Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Free stuff, like a free web browser? Or a free smartphone OS?

If you don't want to be tracked by Google, don't use their software.

Now, if you're having a hard time avoiding their software because it's become a de-facto standard that's a separate problem. The bottom line is that we shouldn't be in a position where we don't have a choice not to use software from Google (or Apple, or Microsoft, etc). As long as these companies are in a position to offer software that can't reasonably be avoided, you should expect them to optimize these offerings at the expense of their users.



But this whole discussion is not about software.

I don't have to use their free browser, their free smartphone OS or even their search engine, but they will still freeload on my Wi-Fi for location tracking and will record my router location without consent, and the only way to opt-out is appending a stupid _nomap to the end of my ID.


That is kind of like saying, "How dare you listen to me when I am shouting my name in public?!" You are broadcasting your SSID on an unlicensed band, all wifi stations in your area have been listening to and analyzing those transmissions, and your wifi stations (APs and client devices) have done the same with all your neighbors' wifi networks. In fact the wifi standard requires more than just monitoring nearby beacons -- wifi stations monitor all wifi frames being transmitted from nearby stations, even those connected to a different AP, to avoid interference.

You don't want anyone to monitor your wifi network? Either don't use wifi, or switch to a band that will not propagate beyond your home (60 ghz).


> "How dare you listen to me when I am shouting my name in public?!"

Listening and putting it in a massive database along with other sensitive data, such as location, are two completely different things, though.


How dare you write down my name, which I was shouting in public, in your diary?! How dare you write down where I was standing when I was shouting my name?! Respect my privacy!


No, it’s more like “how dare you go around and record the license plate of every vehicle observable on the street and put it in a location/time database”.

You’re right that it’s technically public, just like the license plate on a vehicle. However, there is still a privacy expectation that all of that localized data won’t be pulled into a massive database for correlation.

It’s beyond the SSID, using your logic, it would also be fine if Google observed all of the client frames to track the locations of users that don’t use Google services. Randomized MACs aren’t usually used for home WiFi so this is completely feasible and well within your “privacy” framework.


It's also not a fair comparison to equate a database containing the whole world's SSIDs and location data with a personal diary...

Repeating what I said in other comment: What Google is doing is a cool hack and might be fully legit, but it's foolish to claim there's no potential privacy issues in it.


I do not see how there are any privacy concerns here. We are talking about radio broadcasts in a band set aside to be a free-for-all (no licensing, no permissions, no coordination required -- the only limit is on transmitter power). Moreover, people have many options available to them; among other things, you can not use an SSID (BSSID-only wifi networks are common), you can reduce your transmission power and use directional antennas to prevent the signal from propagating beyond your home, you can use the 60Ghz band which will not propagate through walls, and if all else fails, you can just use wired connections. People who want privacy can have it without having to do anything extraordinary.

Wifi is convenient because it is unlicensed and loosely regulated. The price of that convenience is that you have no particular claim to privacy with your wifi transmissions, and everyone knows it -- that is why we encrypt the contents of those transmissions. Building a database of AP locations is not a privacy issue at all -- it is no different from building a database of landmarks (or publishing a travel guide with a list of landmarks in various towns), or for that matter, creating a map by gathering information about roads/buildings/etc.


If there weren't privacy concerns, then the SSID API wouldn't be behind a Location permission toggle for iOS and Android.

It's not just Google doing it - see https://wigle.net/ with over 10B observations. So your privacy would be at risk even if Google didn't collect SSID/location information.

Fundamentally, asking people not to do something has never been a security measure that's worked. You need to implement some tangible, real protections. We already have those in the case of SSIDs, namely, the SSID and AP information aren't accessible to an app without location permissions in modern operating systems.


You are talking about the privacy of a device user, who may want to prevent apps from learning the location of their own device (and that is the point of the location permission). The claimed privacy issue I was responding to has to do with the privacy of the owner of an AP whose SSID is included in the database.


How is this at all a privacy issue for the SSID owner? Are you putting PII in your SSID?


I don’t use their software yet my ssid was tracked and associated with me and others.

This argument “don’t use google” or “don’t use Facebook” is very frustrating because others make this decision for me. If only it was possible to not use these services.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: