[JackC]

This is a great example -- thanks.

So, is it fair to say that there's no privacy concern if the API only exposes a one-way lookup? I.e. "here are the access points I can see -- where am I?"

That also addresses the other concern raised below, that the database could be used to search for known-vulnerable routers.

[hackuser]

> is it fair to say that there's no privacy concern if the API only exposes a one-way lookup?

It helps, but no. The data is still there to use. The API or Mozilla policy may change, or security may fail.

From what I can tell, there's no need to record either the devices gathering data or the devices looking up their location. Just don't store that data and everything is fine.

[JackC]

Oh, another example that affects even the one-way lookup is stalking -- if I've been over to Joe's house before, and then he goes into hiding, I can say, "hey, I see Joe's access point, where am I?"

That could be mitigated by requiring at least two access points for a query.

[hannosch]

Both the Mozilla API as well as Google have this "you need to know two" protection. At Mozilla we go a bit further and also make sure the two BSSID's you are sending aren't almost identical. That happens in a lot of modern access points who are setup with separate 2.4 and 5GHz networks or those who have a guest network.