Mozilla Stumbler 1.0 (opens in new tab)

Congratulations; I hope this gives us a safe, effective, open location service.

The privacy policy[1] could be clarified for less technical readers, and even for others. I infer that collected data is anonymous because you write,

1) We receive publicly observable data about WiFi access points and cell towers around you, your estimated latitude and longitude, and the date -- Not associated with anything else, that may be anonymous data -- though you could guess my home network or home location by the most common/strongest wifi signals. If you track data by submitter, you also would have a good idea of their travels.

2) we may receive certain temporary data such as your IP address. This data is deleted after being used as follows ... -- You seem to be implying that you do receive non-anonymous data, and delete it after innocuous uses.

3) You can send us data anonymously or under a nickname -- Which implies anonymity is possible.

If what I infer is correct, why not restate it directly and unequivocally with something like the following:

Unless you choose otherwise, the data you send will be anonymous and not associated with you in any way. We will not record who you are or what phone sent the data. We do receive some non-anonymous data, but we delete it within X hours/days after using it as follows ...

And add more detail after that.

[1] https://location.services.mozilla.com/privacy

EDIT: Clarify a bit, and a correction to #1

Google provides an opt-out. They will ignore your AP if you append "_nomap" to the end of your SSID.

Does Stumbler also support this? If not, why not?

Ref: https://support.google.com/maps/answer/1725632?hl=en

edit: Found the answer to my own question. Yes, they do support "nomap": https://github.com/mozilla/MozStumbler/issues/149

I used to use it a lot a few months back "mapping" my town and I had noticed that it would go at full strength even when I was staying in the same place for hours. Would it be possible to gradually slow down the collections when it detects that the user isn't moving?

I see there is a leaderboard, so users have a nick, but can we contribute anonymously without signing up?

Also, why do you need access to my photos?

Cool stuff, always interesting to see a new entrant to the location services field, especially an open one.

One question though. Will ordinary users be able to directly query the database via the API? i.e. if you want to geolocate a set of Access points and you have their MAC addresses will this service provide a direct supported API for retrieving their location?

The documentation on the API page implies that this isn't really a supported application?

Specifically

"If you are developing a native application or library for a desktop operating system or Android, you can in principle use this service via its HTTPS API. Please refer to the development documentation for the details. On most other operating systems, you cannot access the required cell and WiFi network information required to call the service API. "

and

"At this stage the service is open to anyone, who wants to contribute back to the service and applications supporting the Mozilla mission. "

seem a bit vague.

btw, the Mozilla location database is currently used to power geolocation on the well-publicized Firefox OS "$25 smartphone"! That device does not have GPS hardware so all geolocation requires rely on Mozilla's location service and GeoIP.

Any plans to gamify/add user incentives for "Stumbling?"

The NOGAPPS project lists Mozilla Location Service support as an upcoming feature (http://forum.xda-developers.com/showthread.php?t=1715375).

You can test the Mozilla Location Service with Firefox on your desktop by changing your "geo.wifi.uri" about:config pref to:

  https://location.services.mozilla.com/v1/geolocate?key=test

Then try using a geolocation service like Google Maps or http://html5demos.com/geo . If it can't find your location, check Mozilla's zoomable coverage map to see if your neighborhood is covered: https://location.services.mozilla.com/map . If not, please consider installing Mozilla Stumbler to help map it. :)

I can't find the post, but I remember reading that they'd rather not expose full raw data because of privacy concerns — there could be a way to mine this data to de-anonymize users.

I'd love to play with the raw data too, but I understand their concern. So far many "anonymous" large data dumps ended up exposing too much (e.g. recently NY taxi data).

A stumbler user's identity or location could be revealed by tracing routes from published GPS data or maps. In areas without much stumbler data coverage, you can see clear routes along highways and some residential streets.

Owners of Wi-Fi access points, including mobile phones with sharing Wi-Fi, may not want their unique BSSID/MAC address and location published. This is not exactly comparable to the Google Wi-Fi case in Germany. In addition to recording BSSID/MAC addresses, Google was (inadvertently?) logging Wi-Fi payload data that included cleartext user data.

btw, here's a zoomable map of the Mozilla Location Service's data coverage. Please help fill in the blanks! :)

https://location.services.mozilla.com/map

See my post below for some answers; I was writing as you posted yours ...

YES.

We caught that bug just before release. :)

https://github.com/mozilla/MozStumbler/issues/1137

I have a LTE Nexus 7, with no SIM, so it is basically a WiFi only, and yes, it works. I couldn't install it from F-Droid and I had to use an apk from github, but it worked like a charm and it auto-updates.

It works on my WiFi-only Nexus 7.

The server code is on GitHub, but I don't know offhand where the offline geolocation scripts are. The Stumbler app's map will show your phone's GPS position (blue dots) and Mozilla Location Service's estimate (red dots) so you can compare the difference.

https://github.com/mozilla/ichnaea

We store signal strength for possible future use, but our current location algorithms don't use it. Wireless signal strength is notoriously flaky. From some reports I've read, signal strength is more highly correlated with the user's orientation (i.e. is their body blocking the signal to the source) than with distance to the source.

Wardriving is also the first thing I thought off (Wigle also being my app of choice). Massive co-ordinated wardriving. I can't help but feel that this is a bad idea.

I'm going to try getting an F-Droid build out today, but we've got some build issues with the fdroidserver. In any case - it will get to F-Droid real-soon-now.

I believe so. crankycoder1975 was asking for some pointers on #fdroid irc a few hours back to help build 1.0 for F-Droid. Hopefully any issues will get ironed out. While I appreciate my siblings comment about the app auto-updating - I'd rather have apps managed by a central area (F-Droid on Android, package managers on desktop Linux).

You can already auto-update from within MozStumbler itself.

It won't, see code here -> https://github.com/mozilla/MozStumbler/blob/dev/android/src/...

The first check is "if we don't get a SSID, we don't collect". That's what happens with hidden networks.

Correct me if I'm wrong, but I'm pretty sure hidden SSID's do not broadcast their network name and thus will not be found by a scanner.

Correct me if I'm wrong, bug I believe the issue with Googles wifi collection was because they had code which intentionally read (and stored?) all data being transmitted over open wifi networks.

It's the same thing, but Mozilla is cool and everything they do is good :), while Google is evil <:[

Remember that public opinion is an extremely mutable thing [1].

[1] Henrik Ibsen

I made a Firefox OS port: https://github.com/clochix/FxStumbler But it was my first Firefox OS app, the code is awful and it would need a complete rewrite. Nevertheless, if you have a FxOS device, don't hesitate to try this port and give me some feedback.