Receive new posts as email.
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.
Entire site and all contents except otherwise noted © Copyright 2001-2011 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
A Buffalo, NY, man gets an early morning visit (and alleged contusions) from the ICE: His left his Wi-Fi network open, and extremely poor FBI work (according to this AP report) led to a raid on his home because that's where the IP address led. While it's no crime in the US—it is in some other countries—to leave your network open for anyone to access, this isn't the first time this has happened. I've written up a few previous similar incidents that led to police or federal agents breaking down the doors for criminal acts conducted over the network at the physical address. In most cases, a neighbor is the guilty party.
You'd think the FBI would be briefing agents on this issue, so that they don't face multi-million-dollar lawsuits for faulty work that pinpoints the wrong person. The Buffalo man isn't suing, even though his attorney alleges he was thrown down the stairs by Immigration and Customs Enforcement (ICE). He says they didn't properly identify who they were after breaking down the door and brandishing weapons. (Who knows from ICE?)
Even on an open network, it's possible to track identifiers that would allow relatively easy confirmation of which machine was the case, or to stake out the area for a few nights, tracking signals and locations. Then agents could enlist the homeowner with the open network to ensure the Wi-Fi signal remained available and could be used to track at which exact moment that a perpetrator was engaged in an illegal act and then raided at the same time. (We're talking child pornography here, not file swapping.)
The AP article says that US-CERT recommends "closing" a Wi-Fi network among other security measures. This option, labeled differently on each maker's router software, disables default beaconing, and thus the network name and availability isn't broadcast. However, whenever the network is use by a party that knows the name and has associated with it (encryption or otherwise), traffic can be snooped and connection information extracted. I don't recommend closing a network as it provides no effective security, and neither does limiting an network to specific MAC addresses (the Wi-Fi adapter's unique hardware number).
US-CERT has six recommendations for best home practices on its Securing Wireless Networks page, which include these two. Closing a network is noted as "Protect Your SSID."
Really, using a nine-letter/digit WPA password is the simplest way to protect a network in a reliable and secure way no matter what other restrictions are in place.
I choose to password protect my network in part because I don't want to be indirectly responsible for anyone's actions on my network (whether in a raid or just because someone commits a nefarious act using my router), and because Comcast caps my use at 250 GB per month.
Coffee Culture's cents-less argument: I sympathize with Yvonne Johnston, the owner of Cofee Culture in London, Ontario, Canada. She is tired of table campers who occupy a four-top, blocking other customers, and have the temerity to bring in coffee from another shop and not make a purchase while using the free Wi-Fi.
I sympathize because I've been writing stories about such concerns for at least seven years, if not longer. But her argument is unique. She's telling customers that she can't afford the power, and she tells patrons they can't use the outlets.
She says she knows her hydro (Canadian for power, even when it's nuclear or otherwise) bills keep rising, but I'm afraid she hasn't done the math. A large, modern 90-watt laptop drawing full power consumes 1/10th of a kilowatt-hour (kWh). Toronto Hydro says its time-of-use pricing ranges from 5 to 10 Canadian cents per kWh.
A laptop user whose machine is pulling the full draw for battery charging or active use thus costs her one-half to one Cdn cent per hour of use. Given what I can tell of her shop's size, even 12 hours a day with 10 laptops in use should cost her no more than a Looney a day. More likely it's less than 25¢.
While her electrical argument doesn't hold water (and we shouldn't mix electricity with water), her business one is perfectly sensible. She needs customers who treat her shop like a shop, and not a library. She needs customers more respectful of the notion that taking a table for four and using it for hours on end takes real dollars—many tens of dollars of a day—out of her pocket.
I've heard all manner of approaches to stop table camping. Signs, barista enforcement (employees don't love that much), turning off the Wi-Fi during busy hours or on weekends, and so forth. What it amounts to, unfortunately, is that some subset of people will always do what's convenient to them rather than to the venue in which they plop themselves. They won't be shamed. You have to cut them off.
Starbucks lacks this problem because the vast majority of its customers pass through, and in busy areas it tends to have a greater density of store locations or more seating in stores.
Ms Johnston might revise her sign. Drop the hydro argument. Instead: "We don't allow use of the hydro because we find we cannot keep in business and provide power, too."
I do not understand this report: I've read Epitiro's report, which does not disclose any funding source for it, and I'm baffled. The report measures Wi-Fi speeds versus wired LAN speeds for broadband connections. Naturally, Wi-Fi speeds are lower. Wi-Fi has far more overhead than Ethernet, suffers from interference, and drops in speed the further you are from a transmitter. That's been true since 802.11b premiered in 1999.
One of the report's authors is paraphrased by the BBC as concluding, "for those who invest in good quality wi-fi equipment and position it sensibly, the effects of the speed degradation would hardly be noticed." So. Why was this report written again?
I suppose the company, which has broadband providers among its customers, wants to be sure that there's awareness that you can have higher rates of speed from very fast broadband connections by plugging in. However, with 802.11n networks and the much faster flavors of broadband available, it's unlikely most people would notice at all.
The report indicates if you're too far from an access point, you might have trouble with Skype. Well, duh. This is general background Wi-Fi knowledge. Measuring it more precisely doesn't advance the body of information about how Wi-Fi works in a home.
This New York Times article has a major inaccuracy related to WPA/WPA2 key cracking: The article is a welcome rundown on the security issues involved in using home and hotspot Wi-Fi networks, along with changes happening at major Web sites in moving to always-encrypted sessions.
The reporter quotes a sysadmin and security videocaster pointing out that essentially all WEP-protected networks are crackable. This is true. WEP is straightforward to crack; it's just a matter of time, and often not very much time.
But the reporter misses the boat when she writes:
A WEP-encrypted password (for wired equivalent privacy) is not as strong as a WPA (or Wi-Fi protected access) password, so it’s best to use a WPA password instead. Even so, hackers can use the same free software programs to get on WPA password-protected networks as well. It just takes much longer (think weeks) and more computer expertise.
That's extremely misleading and mostly inaccurate. The distinction she fails to make, which will confuse all readers, is that there are weak and strong WPA/WPA2 passwords. I've been tracking this subject for years, as regular readers, know, and that distinction is key, if you'll pardon the pun.
If you pick a WPA key of 10 characters are more, preferably not including a word found in dictionaries of dominant Roman-character languages, you are nearly certainly protected against cracking. Pick a short phrase of 8 or fewer characters, no matter how random, and you can be cracked by a determined party, possibly in as few as minutes for a short or dictionary-word key.
WPA/WPA2 can only currently be cracked via brute force. The article should have just said more accurately, "it's best to use a WPA password instead, making sure to create one that's 10 or more characters long." Instead, it's spreading a mistaken impression.
Later in the article, sense reasserts when the writer says to change your SSID (the network name is part of how the key is derived for a WPA/WPA2 Personal), and "choos[e] a lengthy and complicated alphanumeric password." It doesn't have to be very long or very complicated. "Abra23dabra" would be a perfectly fantastic WPA/WPA2 password.
Wi-Fi requires cell data sign-up: Engadget has a Best Buy ad for the Motorola Xoom that states you can't use the built-in Wi-Fi without having at least a one-month mobile broadband subscription. Well, ain't that a kick in the pants. This is in addition to the $800 price for the feature-heavy Xoom, which comes with front and rear cameras, 1080p playback, 3G service (with a 4G LTE upgrade promise), and Adobe Flash support.
But, really: You have to activate Verizon Wireless service, even if you then cancel it, to unlock Wi-Fi? Big misstep. It's along the lines of that common scene in a car dealership when you're about to sign the papers, and the sales regretfully informs you that his manager won't sell the car without the underbody rust inhibitor treatment.
(That's from before the auto sales collapse, for you youngsters.)
Update: On 24 Feb, Verizon Wireless announced it would not require activation to use Wi-Fi on the 3G models.
The New York Times doesn't get to the heart of conference Wi-Fi problems: I can't tell you how frustrated I am about this rather facile article on problems with thousands of people all trying to connect at once to a Wi-Fi network (or networks) at dense public venues, such as keynote addresses at technology conferences. As someone who has spent a decade writing in depth about Wi-Fi, often for mainstream audiences, the Times piece disappoints me as it spreads myths and doesn't cast new light. It also ignores a couple key factors important in 2010. (Let's not even get into the fact that the picture with this article makes Steve Jobs look as if he's about to have an emetic event onstage.)
We have to go nine paragraphs into the article before we get to the "nut" paragraph, the one that states the reason it's being written at all. First, we wade through anecdotes of specific conferences, and quotes from tech smarty guy Jason Calacanis, who does not advertise himself as a Wi-Fi guru:
The problem is that Wi-Fi was never intended for large halls and thousands of people, many of them bristling with an arsenal of laptops, iPhones and iPads.
That's not quite true, although it's not completely incorrect. Even the first Wi-Fi flavor, 802.11b, was designed to be aggregated into "infrastructure" networks in which many access points with the same network name (Extended Service Set) could be roamed among by client devices. The 802.11g spec clearly recognized that wireless networks could be used by dense crowds. And 802.11n, one could argue, specifically deals with heavy usage by allowing multiple antennas to "beamform" or steer signals directly to clients, and "hear" more clearly by using multiple antennas to sift through competing signals.
(More technically, 802.11g split a network signal into many subchannels, any of which can be garbled and the rest get through; 802.11n multiplies the number of unique data streams that can be sent at once, as well as taking advantage of 802.11g's subchannel approach.)
Two grafs later, the reporter shifts to backhaul and wiring, noting that infrastructure in hotels may contribute. Then, in the next paragraph, finally gets to the heart of the problem:
Companies that install Wi-Fi networks sometimes have only a day to set up their equipment in a hall and then test it. They must plan not only for the number of attendees, but also the size and shape of the room, along with how Wi-Fi signals reflect from walls and are absorbed by the audience.
This is true. Not all companies that install conference Wi-Fi know how to build such networks well, but many do; they are hampered by constraints of time, equipment, and venue issues. However, many firms repeatedly install Wi-Fi networks in the same locations, so you would think that they would be able to learn from this, either in setting expectations or improving networks. (Please also read MuniWireless's post from a year ago on this topic, which includes an interview with Tim Požar about conference Wi-Fi. Tim was the troubleshooter brought in by TechCrunch in the 2008 conference Wi-Fail cited in the NY Times article.)
What's not mentioned until the penultimate paragraph (and then in a backhanded way) is the rise of 5 GHz networking. It's a gaping hole in this article, even though it's on the edge of being too techie to mention—except that the writer goes into a parenthetical about 2.4 GHz. Most laptops and some mobile devices can use 802.11n over 5 GHz. In the United States, there are 23 clear 802.11n 5 GHz 20 MHz-wide channels, 8 to 12 of which are commonly available in base station hardware. (The other 11 can be used, but require signal sensing that monitors for relatively unlikely military use in the vicinity. This sensing recognizes a lot of false positives, which makes the channels less usable.)
If you're one of tens of millions of people with a dual-band 802.11n router, you're using 5 GHz in your home or office. You might know (or have found out) that 5 GHz signals, because they are higher up the spectrum, don't travel as far. They attenuate more rapidly, which means that the signals becomes lost in noise faster than 2.4 GHz. In a convention hall, however, with line of sight to most access points, distance is less of an issue. 802.11n also contends well with signal bouncing, allowing it to work better than earlier Wi-Fi flavors using a unique path through space.
Thus, any conference Wi-Fi service firm that's not sticking in a sizable proportion of 5 GHz capable base stations, preset to nonoverlapping channels across the keynote auditorium or conference hall, is starting out at a deficit. Client devices that can use 5 GHz will preferentially switch to it if there's a strong enough signal. (Base stations currently don't have a spec that lets them tell clients to switch channels.)
There will be plenty of congestion in 2.4 GHz's three mostly nonoverlapping channels, because most smartphones can only use that band. (I'm not sure if any smartphone has 5 GHz built in yet, only tablets and slates, like the Samsung Galaxy Tab and Apple iPad.) Older laptops will also use that band. And the MiFi, which is also mentioned in passing despite being another key potential problem in convention keynote Wi-Fi mishigas.
The MiFi—for those who haven't heard of it—is a cellular router, the most popular on the market, that connects both to a cellular network for Internet access and operates as a Wi-Fi router. This allows a MiFi owner to connect from any device with Wi-Fi. It's a neat bypass. Sprint, T-Mobile, and Verizon also offer certain phone models that can act as portable hotspots in the same fashion.
All of these cell routers and mobile hotspot phones use 2.4 GHz, and create unique networks. The more unique Wi-Fi networks in the same area, the more trouble, because Wi-Fi uses different strategies to avoid conflicting with networks on the same and adjacent channels. This reduces overall throughput.
But it shouldn't be that big an effect, even with the hundreds in use at tech events, like the ones this year that Apple and Google had trouble with. The MiFi uses relatively low power, the backhaul is relatively low-bandwidth compared to the 802.11g standard (about 1 to 2 Mbps of cell backhaul compared to 20 to 25 Mbps of real Wi-Fi throughput), and the 802.11 specs actually do a fairly smart job of sorting things out.
One final problem: DHCP. This sounds even more obscure, and I was reminded of this re-reading the MuniWireless article from last year. As Tim Požar noted, some wireless service providers don't configure the server that hands out temporary IP addresses to wireless devices correctly. I've seen this many, any times. Some outfits rely on the Wi-Fi access points, a terrible idea; most of those can hand out a maximum of 253 addresses, if that many. An access point might be able to handle several hundred connections, but simply can't give out addresses.
In a correctly configured network, access points pass through DHCP assignment from a central server, but those servers can be misconfigured to limit to 253 addresses or fewer, too. A simple change could allow over 16,000 addresses from one server. (Technically, you'd modify the subnet mask to increase the pool from a /24 to a /16 on a private address range, as one strategy.)
What's most likely the problem is tech companies and conferences cheaping out. I don't mean spending very little, but less than what would solve the problem. I'm sure the firms that unwire events come in with bids that are as cheap as they can make them to be the low bidder, or have the conference organizer or sponsoring company ask, "How can we knock this price down?"
With the level of Wi-Fi use we're seeing, it's not impossible to build a good network for thousands of people in a small space. It may just cost more than anyone wants to spend. The line item in the budget for Wi-Fi needs to be connected up with the expected return on good publicity.
Carl Bialik, the Wall Street Journal's Numbers Guy columnist, talks to the sources behind the incendiary Wi-Fi radiation kills trees reports: Thank you, Carl, for finding the sources, and revealing how nuts some of the information is. I was troubled that a single report could ricochet around the world with no real statistically valid or peer-reviewed published information behind it. But it's even worse than that.
Niek van 't Wout, the green space chief in the Dutch city of Alphen aan den Rijn, checked out a small number of the town's trees, found "abnormalities" in 70 percent, and van 't Wout extrapolated this with no additional research to all of Europe. There appear to have been no lab tests or pathology, or an attempt to determine the cause, nor to survey more broadly even in the city. Bialik dug up a published email by van 't Wout in which he speculated in 2007 that electromagnetic fields were responsible before having a single shred of evidence.
The study of trees in a controlled environment was also commissioned by the city and independent of the tree survey. The testing regime hasn't been released (under what conditions were plants and trees kept), nor does there appear to have been any controls—trees and plants in the same environment with shielding to block EMF. The exposed vegetative material had six Wi-Fi access points running nearby, which is not the proximity of exposure nearly any trees would receive. As with all EMF, signal strength decrease with the inverse square of the distance from the transmitter with a standard omnidirectional antenna; the formula is a bit different for a directional antenna, but then there's less exposure in the vicinity, too. (I wrote a critique of what was revealed of the study for BoingBoing.)
Bialik has one paragraph I'll quibble with:
His town did fund an experiment seeking to investigate whether Wi-Fi signals might harm trees. The experiment used Wi-Fi routers not because these were suspected as the major culprits — cellphone network signals generally are stronger — but because experimenters aren’t allowed to use cellular network transmitters, and besides it is difficult to find an environment without any cellular wireless signal as a control. It also isn’t clear why trees would be suffering only recently, while cellphone networks have existed for decades.
This must have been stated by van 't Wout or another interview subjectd, as it's all wrong. First, Wi-Fi access points would be further away and at vastly lower power than cellular base stations, and thus vastly less likely to be the "culprit." Second, researchers may test cellular signals in Europe. I have read dozens of studies in which cell transmitters are used in clinical settings in Sweden, Britain, Germany, and elsewhere. I'm sure there's red tape, and it may simply have been cost prohibitive.
Finally, you can find an environment without EMF: a shielded room. Since the plants were being tested indoors, two rooms could have shielded: one for controls, and one for exposure only from signals within the room. Again, the expense may have been too high.
This seems quite clearly that there was an agenda at work and little science involved.
Carrier-grade operations are supposed to be carrier grade: In its enthusiasm to have LTE operating in multiple markets before year's end, Verizon Wireless let a few gears slip. That's unfortunate, because now they've set the expectation that the service isn't ready for prime time as a result. Reports of performance have been quite excellent on an unloaded network.
The problem? Computerworld reports that a handoff from 3G to LTE can take up to two minutes. A spokesperson told the reporter, "Hand-offs can take up to a couple minutes, but that was expected and a fix is in the works."
If it simply were an inherent problem, that's one thing. But it's clear this can be fixed in software, and is considered a bug. That makes it far less acceptable. In the olden days, products weren't shipped broadly until bugs that would frustrate your early adopting, high-paying customers were worked out. Bragging rights were more important here.
A series of stories yesterday appeared that said T-Mobile used to allow 10 GB per month of unmetered data use: This is incorrect. In April, T-Mobile switched from the standard U.S. carrier model of charging overage fees of 5¢ to 20¢ per MB for data used above 5 GB on the higher of two metered plans (see "T-Mobile Offers Overage Compromise: Throttling," 27 April 2010). Instead, T-Mobile switched to what European carriers typically employ. After using 5 GB during a billing period, the data connection is throttled to about 64 Kbps. Some customers might like paying $50 to $200 per GB over 5 GB; others might like the soft landing.
Stories yesterday, such as this one from a site devoted to T-Mobile news (TmoNews), stated, "If you may recall, previously the data cap was 10GB/month." I checked with a T-Mobile spokesperson, who confirmed my recollection was correct. I have spoken about this with T-Mobile several times, too, since April, and the cap was always 5 GB.
What may have spurred the confusion is a document that talks about such throttling starting "October 16"; TmoNews has a photo of the internal document meant for T-Mobile sales agents.
This kind of throttling, by the way, won't be mandated nor disallowed by the FCC under new disclosure rules it's imposing on carriers, but it certainly fits within the framework the FCC has set. The FCC wants sticker shock banished, and will force carriers to provide notifications before a customer hits a point at which fees will be charged. Many carriers offer mandatory or optional methods to be notified (at no cost) of such limits. But not all do, and international roaming is especially egregious. It's also difficult to turn off service to prevent such overages from happening accidentally.
T-Mobile, by pursuing throttling, with no extra fees involved, ensures customers on the 5 GB plan never pay an extra cent; they just have to cope with lower bandwidth.
Canadian school board will keep Wi-Fi on: Terrific reporting (no byline, or I'd praise the reporter) on a sticky issue. A school board in the central Ontario area of Simcoe County is refusing to turn off Wi-Fi because of scaremongering from parents who allege a direct connection between symptoms of ill health and the presence of signals.
Great summary in the second paragraph: "There is no scientific or medical evidence to show children complaining about headaches, dizziness and nausea are being made ill by the Wi-Fi in their classrooms, the Simcoe County District School Board said Monday."
The school board said only "about a dozen parents" complained about symptoms out of 50,000 students' families. And, of course, unless you live inside a Faraday Cage, you're exposed to varying amounts of non-ionizing electromagnetic radiation constantly from radio stations, cordless phones, police radio, cell towers, and so on.
Wi-Fi uses an extremely low signal, and the exposure for a kid over a school day is likely vastly lower than the same exposure to cell base station signal output or from cell phones many of their compatriots carry.
I suppose these parents have already made sure none of the homes near them have Wi-Fi base stations, and that they don't use electricity in the home, since electrical cords and devices produce EMF, too.
I've said it many times before: focusing on wireless signals as a cause of a constellation of nebulous symptoms doesn't help those suffering. It's a desire to have a single-source solution, like mercury in vaccines leads to autism. As studies now show, removing thimerosal from vaccines hasn't had any impact in any country on autism diagnosis rates, and the original fraud who suggested such has been thoroughly discredited.
The alleged Russian covert agents uncovered in the suburbs used ridiculous communications methods: I'm flabbergasted by the techniques described in the FBI complaint about how the soi-disant spies communicated. In at least a couple of cases, the FBI states, a Russian official and one of the accused covert agents used ad hoc Wi-Fi to communicate over short ranges.
I suppose this seemed like a sensible method...to a six year old, although I wouldn't want to accuse a six year old of such simplemindedness. Perhaps spycraft for Russians hasn't caught up to, say, 1999, but needing close physical proximity is a simply bizarre requirement for passing information.
Ad hoc networking broadcasts information about the senders all over the place, which the FBI captured. The communicators clearly didn't even change the MAC address (the unique Wi-Fi adapter number) or the ad hoc BSSID.
I won't be surprised to learn that they were using WEP encryption, which the FBI broke, and lacked a layer of encryption on top of that.
Without jeopardizing national security, because I don't know anything that every attendee at DEFCON isn't better aware of than I am, I would have used one of the following methods.
Ultrawideband (UWB). While UWB hasn't caught on, there's plenty of gear out there. Indistinguishable from noise without special equipment, two relatively close devices could shift tons of information rapidly via UWB without creating overt attention.
Public Wi-Fi. Creating an ad hoc network is suspicious. Instead, the two parties communicating could log into a cafe network and use local network discovery to create an encrypted tunnel. That could be spotted, too, but it would appear potentially more innocuous.
Public Wi-Fi in freaking different locations. Explain to me again why, what with the Internet and plausibly unbreakable strong encryption, VPNs, and other obscuring tools, why spies would use close proximity to exchange data? Log in 100 miles away at separate cafes, create a tunnel between the two machines that doesn't betray origin, destination, or contents, and there would be vastly less to make a case on.
Now, I suggest these methods not to encourage spies, but because every goshdarned techie with any slight knowledge of encryption and wireless communication would think of them first.
The former Soviet spy agency is clearly not recruiting from its elite Internet hacker division for wet ops.
Yawn: I don't know about you all, but I'm sick to death of the endless detailed reporting of every move in the case of Google's capture of scattered publicly unprotected Wi-Fi network packets. It was a colossal blunder on Google's part, and the firm hasn't handled its negotiations with various governments, local and national, as adeptly as it should.
But I expect it's actually as it seems. Bad program management that led to useless information being collected that wasn't acted on. Google will spend millions in defending itself against lawsuits and settling with governments. The company will agree to outside monitoring of certain behaviors in the future. It will be required to be less aggressive and arrogant in its assertion of rights on the public thoroughfares for Street View in many countries.
It's just not that big of a deal to most people unless an actual privacy breach is demonstrated in which Google was gathering data and associating in its systems in such a way as to render it better able to pinpoint individuals and then target advertisements or other information to them.
I have various news alerts set to trigger for Wi-Fi, and the thousands of stories filed and reprinted around the world have added nearly no information to the topic. Put Google, privacy, and wireless snooping into one story, and I guess it gets traffic. (See what I did just now?)
Ultimately, it was an interesting story, but it's not now unless new information appears; you won't be reading all the daily developments in it here.
The class-action suit by two Northwest US residents relies on assertion of privacy of publicly broadcast information: This isn't going to fly. The suit states, "As data streams flow across the wireless network, the sniffer secretly captures each packet (or discreet package) of information, then decrypts / decodes and analyzes its content according to the appropriate specifications."
First, it's not secret. You're broadcasting data in an unlicensed band. You have no reasonable expectation of privacy over openly broadcast data. Perhaps secret means unknown to the transmitter; in which case, the transmitter shouldn't be using an unencrypted broadcast network standards.
Second, and related to the first, Google says (and governments will now confirm) that it was sniffing only open networks, which means it only received data that wasn't locked behind a form of Wi-Fi encryption.
I suspect the attorneys are using this language to make it sounds as though normal decoding of data from an open network is breaking the packets, when, in fact, simple operation of a Wi-Fi adapter allows this data to be received.
The suit also states, "To view data secretly captured by a wireless sniffer in readable or viewable form, after being captured and stored on digital media, it must then be decoded using crypto-analysis or similar programming or technology. Because the data "as captured" by the wireless sniffer is typically not readable by the public absent sophisticated decoding or processing, it is reasonably considered and understood to be private, protected information by users and operators of home- based WiFi systems."
This is patently inaccurate.
Then we come to this. One of the plaintiffs apparently is engaged in risky data behavior:
"In connection with her work and home life, [Vicki] Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless internet connection ("wireless data"). A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations."
In which case, Van Valin was probably in violation of the terms of her employment and data handling if she had an unsecured, "open" Wi-Fi network. It is more likely, and would be found in discovery if the case goes to court, that Van Valin was either engaged in activity unlikely to be protected by an expectation of privacy, or, in fact, was using a VPN or other methods of encryption required by her employer, thus rendering the captured "open" packets unreadable by Google.
I'm sure there are 1,000 Wi-Fi experts that Google could call upon for this case for testimony to explain the clear difference.
Since 2006, most routers have included software that explains the risks of unsecured networks and makes it easy to secure networks. Further, the FCC's Part 15 rules don't impose any expectations of privacy, and various state laws about network sniffing typically require some effort being made to break into a network in order to claim a violation.
This is an opportunistic lawsuit that I suspect will not reach class-action status, nor will Google settle to dispose of.
The New York Times reports on a number of investigations planned of Google's self-described accident in collecting data from open Wi-Fi networks: Hamburg, Germany, has opened a criminal investigation, while Spain, France, and the Czech Republic's data protection officials plan a look-see, too. The US FTC has been asked by Congress to check out the effort, too. Ireland and England are fine with the data collected in those countries being destroyed.
Google says it's inadvertently been recording packets from unsecured Wi-Fi networks while sniffing for publicly available information: Remember how Google said its scans of Wi-Fi networks while carrying out Street View photography were innocuous? Remember how I defended the practice, and said nothing in what Google was doing was different or more personally invasive than Skyhook Wireless or others? Oops.
Google now reveals that it's discovered code written in 2006 as the basis of its Wi-Fi scanning system in Street View contains a portion that samples data on networks that aren't secured, presumably as a tool for statistical analysis of what people are doing. That's a no-no in 2006 and today, and may result in fines and consent agreements.
Google might have caused themselves lasting harm. I can believe this was unintentional; the company is, frankly, sloppy about managing its projects. The firm said it has 600 GB of such data, mostly fragmentary as the Street View vehicles are in constant motion. Given the petabytes of Street View imagery, that's also plausible that it didn't notice the 600 GB of other data collected over years.
Street View was taken off the road briefly, and the company has said it won't be scanning for Wi-Fi temporarily as it assesses what's happened. I wouldn't be surprised if the firm is pressured into agreeing to not gather Wi-Fi info at all in the future by various countries, or possibly worldwide. That's good news for Skyhook Wireless, as it would be the only worldwide purveyor of such information.
I don't feel too foolish about my previous posts, because I was discussing the publicly available information that Wi-Fi networks announce from access points. The privacy concerns raised have to do with how such information could be associated with private information (Google searches, email, and other elements). I have to say that Google's accident makes that kind of association far more reasonable to raise, intentional or not.
Update: The German privacy commissioner has responded angrily.
The head of Electronic Frontiers Australia is making ridiculous statements about Wi-Fi positioning: Google is being excoriated now in Australia for failing to disclose that it is scanning public Wi-Fi network signals while driving for Street View image captures and mapping. The electronic privacy advocacy group EFA's vice-chair Geordie Guy is way off base in his technical statements about this matter.
As a refugee from Google Buzz and someone who deleted his Facebook account permanently (or so I hope) several weeks ago, I have no truck with the notion that corporations gathering and collating information about me will use it appropriately. Buzz was proof of that. Buzz was a betrayal of Gmail users.
But there's a sky-is-falling attitude here about Wi-Fi signal scanning that needs to be fought back against, because it's simply wrong. There is no sensible way for Google to associate specific Wi-Fi networks with specific queries or individuals because the Wi-Fi network scan simply doesn't contain information that's sent out as part of a query to Google. (I'd be terrified if it did, however.)
As I wrote on 23 April 2010, Google--like Skyhook Wireless, which is mentioned in this Australian article--only scans publicly available passively scannable data.
EFA's Guy says, Google is "collecting data that could enable it to physically map that information to a physical street and presumably a physical house." I categorically reject that. The Wi-Fi network name and BSSID (the unique MAC address assigned to a Wi-Fi access point) aren't associated with data that's sent over a browser. Google can't determine the gateway IP address or a public IP address from a Wi-Fi router signal, nor do browser queries contain that information.
If you're using Google's extensions for geolocation--which is part of the latest release of its Chrome browser--Google could conceivably take the Wi-Fi information your browser provides as part of geolocation data and associate it with queries...but it's already doing that. If you let Google look up your location, well, they have your location now, don't they?
Guy goes on to ask technically inaccurate questions that weaken his valid privacy concerns. "Google talks about wireless routers at home but what about the printers, computers, mobile phones and other devices that might be sending out wireless information?" Those devices don't send out beaconing information. On unsecured networks, you could sniff that data, which is likely illegal to do in most developed nations, including the United States, Europe, and Australia. I don't suspect Google is pulling that information down. On secured networks, that information isn't actually available even to sniffers.
Guy also says the EFA is unaware of similar efforts. He apparently wasn't previously aware of Skyhook Wireless, which has been driving all Australia for a few years, along with a good hunk of the rest of the world. Guy excuses this by stating that Skyhook doesn't have cached search information against which to correlate scans, but I've already explained why that's not a valid concern in the form stated.
He goes on (this guy doesn't stop) to explain incorrectly what a MAC address is: "A MAC address on a home wireless connection or any other piece of electronics that uses Wi-Fi is a serial number, it's unique." Sure, but since when does a serial number get you anything about a product or a device?
Guy says, speciously, "If Google rang you up...and asked you to read out a serial number of your mobile phone, what would you say? I'd tell them its none of their business. If I saw them on the street with binoculars trying to read it, I'd close the curtains."
Right. And the strawman here? The Wi-Fi router address that's being publicly broadcast is like the street number on your house, not the serial number on your mobile phone.
A more sensible response is in the article from Australia's privacy commissioner. And might I say, bravo, Oz, for having such a commissioner. "From a privacy perspective, our preliminary inquiries have indicated that the information about Wi-Fi data that Google is collecting would not be considered personal information under the Privacy Act," said Karen Curtis. Right.
If you don't want your Wi-Fi router's public data that doesn't identify you personally scanned, don't use Wi-Fi or set your network to "closed," which prevents the kind of passive scanning from being performed by Google et al. If you use Wi-Fi, it uses public unlicensed airwaves, and the notion that some data might be leaked is just part of the rules of the game.
You're not obliged to use Wi-Fi, Guy.
Joe Sharkey channels 2005: This travel column in the New York Times reads a bit odd. Nearly everything in the article, exception the proliferation of mobile devices with Wi-Fi built in, could have been written in 2005, or even earlier.
"The days when business travelers routinely fretted about the availability of Internet connections in hotels are gone, or rapidly fading." That started fading long ago, when most hotels had put in Internet service. Five years ago, the majority of hotels had some form of access, with most of that service in rooms. In the last five years, it's been backfill for the few remaining properties and rooms, with more Wi-Fi than Ethernet in the mix.
Sharkey even uses a term I haven't heard broadly used in years: "Others carry an AirCard, a small modem that can link laptops to the Internet using cellular networks." First, it's a generic, so it shouldn't be capitalized; second, it's a mobile broadband modem, a 3G modem, a USB cell modem, or whatever. Aircard was a mainstream media invented term for something that already had a name.
With more people traveling with 3G modems and devices with 3G access, the odds of needing hotel Wi-Fi is likely declining daily. Hotels have to cope with that loss of revenue, just like they lost long-distance calling and fax revenue over the last 15 years.
The only real news in the column is the increasing shift to free service, driven by a move in the United States (but not internationally) to more no-cost Wi-Fi. Most Wi-Fi hotspots in the US are now free or free-with-purchase (or Starbucks's deal: two hours free with a single purchase on a registered card).
I don't blame Cisco for pulling this stunt, but the company got mainstream media to buy in: Typical is this USA Today story, which follows the press release that the Cisco Valet is the company's "first consumer router," despite having purchased Linksys years ago and sold tens of millions of consumer routers during that time. The Valet has the same footprint, and likely similar innards with a new skin on top of it as most of the modern Linksys models.
Late in the story, the USA Today reporter notes the Linksys subsidiary, but has fallen for the marketing line that the USB dongle that lets you supposedly easily set up every device is somehow unique to Cisco, new, and exciting. The real news, I suppose, is that the Pure Digital team that made the Flip video recorder, acquired by Cisco, was thrown onto the home networking product line. But that's hardly a revolution in hardware, is it?
The notion of using USB drives (not one that comes with the device, necessarily) goes back several years to Microsoft's short-lived Wi-Fi product line, and some other companies--including Linksys!--let you write settings to a USB drive to move around to computers. (Amazingly, this time support comes in the first version out of the box for both Mac OS X and Windows!)
The notion of making Wi-Fi easy to set up dates back to, oh, I don't know, 1999? And it is far easier. Six years ago, I wrote "Beating the Wireless Blues" for PC World, which explained how to fix Wireless Zero Config problems in Windows XP and other troubles of the time.
At that time, about 35 percent of Wi-Fi routers bought at retail were returned to stores. Cisco says its number today is about 20 percent. (Update: Cisco says that's an industry average, not its experience.) That's closer to the return rate for all personal computer peripherals, but it also explains why Cisco is trying to change the narrative without necessarily offering anything new or different, just a further iteration of industry-wide efforts underway since Wi-Fi's inception.
The firm that promised mobile everything for a low, low price but owned no network has disappeared: My friend Nancy Gohring at IDG News Service wrote a series of articles in mid-2009 about Zer01, a firm that said it was not a mobile virtual network operator, but somehow had access to a national network on which it would offer unlimited calling, mobile broadband, texting, and other features at a rate far below what operators charge. Unlimited mobile data seemed particularly impossible, given carriers cap at 5 GB for laptop use, and only a handful have specific unlimited smartphone (no tethering) data plans.
Nancy writes today that Zer01's Web site has gone dark, referring users to Google; its press spokesperson, Ron Dresner, didn't return calls and his Web site no longer lists Zer01 as a client; and Zer01 doesn't appear to be involved in the upcoming CTIA trade show.
I reiterate to anyone who doesn't know but will listen: all these deals that seem too good to be true are invariably too good to be true.
Meanwhile, the mainstream carriers now offer unlimited calling and texting plans that, for heavy users, are relatively inexpensive compared to previous plans that used pools of minutes and messages.
Jennifer calls Leo Laporte's Tech Guy radio show to complain her "linksys" has disappeared: She starts by explaining that her "linksys" has gone away, and she bought a USB wireless extender, but it still doesn't show up. Leo asks, wait, do you have a wireless router? No, she's been using this other network.
Leo explains to her that she's stealing, and exposes herself to tremendous risk by being on an open network. "When you see an access point named linksys, it's usually because the person who set it up is kind of clueless," he notes.
I like Leo not compromising on the ethics, while offering security advice, and suggesting she get her own connection.