Forgot your password?
typodupeerror
Google Privacy Wireless Networking Your Rights Online

Google Says It Mistakenly Collected Wi-Fi Data While Mapping 215

Posted by timothy
from the just-accidentally-of-course dept.
Even if Google says there's nothing to worry about, newviewmedia.com writes, the company "said it would stop collecting Wi-Fi network data from its StreetView cars, after an internal investigation it conducted found it was accidentally collecting data about websites people were visiting over the hotspots. From the WSJ article: 'It's now clear that we have been mistakenly collecting samples of payload data from open [i.e. non-password-protected] Wi-Fi networks, even though we never used that data in any Google products.'"
This discussion has been archived. No new comments can be posted.

Google Says It Mistakenly Collected Wi-Fi Data While Mapping

Comments Filter:
  • Hey, (Score:5, Insightful)

    by Threni (635302) on Friday May 14, 2010 @06:09PM (#32214602)

    they're not called `open networks` for nothing. Tighten up, or shut up. Oh, and postmen read your postcards too.

    • An open network, much like an unlocked door or a drunkenly passed out girl is not an invitation for invasion. Granted like most people here I use WPA and don't even broadcast my AP. I agree with you that it is stupid practice, but that doesn't make intrusion morally right.
      • Re:Hey, (Score:4, Interesting)

        by dougisfunny (1200171) on Friday May 14, 2010 @06:25PM (#32214792)

        Well, this is more akin to a drunkenly passed out girl, who passed out on the front lawn, naked, being photographed by the camera's on the street view vehicle.

      • Re:Hey, (Score:5, Informative)

        by marcansoft (727665) <hector@nOspAM.marcansoft.com> on Friday May 14, 2010 @06:27PM (#32214804) Homepage

        I disagree. An open network is not an invitation to join it and use it (associate), but an unencrypted network is an invitation for anyone to sniff your traffic passively. This would be like satellite TV providers sending their feeds unencrypted and then complaining that non-subscribers are watching their channels. What do you expect if you're broadcasting your data on the air in the clear into public space?

        Granted, sniffing everything is not nice of Google (and probably an unintended screwup), but you really shouldn't expect that people won't do it.

        • Re:Hey, (Score:4, Interesting)

          by khchung (462899) on Saturday May 15, 2010 @02:24AM (#32217892) Journal

          but an unencrypted network is an invitation for anyone to sniff your traffic passively.

          So you are OK if, in a restaurant, other patrons eavesdrop and record your conversations with your SO/close friend? It is ok to do so in a public restaurant, right?

          Would you also be OK for your neighbor to eavesdrop and record the noises coming out from your house, e.g. you arguing with your SO, or whatever noise coming out of the master bedroom at night? Even though they may need a sensitive microphone or a big parabolic dish to do so, from across the street to your house?

          After all, not talking in codes or installing noise absorbing wall in your house is an invitation for anyone to passively listen to your conversations, right? What do you expect if you are broadcasting your sound waves on the air in the clear out into public space? Right?

          • Re: (Score:3, Interesting)

            by shiftless (410350)

            So you are OK if, in a restaurant, other patrons eavesdrop and record your conversations with your SO/close friend? It is ok to do so in a public restaurant, right?

            Would you also be OK for your neighbor to eavesdrop and record the noises coming out from your house, e.g. you arguing with your SO, or whatever noise coming out of the master bedroom at night? Even though they may need a sensitive microphone or a big parabolic dish to do so, from across the street to your house?

            After all, not talking in codes or

      • AFAIK in many countries (such as the UK) it is not necessarily a crime to enter through a unlocked door.

        In the case of wi-fi, some people leave theirs deliberately open.

        It is also very easy for people to accidentally connect to the wrong network.

    • Re:Hey, (Score:4, Informative)

      by Anonymous Brave Guy (457657) on Friday May 14, 2010 @06:26PM (#32214800)

      Sure, and your sister was asking for it with that dress she was wearing, right?

      Fortunately, most of the world is enlightened enough to realise that such statements are absurd, and just because someone is vulnerable to something unpleasant that does not make it their fault if someone else does that unpleasant thing to them.

      FWIW, the actions described would probably be criminal and carry jail time if they occurred in the UK (e.g., under the Wireless Telegraphy Act 2006).

      • Re: (Score:2, Interesting)

        by KrugalSausage (822589)
        Ah, the thought of comparing a postman reading mail to rape. I wonder what moral relativism will look like for my grandchildren. Oh, and in the UK they arrest you for just about anything these days. I'm sure you know about the guy arrested for saying homosexuality is a sin? http://www.nydailynews.com/news/world/2010/05/03/2010-05-03_gay_cop_arrests_preacher_for_saying_homosexuality_is_a_sin.html [nydailynews.com]
        • Well, firstly, I wasn't talking about the postman reading mail. But in any case, the principle of saying that someone vulnerable to harm is not automatically at fault if someone else then causes that harm is exactly the same, whether we are discussing invasion of privacy, theft from an unlocked car, date rape, or murder with a sniper rifle from 500m. No-one is trying to equate the damage caused by these different offences, but the immorality of the "asking for it" defence is the same in every case.

      • Re:Hey, (Score:4, Insightful)

        by Ganthor (1693614) on Friday May 14, 2010 @11:20PM (#32217042)
        OK Here's my view. Flamebait or not.
        Google have repeatedly demonstrated some sketchy regard for privacy of others. They have to be dragged kicking and screaming to implement procedures that allow people to remove street view pictures for example.

        I agree that in pushing the envelope that they will come across some interesting social topics like the ones that they found in the first run of street view and the one they are back peddling now. And I do believe in the large amount of good Google have done for open source and data use for the public good, (Google earth and maps for instance).

        However Google repeatedly are coy whenever they think about collecting information and get asked for explanations on what they will be doing with it.

        In this instance I read a BBC article that indicated that the German government asked to review the data and that's when Google "discovered" this "gaff". It wasn't Google unprompted..

        What makes even more sobering reading is Google's own blog which admits they were intending on collecting wi-fi SSID's and MAC addresses.
        http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html [blogspot.com]
        For what purpose, I ask, would MAC addresses be collected?

        However officially Google now admit to collecting snippets of payload data which is something they expressly ruled out in the original blog. They say this was a mistake...I have my doubts.

        Think it through...They are collecting this data ... the data is 3 years old....did they just sit on it and do nothing with it?
        Surely when they started extracting the SSID's and MAC's, they would've noticed the snippets of people emails and websites they also captured...surely the tested the code and the data collected? And then what did they do...Nothing! They didn't exercise any moral judgment and raise the issue of people's privacy on unencrypted networks. They have the platform they could have won some serious brownie points by telling people how to protect themselves. But did nothing. I don't believe they held all this data and didn't know what it was.

        This is yet another example of a "mostly good" company collecting peoples personal data for reasons us mere mortals can't understand.

        I think there is a real difference between data that is public to your neighbors and then someone posting that data on a billboard in the the main street. For instance, when I'm on holiday perhaps?
        Clearly here is an example of data that is not private, in the public domain but is not intended to be distributed to strangers. That level of privacy is not covered by the current laws but needs to be in my opinion.
        I could go on but I recon half the people who started reading have stopped already;-), ... suffice to say, I'll be doing less of my searches with Google as a direct result, and ensuring my network is buttoned up even tighter the ever.
        • Re: (Score:2, Insightful)

          by Kilrah_il (1692978)

          Although some of your points are valid, I think you missed one of the most important issues regarding the entire story: Google were frank about their mess-up.
          When we have trouble with privacy with Facebook/MS/Apple/Sony/pick-your-flavor-of-the-month-privacy-issue-culprit you usually have to dig up the info yourself for weeks until you get the company to admit anything was wrong, and then you still have to raise hell to get them to fix the problem (if they can - Sony rootkit fiasco a case in point).
          Here Go

          • Re: (Score:3, Insightful)

            by pmc (40532)

            Although some of your points are valid, I think you missed one of the most important issues regarding the entire story: Google were frank about their mess-up.

            Not initially - they originally said:

            "Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data."

            This was wrong and was in response to claims that Google was collecting payload data. The thought this could be in error is ridiculous. First they'd have to accidently collect the data, and then they'd have to accidently not notice even when they went to look for it.

            They only (finally) admitted they were collecting payload

        • Re: (Score:2, Interesting)

          by espiesp (1251084)

          Ganthor Said: "For what purpose, I ask, would MAC addresses be collected? "

          Easy. Google Location Services. By tying a WiFi MAC to a GPS Coordinate you can use wifi as a sudo-gps solution. Even for devices with GPS it's faster and probably lower power to simply bark up the WiFi and look up the MAC of the hotspots around and shut it down. GPS takes a while to lock on in the best of circumstances and in dense urban areas Wifi simply rocks for this purpose.

          However, as I discovered when I moved my Wireless Route

    • by Dirtside (91468)

      You might be stupid for leaving your network open, just as you might be stupid for leaving your house door open, but it's still not okay to use either one of them without permission. I won't have a lot of sympathy for you, but I'm not going to let the intruder off the hook, either.

    • by nurb432 (527695)

      Just beacuse you leave your bedroom window open it doesn't give your neighbors the right to walk over and peek in.

    • by CAIMLAS (41445)

      Yeah, but they did it "accidentally". That's like accidentally slipping and putting your dick in someone's vagina: mapping APs and associating the traffic going through them does not occur without intention.

    • Re:Hey, (Score:5, Insightful)

      by khchung (462899) on Saturday May 15, 2010 @02:14AM (#32217852) Journal

      So I assume you would be OK if Google told you their street view cars also contained sensitive microphones, which just happened to record some dirty jokes you told your friend on the street? And now everyone can get on the street view, see your (blurred) image and click "hear recordings" to hear your dirty joke too, you would be OK with that too? After all, whatever you did in public should be ok to be publicized, right?

      Seriously, if you don't think there is something wrong with collecting local and transient data and putting them into a big permanent database correlating with other data, by a private corporation that is best known to profit from large scale datamining, you just haven't thought deeply about the issue.

      • by Zen Hash (1619759)

        Seriously, if you don't think there is something wrong with collecting local and transient data and putting them into a big permanent database correlating with other data, by a private corporation that is best known to profit from large scale datamining, you just haven't thought deeply about the issue.

        In the articles I read (linked in the story), there is only mention of capturing unnecessary data. Where did you hear anything about putting that data into a database and correlating it with other data? If something as innocuous as simply failing to filter out unnecessary captured data causes so much concern, then anything along the lines of what you described would be huge.

    • by obarel (670863)
      I leave wireless webcams in public toilets. They're not called "public" for nothing.

      An open window is not called "open" because I invite people to enter my house through it. It's called "open" because that's the adjective that describes it.

      To law enforcement agents: I don't really leave wireless webcams in public toilets. They're all wired and I'm sitting in the next cubicle. I'll come out with my hands up now.
  • by Mordok-DestroyerOfWo (1000167) on Friday May 14, 2010 @06:12PM (#32214632)
    How in the heck do you "accidentally" gather information over a wireless network? If all you want is a collection of AP's that's one thing, but any storage of packet data no matter how temporary cannot be considered an accident. It has to be planned out and executed. An accident is stubbing my toe on the nightstand, this is an invasion of privacy.
    • Since they made up an excuse before they were caught they're in the clear on this one.

    • by iserlohn (49556) on Friday May 14, 2010 @06:21PM (#32214744) Homepage

      Looks like you never used a sniffer (like tcpdump) before...

      The accident is leaving off the filter that restricts the traffic you capture...

      Try it on a machine you ssh into and you will know what I mean...

    • by marcansoft (727665) <hector@nOspAM.marcansoft.com> on Friday May 14, 2010 @06:23PM (#32214770) Homepage

      AP information is packet data (they're called beacon frames). Looking for beacon frames is a lot more effective at finding APs on the move than using whatever built-in scan feature your card drivers have. They probably had a SNAFU and forgot to filter out data packets in their capturing setup, instead storing everything that hits the antenna (or some engineer didn't realize it would be an issue).

      • by Dreadneck (982170)

        Google PR Flak: We at Google take you privacy seriously. That's why, after discovering that we had inadvertently collected 600+ GB worth of private citizens' data, we're doing the responsible thing, in this post 9/11 world, and turning the data over to the government for proper disposal.

        Yep, nothing to see here. Move along!

    • Re: (Score:3, Funny)

      by Ossifer (703813)
      I accidentally gathered the credit cards numbers of all my neighbors.... Oops.
  • by WrongSizeGlass (838941) on Friday May 14, 2010 @06:13PM (#32214644)
    They're probably worried about some legal complications ... or even German WiFi [slashdot.org] police ;-)

    New portmanteau : Google + Oops! = Goops!
    • "New portmanteau : Google + Oops! = Goops!"

      I think in this case it has already been done: (open wi-fi) + Google + Oops! = Oogle!

  • You don't "accidentally" collect samples of payload data. That's just absurd.

    • Re:Shenannigans! (Score:5, Insightful)

      by Anonymous Coward on Friday May 14, 2010 @06:22PM (#32214756)

      Yeah you do. When you say "Hey, let's see what open wi-fi stuff is out there", and tune into those signals, you pick up on some spare traffic...and if you're saving every packet you come across for later processing (like 'what open wi-fi router was this'), then yeah, it's going to get saved like the rest.

      Then they looked at the data they'd saved, said "Oh hey we didn't mean to get that stuff". Kind of like if you're logging all data that someone sends when they're connected to your open Telnet port, and you realize later that it saves their username/password along with the rest--it wasn't a conscious decision, you might not have thought about it at all, you might never plan to even look at the logs except in some specific cases, and while a workaround might take some time...you kind of drop a brick when your legal team realizes you have it.

  • by Locke2005 (849178) on Friday May 14, 2010 @06:15PM (#32214680)
    Me: "Why are there drawings all over the wall?!?"
    Her: "It was an accident! I didn't mean to do it!"
    • Re: (Score:2, Funny)

      by Anne_Nonymous (313852)

      You forgot the other appropriate responses:

      "What drawings?"
      "I didn't do it."
      "Pooh Bear did it."
      "Davy did it."
      "Davy made me do it."
      "Davy told me to do it."

      and the ever popular,

      "I love you, Daddy."

      • I prefer the Shaggy defense myself:

        What happened to the walls there? - It wasn't me.
        What about your crayons here? - It wasn't me.
        And why that ink is on your hands then? - It wasn't me.
        What kind of a weak ass defense this? - It wasn't me.

  • Skyhook competitor (Score:3, Insightful)

    by ad454 (325846) on Friday May 14, 2010 @06:17PM (#32214700)

    Now that Google has all that StreetView WiFi data, maybe they can put together a free WiFi geo-location service alternative to Skyhook:

    http://en.wikipedia.org/wiki/Skyhook_Wireless [wikipedia.org]

    With regards to privacy, Skyhook has already let the cat out of the bag.

    • by ad454 (325846)

      When I said free, I mean purely advertisement supported, since nothing Google does is really free.

    • by Fencepost (107992)
      They might be doing so. Google Maps on my Blackberry 8320 (no GPS) shows my location to within a few hundred meters in a few places, and I can think of multiple ways they could be doing so all of which involve WiFi.
    • by Matt_R (23461)

      Now that Google has all that StreetView WiFi data, maybe they can put together a free WiFi geo-location service

      Like this? [mozilla.com]

  • So if you were going to set up a wireless rig to map open wireless locations, exactly how would you 'slip' to start also mapping what traffic was passing through them? That takes a good bit more work than simply noting the SSID. Accident my ass.
    • by chill (34294)

      Actually, it takes LESS code. They probably wrote a sloppy bit of code to grab a few seconds of packets, then filtered out SSIDs later. Probably just a Perl script hooking into libpcap and dumping to a file.

  • Not before giving the US gov a copy directly or via a 3rd private party?
    The fun of "in any Google products" part is once data is collected it can be 'packaged' for 'testing' 'internally' and end up as some external snapshot prototype bundle.
    The maps with WiFi data could have been floating around different 'partners' from the point of creation until the "dispose" date.
    Just because Google pulls the plug only after been exposed does not really give any comfort.
    How does real world physical Wi Fi mapping bec
    • Well, if they packaged it and whatnot, as in removed personally identifiable information and formed bare demographics, go ahead and sell it. I'm as upset as anyone else when it comes to companies selling personal info, but there needs to be some leeway - if a company says (and can prove) that the information they're gathering is to sell but only when personal information is wiped, I don't care. Form a base demographic, it is how business is run, but you can do it while discarding personally identifiable inf

  • by retech (1228598) on Friday May 14, 2010 @06:28PM (#32214814)
    McDonald's tells everyone: "... we're sorry we made you obese..."
    Steve Jobs said: "We didn't mean to only give the artist $.01 and keep $.70 for us on iTunes."
    Haliburton mentioned: "Oil spills? We had no idea this could happen."

    To trust a company with anything is just stupid. Lock up your doors (or WAPs) people and expect the worst from anyone, you won't be disappointed.
  • by Tanman (90298) on Friday May 14, 2010 @06:30PM (#32214840)

    If the government subpoenas Google to see the nature of the data they 'accidentally' collected, can they hunt through the data for evidence of illegal activities by the individual users and then go after them? This seems like it would be a great way for The Man to have access to private data by circumventing unreasonable search protections. After all, they just happened to notice this data while checking to see what data Google had been stea, er, storing.

  • ...on one hand we all love to use Google, let's face it - it's the no#1 search engine, finds more data for you than you could ever dream of coming up with on your own or any other engine, shows you the way on your navigator - heck...even shows you where to get hot coffee on a rainy day, free mail service, supports open-source initiatives all over, man - that's like free drugs, you WILL get addicted, and there's really no way out.

    Google and the government have ONE thing in common though, power. And knowledge

    • by Dirtside (91468)

      no one in their right mind can make that big of an engineering mistake

      Like the kind that cause a bridge to collapse [wikipedia.org], or a space shuttle to blow up shortly after launch [wikipedia.org]?

  • by docstrange (161931) on Friday May 14, 2010 @06:47PM (#32215016) Homepage

    I wonder if they were using "off the shelf" open source tools to collect this information.

    By default Kismet will log the pcap file, gps log, alerts, and network log in XML and plaintext.
    http://www.kismetwireless.net/documentation.shtml

    It is entirely possible that they were using off the shelf open source tools and this log type was simply not turned off in the configuration file.

    • by AHuxley (892839)
      Thats fine for a war driver and a laptop.
      Google was mapping cities and the data flow would have been non trivial.
      Someone signed for this.
    • Re: (Score:3, Informative)

      by detritus. (46421)

      If this were the case, the data captured would likely be of little to no use by anybody. Kismet constantly hops channels and whatever data is being sent in the clear on a specific channel for a fraction of a second will be dumped to a pcap file. At most you may expose the mac addresses of machines connected to the AP's network and little fragments of communication, but only for small fractions of a second.

  • IANAL, but having an "open" network does not mean that everyone is legally free to use it. It just means that it isn't protected. Unless the owner of that network specifically says that it is freely "open to the public for use", I would assume that such packet sniffing would fall under standard wiretapping laws.

  • Google is the new Apple which was the new Microsoft.

    In other words, you can't really trust any big corporation. Enjoy the good stuff they may produce but keep one hand on your wallet (or your personal data).

  • That we'll never, ever, EVER do it again until the next time.

  • When I was in highschool I would write down anyone password I saw someone type into the computer. It was completely by accident though, I didn't mean to carry my notepad and pen with me where ever I went.

  • Google either knowingly collected the data and are evil and not to be trusted

    Google accidently collected this private data and are incompetent and should NEVER be trusted with any sort of data EVER

    I can't see any other way to look at this that doesn't make google bad.

How many Unix hacks does it take to change a light bulb? Let's see, can you use a shell script for that or does it need a C program?

Working...