Worried About Skyhook Mapping Your Wifi Router To a GeoLocation?

Pic­ture from here

I was read­ing a story on slash­dot about how Sky­hook Wire­less has been wardriv­ing the United States map­ping MAC addresses from the wire­less routers it detects to your geo­graphic loca­tion.   Now first for those para­noid, they prob­a­bly are not going to get your exact phys­i­cal address but it will be “close” — close is defined as within 500 feet.

Fol­low­ing the dis­cus­sions on the slash­dot post­ing, you can see that some geeks are freaked out.  They are wor­ried about get­ting spam to their phys­i­cal loca­tion (my email address has noth­ing to do with my phys­i­cal loca­tion).  They are stat­ing to change your mac address so it obso­letes the data­base.   While this is doable, there is another bet­ter sce­nario for this. If you should find your MAC address on this data­base or you wish to pre­emp­tively strike against this map­ping when it comes to your MAC address, you are going to have to change your mac address.

Most wire­less routers allow you to change the MAC Address on your wifi seg­ment.   If your router does not allow you to do this please pur­chase a new router if you wish to pro­ceed.  While a MAC address needs to be unique on a net­work seg­ment (so the com­put­ers can talk to each other) they do not have to be unique in the uni­verse, in the world, in the coun­try, in the state, or even in the same town.  If the sig­nals are weak and shielded enough to pre­vent inter­fer­ence you could have dupli­cate MAC addresses in the same apart­ment build­ing, though I wouldn’t rec­om­mend that and it would negate this exer­cise anyways.

Now you are all ready to change your MAC address, what do you change it to?  How about  the same as the McDonald’s in times square?  Your friend can snag you one the from the Pan­era Bread in Anchor­age, Alaska.   Maybe you want your house to have the same MAC address as the wifi routers in Dis­ney World.  If you want to be bor­ing go up to your local Best Buy look at what their MAC address is set to, though it would still be local to you some­what then.  I’m not going to go through and state how to get these MAC addresses, but most peo­ple that would actu­ally bother to do this already know how.   If you need fur­ther instruc­tion drop me a com­ment and I may go into it.

By chang­ing the MAC address you have now poi­soned the Geo-Location data­base that Sky­hook Wire­less has saved about you.   Even if they grab your MAC address after you have changed it, which MAC Geo loca­tion is going to take prece­dence — Times Square or Podunk, Iowa?  There is a chance if Sky­hook doesn’t have it’s weight­ing algo­rithms cor­rect and all those peo­ple at McDon­alds in Times Square would have their loca­tion show­ing as Podunk Iowa — though it would be amus­ing to use the API and have it say that there are 300 peo­ple cur­rently in your house.

You can get more doc­u­men­ta­tion on the API from here and here.

Some­times peo­ple over think the prob­lem when a sim­pler and more ele­gant solu­tion can be uti­lized.   If in the end Sky­hook data can’t be trusted, it will not be used.

Image from here

September 12, 2008 | Creeva | Tags: , , , , , | View Comments
  • PlainJane
    Okay, so... I'm reading all this hype about geolocation by MAC address and I just HAVE to ask... "so what?" The chances of pinpointing an exact location seems a bit far-fetched. And, supposing you did locate my residence, what benefit does it give you other than knowing you spent all the this time to find plain ole jane?
  • Thanks man, just what I was looking for. Thanks so much…
  • When you change you MAC to fool Skhhook you are just one of hundreds of APs in your neighborhood. Considering that many people still don't change the default admin settings on their router, your bit of subversion is only as effective as the radius of your AP.
  • Isn't that the point though - I wasn't going through stating that everyone should change and break the skyhook API - just if your worried about the geolocation information of your own API.
  • Just seems like a lot of tinfoil hat motions to hide your AP MAC.
  • I don't nec. disagree with you - it took me much longer to write the article then it would have been to come up with the idea of doing this and make the change.

    In theory my one AP is newer and prob. is not in the database, if my other API's are in the database it will probably say the wrong state depending on when they passed through - pre or post move to my current location.

    Either way - I can change, I know how to change, and if I am inclined I can do it in under a minute.

    What the real point of this article was everyone was going WAY overboard and overthinking this issue and solutions to remove their own AP's from teh database. If they don't like the database or have a grudge against, my solution is simple and sweet. The geo loc. data they get from your MAC is wrong - but like you pointed out if they want the information they can just walk down the street and pick up a different one.

    There is no reason I have to be altruistic and give out my geo loc. information just because someone didn't buy a device with a GPS in it. That's really the issue though right? When geo location applications become more refined we will just be using GPS chips in all of our devices anyways? At that point the skyhook database should eventually die off. It's a stop gap until the GPS chip itself takes over.
  • did you know they deliver in Manhattan?
  • I have been to a McDonald's in Manhattan just not that one.
blog comments powered by Disqus