Would you say the same thing if I set up an IMSI catcher at your home and geolocated the other radio beacons broadcasting from your home, or would that be creepy?
You might jump to say "stingrays are illegal so that's different" and in some ways, you'd be right. But it's also the case that the average user's expectations about how their wireless devices will be systematically located by third parties are better codified into law and policy in that case than in this one.
I don't understand your comparison. An SSID broadcast is meant to be public information. An IMSI catcher actively exploits weaknesses of implementations to MITM non-public connections. IMSI catchers do not catch public information at all, they break into meant-to-be-private connections.
the only thing most people most of the time mean when they set up wi-fi is that they want to be able to connect their ipads and chromebooks to the internet at home.
IMSI catchers intercept signals broadcasted from radios that commonly transit across public property. my point was that we routinely consider things other than protocol specs in determining whether and when signals should be collected.
> the only thing most people most of the time mean when they set up wi-fi is that they want to be able to connect their ipads and chromebooks to the internet at home.
These are not the people I'm arguing against, and I mentioned that in my first post. People should definitely be educated about the privacy consequences of their equipment. I'm arguing against people who do know that an SSID broadcast is a public radio signal they themselves transmit, and are still arguing that other parties (Google, Mozilla) should be responsible for their privacy regarding that signal instead of themselves.
> my point was that we routinely consider things other than protocol specs in determining whether and when signals should be collected.
A radio signal that is explicitly meant to be public should be public information. A radio signal that is meant to private, but can be made public by exploitation or specialized instrumentation should not be public information almost all of the time. If the meant-to-be-public signal can be collected en masse by an app such as Mozilla's, then there's really no way people should feel any expectation of privacy in this regard.
Unless Google or Mozilla affirmatively knows that a given user understands the implications of broadcasting their SSID, I don't think it's reasonable to assume that everyone still broadcasting their SSID is doing so deliberately in the informed-consent for mapping sense of the word. That doesn't make Google or Mozilla bad...I just don't think it's a reasonable assumption for organizations to make.
It's hard for me to think of ways these organizations could reliably know whether people don't mind their SSID being mapped or used for related purposes without asking them.
You might jump to say "stingrays are illegal so that's different" and in some ways, you'd be right. But it's also the case that the average user's expectations about how their wireless devices will be systematically located by third parties are better codified into law and policy in that case than in this one.