A member of MSN’s Virtual Earth team was compelled to post a response to security concerns raised over the Windows Live Local “Locate Me” feature.
Mike Liebhold was astonished to find just how well “Locate Me” works in Windows Live Local. Liebhold’s IP address shows him being in San Diego, where his IP connection for satellite service terminates, for a typical geolocation IP lookup.
Microsoft, however, appears to have crafted “Locate Me” to work very, very accurately (spacing added for clarity):
(Y)ou might understand that I was quite surprised and dismayed that Microsoft’s IP lookup returned my actual location in the woods in Northern California !!!
Just to be sure they didn’t get my address from my satellite service provider, I called the Network Operations Center, who said the location of my dish is private, but looked up my record anyway, and confirmed “Our database, and the IANA database show your IP address is in San Diego.”
Clearly Microsoft’s IP location database includes spooky datamined information about users’ actual location that is not normally available by querying the publicly accessible databases.
Chandu Thota, SDE Lead for Virtual Earth, wrote a response to those concerns, which have found their way onto some heavily trafficked sites (emphasis from original):
When you visit the Windows Live Local and hit “Locate Me”, Location Finder sends signal strengths and MAC addresses of nearby wireless access points and standard HTTP request information such as your IP address to the Microsoft online location service. The online service calculates the user’s location from a database of known access point locations and returns an approximate longitude and latitude. If this method fails, other methods may be used such as IP address lookup.
During this process no personal information such as your name or contact information is sent to Microsoft by Location Finder service.
Add to document.write(“Del.icio.us”) | Yahoo My Web
David Utter is a staff writer for Murdok covering technology and business.
