[Geowanking] MS local.live.com & privacy (lack of)

Mike Liebhold mnl at well.com
Fri Dec 9 13:39:47 PST 2005

I took a look yesterday at Microsofts new Virtual Earth incarnation,
called local.live .com. <http://local.live.com/>

I won't write a full review here. Anyone interested can take a look
themselves.  Beyond the irritating, unblockable CSS-like popups, There
's a critical point about Microsoft's handling of sensive location
information that's worth immediate comment here:

The service includes a feature called "locate me" which launches a
Placelab-like wifi base-station geolocation technique.called 'Location
Finder" which listens for the MAC address and compares it to a client
cache of locations of known base stations. Placelab, which was developed
by Intel Labs, is available free for download on sourceforge, and as
many people may know, was explicitly designed by Intel to be 'privacy
observant'. Unlike most e-911  and mobile phone location systems which
sureveil, and actively track a users location, Placelab was designed to
present location coordinates privately to a user, without querying, or
notifying the network. IMHO this is a noble design goal.

Microsoft's "Location Finder" program, on the other hand, includes the
following disclaimer in the terms and conditions link which says " Your
privacy is important to us. click here
<http://go.microsoft.com/fwlink/?linkid=51332&clcid=0x409> to see our
privacy policy:"

"Use of Location Information ... Microsoft may use the information
collected to provide you with more effective customer service, to
improve Location Finder and any related Microsoft products or services,...

Microsoft may disclose location information if required to do so by law
or in the good faith belief that such action is necessary to (a) conform
to the edicts of the law or comply with legal process served on
Microsoft; (b) protect and defend the rights or property of Microsoft
and our family of Web sites; or (c) act in urgent circumstances to
protect the personal safety of Microsoft employees or agents, users of
Microsoft products or services, or members of the public.

Location information collected by Location Finder may be stored and
processed in the United States or any other country in which Microsoft
or its affiliates, subsidiaries or agents maintain facilities. "


So much for privacy of Microsoft's  'Location finder' program.

If this is unpalatable to you, you may be interested in trying as I did
an alternate location techique. Instead of 'Location Finder'
local.live.com also offers users a choice to select IP location lookup.
As discussed here in the past, IP geolocation is an imperfect art,
dependent of the accuracy of the data in the offical IANA database (
Internet Assigned Numbers Authority.)  In my case, my IP address has
shown that am in San Diego, since that's where my IP connection is
officially terminated at the downlink center for my satellite service
provider. I'm actually connected to the Internet via a KuBand satellite
in the remote wilds of Northern California, a long ways away. The
location of my dish is simply not visible to the net.  It looks, to the
net, like I'm in San Diego, over 700 miles south.

So, you might understand that I was quite suprised and dismayed that
Microsoft's IP lookup returned my actual location in the woods in
Northern California !!!  Just to be sure they didn't get my address from
my satellite service provider, I called the Network Operations Center,
who said the location of my dish is  private, but looked up my record
anyway,  and confirmed " Our database, and the IANA database show your
IP address is in San Diego.  Clearly Microsoft's IP location database
includes spooky datamined information about users' actual location that
is not normally available by querying the publically accessible databases.

Be forewarned.


Mike Liebhold
Senior Researcher
Institute for the Future

iftf.org <http://www.iftf.org>  |   starhill.us <http://starhill.us>   |
 starhill del.icio.us blend <http://del.icio.us/inbox/starhill_blend>

Geowanking mailing list
Geowanking at lists.burri.to

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list