W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2011

Re: Opt-out for wifi network of the Google Location Server

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Sun, 27 Nov 2011 12:51:59 +0100
To: Nicholas Doty <npdoty@w3.org>
Cc: Karl Dubost <karld@opera.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-ID: <tv14d7h370g9knppb46mcaeie34amq92mc@hive.bjoern.hoehrmann.de>
* Nicholas Doty wrote:
>I can speculate some reasons you might design a system to actively and 
>regularly report back opt-outs. It has the advantage of allowing a user 
>to remove their data at a particular time, rather than waiting for an 
>unknown period of weeks. Perhaps location providers don't want to 
>regularly purge their databases, and if they did, those users who want 
>to opt in (Skyhook allows for manually submitting an AP's location, for 
>example [2]) and live in a rural area might not want to opt in again 
>every N weeks. Also, any misconfigured, non-standard or malicious client 
>could opt my access point back in (if it sent only a MAC and not the 
>SSID, for example), and if it did so at least once every N weeks, my 
>access point would never be removed.

It does not allow network operators to opt out at a particular time as
the network operator may not even be aware of which databases store the
information or how to update the databases; and in case of Google, you
have to opt out through a channel that Google trusts, you can't simply
emulate, say, the protocol Firefox is using for Google's service and ex-
pect that to work. As it is, you can buy an Android phone, sign up for a
Google Account, and then use the Google Maps application on it in a
particular way, and then maybe yours is opted out; or you can hope for
someone doing this for you someday. If you are not old enough to form a
binding contract with Google, only someone else can opt you out.

The malicious opt-in problem exists whether or not you filter networks
on the client, and that would be taken care of in the same way that you
prevent poisoning the database with other false information, like not
having information that comes too infrequently or from too few sources.
Note that the "reliable channel" does not seem to be required to opt in,
they could require that to protect against this, if that actually helps.

>I suspect these advantages could also be achieved with a web form opt
>out that wouldn't then require constantly reporting back. But I don't
>believe consumers or regulators would be satisfied with an opt out of
>the form "change a setting and then hope that everyone cooperates to not
>report your MAC address and then it'll probably be purged at some future
>date".

That's possible, then Google would have to find a different solution.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Sunday, 27 November 2011 11:52:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 27 November 2011 11:52:29 GMT