Copyright © 2010 Lawyerling. All Rights Reserved. Snowblind by Themes by bavotasan.com. Powered by WordPress.
Introduction (Surprise!)
I got a new iPod Touch today and one of the first things I did was fire up wi-fi and launch google maps. I noticed a button that allowed the system to automatically zoom in to my “current location”. Because the iPod does not have a GPS chip, I was expecting it to use my IP to narrow me down to a city or even a province. Imagine my surprise when it narrowed me down with an accuracy 30 meters (~100 feet)!
The first time I tried this, I was at the university. I was not too surprised by this because I know that the university has static IPs that may well be in some geo-locator database. I was more surprised (and concerned) when this worked at home. My IP is dynamic, so there is no way it could be stored in a central database. For curiosity, I looked my current IP up in a geo-locator database and it pointed me to Kingston, ON, which is 500km off, but it makes sense because my ISP operates all over Canada.
Technical Explanation (With Limited Amounts of Geekiness)
So how did the iPod do it? A few minutes of googling took me to a company called Skyhook Wireless. Without getting too technical, what this company does is it sends out about 200 cars in all cities in North America and they do what is known as “wardriving”. Essentially, they take a unique ID (MAC address for the technically inclined) from all wireless routers and log the physical location of those routers in a central database. The MAC address is freely available, even from protected networks. To be perfectly clear: you do not need to connect to a network (and thus do not need any passwords) in order to get a MAC address.
Once the location is in a central database, it is available for triangulation. Say I’m walking down the street with my iPod and press the “locate me” button. The Wi-Fi radio on my iPod sends Skyhook the MAC addresses of all the routers around me in a 80-200 meter radius. If three of those are in Skyhook’s database, I am triangulated, and skyhook knows where I am (give or take a few meters). The data is sent back to me and I get a google map of my surroundings.
Implications (Why You Should Turn Off the Wi-Fi on Your Cell Phone/iPod)
The negative implications of this can be quite clear. What if, for example, you’re not the one who requested your location? What if it was done by a virus/trojan or spyware (brings a new meaning to the term, eh?)? But your location is probably of little use to petty hackers and virus-writers. It’s also not precise enough for someone to physically walk up to you, especially if you’re in a dense place such as any city center. 30 meters worth of error downtown Toronto (or even downtown London) is enough for someone to never find you.
But what if your location is wanted by someone who knows you personally? Let’s say a spouse/significant other who thinks you’re cheating. Then your location with a 30 meter margin of error becomes more than enough for that person to know what you’re doing.
Legal Issues (This is a Law Blog, right?)
I can’t definitively say whether any of this is an invasion of privacy. Skyhook’s technologies does not circumvent any security systems and uses only information that is publicly available. I am not sure whether posting a location of a MAC address constitutes invasion of privacy (an enterprising “enthusiast” found a way to query Skyhook’s database to get Lat/Lon coordinates associated with MAC addresses). There’s an argument to be made both ways and of course none of this has been tested by a court.
What’s more concerning is that router owners cannot opt out of this. Furthermore, once a router’s MAC address is in the database, it cannot come out. The company’s stance on the issue is the following:
“we cannot remove individual access points…every access point by
definition broadcasts a radio beacon …The only way to stop an access point from broadcasting its
presence is to unplug it….we don’t actually identify the location of access points, just the signals
that they create”
That statement is technically true, but misses the point entirely. “The signals” (MAC address broadcasts) can be definitively associated with the physical router because every router has a unique MAC address (otherwise their system wouldn’t work). So, yes, they are tracking the location of access points. It is true though that once that access point (router, switch, etc.) is no longer broadcasting, it cannot be identified. This is the same thing that was said by computer security experts back in the 1980′s:
“…the only truly safe computer system is one that is disconnected from the network, switched off and buried six feet under ground…and even then I’m not sure.”
Mitigating Factors (Why You Should Not Lose Sleep Over This)
I have already alluded to some of the mitigating circumstances. Some of them are social (i.e. your location within 30 meters is useless to 99.999999% of the population) others are more technical. For example, most devices that are not laptops shut off wi-fi connectivity when their screens turn off in order to conserve their batteries. This is certainly true for iPods and iPhones and is also true for every Windows Mobile device I ever owned. Also, an internet connection is not needed to establish your coordinates (unconnected wi-fi is enough), but an internet connection IS required in order to do anything with those coordinates (i.e. send them to someone).
Also note that there need to be at least three known broadcasting access points within at most 200 meters, which likely means that this positioning system will not work in rural areas.
Lastly, and perhaps most importantly, I did not find any evidence of this system being misused. So far, there has not been any malware written that would take advantage of Skyhook’s database to track people. That doesn’t mean it cannot happen, it just means that it is not something to worry about today.
For More Info…
For the more technically inclined, you can check out my source material:
http://thebmxr.googlepages.com/Don_t_Locate_me.pdf (Background and tricking the system, very technical)
http://en.wikipedia.org/wiki/Skyhook_Wireless (Wikipedia entry on skyhook. Describes the technology)
http://en.wikipedia.org/wiki/Wifi (Wikipedia entry on wifi. Look at “Reach” for wifi service ranges)
September 30, 2009 at 10:04 am
Does that apply to regular cell phones, too? Can my CRAZR give away my location? I don’t even know how to turn off the Wi-Fi option or even if I have one.
(Just never cared enough to find out, I guess – all I want is a portable phone, not a computer that occasionally rings.)
September 30, 2009 at 2:04 pm
Serguei,
No, this only applies to Wi-Fi enabled devices. Your KRZR doesn’t have wi-fi. Of course, you can still be tracked using cell-phone tower triangulation, but that’s a different story.
September 30, 2009 at 2:24 pm
That’s it, I’m switching to telegraph.
…—… So simple, so elegant.
December 13, 2009 at 5:46 pm
You actually only need one bssid not 3, and there are plenty of scripts out there where all you need to do is grab a MAC, input it and bang you have the lon/lat.
Also it wasn’t some “enterprising individual” that came up with a way to query lon/lat but its the way there system is by default. It passes that info on to google which then serves you a map.
Whats truly scary about all this is that it doesn’t take much to craft a malicious java script to query your wifi adapter. Have an girlfriend you think might be cheating on you? Load your little java script into her iphone by just having her view your specially crafted “site” and every 20min you get a mail or IM with her exact location.
Last thing, this service isnt new its been around since about 05-06 … Orwell says welcome to the 21st century
February 8, 2010 at 5:42 pm
Hi,
I just noticed the above comment. Thank you for the correction, very interesting stuff indeed…
April 6, 2010 at 8:40 am
Check & Have your iPad for No cost! -> http://bit.ly/cFBuis