How Google Geolocation Works
This weekend my brother, Tim, emailed me to ask if I knew how this Geolocation demo worked. There was a air of panic about his email. It got me thinking, as I thought I knew, but quickly realised I didn't.
If you view the demo in Chrome you get asked permission to share your location and there's a link to a help page, which states the following:
The local network information used by Google Location Services to estimate your location includes information about visible WiFi access points, including their signal strength; information about your local router; your computer's IP address.
It seems Firefox uses Google's services too to determine your location and also has a help page on the subject.
This reminded me that Google had been in hot water recently for collecting more than just data about Wifi access points names using its Street Car. It figures that they must use triangulation based on the data the browser submits, which is based on your router providing details of nearby access points and their signal strength. Is that right?
I suggested this to Tim and he later confirmed that the demo didn't work from his non-wifi enabled PC.
It was a timely email as Google are all over the news in the UK at the moment. Turns out their Street Car "accidentally" captured and stored unencrypted wi-fi traffic as it drove around. Woops.
Until recently and at the time of Google's visit my wifi connection was open and unencrypted. Access was limited to specific MAC addresses. Living, as I do, in a quiet little residential cul-de-sac I've never considered their to be much risk.
What I never reckoned on was people driving down the road and sniffing on my traffic. What's to stop anybody doing that?
In the case of Google I'm not too concerned about traffic it might have seen as I wasn't using my PC when the camera car visited. How do I know? Because I know exactly where I was.
Since then I have now enabled encryption on my wifi network and started using SSL on all my mail account connections. Batten down the hatches folks - it's time to get paranoid!
I've been paranoid for a long time and have had my router encryped and I've been using SSL for email as soon as Google and Yahoo provided it.
Reply
... "time to get paranoid"... DidnĀ“t you switched your eMail to google mail? ;-)
Reply
True.
I'm not too worried about what Google might do, really. It's a general wariness of what others nastier types might do that bothers me. Identity theft will only ever get worse.
Reply
:) I always used to get confused as I would connect at home via wifi and the geolocation said I was at another address in another city I stayed in for a few months. I was worried that one of my old neighbours had my password or something and was logging in as me.
It turned out though that the Google car must have come down the road when I lived in the other city and registered my router. When I moved and took my router with me Google geolocation still had it at the old address.
The car must of come down the road at my new address now as the geolocation is accurate again.
Reply
So, it's not using triangulation then? It just takes a "fingerprint" of your router and remembers where it saw it?
Reply
Show the rest of this thread
It's not your router that provides the details of nearby access points. It's the WiFi transceiver in your own computer that does it.
BTW: Many routers offer the option not to broadcast their SSID. If most people would configure their routers accordingly, the Google geolocation service would lose effectiveness.
Reply