Mountain View, California — Following last year’s Wi-Fi snooping scandal, Google, under pressure from privacy regulators in the Netherlands, said Tuesday that it is looking to make redress the blunder by permitting people around the world the option of keeping the names and locations of their home or business Wi-Fi routers out of a company database, the company announced.
To refresh your memory, Google accumulates basic Wi-Fi data from network routers including Service Set Identifier (SSID) information and Media Access Control (MAC) addresses. Google uses the data to help the company polish the accuracy of some of its location-based products, such as Google Maps, by pinpointing the location of cellphones and other mobile devices within publicly broadcast information about local wireless networks within their approximate geographic location of the routers.
A Google Maps Camera Car, which is used to collect imagery for Maps and location data for Google’s Location Server.
These information are amazingly useful for weather and mapping services, among other things, and can allow Google to show relevant advertising for nearby businesses.
With the heat turning into a fireball, as Google continues to drive around snapping pictures for Street View and conducting mapping operations for other services, it notes information broadcast about Wi-Fi networks in the area. Those details then get cached in the Google Location Server; when an Android phone or other device needs information about its physical location, it can use information about Wi-Fi networks in the area to help narrow things down. Although most smartphones and other location-aware devices include GPS receivers that can provide very accurate location information, the Wi-Fi data is often good enough to figure out (say) what businesses are in the area or what members of someone’s social network might be nearby. The Wi-Fi method can also be faster than GPS and has the advantage of working indoors and in urban canyons where GPS can be unreliable.
Now to contain the nasty glitch, under the agreement, which was announced by Google and the Dutch Data Protection Authority, owners of Wi-Fi routers can add “_nomap” at the end of a router’s name to tell Google that they do not want its information included.
Google claims that it has investigated different methods for opting-out access points from its Location Server and thinks it found a method that has “the right balance of simplicity as well as security against abuse.”
The process is simple and yet also uncultured: to opt out, hotspot operators must change the names of their base stations to end in _nomap. So, a network named CafeWireless that did not want to be used in Google’s location services would have to change its name to CafeWireless_nomap.
Now, once the change to your network name has been effected, so, next time a user’s device sends information about your Wi-Fi access point to the Location Server, Google will note the “_nomap” tag and remove the access point from its records. If you need more help with changing your Wi-Fi network name, Google has this useful help article.
Moreover, the company hopes this procedure will help Wi-Fi networks owners to protect against others opting out of Google’s Location Server without the owner’s consent. Google also anticipates that other location providers will adopt the “_nomap” string universally in the future.
Jacob Kohnstamm, the chairman of the Dutch Data Protection Authority, called the agreement a positive step for consumer privacy.
“We all hope that with enforcement actions like these, the bigger firms will use privacy by design from the start so we do not need to go into enforcement mode,” Kohnstamm said.
But while Google’s collection of Wi-Fi location data has been disputed in Europe, analysts in the United States were skeptical that many owners of routers would bother to remove them from the database.
“I think the Wi-Fi network operator would be more than happy to have it plotted,” said Chenxi Wang, principal analyst covering security at Forrester Research. “It does not hurt them in any way.”
Google was slammed with a fine of 1 million euros, or $1.4 million, from the Dutch agency for its illegal data collection. Kohnstamm said officials at the agency would independently verify whether Google stand by its promise to remove the data once a router owner uses the new opt-out procedure.
“Assuming Google follows through on its agreement, the fine will not be levied,” he said.
In a statement, Google said the Wi-Fi location data could not be used to identify individuals.
“Even though the wireless access point signals we use in our location services do not identify people, we think we can go further in protecting people’s privacy,” Google said.
Natalie Kerris, a spokeswoman for Apple, which collects similar data through its phones and other devices, declined to comment.