I know where you’ve been: security and privacy concerns with Wi-Fi

So what’s all the hoopla about Google and others collecting Wi-Fi data over public airwaves? Google, Apple and others have been building databases containing data about Wi-Fi networks, cell tower location, GPS data and device MAC (Media Access Control) addresses. The data can be used to identify wireless routers and when combined with data about the network’s signal strength and other information, such as cell tower and GPS readings, one can get a very clear idea of where Wi-Fi users are located.

Because their databases strip out personally identifiable information, the data collectors say that consumers are safe. However privacy advocates say it is possible for the truly motivated to find a way to use Google’s database of location information to secretly figure out people’s addresses.

In an e-mailed statement, Google said, “It’s important to remember that MAC addresses are a simple hardware ID assigned by the manufacturer. We do not collect any information about householders, nor can we identify an individual from the MAC address data. This data is publicly broadcast, and it’s identical to what any person could learn by walking near the location with a Wi-Fi-enabled device. At no point does Google publicly disclose MAC addresses from its database.”

However, this statement hasn’t stopped folks from thinking about Big Brother knowing their whereabouts based on access points, or employers tracking employees without consent to know where their employees are on company time.

We must realize that wireless technology by its nature transmits data over an open frequency, i.e. public airspace. And if someone really wants to find out personal information about you all they have to do is use any of the many web services that will search every public database to reveal all sorts of things about your life.

However in terms of network security the more pressing concern is that when using wireless networks are our e-mail messages, passwords, or anything sent without encryption on a wireless network protected? If this is the primary concern, versus location specific data, then consider the steps you should take to protect your wireless network and the computers on it:

  • Use encryption to scramble communications over the network. If you have a choice, Wi-Fi Protected Access (WPA) is stronger than Wired Equivalent Privacy (WEP).
  • Use anti-virus and anti-spyware software, and a firewall.
  • Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your computer won’t send a signal to any device in the vicinity announcing its presence.
  • Change the identifier on your router from the default so a hacker can’t use the manufacturer’s default identifier to try to access your network.
  • Change your router’s pre-set password for administration to something only you know. The longer the password, the tougher it is to crack.
  • Allow only specific computers to access your wireless network.
  • Turn off your wireless network when you know you won’t use it.
  • Don’t assume that public “hot spots” are secure. You may want to assume that other people can access any information you see or send over a public wireless network.