Microsoft questioned about privacy associated with Wi-Fi address database

Microsoft has gathered the location of millions of Wi-Fi-enabled devices globally and makes them available on the Internet without putting in place the privacy guidelines that its competitors have, according to Cnet.

The database is available at and pinpoints the precise geographical location that can lead to a street address and even the corner of a building of Android and Apple devices along with other Wi-Fi devices.

Google (NASDAQ:GOOG) and Skyhook Wireless have similar lists of unique Wi-Fi addresses, but they have controls in place to protect privacy. Microsoft has put together the database through crowd sourced data gathering from Windows Phone 7 devices via what it calls "managed driving" via vehicles that record Wi-Fi signals from public roads. According to Microsoft, the Web interface is supposed to provide "search results, weather, movie times, maps and directions based on a device's current location."

Reid Kuhn, a program manger with Microsoft's Windows Phone Engineering Team, said in a statement to Cnet: "To provide location-based services, Microsoft collects publicly broadcast cell tower IDs and MAC addresses of Wi-Fi access points via both user devices and managed driving. If a user chooses to use their smartphone or mobile device as a Wi-Fi access point, their MAC address may also be included as a part of our service. However, since mobile devices typically move from one place to another they are not helpful in providing location. Once we determine that a device is not in a fixed location, we remove it from our list of active MAC addresses."

What is unknown and not answered by Microsoft is whether its database includes just Wi-Fi devices acting as access points or whether clients devices are included. If Microsoft collects and publishes only the Wi-Fi addresses of access points, the privacy concerns aren't as great. However, including the millions of phones and computers as access points means their locations could be monitored.

Elie Bursztein, a postdoctoral researcher at the Sanford Security Lab, recently studied Microsoft's application programming interface (API) and recommends that Microsoft adopt some of the limits its competitors have. He intends to summarize his findings along with two other researchers at the Black Hat security conference in Las Vegas this week.

For more:
- see this Cnet article

Related articles:
Judge declines to dismiss Wi-Fi sniffing lawsuit against Google
FTC backs off Google Street View inquiry
Google's Street View cars done for good