Removing your Wi-Fi network from Google's map

If you're worried about the street address of your home Wi-Fi hotspot being public, Google has a solution.

The Mountain View, Calif.-based company late today announced a way for the owners of Wi-Fi networks to be removed from Google's crowdsourced geolocation database, which it reworked this summer after CNET drew attention to privacy concerns.

It's simple: all you need to do is append "_nomap" to the name of the Wi-Fi network. So "theharrisons" becomes "theharrisons_nomap".

"As we explored different approaches for opting-out access points from the Google Location Server, we found that a method based on wireless network names provides the right balance of simplicity as well as protection against abuse," Peter Fleischer, Google's global privacy counsel, wrote in a blog post. "Specifically, this approach helps protect against others opting out your access point without your permission."

Wi-Fi-enabled devices, including access points but also PCs, iPhones, iPads, and Android phones, transmit a unique hardware identifier, called a MAC address, to anyone within a radius of a few hundred feet.

Android devices collect a subset of these MAC addresses and beam them back to Google to be used in the company's geolocation database--a useful feature that allows faster location fixes for cell phones. (Apple, Microsoft, and Skyhook Wireless operate similar databases but do not provide an opt-out mechanism.)

The privacy risks arise when a device's location can be tracked. CNET confirmed in July that Google's Street View cars recorded not just the locations of Wi-Fi access points, but also the addresses of some laptops, cell phones, and other devices.

Android's crowdsourced database also can track locations of some Wi-Fi devices, including those in use as a wireless access point. One device spotted in a San Francisco coffeehouse showed up at a street address in an Atlanta suburb a few days later, for instance. Google took steps to curb that feature in response to a CNET article in June.

Today's announcement is meant to address one remaining privacy issue: what if you don't want the MAC address and street address of your Wi-Fi router to be in Google's database at all? (Someone fleeing an abusive spouse, for instance, may not want their new, geolocated street address to be recorded.)

This particular opt-out mechanism came in response to pressure from European officials. The Dutch Data Protection Authority ruled in August that "Google is obliged to offer users the option to opt-out, so they can effectively object to the processing of data on their Wi-Fi routers at all times and free of charge."

Google had proposed the "_nomap" suffix at the time, the Dutch government said.

A few weeks later, in mid-September, Google's Fleischer wrote in a blog post that: "At the request of several European data protection authorities, we are building an opt-out service that will allow an access point owner to opt out from Google's location services. Once opted out, our services will not use that access point to determine users' locations."

Ashkan Soltani, an independent researcher who probed Google's database, said "_nomap" was an awkward way to opt-out.

"While this is better than having to discover and then register your access point's Wi-Fi MAC address into a central database somewhere, it's still a bit much for those people that don't know how to configure their router -- all the open Linksys access points," Soltani said.

Last updated 11:17 p.m. PT with response from Ashkan Soltani

Disclosure: McCullagh is married to a Google employee not involved with this issue.