[shkkmo]

My presence on a public street isn't "private" per se, but following me around recording everywhere I go on public streets is definitely tracking me.

Not all wifi networks are stationary. I doubt most people know to add a _nomap to their hotspot name to avoid being tracked.

[godelski]

I always ask why it would not be okay if someone followed you around all day writing down everything you do (like a PI or stalker) but it is okay if some dude named Mark does it to a billion people.

Just like how you're allowed to use peoples images in public but if you only photograph one person and follow them around that's considered stalking and/or harassment.

It's weird to me that with tech we always bring up "well it is public" as if it is the same as our public laws but they aren't. Not only is the degree to which information can be gained substantially higher on the internet, but we have laws that would prevent similar actions in public and it generally considered creepy but the public. The only difference I see is that in public you have a better chance of seeing the person following you than you do online. I'm sure there's some psychology to this: people acting different when being watched through cameras vs in person.

[extra88]

I expect that if an SSID is not associated with a stable location, it's not even stored in the db because it doesn't serve the purpose of being a landmark (or stores it but with "hotspot," based on some heuristic, and therefore unreliable for location mapping).

[bingidingi]

Doesn't really matter what you expect, they're collecting the data and there's no evidence that they aren't using it to track... so we have to assume they do. Remember they were going as far as collecting data from people's networks using their Google Maps wifi-sniffing vehicles before they were caught.

[extra88]

> we have to assume they do

No we don't.

> collecting data from people's networks using their Google Maps wifi-sniffing vehicles

That was an error due to misconfiguration, failing to discard the data beyond that which identified the network for location mapping.

[josefx]

First link[1] I found says otherwise, unless you consider having a plan to collect and analyze email, phone numbers and other information from the payload data and having internal reviews of the code intended to do just that to be a "configuration error"? People really should stop trusting everything known habitual liars / big corporations say.

[1] https://www.wired.com/2012/05/google-wifi-fcc-investigation/

[extra88]

Thanks, I hadn't seen (or don't recall) those details.

Even that story portrays the payload collection as basically one "rogue" engineer's intention, not a part of a business or project plan. While other engineers accessed the collected payload data later, they may have reasonably assumed that if they had it, someone had ok'd it.

So rather than a coding error, it was an organizational failure to oversee the engineers' work, the FCC's report says as much.

[josefx]

The problem is that they followed the classic of denying everything they could until evidence against it turned up:

1. we didn't do it

2. we did it by accident in small cases

3. we did it by accident in worse cases

4. we did it intentionally but one guy was responsible

5. we did it but it was just one rouge dev. team

Add to that the unredacted report noting that Google kept delaying and hindering the investigation and it is rather clear that "6. we did it and management was neck deep into it" is more likely than not.

[bingidingi]

> No we don't.

Seems like basic data security to me. If my credit card number (valuable data) is posted to the dark web I have to assume someone will use it and it's insecure. Google has the data, so they can now use it whenever they decide it's valuable. Until I have evidence that it can't be used, I have to assume it's insecure.

[shkkmo]

How would they know a SSID is not associated with a stable location without tracking where that SSID has been seen?

[extra88]

Good point. It could be a short-term cache only only adds networks to longer-term storage if their relative location doesn't change over a period. Or, what I already wrote, they store it but with "hotspot," based on some heuristic, and therefore unreliable for location mapping.

[renata]

Android and Windows at least do support some kind of standard of marking WiFi as a hotspot or rate-limited, but I don't know how that works.

[extra88]

In iOS, you can set a WiFi network to Low Data Mode, macOS doesn’t seem to have an option like that.

I don’t think any of these are relevant to the subject of whether Google tracks the movement of hotspots.