[Geowanking] MS local.live.com & privacy (lack of)

Fri Dec 9 13:39:47 PST 2005

I took a look yesterday at Microsofts new Virtual Earth incarnation, 
called local.live .com. <http://local.live.com/>

I won't write a full review here. Anyone interested can take a look 
themselves.  Beyond the irritating, unblockable CSS-like popups, There 
's a critical point about Microsoft's handling of sensive location 
information that's worth immediate comment here:

The service includes a feature called "locate me" which launches a 
Placelab-like wifi base-station geolocation technique.called 'Location 
Finder" which listens for the MAC address and compares it to a client 
cache of locations of known base stations. Placelab, which was developed 
by Intel Labs, is available free for download on sourceforge, and as 
many people may know, was explicitly designed by Intel to be 'privacy 
observant'. Unlike most e-911  and mobile phone location systems which 
sureveil, and actively track a users location, Placelab was designed to 
present location coordinates privately to a user, without querying, or 
notifying the network. IMHO this is a noble design goal.

Microsoft's "Location Finder" program, on the other hand, includes the 
following disclaimer in the terms and conditions link which says " Your 
privacy is important to us. click here 
<http://go.microsoft.com/fwlink/?linkid=51332&clcid=0x409> to see our 
privacy policy:"

[snip]
"Use of Location Information ... Microsoft may use the information 
collected to provide you with more effective customer service, to 
improve Location Finder and any related Microsoft products or services,...

 Microsoft may disclose location information if required to do so by law 
or in the good faith belief that such action is necessary to (a) conform 
to the edicts of the law or comply with legal process served on 
Microsoft; (b) protect and defend the rights or property of Microsoft 
and our family of Web sites; or (c) act in urgent circumstances to 
protect the personal safety of Microsoft employees or agents, users of 
Microsoft products or services, or members of the public.

Location information collected by Location Finder may be stored and 
processed in the United States or any other country in which Microsoft 
or its affiliates, subsidiaries or agents maintain facilities. "

[snip]

So much for privacy of Microsoft's  'Location finder' program. 

If this is unpalatable to you, you may be interested in trying as I did  
an alternate location techique. Instead of 'Location Finder'  
local.live.com also offers users a choice to select IP location lookup. 
As discussed here in the past, IP geolocation is an imperfect art, 
dependent of the accuracy of the data in the offical IANA database ( 
Internet Assigned Numbers Authority.)  In my case, my IP address has 
shown that am in San Diego, since that's where my IP connection is 
officially terminated at the downlink center for my satellite service 
provider. I'm actually connected to the Internet via a KuBand satellite 
in the remote wilds of Northern California, a long ways away. The 
location of my dish is simply not visible to the net.  It looks, to the 
net, like I'm in San Diego, over 700 miles south.

So, you might understand that I was quite suprised and dismayed that 
Microsoft's IP lookup returned my actual location in the woods in 
Northern California !!!  Just to be sure they didn't get my address from 
my satellite service provider, I called the Network Operations Center, 
who said the location of my dish is  private, but looked up my record 
anyway,  and confirmed " Our database, and the IANA database show your 
IP address is in San Diego.  Clearly Microsoft's IP location database 
includes spooky datamined information about users' actual location that 
is not normally available by querying the publically accessible databases.

Be forewarned.

Mike

Mike Liebhold
Senior Researcher
Institute for the Future

iftf.org <http://www.iftf.org>  |   starhill.us <http://starhill.us>   | 
  starhill del.icio.us blend <http://del.icio.us/inbox/starhill_blend> 