 ... show that, finding a new way to help businesses do it could be a potential revenue stream for someone who had that sort of data, e.g. Google.
It was kinda
step 1 ... show that price discrimination based on location isn't just a figment of my imagination. That's where my examples were supposed to be helpful.
step 2 ... show that, finding a new way to help businesses do it could be a potential revenue stream for someone who had that sort of data, e.g. Google.
Bernie Gunther
Fundamentalist Druid
Also, while your street address makes a reasonable proxy for your net worth that can be used for price discrimination and e.g. to identify people worth the effort of trying to scam in more elaborate ways, that's hardly the main concern here.
The main concern is that your street address is a proxy for your identity and collating it with stuff like your search history and potentially a trace of your movements makes any number of far more nefarious things possible if Google's security controls are subverted.
The main concern is that your street address is a proxy for your identity and collating it with stuff like your search history and potentially a trace of your movements makes any number of far more nefarious things possible if Google's security controls are subverted.
elbows
Well-Known Member
thought I was googling them
but they were googling me
sailing data seas
In search of privacy
location, location, location
facts of benefit to the nation
then sell it on, the price is right
and they wont put up much of a fight
Shiny and nice
tracking device
bugging device
recorder of vice
its a two way street
a double edged sword
freedom or slavery
risk or reward
Im not a poet and I dont need an iAnkletag to know it
but what hitler achieved with punchcards
makes me fear some future terror bytes
but they were googling me
sailing data seas
In search of privacy
location, location, location
facts of benefit to the nation
then sell it on, the price is right
and they wont put up much of a fight
Shiny and nice
tracking device
bugging device
recorder of vice
its a two way street
a double edged sword
freedom or slavery
risk or reward
Im not a poet and I dont need an iAnkletag to know it
but what hitler achieved with punchcards
makes me fear some future terror bytes
editor
hiraethified
I still can't think of any real world applications for your curious location-based price discrimination theory, and the examples you've given thus far have been completely random and, as far as I can see, completely unrelated.
Still, elbows' poetry was nice.
newbie
undisambiguated
no. that tells you to type ipconfig /all which will return the MAC address of the network adaptor(s) in your computer. The Google database is of the MAC address of routers. You need to ask your router what its physical address is.
fwiw neither of the two routers I've checked have been on the Google database.
Bernie Gunther
Fundamentalist Druid
Your mobile provider doesn't also have a database containing your search history to cross reference it with ...
grit
an ugly force for good
No just all the sites I've visited on the phone along with all my SMS and calls, which can be debated is better information.
Bernie Gunther
Fundamentalist Druid
Depends what one is looking for, arguably your web search history is a better indicator of your sexual perversions and political affiations.
Which if you're David Cameron and into scat-snuff-pedo-porn (as seems all too probable, given that he's both a tory and has a background in PR) it might just be newsworthy.
Which if you're David Cameron and into scat-snuff-pedo-porn (as seems all too probable, given that he's both a tory and has a background in PR) it might just be newsworthy.
grit
an ugly force for good
eh... what? How do you come to this conclusion.
Bernie Gunther
Fundamentalist Druid
herp/derp signifies a very stupid part of the internet. You really wanna go around wearing that like a badge?
editor
hiraethified
So how will this all be suddenly reaching the press? Google have already stated that they would only release Latitude information on receipt of a court order.
FridgeMagnet
Administrator
Mine was. I found it quite disturbing actually. I'd consider "abusive ex partner or PI recording the MAC address of your router and then using it to track you down after you move away" as much a threat as "partner or PI accessing your computer to find (some of) your movements".
Router MAC addresses are also generally considered meaningless and zero-threat data and ok to be passed on - after all, it's not like somebody is compiling a worldwide database of router MACs and tying them to their physical location or anything is it?
UnderOpenSky
baseline neural therapy
I've never heard of companies having information leaked or stolen, although that would be funny.
Similar threads
