[extra88]

I expect that if an SSID is not associated with a stable location, it's not even stored in the db because it doesn't serve the purpose of being a landmark (or stores it but with "hotspot," based on some heuristic, and therefore unreliable for location mapping).

[bingidingi]

Doesn't really matter what you expect, they're collecting the data and there's no evidence that they aren't using it to track... so we have to assume they do. Remember they were going as far as collecting data from people's networks using their Google Maps wifi-sniffing vehicles before they were caught.

[extra88]

> we have to assume they do

No we don't.

> collecting data from people's networks using their Google Maps wifi-sniffing vehicles

That was an error due to misconfiguration, failing to discard the data beyond that which identified the network for location mapping.

[josefx]

First link[1] I found says otherwise, unless you consider having a plan to collect and analyze email, phone numbers and other information from the payload data and having internal reviews of the code intended to do just that to be a "configuration error"? People really should stop trusting everything known habitual liars / big corporations say.

[1] https://www.wired.com/2012/05/google-wifi-fcc-investigation/

[extra88]

Thanks, I hadn't seen (or don't recall) those details.

Even that story portrays the payload collection as basically one "rogue" engineer's intention, not a part of a business or project plan. While other engineers accessed the collected payload data later, they may have reasonably assumed that if they had it, someone had ok'd it.

So rather than a coding error, it was an organizational failure to oversee the engineers' work, the FCC's report says as much.

[josefx]

The problem is that they followed the classic of denying everything they could until evidence against it turned up:

1. we didn't do it

2. we did it by accident in small cases

3. we did it by accident in worse cases

4. we did it intentionally but one guy was responsible

5. we did it but it was just one rouge dev. team

Add to that the unredacted report noting that Google kept delaying and hindering the investigation and it is rather clear that "6. we did it and management was neck deep into it" is more likely than not.

[bingidingi]

> No we don't.

Seems like basic data security to me. If my credit card number (valuable data) is posted to the dark web I have to assume someone will use it and it's insecure. Google has the data, so they can now use it whenever they decide it's valuable. Until I have evidence that it can't be used, I have to assume it's insecure.

[shkkmo]

How would they know a SSID is not associated with a stable location without tracking where that SSID has been seen?

[extra88]

Good point. It could be a short-term cache only only adds networks to longer-term storage if their relative location doesn't change over a period. Or, what I already wrote, they store it but with "hotspot," based on some heuristic, and therefore unreliable for location mapping.

[renata]

Android and Windows at least do support some kind of standard of marking WiFi as a hotspot or rate-limited, but I don't know how that works.

[extra88]

In iOS, you can set a WiFi network to Low Data Mode, macOS doesn’t seem to have an option like that.

I don’t think any of these are relevant to the subject of whether Google tracks the movement of hotspots.