The (slight) rise of _nomap

In 2010, Google streetview cars were found to be collecting data from unsecured Wi-Fi networks in 30 countries worldwide. The German privacy regulator described the issue as ‘one of the biggest known data protection violations in history’, and the scandal became worldwide news – the latest in a long line of new privacy concerns raised by developments in technology.

Google initially claimed that they were merely collecting SSIDs and Mac addresses (harmless Wi-Fi names and identifiers) – but further examination revealed that they were in fact also collecting Wi-Fi payload data (information sent over the network) from unsecured hotspots. The idea that Google was ‘listening in’ on Wi-Fi hotspot owners naturally caused a big stir and yet again served to emphasise the importance of securing domestic hotspots.

So what did Google do about this? After apologising, bringing in security consulting firm Stroz Friedberg to conduct a review, and being investigated by regulatory authorities in several countries (with the subsequent levying of fines) – they introduced ‘_nomap’. By appending ‘_nomap’ to the end of your Wi-Fi hotspots you could opt out of all Wi-Fi network tracking and means your hotspot will not be used for improving location fixes on mobile devices. Google announced ‘_nomap’ in October 2011 to surprisingly little press attention – so how widespread actually was the take-up of this solution to privacy invasion?

At OpenSignal our app records the location of mobile hotspots along with their SSIDs, meaning that we have a database of several hundred million Wi-Fi names worldwide and so are able to see the actual real-world response to Google’s solution. In total, since the publication of Google’s blog post , we have seen 23,547 distinct Wi-Fi hotspots since October 2011 (up until September 2014) with ‘_nomap’ appended. To visualize this we looked at the proportion of Wi-Fi networks seen by our app each month that have ‘_nomap’ attached, which clearly shows the response immediately after Google published their blog post – despite the fact that coverage was limited.

Screen Shot 2015-07-02 at 17.39.11

The proportion of observed global Wi-Fi hotspots that have had ‘_nomap’ appended

This graph also shows a rise beginning at the end of 2013 and continuing into 2014. Edward Snowden’s revelations about the NSA’s privacy incursions occurred during the summer of 2013 – and so it is possible that the heightened awareness about privacy issues could have led to more people taking care that Google was not recording their Wi-Fi hotspot. However, compared to the number of global Wi-Fi networks detected by OpenSignal, it is clear that the number that adopted Google’s solution is very small.

So why is this? Obviously it was deeply concerning that Google were tracking payload data – but it is not in itself concerning that they are collecting Wi-Fi SSIDs (after all, this is what we at OpenSignal do). Those technologically savvy enough to have followed the story (and continued to do so months after the initial outburst of outrage) will know that Google had publicly pledged to stop tracking Wi-Fi payload data, and so any appending _nomap to their Wi-Fi hotspots would not make any difference to that. Furthermore there is nothing private about a Wi-Fi name, it is a handle that is broadcast publicly and can be seen by anyone in range with a device capable of detecting the network. There is a great deal of evidence to suggest that individuals use their Wi-Fi network name (their SSID) as a way of broadcasting a message (often with a specific neighbour in mind) and we have collected many of these in our occasional blogs on Wi-Fi names that amuse us. Our research into the use of Wi-Fi names to declare political allegiance in Buenos Aires also supports this hypothesis.

This entry was posted in Mobile Trends and tagged , , , , . Bookmark the permalink.