[JackC]

Can you say more about your privacy concern here? I'm not seeing it.

As far as I know, the sole use of this database is to say, "if you can see this set of wifi networks, then you are probably at this GPS location." It's literally the same thing, except at a different electromagnetic frequency, as saying "if you can see houses with these addresses, you are probably at this GPS location." Kind of like a street map.

I definitely think that privacy concerns can emerge when you aggregate public data -- is there something I'm missing here?

[bajsejohannes]

The privacy concern as I understand it is about access points moving in time, not about the snapshot of the data at a certain point.

So you can use my access point to find your location, but if I bring it to my next home, please don't record that in public data.

[JackC]

This is a great example -- thanks.

So, is it fair to say that there's no privacy concern if the API only exposes a one-way lookup? I.e. "here are the access points I can see -- where am I?"

That also addresses the other concern raised below, that the database could be used to search for known-vulnerable routers.

[hackuser]

> is it fair to say that there's no privacy concern if the API only exposes a one-way lookup?

It helps, but no. The data is still there to use. The API or Mozilla policy may change, or security may fail.

From what I can tell, there's no need to record either the devices gathering data or the devices looking up their location. Just don't store that data and everything is fine.

[JackC]

Oh, another example that affects even the one-way lookup is stalking -- if I've been over to Joe's house before, and then he goes into hiding, I can say, "hey, I see Joe's access point, where am I?"

That could be mitigated by requiring at least two access points for a query.

[hannosch]

Both the Mozilla API as well as Google have this "you need to know two" protection. At Mozilla we go a bit further and also make sure the two BSSID's you are sending aren't almost identical. That happens in a lot of modern access points who are setup with separate 2.4 and 5GHz networks or those who have a guest network.

[paulojreis]

Your point is wrong from the beginning: I don't have to explain my privacy concerns, and neither do the others who don't know what an SSID is. "Privacy" should be the default and without need for justification, not the other way around.

[antsar]

How do you feel that privacy is being violated by scanning SSIDs and pinning those SSIDs to GPS coordinates? I believe JackC's point is that there isn't a privacy concern here. The consumer's router is blasting out the SSID for everyone to hear, just like if you were standing on your roof shouting, or had a poster on the outside of your house. There's nothing wrong with those things being recorded, what makes SSIDs different?

[publicfig]

I understand the sentiment but really feel like it falls when looking at the actual situation. It's checking on things that are broadcast outside of your own property, and even offering a way to opt out. It's like transmitting radio waves from your property and asking that no one listens. You have a control over the distribution method or whether or not it even exists.

[justcommenting]

so everyone should have to choose between having their home router's info added to large, aggregated databases and reconfiguring/not operating a router?

i know plenty of people for whom that's not a choice they're likely to know about. perhaps mozilla/google shouldn't be able to dictate my SSID or its visibility just because they don't want to incur the cost/complexity of obtaining affirmative, informed consent.

[publicfig]

Yes, everyone should have to chose that. This should be a choice to make when you are broadcasting a signal out beyond your property. This would be like arguing that your wireless network shouldn't show up in the dropdown list you see when trying to connect to a wifi network. If it's a major concern, then you always have the possibility of using ethernet, but this information is publicly available.

[justcommenting]

I understand the spirit of your comment, but the number of non-technical people, especially in cities, that even know when signals are being broadcast outside their homes is likely quite small. And it's probably almost never deliberate.

If technology perfectly reflected people's intentions for their devices, I think we'd see relatively few people deliberately broadcasting wi-fi outside of their homes intentionally and most people's SSIDs wouldn't show up on any dropdown outside their home.

I agree that this information is often available from public places, but I was getting at whose priorities should dictate whether/how the information gets collected and how it's used--people who paid for devices they may not fully understand or be able to control, or organizations that want to systematically exploit signals from them for different purposes that may be different from those of the person who owns the device?

[Someone1234]

Here's an analogy:

Everyone who travels past your home can see if the lights are on in the evening. They can also see which lights are on in the front of the house.

So I'm going to give you three scenarios and I want you to tell me when exactly it becomes a privacy issue:

1) A single person travels past your house and happens to notice which lights are on.

2) Someone travels past your house and records, on a piece of paper, which lights are on.

3) A Google car travels past your house and records, electronically, which lights are on.

Same thing with WiFi SSIDs here. It is like you standing on the roof of your home and shouting your ATM pin using a bullhorn, then complaining when someone else hears or records the information.

You want people to stop "monitoring" your SSID? Stop freaking broadcasting it at all.

[JoeAltmaier]

That solution is suboptimal. If you don't broadcast it, then properly provisioned clients have to probe for it. Which they do, on every channel. So you go from one device beaconing the SSID (your AP) to all client devices advertising it, on every channel.

[justcommenting]

I think the difference we're talking about here between #1 and #3 is that #3 makes it much easier/cheaper to (for example) predict when you'll be out of town if they want to break into your house (router)...potentially even without ever traveling past it.

Just because this information is legal to collect, doesn't mean people think a nonprofit that claims to be committed to user privacy should be moving the center of gravity closer to your third scenario.

But maybe more importantly, we're not talking about "someone else" recording the information or just a few "people" "monitoring" an SSID. We're questioning the wisdom of an organization building software to systematically collect, store, and make an SSID far more readily available to far larger numbers of people.

[unshure]

It's the BSSID that is made far more readily available, not the SSID.

[paulojreis]

Analogies are analogies because they're similar, not identical.

> You want people to stop "monitoring" your SSID? Stop freaking broadcasting it at all.

This is technocentrical BS, washing the hands to justify doing what you want.

1) Most people don't know that their SSIDs are being recorded (with position), so how do you expect them to make an informed decision? It's not like the information is readily available (I work in IT and I did not know about appending "no_map" to the SSID).

2) Everyone has a router, broadcasting the SSID. Do you really and honestly expect everyone to know how to disable it?

[Someone1234]

I don't think it is a privacy violation AT ALL. And nobody in this thread has even tried to explain why it is.

Just hand waving and "we don't have to explain ourselves, privacy is the default state!"

I gave an analogy above, you didn't even answer it. When does it become a privacy issue exactly?

[paulojreis]

> I gave an analogy above, you didn't even answer it. When does it become a privacy issue exactly?

You see, that's the problem - and that's the point. I did not answer because:

a) I don't really care about my SSID privacy. I do, however, care about other people right to know what's happening and to make informed (not implicit, by Google or Mozilla rules) decisions; and

b) I really don't (shouldn't) have to. It's not your concern when or how I feel my privacy being violated. I don't have to answer that, and it's a sad, sad society where this happens.

[untog]

But SSIDs are not private. At all. Should what the outside of your house look like be private information? How would that work? What about when I appear in the background of a photo someone took on the street?

[paulojreis]

> Should what the outside of your house look like be private information?

Everyone knows that someone can record the outside of your house; not everyone knows that SSIDs with location can (and actually are!) registered. Do you notice the difference? You can't assume that WLAN specifics are as tacit as knowing that people can look at my house!

[untog]

Even if you did explain to everyone that their SSIDs are being indexed - what would you tell them is actually being indexed? What personal information are they giving up? Your address, age, other residents of your house are already listed publicly. The name you gave your wireless network pales in comparison.

[function_seven]

You don't have to justify them, but the actual privacy-violating mechanism is worth explaining, no?

What is it about SSID-based geolocation that compromises the AP owner’s privacy?

[justcommenting]

see my other comment for a hypothetical: https://news.ycombinator.com/item?id=8527229

through no fault of mozilla's, most home routers are ridiculously, pathetically insecure. this is not a situation that would be improved by making it easier to geolocate routers from specific vendors. if vulnerable routers become easier to find, my communications passing through that router could quickly become a lot less private. would mozilla be responsible? no. but that doesn't mean mozilla sharing my probably-vulnerable router's location wouldn't play a role in compromising my privacy.