Google Says It Mistakenly Collected Wi-Fi Data While Mapping 215
Even if Google says there's nothing to worry about, newviewmedia.com writes, the company "said it would stop collecting Wi-Fi network data from its StreetView cars, after an internal investigation it conducted found it was accidentally collecting data about websites people were visiting over the hotspots.
From the WSJ article: 'It's now clear that we have been mistakenly collecting samples of payload data from open [i.e. non-password-protected] Wi-Fi networks, even though we never used that data in any Google products.'"
Re:I use Google a lot but... (Score:4, Informative)
Looks like you never used a sniffer (like tcpdump) before...
The accident is leaving off the filter that restricts the traffic you capture...
Try it on a machine you ssh into and you will know what I mean...
Re:I use Google a lot but... (Score:5, Informative)
AP information is packet data (they're called beacon frames). Looking for beacon frames is a lot more effective at finding APs on the move than using whatever built-in scan feature your card drivers have. They probably had a SNAFU and forgot to filter out data packets in their capturing setup, instead storing everything that hits the antenna (or some engineer didn't realize it would be an issue).
Re:Hey, (Score:4, Informative)
Sure, and your sister was asking for it with that dress she was wearing, right?
Fortunately, most of the world is enlightened enough to realise that such statements are absurd, and just because someone is vulnerable to something unpleasant that does not make it their fault if someone else does that unpleasant thing to them.
FWIW, the actions described would probably be criminal and carry jail time if they occurred in the UK (e.g., under the Wireless Telegraphy Act 2006).
Re:Hey, (Score:5, Informative)
I disagree. An open network is not an invitation to join it and use it (associate), but an unencrypted network is an invitation for anyone to sniff your traffic passively. This would be like satellite TV providers sending their feeds unencrypted and then complaining that non-subscribers are watching their channels. What do you expect if you're broadcasting your data on the air in the clear into public space?
Granted, sniffing everything is not nice of Google (and probably an unintended screwup), but you really shouldn't expect that people won't do it.
Re:Hey, (Score:4, Informative)
That word does not quite mean what you think it means.
An MITM attack is where you actively intercept a point to point connection, negotiating a secure connection with each end-point while pretending to be the other. It is not feasible to do this to a wifi connection because you can't block the real end-points' reception of each other.
This is just passive sniffing. You can do it on any wifi network, open or not, although you can obviously only read unencrypted data.
Re:Meanwhile Skyhook makes no statement (Score:2, Informative)
What evidence do you have that Google was, other than Google's own statement?
Why is more evidence necessary?
If Google made no statement
but they did
Kismet Does This Automatically (Score:5, Informative)
I wonder if they were using "off the shelf" open source tools to collect this information.
By default Kismet will log the pcap file, gps log, alerts, and network log in XML and plaintext.
http://www.kismetwireless.net/documentation.shtml
It is entirely possible that they were using off the shelf open source tools and this log type was simply not turned off in the configuration file.
Re:Hey, (Score:3, Informative)
Re:Hey, (Score:4, Informative)
I've personally been to Google Boston and Mountain View and not only was I not searched or even asked if I had a camera, I was told explicitly at Mountain View that photography was permitted outdoors and to please ask first indoors. I was asked not to take pictures in Boston, but again, not searched or asked for camera.
I was at Mountain View about two years ago and at Boston two months ago.
Re:Hey, (Score:3, Informative)
The law I'm thinking of [opsi.gov.uk] is actually written rather carefully. It does not criminalise all networking or monitoring broadcasts that would normally be intended for public use. It does criminalise either intentionally obtaining certain types of information or disclosing such information even if it was obtained unintentionally.
I suspect even Google's lawyers would have difficulty arguing that employees of one of the most high-tech companies in the world, driving around in a specially equipped vehicle, with the goal of monitoring and recording transmissions from other people's wireless networks, storing personal messages or other sensitive information, did not breach the "intentionally obtaining" part of the Act.
Re:Excuse (Score:4, Informative)
Since they made up an excuse before they were caught they're in the clear on this one.
No, they didn't, so no, they aren't. This behaviour was revealed when German authorities asked to audit the data the company's Street View cars gathered [bbc.co.uk].
Re:Kismet Does This Automatically (Score:3, Informative)
If this were the case, the data captured would likely be of little to no use by anybody. Kismet constantly hops channels and whatever data is being sent in the clear on a specific channel for a fraction of a second will be dumped to a pcap file. At most you may expose the mac addresses of machines connected to the AP's network and little fragments of communication, but only for small fractions of a second.
Re:Google is great and all... (Score:1, Informative)
As far as I can tell, Google posted this message without being forced to by any government.
That's incorrect.
"The issue came to light after German authorities asked to audit the data the company's Street View cars gathered as they took photos viewed on Google maps."
http://news.bbc.co.uk/1/hi/technology/8684110.stm