A DEFINING CHARACTERISTIC of the web has been that its addresses bear little or no relation to physical location. All addresses are effectively next door, their distance rendered irrelevant by the speed of electronic communications.
There was some unease therefore when a company called Skyhook Wireless began sending cars round the streets of towns and cities across the world logging the positions of WiFi routers, as identified by the Media Access Control (MAC) address they send on request to passing devices.
This mapping of what are essentially hardware IDs looked suspiciously like pinning the web down to a street directory. Critics feared an onslaught of location-specific spam and breaches of privacy caused, for instance, by the exposure of the physical origin of emails.
The Skyhook data is already being widely used for geolocation. A module on a mobile device notes the MAC addresses of nearby routers, together with their signal strengths, and sends the data to a Skyhook server that returns the GPS co-ordinates.
Skyhook sees its system as complementary to GPS because it works where satellite signals might not be available, such as in city streets and inside buildings. It can be also be used on its own in urban areas, as in the Eye-Fi card, which location-stamps images taken by a digital or video camera.
The system is used on Apple's Iphone and Itouch, and is built into the Mac's latest Snow Leopard operating system, though this currently uses it only for keeping the system time in sync with local time. Dell will bundle the system with its high-end mobiles. Skyhook has just launched a module it calls Maps Booster, which works with existing Symbian apps such as Nokia Maps and looks well worth the £3 download
A neat aspect, from Skyhook's perspective, is that once the initial surveys have been completed the system is self-sustaining, even self-improving. Every time a client device does a look-up it is also updating the Skyhook database by reporting local access points, including new ones. This also means that the more the system is used the more accurate it will become.
So is this a cause for concern? Ted Morgan, co-founder and chief executive officer of Skyhook, says that when people first hear about the system they think it works in some way like a reverse telephone directory, allowing you to be identified by a number.
"But a MAC address is an arbitrary number broadcast through the air and I am just saying where I saw it. I have no idea of who is using it, or what they do, or where they live. I just know there is a certain wireless signature at that spot," he said during a visit to London.
Morgan pointed out that the MAC address collected by Skyhook is that of the router's WiFi module. The router itself has another MAC address, which is the one associated with the IP address used for communications with the world wide web.
Skyhook has every reason to prevent abuse of its system because it has to placate regulatory authorities in all the countries where it operates. Its vans are currently mapping Beijing, not a place known for being loose in such matters.
Nevertheless, it is odd that a relatively small and unknown US company probably has better data on the distribution of connected machines in many countries than their own governments. And Skyhook could be pushing the thin end of a wedge - a repressive government might find ways to use the system to track down Internet dissidents, for example, particularly if it has access to a database of all MAC addresses used by routers sold in its jurisdiction and to whom they were sold.
There has been talk on techie forums of subverting the system by spoofing MAC addresses, something most routers allow. But anomalous addresses could also invite suspicion.
Malware writers could conceivably use the system to find the location of infected machines, which might be of use to criminals. But it has also been used against criminals, with spectacular success in a number of cases. Services such as Gadgettrak, which can be used in the UK, have used it to provide police with the addresses and aerial views of buildings where stolen machines are housed, and it has even snapped photos of thieves by using on-board webcams.
Morgan is quick to point out that Skyhook itself cannot track devices. Users have to opt in to the tracking service and load a module that can be primed to report its position when stolen. But Skyhook can track the general movements of devices as they pass the 125 million routers mapped worldwide.
"I don't know anything about the people, or the machines they are using, but I know they are there checking their locations," Morgan said. "I've seen fifty billion locations over the past year or so. I can see where people are, what they are doing, what streets are busy at different times of day. At an anonymous aggregate level, I can see how the world is moving around."
A more mundane concern people have with Skyhook is the extent to which it drains batteries. Morgan claims that it is more frugal than GPS. "That can take 30 seconds to get a fix. We can do it in a tenth of a second."
And the concerns about Skyhook's geography of the Internet can be flipped on their head. Arguably the web would be a safer place if machines had physical addresses, thus hampering the conmen, dodgy dealers, hate mailers, stalkers, spammers and all the other scoundrels who thrive on its anonymity.
On the other hand, citizens' privacy is an elemental right in a free society, after all. µ
Facebook has more influence than meets the eye
Attackers could 'easily compromise' an entire company by exploiting AV security flaws
Nobody knows it, but you've got a secret smiley
Plummeting pound forces firm's hand