Google Wi-Fi Privacy Fix, Explained

After discovering early last year that its Street View cars had inadvertently been vacuuming up swaths of data traveling over unprotected Wi-Fi networks since 2007, Google said that it was mortified and took a series of steps to improve its internal privacy and security practices.

And when it settled with the Federal Trade Commission in March over privacy problems arising from the launch of its Buzz social networking service, Google's director of privacy, product, and engineering Alma Whitten said the company is "100% focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward."

Monday, Google took what it suggested was an additional step toward addressing privacy concerns related to its data collection practices. Peter Fleischer, the company's global privacy counsel, said that Google will honor a method that it is proposing to prevent location data associated with Wi-Fi networks from being stored in the Google Location Server, a database of Wi-Fi access points used for delivering location-based services.

[For more background, read Google 'Mortified' Over Wi-Fi Data Gathering.]

Google said in September it was developing a way to opt out of its Wi-Fi network data collection.

Wi-Fi network owners who wish to prevent the location of their network from being gathered and stored must append the suffix "_nomap" to the SSID they have chosen to identify their Wi-Fi network.

"As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse," Fleischer said in a blog post. "Specifically, this approach helps protect against others opting out your access point without your permission."

Google's approach, however, seems certain to diminish the humorous potential of using SSID names as medium of free expression. Witty SSID names become less so with a punchline that ends in "_nomap."

Of greater concern to privacy advocates is the fact that while Google isn't storing location data associated with Wi-Fi networks that have opted out, it is storing the MAC addresses associated with Wi-Fi networks. MAC, or Media Access Control numbers, are unique numbers assigned to networkable devices by their manufacturers.

Google suggests this is not a privacy concern: "A MAC address tells you nothing about the owner or user of the equipment concerned. It's just a string of characters that's technically necessary for Web pages and other content to be properly delivered to your device over the Internet."

Not everyone agrees. As IT systems engineer Joe Mansfield put it last year in a blog post, "MAC addresses can tell far more about you than you think and keeping databases of where and when they've been seen can be extremely dangerous in terms of privacy."