Forgot your password?
typodupeerror
Google Privacy Wireless Networking Your Rights Online

Google Street View Wi-Fi Data Includes Passwords, Email Content 292

Posted by Soulskill
from the top-of-the-line-pr-nightmare dept.
snydeq writes "The French National Commission on Computing and Liberty has found passwords and email messages among the Street View Wi-Fi data Google intercepted, InfoWorld reports. The data protection authority has been investigating Google's recording of traffic carried over unencrypted Wi-Fi networks. Google has said it collected only 'fragments' of personal web traffic as it passed by because its Wi-Fi equipment automatically changes channels five times a second. With Wi-Fi networks operating at up to 54Mbps, however, those 'fragments' may have been more than that. 'We can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages,' CNIL said."
This discussion has been archived. No new comments can be posted.

Google Street View Wi-Fi Data Includes Passwords, Email Content

Comments Filter:
  • Yikes! (Score:2, Interesting)

    This went from "it was an accident" to "there's nothing in the data anyway" to "hey, will you look at that! How'd that get in there??"
    • Re:Yikes! (Score:5, Insightful)

      by Anonymous Coward on Friday June 18, 2010 @01:02PM (#32615862)
      No. Google's had one consistent message from the beginning: this was an accident, and it's extremely unlikely that they collected more than fragments because they were DRIVING DOWN THE FUCKING STREET as they channel-hopped.

      So out of many gigabytes of accidentally-collected data, yes, it's not particularly surprising that there are a few passwords collected from people still crazy enough to send that kind of stuff unencrypted. Tell me, what exactly do you think Google's nefarious motive in all this could possibly be? What's your plan to make money by doing this deliberately?

      If you have no reasonable answer, as I'm sure you don't, then fuck off with your cutesy little insinuations.
      • out of many gigabytes of accidentally-collected data

        Doesn't that sentence fragment strike you as a bit odd? I'd almost call it "inconceivable"...

  • Encryption (Score:2, Insightful)

    by nOw2 (1531357)

    It's not that I think everyone should be forced to use encryption everywhere, but in this case the unencrypted data is being broadcast out into public spaces.

    • Re: (Score:3, Interesting)

      by John Hasler (414242)

      It was once the law in the USA that anyone was free to listen to any radio transmission and disclose anything they heard. It was up to those operating the transmitter to encrypt their secrets and/or control the direction of their transmissions. This should, IMHO, still be the law. Why should I not be allowed to receive radio signals you send onto my property? Why should I be obligated to protect your secrets after you've blasted them out to the universe?

  • News? (Score:5, Insightful)

    by spinkham (56603) on Friday June 18, 2010 @12:57PM (#32615782)

    A crapload of small random bits of data will contain some interesting data.. This is news?

    If you don't want anyone picking up your wifi traffic you encrypt it. Welcome to the year 2000.

    • Re:News? (Score:5, Insightful)

      by Hoplite3 (671379) on Friday June 18, 2010 @01:12PM (#32616054)

      This just in: If you don't want to be seen naked while changing, close the blinds.

  • My hope would be (Score:5, Insightful)

    by the_one_wesp (1785252) on Friday June 18, 2010 @12:59PM (#32615798)
    that this would end up being less about Google getting in trouble for scraping unsecured data and more about educating the general public on how to secure their networks. Aside from the fact that Google probably shouldn't have done it in the first place, this should be wake up call to everyone with an unsecured wireless network.
    • by c++0xFF (1758032)

      The user is not at fault! We are. The programmers. Why should they have to manually secure their networks at all?

      Do you have to manually secure your connection to your bank's web portal? Why do we need extensions [slashdot.org] to fix security? Why is the email client sending passwords in the clear? Why is the wireless connection not encrypted by default?

      Sure ... most of this is because of old protocols or standards where it wasn't required. But here's the lesson: the days of ignoring security when programming are

  • Maybe someday people won't be stupid enough to transmit passwords in the clear and expect privacy. It's not like the technology to do it doesn't exit, people are just too resistant to chance and "inconvenience".

    A man can dream though, a man can dream...

  • Well, duh. (Score:5, Insightful)

    by Todd Knarr (15451) on Friday June 18, 2010 @01:02PM (#32615874) Homepage

    Those people were transmitting those passwords and e-mails in the clear over a broadcast medium (ie. to everybody in range who was listening). Google was in range and listening and heard them. That's like saying "I was shouting my password at the top of my lungs on the streetcorner and someone overheard me and wrote it down!": yes there's a problem, but it's not with the person who wrote the password down. It's with you, for thinking you can shout things in public and somehow miraculously have them remain private and confidential.

    • by jdgeorge (18767)

      In this case, I suggest it's the ISP who's at fault for leading their customers to believe that their communications over the radio bands are private and confidential.

      Particularly ISPs who provide only unencrypted connections to email servers are a significant part of the problem here.

    • by lgw (121541)

      People using unencrypted wifi today have a reasonable expectation of privacy. In 20 years, maybe that won't be true, but today it is. If someone has a reasonable expectation of privacy, you're probably breaking the law if you listen in even if it's really easy to do so. The technical sophistication required isn't even relevant.

      • by Deosyne (92713)

        How is it reasonable? I've known some of the dumbest of dumbasses who still know enough about the difference between secured and unsecured wi-fi access points to mooch off of the open ones. Seems more reasonable to me to expect that if you leave your connection open that people are going to jump on in.

      • by Todd Knarr (15451)

        No, they don't, no more than the people shouting on the streetcorner have any expectation of privacy. That wifi uses radio's well-known. That radio is a broadcast medium, that anyone with a receiver can listen in, has been well-known since before I was born.

  • passwords?! (Score:2, Insightful)

    by oddTodd123 (1806894)
    Where can you even log in any more with an unencrypted connection?
    • Re: (Score:3, Interesting)

      by tibman (623933)

      slashdot?

    • Re: (Score:3, Insightful)

      by epp_b (944299)

      Where can you even log in any more with an unencrypted connection?

      I don't know of any non-webmail email services that secure their pop connections. Plus, there's also session hijacking [wikipedia.org].

    • by owlstead (636356)

      Many ISP's still have unencrypted mail servers. The idea is/was that you are directly connecting with them anyway, so a plain POP3 password is not a problem. This is just not true anymore. People use WiFi at home, login from company PC's and from their smart phones. Don't forget that encryption still costs money - both CPU time and maintenance (replacing certificates and such).

  • For those that believe that everyone should know about wireless encryption, and that everyone should know the benefits of WPA vs WEP, I hope you don't shred your trash but burn it before putting it into your recycle bin/garbage can. Because your credit card receipts and bills, even if shredded could contain "fragments" of personal data.

    What you don't burn it or dissolve it in acid? You only shred it? You should know better. Everyone should know proper sensitive documentation handling and disposal proced

    • by Ash-Fox (726320)

      everyone should know the benefits of WPA vs WEP

      Such as only one those technologies work with my Nintendo DS, which is why I don't use the other.

      • Sadly... the same applies for me.

        However, I find I'm using my DS online less and less, and am considering switching over to WPA (or WPA2, whichever all of my roommates and my other devices support... PCs, Wii, Xbox 360, and PS3)

    • by Deosyne (92713)

      If I decide to start broadcasting information to the neighborhood via my shirt that is going to cause me to lose my shit and start threatening lawsuits because my shirt button wasn't properly secured then Granny is free to fire away.

  • The odds of grabbing passwords in this way (changing channels 5 times per second and only being in range of a network for a few seconds at a time) is pretty slim, in general, but given that Google was apparently running this software for years it's not surprising that it happened occasionally. Still, the total packets collected only amount to like 660 gigabytes -- that's not very much, and I'm willing to bet that only a tiny, tiny, percentage of that data is this sort of data. Most of your traffic is not

  • I heard fragments of the conversations of people in front of me in line the other day... didn't these people have the same "reasonable expectation of privacy" as the people shipping their data over open WiFi routers?

The difficult we do today; the impossible takes a little longer.

Working...