Microsoft had been trying to build a location database, similar to what Google had done using street view cars, consisting of data based on publicly broadcast MAC addresses with their corresponding street address. This data includes your phones and laptops. That’s fine right? No, not really, Microsoft didn’t secure the database and is available to anyone on the web who cares.
Microsoft is gathering data from Windows Phone 7 handsets that connect to wi-fi networks, along with cars that go around sniffing out hotspots, and logging it all here. I don’t know why by anyone can get access to the data. Cnet did a self test of various MAC address of its Windows devices and found themselves with complete location history.
How it Works: iPhone and Android devices automatically change their Wi-Fi MAC address when acting as an access point. Android devices appear to choose a MAC address beginning with 02:1A.
Google’s database doesn’t include the MAC address 02:1A:11:F2:12:FF. But Microsoft’s does, and reports that it is located in the Embassy of Montenegro on New Hampshire Avenue in Washington, D.C.
Ugly Part: Since you might have used your smartphone’s Tether Wifi hotspot, its highly possible that your data has been captured by Microsoft and available to public. If an attacker knows your MAC address, he already knows your mobile activity on the map. Story doesn’t end here, Microsoft still doesn’t comment on whether they collect additional data on the WP7 devices like the devices connected to the network. What this means is that they might have also captured all phones, laptops connected to those Wifi networks. So If you’ve ever connected to a Wifi (which you often do), your location might be already public to everyone.
“To provide location-based services, Microsoft collects publicly broadcast cell tower IDs and MAC addresses of Wi-Fi access points via both user devices and managed driving. If a user chooses to use their smartphone or mobile device as a Wi-Fi access point, their MAC address may also be included as a part of our service. However, since mobile devices typically move from one place to another they are not helpful in providing location. Once we determine that a device is not in a fixed location, we remove it from our list of active MAC addresses.”
Ugliest part of the whole story is that there’s no way to “Opt-out”, you can’t prevent your MAC address from being added.
How to check if your location is Public or not
Go to this website and enter your mac address, if you see your location info, go and fight with them.
Update: 31st July – Microsoft seemed to have fixed the problem [via]