Google: Why Is Wi-Fi Location Opt-Out, Not Opt-In?

Opting out of Google’s Wi-Fi location system for privacy is not easy. Wayne Rash says it should have been an opt-in system

Bowing to demands by the European Union, Google has now published how it plans to let people opt out of having their location data collected by Google.

This location data is used for all sorts of things, but for people with Android phones, it shows up in Google Goggles, which has an augmented reality function. You can turn the phone sideways and use the Goggles app to scan the area around you, and names of businesses will appear superimposed on the picture on your screen.

Who are your neighbours?

But of course it shows up in many other ways as well. If you use Google Maps, you will see names of businesses and other organizations pointed out on the maps (see the area near our Soho office, in the picture).

You can use this location data for navigation. And, of course, you can see the results in Google’s somewhat controversial Street View feature. Google uses the service set identifier (SSID) of nearby Wi-Fi access points and routers to help it determine where you are, especially if you don’t have GPS signals available.

Unfortunately, not everyone wants their location known, and the ability to protect that information is at the core of Google’s opt-out feature, as Clint Boulton explained in his story on the topic. The means of preventing Google from using your location data is to append “_nomap” to the end of your SSID.

How easy is the opt-out?

The method seems simple, but it is fraught with problems. Not the least of these problems, as Clint mentions, is that a lot of people have no idea how to change the SSID on their router. How many people? Well, if you’re in a populated area, look for access points on your laptop. Note how many SSIDs are named “linksys” or “belkin.” Those are all people who bought their router at the store, plugged it in and started using it. These people likely don’t know what an SSID is, much less how to change it.

But, just for the sake of argument, let’s assume that these people somehow find out how to change their SSID. Even more unlikely, let’s assume that they changed the SSID they found and didn’t make other changes that didn’t somehow render their router inoperative. So now, instead of having the SSID name of “linksys” it says “linksys_nomap.” Or if they got really creative, maybe they changed the default setting so that it now says something like “freds_nomap.” Then what?

The next thing that happens is that all of their Wi-Fi devices stop working. If they changed their settings using a wireless connection, they’re now locked out of their router because their computer is looking for the old SSID and it’s not there anymore.

Fortunately, the change is fairly easy. They just have to search for a new SSID on their computer, assuming they know how to do this, and connect to the new one with the “_nomap” suffix.

But how many nontechnical users will realise this? I’m guessing that the people who make wireless access points and routers are going to get a LOT of support calls when their customers suddenly can’t connect. I can only imagine what the folks at Cisco and Netgear will be thinking about Google after their first week of such calls.

But the problem doesn’t end there. These days many of the wireless routers being sold are for 802.11n, which are also simultaneous dual band routers. This means they have two radios, one for 2.4GHz and one for 5GHz. On most routers these two radios have different SSIDs that are set in different places. How many users who already don’t know how to manage their devices will realise this and also realise that they have to change both of them to say “_nomap” at the end to prevent automatic Wi-Fi data collection?

Don’t forget consumer devices

Furthermore, how many people will remember that their new Wi-Fi-enabled HDTV is using 5GHz and needs to be set up with the new name. Probably not many.  Even fewer will be able to navigate the sometimes arcane Wi-Fi setup menus on consumer electronics.

So you’re about to see a lot of people who will want the privacy of not being mapped by Google, but who also don’t have the technical background to change every Wi-Fi device they own so that it works. This already sounds like a massive fiasco in the making, especially for the makers of consumer electronics. But does it have to be this way?

Maybe not. If Google’s photo cars depend on the broadcast SSID to identify a Wi-Fi device, you can simply turn off the SSID broadcast. This will add security to your network, and once your devices are set up, they don’t need the broadcast anyway. Admittedly, turning off the SSID broadcast isn’t any easier than changing the SSID itself, but it does mean you don’t have to change every device you own. That alone will save a lot of effort.

But in reality, shouldn’t Google be doing an opt-in? You know, where Google can gather information only from people who agree in advance. Or is that too easy?