[justcommenting]

I can also passively collect plenty of WEP traffic being broadcasted over public property and decrypt it on my computer (but I don't).

Mozilla's not aiming to do anything remotely as invasive as that, but I still don't find "anything that can be picked up passively from public property is fair game" a very compelling ethical standard, especially for an organization like Mozilla.

[DCKing]

> I still don't find "anything that can be picked up passively from public property is fair game" a very compelling ethical standard

This is a strawman.

Any public information that can be picked up passively from public property is fair game is the real argument. Decrypting WEP, easy enough as it might be, is still unethical as the information was meant to be private. Making a database of public SSID broadcasts is completely ethical as there should be nothing private about an SSID.

[unshure]

It's not the SSIDs but the BSSIDs that end up in the database, isn't it?

[hannosch]

Yep. These services only store and transmit the BSSID (which is most often the mac address of the network card).

The only place the SSID (clear text name) is used is in filtering out things on the client end. Both looking for "no SSID" / hidden networks and the _nomap suffix. The SSID is never sent to any service.

[justcommenting]

you're arguing that there's a clearly defined category of broadcasted signals that can be clearly defined as public; i'm arguing that at least in ethical terms, what matters is whether the person behind the device knows and understands that their signal is leaking, where, and how that information could be used. for most people most of the time, i don't think that's the case. maybe we should agree to disagree :-)

[DCKing]

> you're arguing that there's a clearly defined category of broadcasted signals that can be clearly defined as public;

This is another strawman.

I'm not arguing for a particular clear-cut definition of "public" and "private" at all. I'm arguing that the distinction public and private can be made for some forms of communication, and that a radio broadcast to your neighborhood means it is public, and encrypting your traffic means it is private. In addition to that there is also a greyer area like unencrypted traffic over a wire, that should mostly be considered private from an ethical perspective.

I agree that most people don't really know what they're doing, and I agree that it is problem. I also think that most people don't really care, and considering no information is contained in most SSIDs rightly so. Lastly I think that education is important for this, not regulation (legislative or internal) for the collecting companies or individuals. But all of that is not what I was arguing against.