Microsoft Wi-Fi data collection exposed so do not use IE
Just about everyone was raising the red flags when they found out that Apple’s iPhones were collecting location data. I personally think that was much ado about nothing since the data was stored in the iPhone itself and not sent on to the big bad Apple database in the clouds.
Then it was learned that Google was collecting locations and MAC (Media Access Control) addresses in its databases. Another uproar happened and Google pulled those MAC addresses from the databases.
For those of you who are unaware of what a MAC address is, let me explain. A Media Access Control address is a unique (most of the time) hardware address of your network interface on your computer.
This identifies your computer. If you have multiple network cards or connections, each one of them has a MAC address. In fact, every network device has a unique (almost) address. The first few hex digits are assigned to specific manufacturers and the sequentially assign the rest of the numbers for the address.
Here is how you find out your MAC address?
If you have a Windows or MS DOS computer (yes, I have one of those that still runs MS DOS) at the command prompt type ipconfig /all and press the return key. You will see something like xx-xx-xx-xx-xx-xx where the “x”s are hex digits. Enter the numbers in the program with”:”s in between the hex digits instead of the minus signs.
If you have a Linux system type ifconfig –a and look for the eth0 or eth1 network cards. You will find the xx-xx-xx-xx-xx-xx where the “x”s are hex digits. That is your MAC address.
For Mac users, open the System Preferences and click on Network. Double-click on either of the network choices; one if for wireless the other for hard-wired.
I say “almost” and “most of the time” because you can find programs that will change your MAC address and those programs are mostly used for hacking purposes.
Now, a security researcher at Stanford University in California has identified a Microsoft database that will give you locations where your computer has been.
Elie Bursztein presented his findings on Google at last year’s Black Hat security meeting. This year he is presenting his findings with Microsoft’s database.
Elie has had contact with Microsoft, and evidently Microsoft thinks it is no big deal. So he published a proof of concept and used Microsoft’s own API’s to access their database which is open to the public.
The API is the Live Location API that is used in Internet Explorer. It is also known as the W3C Geolocation API.
So, not fearing anything in the hi-tech world of broadband and its various access methods, I decided to find out where my laptop has been traveling. I went to Elie Bursztein’s proof of concept page and entered my MAC addresses of my laptop.
It found a match and gave me the nice map you see in the picture. If you notice, the location is in the Chicago area.
Very interesting! My laptop has never been to Chicago, not even on an airplane stopover, and was definitely not manufactured there. Someone evidently used my MAC address to try something funny. Remember, I told you your MAC address could be changed?
Now, I was temporarily mystified that I could not see my local string of eateries I visit with my laptop for some libations and web browsing. AHA! I do not use Microsoft’s Internet Explorer!
I still see no reason to worry about Microsoft having your MAC address on file. It could actually be of good use to you. After all, no one knows your MAC address but you.
Yes you could be tracked if the police bust you for a crime and you used IE to browse the web at the crime site. My word of advice: don’t take your laptop or smartphone and browse the web when you are performing an illegal act.
It’s as simple as that.
One more word of advice: if you are that paranoid, just don’t use IE.
