Sending Wi-Fi Locations to the Cloud
When you use “location services,” your devices are regularly sending lists of nearby networks to the platform holder: Google, Microsoft, or Apple.
Whether you’re pulling up Apple Maps on an iPhone, telling Microsoft Edge to share your location with a website on Windows, or providing your location to an app on Android, Wi-Fi details are being transmitted as part of the location-finding process.
GPS Just Isn’t Enough
Our devices aren’t just using GPS to determine our physical location—and for good reason. GPS can be slow and have poor coverage in some areas. Moreover, some devices don’t even have GPS radios, including most Windows laptops, MacBooks, and Chromebooks.
That’s why it’s called “location services” and not just “GPS” on modern devices. Location services encompasses multiple ways of finding your location—including using big databases of Wi-Fi network details owned by companies like Google, Microsoft, and Apple.
If you turn off location services, your device will often fall back to just using GPS, if available. This will be slower than using location services.
What Information Is In the Database?
The information in these databases is pretty basic: Your wireless router‘s MAC address and its physical location. Some other data, such as your Wi-Fi network’s SSID (name), may also appear in the database.
A MAC address, also known as a Media Access Control address, is designed to be unique. It’s generally possible to change your router’s MAC address by going through its web interface, but most people don’t. A MAC address will look something like “a1:2b:c3:4d:56:78”.
These are more unique identifiers than just a Wi-Fi network’s name. For example, there may be a lot of Wi-Fi networks in the world that have the same name as yours. But your Wi-Fi router’s MAC address is probably unique.
Importantly, this address is tied to a physical location in the real world in each company’s database.
These companies promise that it’s just data about your Wi-Fi access point that is being collected. They’re not collecting your browsing activity.
How It’s Used
The database is used to triangulate your location. How it works is actually pretty simple.
When it needs to find your location, your smartphone, laptop, or tablet scans for nearby Wi-Fi networks. It then uploads a list of nearby Wi-Fi networks along with their MAC addresses and signal strengths to the platform holder’s location services system.
That big database has a pretty comprehensive list of nearly all the Wi-Fi networks in the world and their physical locations. It can match that list of Wi-Fi networks (or rather, their MAC addresses) to a location in the real world.
And, like GPS, it can use triangulation to determine your location more specifically. Since it knows the fairly precise locations of each Wi-Fi access point, it can use their relative signal strengths to determine its likely physical location.
For example, if you have a strong signal from one Wi-Fi access point, you must be near it. If you have a weaker signal from another Wi-Fi access point, you must be farther away from it. Repeat this a few times and you can get a pretty accurate determination of your device’s location.
This lookup process is often faster than using GPS to get a lock on your location. Your device is often using both, however. Devices with cellular connectivity will also use triangulation with cell tower locations to determine your location, too.
Where Does the Wi-Fi Data Come From?
So where did these big databases come from? Who uploaded it in the first place? Well, you did—you and people like you. It’s crowdsourced.
As part of the location services lookup process, your device uploads that list of nearby Wi-Fi network details to the company’s database. Let’s say there are no matches because no one has ever had an iPhone around these routers ever before. No big deal—your device waits to get a GPS signal (or triangulates its location via cell tower positions.) Now that your device knows its location, it can send that location to the database. The database now knows where those Wi-Fi networks are.
This is happening all the time as people use their devices. Using the location services database is a two-way process where the device reports GPS data back to the database along with the nearby Wi-Fi details. That data is fed into the database to make the location determinations more accurate.
In the early days, these databases were built in other ways—Google famously captured Wi-Fi data as its Street View cars were driving around. However, now that we’re all walking around carrying portable devices that can capture this data, that’s no longer necessary.
How to Remove It (If You Want)
You can opt-out in many different ways. For one thing, you can disable location services and your devices won’t use the Wi-Fi database or upload data to it. They’ll just use GPS or cell tower information to find your location, if available.
You can also demand these companies remove your Wi-Fi network details from their databases. There are several ways to do this:
Google asks you to add “_nomap” to your Wi-Fi network name. So you’d have to change “My Wi-Fi Name” to “My Wi-Fi Name_nomap” to remove it from the database. Microsoft lets you submit a MAC address via its location service opt-out page. Microsoft says the MAC address you submit will be blacklisted from the database. Apple doesn’t provide any instructions on how you can remove this information from its database in its location services privacy statement. Sorry!
There are likely other companies that create and maintain similar databases, too.
There Are Bigger Privacy Problems to Worry About
We love explaining how technology works, which is why we’re demystifying this. But we want to be clear: We’re not saying you should be concerned about this.
Very little data is stored in these databases, and it’s not personally identifiable. This data can be captured because your router is constantly broadcasting its MAC address and your Wi-Fi network name to all nearby devices. Nothing in the database can be traced back to you personally—it’s just a MAC address and a location.
That’s not to say privacy isn’t a real concern. There are just much bigger problems.
For example, if you own your home, your name and address is part of the public record. It’s found in local government data and is probably made available on people finder sites. There’s a good chance your name and home address, along with other information like your phone number and email address, are on people finder sites even if you don’t own your own home.
As you browse online, you’re constantly being tracked for advertising purposes. Even offline, as you buy things using credit cards or loyalty programs, your purchases are tracked—also for advertising purposes. And these are just the tip of the iceberg.
So don’t worry about those Wi-Fi network databases. Even if you’re passionate about privacy, they should be far down on your list of priorities. But you might want to remove your info from people finder websites.
You can also use a VPN, to protect your online privacy, but bear in mind that will only help as part of a wider online privacy strategy. A VPN isn’t a magic bullet.