W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2011

Re: Opt-out for wifi network of the Google Location Server

From: Thomas Roessler <tlr@w3.org>
Date: Sun, 27 Nov 2011 14:11:20 +0100
Cc: Thomas Roessler <tlr@w3.org>, Nicholas Doty <npdoty@w3.org>, Karl Dubost <karld@opera.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <BC26F7F0-0831-43F1-8D28-C8697D6AB8B2@w3.org>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
On 2011-11-27, at 12:51 +0100, Bjoern Hoehrmann wrote:

> The malicious opt-in problem exists whether or not you filter networks
> on the client, and that would be taken care of in the same way that you
> prevent poisoning the database with other false information, like not
> having information that comes too infrequently or from too few sources.
> Note that the "reliable channel" does not seem to be required to opt in,
> they could require that to protect against this, if that actually helps.

So, I'm honestly having a hard time seeing the "malice" here.  What exactly is it that you're protecting by keeping people from measuring what access points are around them, and by keeping service providers from using those data?  How are these personal data?

I can see several nearby things a provider like Google could do that would rightly make people freak out: Collecting arbitrary MAC addresses (and thereby being able to do movement profiles of mobile devices that they aren't able to track otherwise), or (even accidentally) collecting payload data from wireless networks.  We've been there.

But assuming we're only talking about access points that publicly broadcast their SSID: Why are you actually worried about that?

Speaking strictly personally,
--
Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)
Received on Sunday, 27 November 2011 13:11:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 27 November 2011 13:11:33 GMT