Some free source code about WiFi and cell communications to look at - what could be better!  But does it prove that Microsoft isn't doing anything it shouldn't? Not really...

Following on from Google's continuing problems with privacy issues over its collection of WiFi data as part of its Street View data gathering, and Apple's problem with being accused of tracking iPhone users, Microsoft has decided to take the amazing step of making the source code of its WiFi software available to download.

The basic idea is that Microsoft has set up some special phones that they drive around collecting data on the WiFi access points and cell towers they encounter. This data is used to provide location services for other phone users who connect via these access points. 

While others are making a lot of the privacy aspects of this move, notice that this is a rare opportunity to actually take a look at some low-level Windows Phone 7 code.

The managed driving data collection software performs the survey using standard interfaces and protocols for access the cell tower, WiFi access point and GPS.  It is also claimed that the code doesn't intercept wireless data from consumers' computers or phones. A blog post says:

The software neither observes nor records any information that may contain user content transmitted over a network. At Microsoft, we place a priority on privacy and take steps to help ensure that our products and services protect consumers’ information. Sharing this source code, and developing Windows Phone 7 with privacy in mind, is part of that commitment.

And the key thing is that you can now verify that this is all true. The problem is that it is mixed managed and C++ COM program and making sense of it is a tough time consuming assignment for any programmer. The code is hardly transparent and obvious.

This said, it is a fascinating read that provides lots of code examples. It's not complete and it is difficult to work out what COM libraries are actually missing. It also isn't an easy read even if you do know C++ and COM. There are lots of comments and the quality of the code is quite good even if you think that it is a horrible mess - this is how COM used to be!

You can get an idea of what it does from the statement that attempts to convince the reader that it isn't doing anything sneaky:

The software only detects management frame subtypes called probe request frames, which do not contain any personal user content. The software does not observe or collect any data frame packets, which are the type of Wi-Fi packets that may contain user content transmitted over a network nor does it attempt to connect to any open networks. The software only observes information that is publicly broadcasted by the Cell tower, Wi-Fi access point and GPS satellites. The information we collect includes elements like latitude, longitude, direction, speed, mobile country code, mobile network code, location area code, cell identifier and only specific Wi-Fi information such as BSSID (i.e, the Media Access Control aka MAC address), signal strength, and radio type.

This is a great educational resource!

But it really isn't much of a reassurance about security.

Why?

Imagine that we have the opinion on the source code of the best experts on WiFi, cell phone and GPS protocols and their conclusion is that this code is, from a privacy standpoint, benign. 

Now consider - how does Microsoft prove that the code in the data collection operation is indeed the code published and so approved? How does it prove that there aren't hidden data collection options in any parts of the code that haven't been made public?

This is another empty gesture and clearly so for anyone who has the knowledge to understand that software is just that soft, changeable and not fixed.

But thanks, Microsoft, there is a lot of good reading in your attempt to convince the non-techie world that you are squeaky clean.

Now if only we could think of a similar way to get large chunks of the Windows, or Windows Phone 7 say, source code to be released...

More information:

Blog post announcing the code download

Source code download