Wi-fi router owners get Google location opt-out

Wireless router owners that do not want Google to use their devices to improve its mobile location services can now opt out. 

To opt-out, wireless access point owners must add "_nomap" to the tail of the an Service Set Identifier (SSID) -- a network's existing name. So, for example, "HomeNetwork" would be renamed to "HomeNetwork_nomap".  

Google's location database, Google Location Server, collects SSID and unique device IDs known as a MAC address to improve its location services, such as mapping or apps that rely on location information generated by access points instead of GPS.  

In September Google said it would make the feature available globally so that once a user opted out, it would "not use that access point to determine users' locations". 

Google's global privacy counsel Peter Fleisher said Tuesday that it was "introducing a method that lets you opt out of having your wireless access point included in the Google Location Server."

Once a user has opted out, Google explains on its support page that "the next time a user’s device sends information about your wi-fi access point to the Google Location Server through a reliable channel [such as an Android device], our system will note the _nomap tag and remove the access point from our Location Server after it is processed."

The new option appears to fall in line with a Dutch Data Protection Authority ruling in August this year that "obliged [Google] to offer users the option to opt-out, so they can effectively object to the processing of data on their wi-fi routers at all times and free of charge."   

Tuesday's changes appeared to ste from the Dutch authority's 2010 investigations into Google StreetView car's collection of wi-fi data, which noted that "MAC addresses combined with a calculated location are personal data because the data can provide information about the wi-fi router’s owner."

While Google positioned the opt-out method as preferable, in order to "protect against others opting out your access point without your permission", others have criticised it for not making the system opt-in. 

"Google should go opt in like Facebook! Should be SSID_mapme," Veracode CTO & co-founder Chris Wysopal responded on Twitter.

"So SSID_nomap can now immediately be used to profile people who set it. Just adding _nomap is a privacy fail in itself," security researcher Nick DePetrillo pointed out. 

And since Google still collects MAC addresses, security and privacy researcher, Christopher Soghoian, wanted Google to explain how they were stored. 

"Dear Google: How do you store the MAC addresses of wi-fi routers that don't want to be mapped? Raw addresses, hash them, or a bloom filter?," Soghoian asked. 

Renaming an SSID will only be observed by Google from Tuesday, however Fleisher said it hoped that over time the "_no map" string will be adopted universally.