Forgot your password?
typodupeerror
Google Patents Privacy The Courts Wireless Networking Technology

Google Describes Wi-Fi Sniffing In Pending Patent 134

Posted by timothy
from the and-in-the-alternative-yer-honor dept.
theodp writes "After mistakenly saying that it did not collect Wi-Fi payload data, Google had to reverse itself, saying, 'it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks.' OK, mistakes happen. But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets by operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server? Guess belated kudos are owed to the savvy Slashdot commenter who speculated back in January that the patent-pending technology might be useful inside a Google Street View vehicle. Google faces inquiries into its Wi-Fi packet sniffing practices by German and US authorities."
This discussion has been archived. No new comments can be posted.

Google Describes Wi-Fi Sniffing In Pending Patent

Comments Filter:
  • Wardriving? (Score:4, Interesting)

    by Anonymous Coward on Saturday May 29, 2010 @08:17AM (#32387982)

    A patent?

    Isn't that exactly the same thing which wardrivers have been doing since WiFi existed?

    • Re:Wardriving? (Score:4, Insightful)

      by gilesjuk (604902) <giles@jones.zen@co@uk> on Saturday May 29, 2010 @08:43AM (#32388120)

      Why patent it? is that to stop other people doing the same?

      Honestly, Google, Microsoft, IBM, Apple and co, put them on a big ship and sink it. They don't want to compete, they want to lock up very generic ideas and stop everyone else from using them.

      • Yeah, because Apple has never brought to market any worthwhile technology [apple-history.com] on its own.
      • by Ofloo (1378781)
        I agree, besides Google didn't invent this, .. people have been doing this for years, .. patents should be banned, to allow progress. Really how does one justify earning billions just by patenting something, .. In my eyes Google is just the same as MS or any other major corp, .. and because of the privacy issue i'm not using any of their services aside from their search engine, .. looking for a better one however.
    • Isn't that exactly the same thing which wardrivers have been doing since WiFi existed?

      Yeah, but the wardrivers didn't patent it.

      Cop Car: "Hey buddy, pull over! You are wardriving and thus infringing on a patent owned by the Google corporation!"

    • by LingNoi (1066278)

      Yes it is, and sadly even though everyone on Slashdot realises this there doesn't seem to be a way for us to tell the patent office about the prior art.

  • Mr Hyde? (Score:4, Insightful)

    by symes (835608) on Saturday May 29, 2010 @08:22AM (#32388028) Journal
    It seems there's one bit of Google that really wants to sniff packets and another side, probably PR, that doesn't want the bad press. At the end of the day they're now just another multinational corporation with potential markets rather than individual customers.
    • by vrmlguy (120854)

      Maybe I'm stupid, but it looks like apples and oranges to me. Google was/is collecting packets to capture the *header* information; this data allows them to deduce other people's locations. Google was also, in some cases, also collecting *payload* data, which is (a) accidental, and (b) pretty useless (please give me any example of how to use this nefariously). Germany is pretty upset about it, probably because they want to establish a precedent that people shouldn't do this rather than any belief that ac

      • Re: (Score:1, Troll)

        by postbigbang (761081)

        Capturing and doing various tricks to strip headers, reassemble payloads, and otherwise dither with wired and wireless packets in fixed and non-stationary ways has been done since before Sergi Brin was out of diapers. I'm guessing that prior art eats their expensive lunch.

        Of course, the not-invented-here syndrome coupled to over-paid internal IP attorneys will argue contrarily.

      • Re:Mr Hyde? (Score:4, Insightful)

        by AHuxley (892839) on Saturday May 29, 2010 @09:36AM (#32388404) Homepage Journal
        "harm was done" is a slope many parts of the world do not want to slide down.
        They have strict laws to make sure you do not record people on cameras, voice calls and now data.
        What google did was intercept communications not intended for them and keep the fragments they sucked up.
        They did this around the world, long term and had to set the tech up to do it and keep the data collection going.
        When caught by the press they tried to fake their way out with a local admission and then where forced to tell more of the truth only when exposed further.
        Google missed a request from the German gov to show what data they collected and how it was stored ect.
        That kind of throws "accidental" and "pretty useless" out.
        "Accidental" would be a beta test car in one city, data dump found, turned off and local permission to wifi map requested.
        As for what it is used for, who knows what google sells in bulk beta form to its customers about its consumers (end losers).
        How many external eyes got to scan city maps with MAC, IP and plain text data for keywords?
        From spam to ip misuse to police raids to state task forces and COINTELPRO 2.0 dreams?
        The state sends out spyware/p2p hunt, finds an open MAC and wants to sneak and peak based on googles "bulk" data.
        Wrong family, wrong time, right MAC.
        • So are you saying patents shouldn't be granted if the research it is based on is actually an illegal activity (given that you said war driving is illegal in some countries)?

          BTW, I think if this is not covered by prior art (the practice of war driving), it is for sure an obvious extension of it.
          • At least around here (Germany) patents actually can't be granted if they are based on illegal activities - as long as there is no legal use. It's a rarely invoked clause, though, given that basically nothing is purely illegal.
        • Re: (Score:3, Insightful)

          by LordLimecat (1103839)

          They did this around the world, long term and had to set the tech up to do it and keep the data collection going.

          Perhaps its silly of me to ask, but is this speculation, or fact that can be sourced?

          Google missed a request from the German gov to show what data they collected and how it was stored ect.

          My understanding from every article ive seen on the topic is that, whilst complying with the German authorities, they discovered the issue, promptly announced it, and complied with requests to delete the data. Can you provide a link that shows otherwise?

          How many external eyes got to scan city maps with MAC, IP and plain text data for keywords?

          Is this like that whole "did glenn beck rape and murder children in 1990" thing, where you can ask questions based in fantasy to imply wrongdoing? Do you have any evidence

          • by AHuxley (892839)
            I will bite :)
            "They did this around the world, long term and had to set the tech up to do it and keep the data collection going." http://www.google.com/hostednews/afp/article/ALeqM5h8imuNrdgq9uo-_uDoktPD05Y2Rw [google.com]
            Google said Street View cars have been collecting WiFi data in Australia, Austria, Belgium, Brazil, Britain, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, Italy, Japan, Luxembourg, Macau, Mexico, the Netherlands, New Zealand, Norway, Poland, Por
        • It was 600 gigabytes of data out of god knows how much total. It was easy for it to not be noticed. They intentionally collected MAC addresses. there's nothing wrong with that. The problem was that they recycled some code from another project and that resulted in the entire packet (instead of just the MAC address) sometimes being saved.

          But understand we're talking about a few packets per network. This is a tiny tiny tiny amount of data. The code also switched networks every second, so we're talking abou

        • by fyrewulff (702920)

          When caught by the press they tried to fake their way out with a local admission and then where forced to tell more of the truth only when exposed further.

          Bzzt. Google came clean about it themselves. The press never found anything. If Google had just silently deleted the data instead of being a "good citizen" and saying they had done it, we wouldn't even know about this right now.

          Google clearly learned it's lesson from this. Don't be the good citizen, just shut up and delete the data without saying anything because stupid idiots will always be stupid idiots.

      • Re: (Score:3, Interesting)

        by TheRaven64 (641858)

        pretty useless (please give me any example of how to use this nefariously)

        If the payload happened to contain a Google search request, or an HTTP request to a site that sues Google Analytics, then they can correlate this with the other information that they have and go from a cookie (which tells you the things the user has ever searched for) to a specific computer (MAC address) and even to a specific house number. The same if the packet was sent to Google's DNS servers.

        • If the payload happened to contain a Google search request, or an HTTP request to a site that sues Google Analytics

          I had no idea HTTP requests could sue! Think of the possibilities!


          *I'm sure you probably ment uses

        • by Dare nMc (468959)

          After a google search (oh the irony) I went to this site (while using Wifi) http://whatismyipaddress.com/ [whatismyipaddress.com] and guess what, google (or any other visited website) doesn't need to get lucky with Wifi data to know what city I am in, when I am using my WiFi connection.

          to a specific computer (MAC address) and even to a specific house number.

          not really, mostly wifi is used by "laptops" If they have a cookie already, and a plenty of unique information [schneier.com] on your computer, knowing a rough estimation of where your laptop was in a 5 minute window, isn't vary valuable (IMHO). Then again go

    • Re: (Score:3, Informative)

      by LordLimecat (1103839)
      Did you miss the part where everyone already knew they were sniffing packets to determine location, and that was never being denied? The issue has always been whether payload data was being recorded. See here: http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html [blogspot.com]

      Im sorry if I come off as a google apologist, defending them all the time, but my goodness people just seem to want to ignore fact and the actual articles, so they can wildly speculate about what awful things google is doing.
  • It's now termed as Wardriving [wikipedia.org]
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Wifi Sniffing and wardriving are two overlapping but different concepts. Sniffing is passively capturing wireless LAN traffic, i.e. a very broad term. Wardriving is when a mobile receiver passively captures a specific subset of WLAN traffic, namely the beacon frames, for the purpose of finding and listing but not accessing wireless LANs. What Google supposedly wanted to do was wardriving. What Google actually did was Wifi sniffing.

  • by Anonymous Coward on Saturday May 29, 2010 @08:33AM (#32388080)

    I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

    • by Anonymous Coward on Saturday May 29, 2010 @08:45AM (#32388138)

      I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

      I don't mind that people see me when I go out on the street.

      But at the same time, I don't want Google or any other company to film me, and digitally store every trip I make.

      But following your line of thought, I should reason that if I don't want Google to film me in my own street, then I shouldn't go outside.

      • by Nyder (754090)

        I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

        I don't mind that people see me when I go out on the street.

        But at the same time, I don't want Google or any other company to film me, and digitally store every trip I make.

        But following your line of thought, I should reason that if I don't want Google to film me in my own street, then I shouldn't go outside.

        But the security camera in the store is okay? How about the atm you walked by? chances are it took your picture also.

        the light you stopped at? Didn't see the camera on it?

    • by morgan_greywolf (835522) on Saturday May 29, 2010 @08:47AM (#32388154) Homepage Journal

      I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property.

      In addition, start using WPA, stop broadcasting your SSID, etc.

      Personally, I do use WPA, but I still broadcast my SSID, which is currently set to 'hacker' and for some reason the neighbors say they don't want to mess with that wireless network. ;)

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        Meanwhile, I have 4 seperate Linksys WRT54G-TM units sporting directional antennae in the attic along each of the outside walls in my house. Each broadcasts the SSID and makes NO use of encryption. When the most sensitive site I could possibly log in to without requiring https is going to sell my strawberry harvest datum to its sales 'partners' anyway? It seems to me that security should be starting a little further from home.

        In addition to good will toward and from my neighbors, I receive plausible deniabi

      • Haha, good idea. How about "malware quarantine lab" as the SSID?
      • Its been said a thousand times before...
        Turning off broadcasting is absolutely pointless if you use WPA. Any tool that will allow you to crack WPA or mess with the AP will also uncover the AP almost instantly if there is ANY activity, and your laptop will periodically announce to the world that it knows that SSID.
      • by mlts (1038732) *

        Even if the SSID isn't broadcast, it is still findable by a decent wardriver.

        My view on wireless security is twofold:

        First, if nothing is using the wireless router, most routers have a checkbox to turn the wireless off, or just physically detach the power and network cords. An attacker can't attack what isn't available.

        Second, WPA2-PSK at the minimum, maybe WPA if some old device can't be updated to use it. Ideal would be WPA2-Enterprise and a RADIUS server, and the best is authentication using smart card

    • if you would kindly give me your address, cowardly Anonymous Coward, I shall be following you around and recording you for the next six months of your life whenever you are on public property, also recording you in your home as far as those light/infrared/etc waves are being broadcast out to public property. I shall be putting out all this information on the Internet.

      If you don't want anyone to know about your life, lock yourself up in your home in a Faraday cage.

      • by ThreeGigs (239452)

        His name is Brad Pitt.
        And you'll have to fight the other 20 people doing the same thing.

        See? Already happening. Already commonplace. Completely accepted and even encouraged by society. I'm thinking your attempt at shock and awe and putting themselves in other shoes, etc., etc. has failed because you're simply quoting S.O.P. for celebrities. _They_ know the rules.. the _real_ rules of privacy. Public is public, and privacy can never be assumed.

    • If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

      This argument becomes tiresome.

      It was settled - legally - in the earliest days of radio, on the perfectly intelligible grounds that leeches undermined the funding of subscription services which might not otherwise be viable.

      You were never entitled to freely tap into the water, power, sewer, and phone lines which might cross your property.

      The carrier wave of the satellite broadcast f

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Tapping into water, power, sewer, and phone means making use of capacity that would otherwise be available to other users. It makes use of infrastructure that someone else owns and has the right to control access to. Decrypting a broadcast signal does not deprive other users of anything.

  • Beta? (Score:2, Funny)

    by Gen. Malaise (530798)
    It's now "Wardriving -Beta"
  • by ukyoCE (106879) on Saturday May 29, 2010 @08:49AM (#32388164) Journal

    operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server?

    As scary as the poster tries to make this sound, this is how you listen for public access points. This post is a scare-mongering dupe.

    Yellow journalism is getting to be awfully common here on Slashdot. For instance this troll of a story which just so happens to be from the same author:

    http://developers.slashdot.org/article.pl?sid=10/05/21/1427245 [slashdot.org]

  • WTF? (Score:3, Interesting)

    by Arimus (198136) on Saturday May 29, 2010 @08:54AM (#32388198)

    Hm, my netbook + car charger + linux + aircrack-ng does just that.
    My archos media player can do likewise.

    How can you patent this crap?

    • Re: (Score:3, Informative)

      by jibjibjib (889679)
      Because (as a little bit of common sense or a minute of reading the article would tell you) the patent is longer and more detailed than the Slashdot summary and actually describes a specific non-trivial innovation.
  • by ZorbaTHut (126196) on Saturday May 29, 2010 @08:55AM (#32388204) Homepage

    The patent is for capturing the metadata and analyzing it. Guess what the Google van was supposed to do? That's right: capture the metadata, and analyze it. Nobody's disputing that, nobody ever has disputed that.

    The accidental part is that it turns out they were capturing more than metadata. The patent doesn't talk about doing that, there's no evidence Google ever intended to do that, and it's difficult to determine what they could possibly gain from it anyway.

    So, here, let's improve the headline.

    "Google Has Pending Patent For Exactly The Process They Tried To Implement, But Slightly Screwed Up"

    SHOCKING!

    • by shentino (1139071)

      What's interesting is that gubbermints are wanting to get their grubby paws on the data that Google accidentally pilfered, probably as a means of doing an end run around the 4th amendment and/or similiar laws in other countries.

  • The patent, titled "Wireless network-based location approximation", describes packet analysis for determining location, which nobody denies was being done intentionally by Google, and says nothing of using payload data. This was what sparked the current wave of privacy inquiries anyway, as well as the incorrect comment that they weren't capturing payload data.
  • Google is full of it (Score:3, Interesting)

    by ugen (93902) on Saturday May 29, 2010 @08:56AM (#32388210)

    I think the original "by mistake" explanation they gave is a load of cr%p. How is it even possible to "collect WiFi information by mistake"? You have to install appropriate hardware and software, run it and then place the results to some sort of a database. Basic though it may be, someone had to do this, do this on all Google street view vehicles and keep it running. We are talking an effort of multiple people. There is absolutely nothing about it that's a mistake.
    Now that they've been caught - they are resorting to bold faced lies.

    Didn't have much trust in Google until now, but this has gone beyond anything acceptable.

    • by maxume (22995)

      They aren't denying that the intentionally drove around and monitored for wireless access points and then logged information about the access points.

      The part they say is a mistake is that they stored the payload from some of the packets that they captured. The payload might contain some interesting unencrypted data, but the chances of that are pretty slim. There really isn't much a business could use the information for.

      • by AHuxley (892839)
        Depends on the business your in.
        Recall how Tor was used to gain a few email pw of embassies in 1997?
        Somebody put much effort and company cash into fitting many of the google data collection vehicles.
        Supporting the wifi data collection long term on a wide scale is not 'free'.
        Someone saw value in the packets longterm.
        Or random workers to set up world wide spontaneous packet sniffing in Googles name and with company cash.
        • by maxume (22995)

          Seriously? The vehicles were in a given location for a few minutes. They might have captured a few hundred kilobytes from a given router. The kilobytes are as likely to be some banal story about some skanky celebrity as they are to be anything else, and there is at least some chance that any private information is encrypted.

          They absolutely were packet sniffing, but it's just retarded to insist that it is somehow useful information surveillance, they simply didn't capture enough data and there are too many e

    • Re: (Score:3, Informative)

      by shentino (1139071)

      They can make mistakes on what part of the packet they sniffed.

      A more accurate analogy would be going fishing for tuna and accidentally catching a dolphin.

      • A more accurate analogy would be going fishing for tuna and accidentally catching a dolphin.

        This is why another poster said that accidental would be if that had happened on one car in one city during a beta test.

        Because after that, you look at the data you have gathered and discover your accident. Imho this should be discovered even before such a beta test, as any company that respects privacy should have internal audits set up that discover that kind of misconfiguration.

        So, after Google went fishing f

    • Re: (Score:3, Informative)

      by bk2204 (310841)

      The difference here is that they actually intercepted data by mistake. If you use Kismet [kismetwireless.net] (probably the best wireless sniffing tool for Linux), you can set it to not save data packets, only beacon packets (which really have all the data that Google needs), but by default, it saves everything, including any data packets it sees (encrypted or unencrypted).

      It depends on what you're doing what packets you want. If you're trying to break WEP, you only care about encrypted data packets; if you're just doing inno

      • by khchung (462899)

        The difference here is that they actually intercepted data by mistake.

        Do you work for Google and personally know everyone involved in collecting the data? If not, it is quite a big leap of faith to make that assertion.

        If you use Kismet (probably the best wireless sniffing tool for Linux), you can set it to not save data packets, only beacon packets (which really have all the data that Google needs), but by default, it saves everything, including any data packets it sees (encrypted or unencrypted).

        And are we also to believe that nobody noticed how fast the disks are filling up (geez, wouldn't you think they made an estimate on how much disk they need before the project started?), and everybody up and down the data processing chain did NOT notice the extra bulk of data when they analyze them? ("Gee! I expected only 200M per day, but I run through 2G of

    • You clearly didn't read the full explanation.

      They wanted to collect MAC addresses for Geolocation. Perfectly legal, totally useful, a boon to society.

      They recycled code that someone had made for another purpose without carefully checking the data it was recording. They intentionally ran this software on every Google Streetview car for years, they did not intend for it to be collecting the extra data, but were unaware.

      So they thought they were only collecting one type of data, but apparently collected 600

  • by chrb (1083577) on Saturday May 29, 2010 @09:04AM (#32388254)

    But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets

    The deal is that the patent describes capturing and analysing wireless data packets to extract the IP adress alongside GPS coordinates in order to enhance Google's IP geolocation accuracy. The "mistake" that they owned up to is actually dumping and storing all packets, not just the external IP address. Those are two different things.

    • Re: (Score:2, Interesting)

      by geggam (777689)

      How about some prior art ??

      http://wigle.net/gps/gps/main/download/ [wigle.net]

      This has been running for years

    • But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets

      The deal is that the patent describes capturing and analysing wireless data packets to extract the IP adress alongside GPS coordinates in order to enhance Google's IP geolocation accuracy. The "mistake" that they owned up to is actually dumping and storing all packets, not just the external IP address. Those are two different things.

      In fact, when the story broke out about wi-fi, I suspected it as much. They are sinifing all the IP packaets! To those who say, if you don't want it sniffed, then encypt it or it's on public property and everyone can sniff it or whatever, lets face it, not everyone has the ability to do that. And even if it's not encrypted, does not mean everyone has a right to read it. It's supposed to be my traffic. It's akin to llistening to my wireless calls by capturing wireless traffic that is supposed to be meant fo

  • i realize that it may not be their intent to patent wardriving, but wouldn't that be covered by this?

  • Google is redefining the word Evil as we speak. Someone like Kevin Mitnick would be serving time if they were caught doing this.

    • They were sniffing OPEN, unencrypted networks. I don't think anyone should go to jail or even be sued for that. If you don't want people accessing your traffic, encrypt it. I mean, I could see the argument that if you used *any* kind of encryption, even WEP (which we all know is easily broken), then you have a reasonable expectation of privacy, and if someone cracks the encryption, then they should be legally liable. But really, if you don't take any measures at all to protect your wireless network, then yo

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        No, this is like using a long range mic to pick up private conversations.

        Yes, if they want to have a "private" conversation, they should have it inside a sound proof room, just like Google cheerleaders like you insist everyone should use encryption to avoid this. Try telling that to grandma.

  • Google had to reverse itself

    It became elgooG?

  • and use Google's data to prosecute the owners of these networks since it's illegal to leave your WiFi unsecured in Germany. STATE POWER!!!!
  • I don't think Jerry would actually pose that question...
  • As I pointed out this morning here - http://theamericandictator.com/content.php/133-Google-has-created-a-virtual-GPS-on-YOUR-laptop-desktop-computer-cellphone.-Really [theamericandictator.com]! Google isn't collecting wifi info without a reason. It is collecting the data because it is using it create an unbeatable virtual GPS on every wifi equipped device - laptop - netbook - desktop - cellphone - etc. etc. And THAT data, delivered to google realtime, is also made available through an open API, to everyone. The social implicatio
  • if you are going to be evil, you will have to buy a license from Google.

  • WiGLE [wigle.net]
  • Raw packets (Score:1, Informative)

    by Anonymous Coward

    Here is a good technical description from a packet level:
    http://erratasec.blogspot.com/2010/05/technical-details-of-street-view-wifi.html [blogspot.com]

  • Nah don't worry, Google is your friend, your lover, your new red bicycle.

    Trust us. We are not evil.

    Those who eschew Apple just b/c they are on top, or b/c of some perceived wrong doing, Google knows when, where, and what your search, whom you talk to, where you travel, and in some cases what you buy.

  • When did Google "deny" this before "reversing themselves"? They were asked to turn over data by the Germans (who have an irrational fear of having pictures of their houses taken). They looked at it first, realized there was more there than they had been intending to collect and to their credit, rather than try to delete or hide it, they announced it and issued a mea culpa.

    Anyways, there's apparently no new news for this story included in the summary, so why are reposting and reshashing old stuff? This is

Too much of everything is just enough. -- Bob Wier

Working...