Google Street View Wi-Fi Data Includes Passwords, Email Content 292
snydeq writes "The French National Commission on Computing and Liberty has found passwords and email messages among the Street View Wi-Fi data Google intercepted, InfoWorld reports. The data protection authority has been investigating Google's recording of traffic carried over unencrypted Wi-Fi networks. Google has said it collected only 'fragments' of personal web traffic as it passed by because its Wi-Fi equipment automatically changes channels five times a second. With Wi-Fi networks operating at up to 54Mbps, however, those 'fragments' may have been more than that. 'We can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages,' CNIL said."
Re:Ho ho ho... Felony. (Score:4, Informative)
The law doesn't care.
Stop thinking about your Wifi device. You emit a lot of information without knowing about it anyway. Read about TEMPEST [wikipedia.org].
Some people even believe that just cause they have swapped CRTs with LCDs, they are not vulnerable. They are usually wrong [cam.ac.uk].
There are way many things that are private to you, but that anyone can collect on a mass scale and raise hairs. Like the time period during which your home's lights are on, and when they are off, the contents of your trash, what type of car you use, what colors/types of clothes you wear, etc. just by noticing you in public. Not all such information may be useful or cost-worthy to use today, but it's all information that says something about you.
Re:passwords?! (Score:1, Informative)
Some web email services uses unencrypted connections by default, some web space providers use unencrypted logins too, forums the same and some places, where you register, still sent you the login/password pack via email after signing up.
Re:duh (Score:2, Informative)
Re:duh (Score:3, Informative)
The ISP is responsible for this problem, not Google.
Since when is it an ISP's responsibilty to secure their customers' wireless LANs?
1) Since they started selling wireless LANs [rr.com] to their customers.
2) I'm not talking about wireless, I'm talking about unencrypted access to email servers, which should concern you even if you DON'T use wireless, for the same reason you shouldn't perform financial transactions over an unencrypted connection.
3) Using wireless encryption may be a good idea, but that is NOT enough to provide safe electronic communication.
Re:Well.. (Score:1, Informative)
It's more like yelling at your neighbor across the street, and then getting upset when someone driving by overhears it. With unencrypted traffic on a wireless network you are quite literally broadcasting information to the world. The argument that someone is the intended recipient and everyone else needs to pretend they didn't hear it is bullshit.
Actually it's more like me having a letter in my mailbox, and you drive by and copy it.
There was nothing accidental about what google recorded. You have to make an effort to "see" wireless traffic, view the contents, and record it.
The argument about the intended recipient is not b.s. Just because my yard is unlocked doesn't mean you can use my pool. Just because I don't have a lock on my mailbox doesn't mean you can come over and make copies of everything that gets delivered to me. You know damn well that wireless network is not yours. You know the traffic on it is not for you. You know the email was not for you... but you still opened your computer, searched for a network, connected to it, viewed the traffic, and saved it.
You have to make an effort to hear and record unsecured wireless traffic. There was nothing accidental about it.
You're trying to say I should have put a lock on my mailbox to stop you from just "accidentally walking by and making copies of all my letters."
Re:Well.. (Score:3, Informative)
Google wasn't recording something they didn't want to, they explicitly stored the transmitted data because they wanted to store the transmitted data. If all they wanted were SSIDs I'm fairly positive they could have collected those without recording gigabytes worth of data
You seem to be speaking out of ignorance. It's already been well established by an independent investigator that the software Google was using recorded samples of unencrypted Wifi data by *default*, and Google left it in the default mode. So yes it was possible to only sample SSIDs without sampling Wifi data, and no Google did not do it deliberately, or at least, there is no evidence it was deliberate.
Re:I'm alarmed... (Score:3, Informative)
No there isn't. And you are a retard for buying into their horse shit.
Thanks for the personal abuse, but there is an independent report that has tremendous detail, including the lines:
"By default, gslite records all wireless frame data, except for the bodies of Data frames
from encrypted wireless networks"
The report exhaustively details how the software mostly inherited from an open source project (kismet) which was incorrectly used in its default mode (capture unencrypted packets). The report found absolutely no evidence of intent to capture the packets, merely that the software was used in its default mode instead of the correct mode which required an extra configuration parameter to be set.
They did it knowingly.
They did it on purpose.
They did it to get your fucking data.
What data? 0.2 seconds of a drive by? What possible use could that be?
And what evidence do you have about Google's intent here? You have not one speck of evidence. You rant on about me blindly trusting Google when your own mistrust and hatred is just as (or more) blind. Google's explanation makes rational sense and is backed up by every independent assessment. Your assertions of evil intent are based on nothing other than paranoia and hatred.
I'm all for scepticism and critically evaluating companies based on trust. But as far as I can tell Google is about the most open and trustworthy company of any tech company going around. I judge them by their actions and their statements and so far I'm happy with what I see.