Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> ethically sourced: opt-in only data collection

Good on them but how does this work? If my neighbour scans my WiFi network and uploads it to BeaconDB I didn’t exactly opt-in, did I? The privacy policy mentions you can add ‘_optout’ to the WiFi name, so it’s more opt-out instead of opt-in?



This line refers to opting in to using your device to collect this data. Apple and Google are taking advantage of their global user coverage by using their devices to collect this data without their consent.

Your WiFi network is broadcasting its presence 10 times a second in all directions. It is well known that you should not put sensitive information in your network SSID, for example, as anybody nearby can pick that up. Hence, you can opt out here instead.


While most users probably don't realize that they contribute to Wifi crowd sourcing, AFAIR using locations services is opt-in on iOS. So "without their consent" doesn't seem true. The info popup also explicitly mentions the WiFi location crowd sourcing.


Sure but any opt-in iOS user walking past other people's wifi is crowd sourcing those networks without the network operators consent.

Unless they only contribute networks that the device has authenticated with.


The person collecting the data opted in to doing it, heh. As far as the data collectors are concerned, your wifi is out in the public.


> If my neighbour scans my WiFi network and uploads it to BeaconDB I didn’t exactly opt-in, did I?

To clarify: all phones doing geolocation are already uploading your AP macaddr to remote location services, but BeaconDB will *not* publish this information in cleartext.

Any data dump will contain only non-reversible cryptographically hashed data or aggregated data.


A MAC address is only 48 bits and some of the bits are restricted. It is well within the range of brute force to reverse all of the hashes.


You can truncate the hash to cause collisions, meaning that one MAC address does not map to one location. This requires the client to be aware of multiple physically nearby MACs in order to get a location, as it then needs to estimate which "possible" locations are most likely.

This is a really interesting problem, and I've loved thinking about it recently. If you're keen on it too I'm happy to discuss further, feel free to reach out.


To put that into perspective, 48 bits is 256T, which is roughly the number of bits in a 32TB hard drive.


> and some of the bits are restricted


Absolutely right, great point. That's why I only use Windows addresses now. Can't break those with brute force!


You can opt to hide your SSID and use 5GHz WiFi which doesn't reach too far, gets attenuated through walls, so it's basically kind of useless as a geolocation beacon.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: