Forgot your password?
typodupeerror
Google Privacy Wireless Networking Your Rights Online

Google Says It Mistakenly Collected Wi-Fi Data While Mapping 215

Posted by timothy
from the just-accidentally-of-course dept.
Even if Google says there's nothing to worry about, newviewmedia.com writes, the company "said it would stop collecting Wi-Fi network data from its StreetView cars, after an internal investigation it conducted found it was accidentally collecting data about websites people were visiting over the hotspots. From the WSJ article: 'It's now clear that we have been mistakenly collecting samples of payload data from open [i.e. non-password-protected] Wi-Fi networks, even though we never used that data in any Google products.'"
This discussion has been archived. No new comments can be posted.

Google Says It Mistakenly Collected Wi-Fi Data While Mapping

Comments Filter:
  • by iserlohn (49556) on Friday May 14, 2010 @07:21PM (#32214744) Homepage

    Looks like you never used a sniffer (like tcpdump) before...

    The accident is leaving off the filter that restricts the traffic you capture...

    Try it on a machine you ssh into and you will know what I mean...

  • by marcansoft (727665) <hector@marcanso f t . c om> on Friday May 14, 2010 @07:23PM (#32214770) Homepage

    AP information is packet data (they're called beacon frames). Looking for beacon frames is a lot more effective at finding APs on the move than using whatever built-in scan feature your card drivers have. They probably had a SNAFU and forgot to filter out data packets in their capturing setup, instead storing everything that hits the antenna (or some engineer didn't realize it would be an issue).

  • Re:Hey, (Score:4, Informative)

    by Anonymous Brave Guy (457657) on Friday May 14, 2010 @07:26PM (#32214800)

    Sure, and your sister was asking for it with that dress she was wearing, right?

    Fortunately, most of the world is enlightened enough to realise that such statements are absurd, and just because someone is vulnerable to something unpleasant that does not make it their fault if someone else does that unpleasant thing to them.

    FWIW, the actions described would probably be criminal and carry jail time if they occurred in the UK (e.g., under the Wireless Telegraphy Act 2006).

  • Re:Hey, (Score:5, Informative)

    by marcansoft (727665) <hector@marcanso f t . c om> on Friday May 14, 2010 @07:27PM (#32214804) Homepage

    I disagree. An open network is not an invitation to join it and use it (associate), but an unencrypted network is an invitation for anyone to sniff your traffic passively. This would be like satellite TV providers sending their feeds unencrypted and then complaining that non-subscribers are watching their channels. What do you expect if you're broadcasting your data on the air in the clear into public space?

    Granted, sniffing everything is not nice of Google (and probably an unintended screwup), but you really shouldn't expect that people won't do it.

  • Re:Hey, (Score:4, Informative)

    by Arancaytar (966377) <arancaytar.ilyaran@gmail.com> on Friday May 14, 2010 @07:44PM (#32214978) Homepage

    man-in-the-middle attack

    That word does not quite mean what you think it means.

    An MITM attack is where you actively intercept a point to point connection, negotiating a secure connection with each end-point while pretending to be the other. It is not feasible to do this to a wifi connection because you can't block the real end-points' reception of each other.

    This is just passive sniffing. You can do it on any wifi network, open or not, although you can obviously only read unencrypted data.

  • by Jugalator (259273) on Friday May 14, 2010 @07:45PM (#32215000) Journal

    What evidence do you have that Google was, other than Google's own statement?

    Why is more evidence necessary?

    If Google made no statement

    but they did

  • by docstrange (161931) on Friday May 14, 2010 @07:47PM (#32215016) Homepage

    I wonder if they were using "off the shelf" open source tools to collect this information.

    By default Kismet will log the pcap file, gps log, alerts, and network log in XML and plaintext.
    http://www.kismetwireless.net/documentation.shtml

    It is entirely possible that they were using off the shelf open source tools and this log type was simply not turned off in the configuration file.

  • Re:Hey, (Score:3, Informative)

    by tagno25 (1518033) on Friday May 14, 2010 @07:54PM (#32215074)
    A MITM can be done on WiFi, but it requires arp poisoning.
  • Re:Hey, (Score:4, Informative)

    by calmofthestorm (1344385) on Friday May 14, 2010 @08:34PM (#32215460)

    I've personally been to Google Boston and Mountain View and not only was I not searched or even asked if I had a camera, I was told explicitly at Mountain View that photography was permitted outdoors and to please ask first indoors. I was asked not to take pictures in Boston, but again, not searched or asked for camera.

    I was at Mountain View about two years ago and at Boston two months ago.

  • Re:Hey, (Score:3, Informative)

    by Anonymous Brave Guy (457657) on Friday May 14, 2010 @08:55PM (#32215674)

    The law I'm thinking of [opsi.gov.uk] is actually written rather carefully. It does not criminalise all networking or monitoring broadcasts that would normally be intended for public use. It does criminalise either intentionally obtaining certain types of information or disclosing such information even if it was obtained unintentionally.

    I suspect even Google's lawyers would have difficulty arguing that employees of one of the most high-tech companies in the world, driving around in a specially equipped vehicle, with the goal of monitoring and recording transmissions from other people's wireless networks, storing personal messages or other sensitive information, did not breach the "intentionally obtaining" part of the Act.

  • Re:Excuse (Score:4, Informative)

    by Anonymous Brave Guy (457657) on Friday May 14, 2010 @09:54PM (#32216164)

    Since they made up an excuse before they were caught they're in the clear on this one.

    No, they didn't, so no, they aren't. This behaviour was revealed when German authorities asked to audit the data the company's Street View cars gathered [bbc.co.uk].

  • by detritus. (46421) on Saturday May 15, 2010 @03:41AM (#32217942)

    If this were the case, the data captured would likely be of little to no use by anybody. Kismet constantly hops channels and whatever data is being sent in the clear on a specific channel for a fraction of a second will be dumped to a pcap file. At most you may expose the mac addresses of machines connected to the AP's network and little fragments of communication, but only for small fractions of a second.

  • by Anonymous Coward on Saturday May 15, 2010 @04:03AM (#32218008)

    As far as I can tell, Google posted this message without being forced to by any government.

    That's incorrect.

    "The issue came to light after German authorities asked to audit the data the company's Street View cars gathered as they took photos viewed on Google maps."

    http://news.bbc.co.uk/1/hi/technology/8684110.stm

Possessions increase to fill the space available for their storage. -- Ryan

Working...