Sunday 28 September 2008

FWD: Skyhook Not Violating Your Privacy, Stealing Sheep, Eating Your Young

Skyhook Not Violating Your Privacy, Stealing Sheep, Eating Your Young
http://wifinetnews.com/archives/007496.html
"The takeaway here is that if you use a public band, open to all comers, you can’t expect privacy. If you don’t like it, you can turn down the signal strength in your router, paint your home’s interior with signal-blocking paint, or switch from Wi-Fi to powerline and Ethernet. You could use cell data networks, which are highly private, but the operators know everything about you, and market based on that, anyway."

Skyhook Not Violating Your Privacy, Stealing Sheep, Eating Your Young

By Glenn Fleishman

A bit of backlash emerged from Skyhook Wireless’s partnership with AOL: Skyhook has been driving the streets of major cities for years gathering pinpointed signal strength information about Wi-Fi access points. It now has 16m access points recorded in 2,500 cities. This allows it to use a laptop or other device’s scan of its surrounding Wi-Fi environment to produce a GPS-like result. They just announced a partnership with AOL that couples their results via a free plug-in for AOL Instant Messenger (AIM) for Windows, that allows you and your buddies to see when you are physically near each other.

Anne P. Mitchell, a greatly respected unsolicited commercial everything fighter, seems to have misinterpreted what Skyhook does: “Skyhook’s trucks have been cruising your street, have identified your home wireless router by its unique code that only your home wifi has - and is correlating it with your location using GPS. And then they put it in a database.” Mitchell’s posting was picked up at Slashdot and amplified at Computerworld.

I told Mitchell via email that I thought she was looking at this through the wrong end the telescope. Wi-Fi uses a public band. There is no expectation of privacy. It’s one reason why I stress that everyone should employ Wi-Fi encryption of some sort or use a virtual private network (VPN) connection to make sure that their locally transferred data isn’t sent in the clear. (This is true mostly in urban areas, because proximity to potential crackers and sniffers is the real reason to employ these methods.)

While you can protect your data, you can’t protect your base station’s identity. That’s part of the risk and part of the benefit of using a public band. The BSSID, or unique interface address of the base station, is put out there as public information because it’s part of the protocol: Wi-Fi adapters need BSSIDs to identify base stations uniquely. (Spoofing the BSSID is one of the ways that evil twins and other attacks work by fooling your computer into thinking it’s connecting to a known network.)

The fact that BSSIDs are spat out with great abandon is why large-scale networks and coffeeshop hotspots work so well: the public space is flooded with information about what’s available. The next step is whether what’s available is designed for everyone to access or for just the owners of the access point. That requires an attempt at association, and then some kind of authentication if that’s enabled. But those next steps involve active attempts at infiltration: they don’t rely on passive monitoring of the public space.

The “unique code” that Mitchell refers to is the BSSID, but it only uniquely identifies a piece of hardware that has some temporal existence in your home and business. The correlation in Skyhook’s systems is by signal strength and coordinates, not by exact street address. I would suspect that Skyhook could probably connect the BSSID to an actual home in single-family house neighborhoods, but I don’t believe that they do, nor have a reason to: databases already exist that map most US residents to their household address, along with details about their income and so forth. What’s the benefit of knowing that a given BSSID is matched to a given address? I can’t tell, beyond knowing what hardware (Linksys? Beklin? Actiontec?) that someone at that address uses for a Wi-Fi network. Perhaps Linksys would direct mail addresses that used competing access points with coupons?

So they’re not really associating your BSSID with your address; they’re associating a cluster of BSSIDs by their signal strength with a set of coordinates that represents a given Skyhook truck’s position on the street. BSSIDs aren’t persistent: they live and die with the life of the particular hardware. When it dies (or is turned off) or a new access point is purchased, the BSSID changes, too. I suspect that hundreds of thousands of BSSIDs disappear or move over the course of a month.

As a public band with no expectation of privacy, there’s no way for Skyhook’s scanning activities to be taken as an invasion of privacy. When Amazon drove its A9 trucks around cities taking photos of houses and businesses and exactly correlating those with street addresses, I don’t recall any outcry about privacy partly because Amazon was using the visible spectrum, publicly available, and public streets. In some countries, both Skyhook and Amazon’s activities would probably be illegal, but not for any reason that benefits the public.

Now the partnership with AOL is interesting, because Skyhook and AOL could conceivably associate a BSSID with a particular AIM user at a particular time. That’s tricky because the BSSID isn’t sent as part of any network communication to higher layers, and it would require AIM to reach down into the network stack (which is possible) and have the computer retrieve the BSSID information, and then AIM could send that along with other instant messaging data. And anyone who downloads the Skyhook plug-in for AIM conceivably wants their location to be known—presumably they’re not at home—so they can find their buddies. Perhaps a user ID plus the locations they use would be useful, but AOL can already do that by tracking the IP addresses at which AIM users log in, to a lesser degree of location precision.

There’s a related point, which is that Skyhook has no interest in revealing the contents of its database, which represents billions of scans they’ve performed, as well as scans submitted automatically by their Loki toolbar on individual computers. (The Loki scans help correct and enhance existing information and fill in gaps.) What they sell to partners is the ability to take a reading of all the signals via a Wi-Fi adapter and produce coordinates. Their database is their crown jewel, and one hopes they protect it well.

And anyone with similar resources can reproduce their database. People have been wardriving with GPS receivers for several years, and posting the results into giant databases that are publicly accessible. Skyhook’s system does even less and more: they post no information about individual access points, and they provide location information based on a scan, which the wardriving databases don’t offer directly.

The takeaway here is that if you use a public band, open to all comers, you can’t expect privacy. If you don’t like it, you can turn down the signal strength in your router, paint your home’s interior with signal-blocking paint, or switch from Wi-Fi to powerline and Ethernet. You could use cell data networks, which are highly private, but the operators know everything about you, and market based on that, anyway.

It’s a choice to use Wi-Fi, and it’s the same choice we made when entering any public space. People may take our picture, walk up to us and try to talk to us, stare at us—or ignore us.

No comments: