Skip to main content

Google lets Wi-Fi hotspot owners opt out of location database

google-street-view-car-on-the-road
Image used with permission by copyright holder

Google has announced it is now enabling Wi-Fi hotspot operators to opt out of Google’s broad location service. The mechanism is simple and yet also inelegant: to opt out, hotspot operators must change the names of their base stations to end in _nomap. So, a network named CafeWireless that didn’t want to be used in Google’s location services would have to change its name to CafeWireless_nomap.

As Google drives around taking pictures for Street View and conducting mapping operations for other services, it notes information broadcast about Wi-Fi networks in the area. Those details then get cached in the Google Location Server; when an Android phone or other device needs information about its physical location, it can use information about Wi-Fi networks in the area to help narrow things down. Although most smartphones and other location-aware devices include GPS receivers that can provide very accurate location information, the Wi-Fi data is often good enough to figure out (say) what businesses are in the area or what members of someone’s social network might be nearby. The Wi-Fi method can also be faster than GPS and has the advantage of working indoors and in urban canyons where GPS can be unreliable.

However, Google has taken heat from privacy advocates and regulators (particularly in Europe), since the system can potentially collect information about individual’s private home networks and systems and use it as part of a broader service offering. Although Google claims none of the information it gathers can be used to identify individual people (as long as users don’t name their network something like Firstname_Lastname—which does happen), just collecting network information can be an invasion of privacy by revealing a Wi-Fi network is operating in a particular location.

To address these concerns, Google is letting Wi-Fi hotspot operators opt out of the location system by affixing _nomap to their base station SSIDs—and Google says it hopes the practice will be universally supported by other services building and maintaining similar location services. The _nomap idea has the advantage of being nearly universally-applicable to any Wi-Fi base station—essentially every Wi-Fi base station ever made can have its SSID set to an arbitrary string, and all support the required characters. No software or firmware updates will be required, although users will have to know how (and have permissions) to change their base station’s SSID.

Privacy advocates have recommended Google go with an opt-in approach, letting Wi-Fi hotspot operators who are willing to participate in location services volunteer to have their base station locations recorded.

In addition to being ugly, Google’s opt-out solution also broadcasts that a base station operator is opting out of location services…and that could turn into an unwanted label or stigma. Wi-Fi base stations typically broadcast their SSIDs so devices and users can find and connect to the network. The _nomap suffix may not be a big deal to someone operating a home hotspot out in the middle of nowhere, but for a business or other site operating a public hotspot, the suffix is ugly and potentially creates confusion for users, including questions about the meaning of the suffix and why someone would want to opt out of location services. The _nomap suffix is the Wi-Fi equivalent of Google requiring home owners who don’t want to be part of Street View to paint a giant “G” on their door with a slash through it—and it’s a good bet homeowners would object to that.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more