Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Government Privacy Wireless Networking Your Rights Online

Google Releases Wi-Fi Sniffing Audit 198

adeelarshad82 writes "In the wake of the controversy surrounding its Street View data collection processes, Google has published an independent audit of its practices, prompting a London-based privacy group to accuse Google of a 'criminal act.' The report provided some more in-depth, technical details (PDF) about what Google has already admitted to doing: storing wireless data packet information that was collected over unencrypted networks. According to the report, Street View cars collect data sent over wireless networks, and associate this information with data from a GPS unit in the vehicles. The technology used, known as gslite, then parses and stores certain identifying information about these wireless networks to a hard drive. That information includes the MAC address and the SSID amongst other things like e-mails addresses and browser history." Google also sent a letter to House Energy and Commerce Committee leaders acknowledging their mistake and claiming they have not "conducted an analysis of the payload data in a way that allows us to know exactly what was collected."
This discussion has been archived. No new comments can be posted.

Google Releases Wi-Fi Sniffing Audit

Comments Filter:
  • by ibsteve2u ( 1184603 ) on Friday June 11, 2010 @10:41AM (#32536260)

    ...or I could congratulate Google for making more people aware that just because they cannot visualize their wireless traffic does not mean that car or truck that is sitting outside isn't recording their "innocent" online chat with that hot babe they'd just as soon their spouse doesn't know about.

    Then again, perhaps I'm jaded because my very first job out of high school involved...eavesdropping. I know it is possible; I know it happens; I know encryption is your only friend.

    • Re: (Score:3, Interesting)

      by jd ( 1658 )

      In the days CRT ruled supreme, it was entirely possible to grab video images from any television or computer monitor directly. Up until the scrapping of analogue TV, anyone with a standard TV areal plugged into a DVD player, cable box, or whatever, was unknowingly broadcasting EVERYTHING they watched. An areal is a two-way device.

      (The British discovered this when the fifth broadcast channel started up at the same frequency as a few million Nintendos and a few million more VCRs. This was the ultimate in DDoS

      • (The British discovered this when the fifth broadcast channel started up at the same frequency as a few million Nintendos and a few million more VCRs. This was the ultimate in DDoS attacks, with each and every one of those devices acting as a jamming device. It cost the Government of the day a small fortune to repair, though I'm not sure their solution of re-tuning every household electronic device was the most practical of the options.)

        Btw, it is called Van Eck phreaking after the guy who discovered it. As usual wikipedia has some info:

        http://en.wikipedia.org/wiki/Van_Eck_phreaking [wikipedia.org]

    • Then again, perhaps I'm jaded because my very first job out of high school involved...eavesdropping. I know it is possible; I know it happens; I know encryption is your only friend.

      Indeed. When driving around looking for someones house (whom I only met once at a restaurant), I got lost so I pulled out my laptop and drove around, hitting enter to refresh the wifi every few seconds. When I finally got something I pulled up Google maps and re-entered the address. (Turns out I had written a 7 but meant 1, so I was a few streets away).

      I remember this was the first time I grew curious of exactly how much information I could get by just setting up the traffic watcher I use at home to gauge m

      • ...my neighbour at my old house had insecured WiFi. Knowing the dangers I looked at his printer on the network, grabbed the drivers, and printed to it, giving him instructions on how to secure his WiFi, and why it was important. ...

        Mod up. Probably the only way to convince most people that there really *is* a danger, and that their computer with all of its personal data is just as vulnerable.

    • by jdgeorge ( 18767 )

      ...I know encryption is your only friend.

      Ummm... thankfully, my only friends are people, not manipulations of data. :-)

      On the other hand, to be fair to what I think you meant, encryption is NOT your only defense. Exercising appropriate restraint about what you do, say, write, and transmit is also extremely important. If you feel inclined to do, say, type, show, or talk about things you already do or might later regret, you should think twice before transmitting it electronically.

      Electronic communications, like physical diaries or letters, can ofte

  • by SoupGuru ( 723634 ) on Friday June 11, 2010 @10:44AM (#32536310)
    So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?
    • by mukund ( 163654 ) on Friday June 11, 2010 @11:02AM (#32536564) Homepage

      So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?

      Yes, if you can prove malice.

      You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?

      You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?

      You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?

      Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?

      No, the data is really private to you and whoever you intended it for. Anyone who thinks otherwise is either stupid or malicious.

      • Re: (Score:3, Informative)

        by Wrath0fb0b ( 302444 )

        You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?

        Yes. If you want to have a private conversation, a public park is not the best place for it.

        You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?

        Use SSH/SSL.

        You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?

        The entire purpose of Facebook is to broadcast stuff. I would be very upset if I posted a comment to Facebook and it wasn't immediately available for everyone to see.

        Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?

        The Stored Communications Act places certain statutory legal restrictions on these activities. Phone conversations (when not conducted on a bluetooth headset so loudly that everyone on the bus can hear you) are protected from third-party

        • by mukund ( 163654 )

          Yes. If you want to have a private conversation, a public park is not the best place for it.

          It was an example :) With technology available these days, it doesn't matter if you are in a park or not. TEMPEST [wikipedia.org] is old stuff. You put out a lot of signals out there. Try and enumerate the information one can access (if they could) based on the signals that you transmit (don't automatically think just of devices built as radio transmitters).

          Use SSH/SSL

          I am a techie. But how about my relatives who live two doors down? They use WiFi. They don't know what makes it all work, except that it lets their laptops "use the int

          • I am a techie. But how about my relatives who live two doors down? They use WiFi. They don't know what makes it all work, except that it lets their laptops "use the internet" without any wires. Read your wireless router's documentation. It most probably uses fancy words like WPA, encryption keys, etc. How many of the general public really understand it? Encryption is VERY difficult to get right and one of the main elements is educating the proper use of it.

            Being willfully ignorant is hardly a compelling argument. Either your relatives are terminally stupid, deliberately unwilling to learn or you aren't very effective at teaching them what they need to know to keep themselves safe and secure. I don't buy this kind of argument at all. People aren't that stupid and they understand things of similar complexity in other contexts just fine. Stop making excuses for laziness.

            • by Romancer ( 19668 )

              I second the motion.

              There are lots of comparisons out there.

              One of the equations I see is that not everybody is a lawyer and has the time/inclination to study law, yet we all are responsible for our own actions if we break them. I don't know the detailed ins and outs of legally selling guns but if I wanted to start a business I sure as hell would look into it or at least ask a knowledgeable person in the respective fields.

              Same thing with cars (yes the slashdot car example) you get behind the wheel, you bett

        • by jdgeorge ( 18767 )

          Wow, good post. Difficulty seems to arise from the fact that radio signals are by nature broadcasts into public space, even if they are specifically intended communications with a single recipient. Because they are not visible, people think of them as being private, even though the signals may travel significantly outside of their homes.

          If you walk into a crowded room and yell to my buddy John "Hey, John, I'll meet you at your place at five o'clock," I just broadcast this information to anyone in the room w

      • Broadcast. Broad cast. Broad: a large area. Cast: throw or disseminate. Broadcast: throwing your crap over a wide area.

        The problem is that we want convenience with our electronic and communications. In order for that to work seamlessly, our access points are spewing out crap non-stop, advertising its existence for all to hear and explaining what kinds of connections it offers and what you'll need to connect to it. It's really convenient to do it that way because then we just turn the wifi on the lapto
      • >Yes, if you can prove malice.

        So, you're it's illegal for me to listen to the radio if I'm not in a good mood?

      • If you're in a public park, you have no expectation of privacy. If you talk about MP3s and a 3rd party hears it, that is your fault for not taking measures to ensure your privacy, like talking in your own house.

        Your ISP is providing a service to you. Just like a phone provider, they are not allowed to just randomly walk in on your transmission. Landlords are also not allowed to just walk right in on you whenever they want (excluding exigent circumstances), even though they own the place.

        What really gets

      • So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?

        Yes, if you can prove malice.

        [...]

        the data is really private to you and whoever you intended it for. Anyone who thinks otherwise is either stupid or malicious.

        You see, this is where the issue arises. You call us stupid for thinking that information that you BROADCAST is not private. We call you stupid for thinking that information you BROADCAST is private.

        Do you know what a broadcast is? In it's very essence, it is to purposefully making something PUBLIC. You don't BROADCAST if you don't want it to be seen or heard. Point in fact, you do not have to even broadcast your SSID! It can be kept hidden, so that only you and people you inform of can even find it.

        A phone

    • by Yvanhoe ( 564877 )
      The law cares more about intent than what is technically feasible. I tend to agree with you, but in the head of a jurist (or of about any non-technical person) they expect their mails and history to be private and well-behaved people to not go look in their trashes. They expect criminals to be able to do it and government as well (you know, hollywood says they have hackers 'n stuff). They just don't expect a company to do that on an industrial scale and make profits lawfully that way.

      I hope that this will
  • Who cares? (Score:5, Insightful)

    by ibpooks ( 127372 ) on Friday June 11, 2010 @10:45AM (#32536322) Homepage

    They collected information which was publicly available from the street. Big deal.

    • by beh ( 4759 ) *

      By the same standard, extracting AT&T's iPad data was also perfectly fine - it was all publicly available from the Internet...

      The problem is - if I leave my home unlocked and you enter it, it's still an illegal trespass, making off with some of my belongings, even copying documents I might store at home, would still be considered illegal... The same applies for WiFi hotspots - the hotspot IS someone's property - sure you might be somewhere where you can SEE that there is a hotspot, much like you may se

    • They collected information which was publicly available from the street. Big deal.

      Available - but only with high-tech monitoring gear.

      Available - but only because wireless networking is new to most folks.

      Available - because the default wireless set-up is insecure - and who do we have to blame for that if not the geek who programs these systems at the OEM level?

    • It's funny that people don't say that when it comes to CCTV in Britain.
  • by onion2k ( 203094 ) on Friday June 11, 2010 @10:51AM (#32536424) Homepage

    I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.

    • by mukund ( 163654 )

      I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.

      If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.

      I don't know what you'll think.. whether I am naive or you are.

      • If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.

        There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).

        Google did not "come in and snoop around", they passively listened from the street -- hence the analogy to a big sign on top of the house. If they have connected to the network and started making requests (e.g. connecting to SMB shares, reading shared iTunes playlists) then your analogy would be absolutely correct.

        • There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).

          Google did not "come in and snoop around", they passively listened from the street -- hence the analogy to a big sign on top of the house.

          How about if you leave your blinds open, and I sit in a car outside your house with a telephoto lens taking pictures of everything I can see inside, and storing them in a database?

          • by cawpin ( 875453 )
            As long as you're on public property they can't do anything.

            Google was not looking IN, the signal was be broadcast OUT.
            • The light from inside your window is broadcast OUT as well.

              • by cawpin ( 875453 )
                I can't tell if you're agreeing with me or not. What I meant was, as long as the person taking the photos is on public property, there is nothing the homeowner can do, aside from shutting the curtains.
        • by mukund ( 163654 )

          There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).

          You broadcast a lot of information anyway. Don't think of just devices built as radio transmitters.

          TEMPEST [wikipedia.org] was available eons ago. Think what is possible with technology today.

          I don't know if it's legal to snoop or not. I don't think we can even tell if this data collection was malicious or just a stupid mistake, going by the information that is available to us. It's for the courts to judge.

          But the possibility of data that might have been collected by such passive listening alarms me. It is not compatible w

      • by arose ( 644256 )
        What if you throw your stuff all over the curb?
  • by rumith ( 983060 ) on Friday June 11, 2010 @10:55AM (#32536470)
    There is little to add [benlog.com].
    ...
    I want to focus on a related problem that I’ll call privacy advocacy theater. This is a problem that my friends and colleagues are guilty of, and I’m sure I’m guilty of it at times, too. Privacy Advocacy Theater is the act of extreme criticism for an accidental data breach rather than a systemic privacy design flaw. Example: if you’re up in arms over the Google Street View privacy “fiasco” of the last few days, you’re guilty of Privacy Advocacy Theater. (If you’re generally worried about Google Street View, that’s a different problem, there are real concerns there, but I’m only talking about the collection of wifi network payload data Google performed by mistake.)
    I’m looking at you, EU Privacy folks, who are investigating Google over accidental data collection. Where is your investigation of Opera, which provides Opera Mini, billed as “smarter web browsing”, smarter in the sense that it relays all data, including secure connections to your bank, through Opera’s servers? We should be much more concerned about designs that inherently create privacy risk. Oh sure, it’s easy political points to harp on accidental breaches for weeks, but it doesn’t help privacy much.
    I also have to be harsh with people I respect deeply, like Kim Cameron who says that Google broke two of his very nicely crafted Laws of Identity. Come on, Kim, this was accidental data collection by code that the Google Street View folks didn’t even realize was running. (I’m giving them the benefit of the doubt. If they are lying, that’s a different problem, but no one’s claiming they’re lying, as far as I know.) The Laws of Identity apply predominantly to the systems that individuals choose to use to manage their data. If anyone is breaking the Laws of Identity, it’s the wifi access points that don’t actively nudge users towards encrypting their wifi network.
    Another group I deeply admire and respect is EPIC. Here, they are also guilty of Privacy Advocacy Theater: they’re asking for an investigation into Google’s accidental wifi data collection. Now, I’m not a lawyer, and I certainly wouldn’t dare argue the law with Marc Rotenberg. But using common sense here, shouldn’t intent have something to do with this? Google did not intend to collect this data, didn’t even know they had it, and didn’t make any use of it. Shouldn’t we, instead of investigating them, help them define a process, maybe with third-party auditing from folks at EPIC, that helps them catalog what data they’re collecting, what data they’re using, etc? At the very least, can we stop the press releases that make no distinction between intentional and unintentional data collection?
    I’m getting worked up about this Privacy Advocacy Theater because, in the end, I believe it hurts privacy. Google is spending large amounts of time and money on this issue which is, as I’ve described previously, an inevitability in computer systems: accidental breaches happen all the time. We should be mostly commending them for revealing this flaw, and working with them to continue regular disclosure so that, with public oversight, these mistakes are discovered and addressed. Google has zero interest in making these mistakes. Slapping them on the wrist and having them feel some pain may be appropriate, but too much pain and too much focus on this non-issue is akin to a full-on criminal trial for driving 10 miles per hour over the speed limit: everyone’s doing it. Just fine them and move on. Then spend your time going after the folks who, by design, are endangering millions of users’ privacy.
    There are plenty of real, systemic privacy issues: Facebook’s data sharing and privacy controls, Opera Mini’s design (tens of millions of users relaying all of their data to Opera, by design), Google’s intentional data retention practices, web-based ad networks, We have enough real issues to deal with, who needs the advocacy theater?
    • by nschubach ( 922175 ) on Friday June 11, 2010 @11:05AM (#32536630) Journal

      I thought you said "a little!"

    • by thijsh ( 910751 )
      Same can be said for any $GOOD_CAUSE theater, it always has a negative impact on $GOOD_CAUSE as an unintended consequence. Like for example the BP oil spill: to limit bad PR and outrage (theater) they have to limit oil on places and animals in reach of camera's, so their solution is to use chemical dispersants which hide most of the oil from sight in giant clouds beneath the surface. Now they have alleviated one big problem on the surface by creating two new problems beneath the waves. All true environmenta
    • When things get so big, I don't trust them at all.
      You want some control, you've got to keep it small.
      Hey.

  • Should be (Score:4, Interesting)

    by spleen_blender ( 949762 ) on Friday June 11, 2010 @11:02AM (#32536574)
    Falsely accusing or indicating someone has committed a criminal act should be grounds for libel or slander.
    • by jd ( 1658 )

      In the US, at least, falsely accusing people is a major source of income for lawyers, newspapers, TV stations, politicians,... If you shut this line of income down and lock them up, you'd double the prison population in days.

    • Re: (Score:3, Insightful)

      See, now, this is what I don't get: Google published this, probably after their own lawyers got a look at it, and knowing full well that people were chumming the waters for legal cases. They didn't try to hide anything, and they aren't trying to deceive anyone.

      And yet, the vibe I get from their opposition isn't, "we're going to slap you on the wrist for this little unintentional crime you're completely honest about." It's more like, "This prove you're a criminal of the worst kind and deserves to have the

      • I fail to even see the "mistake" part of this. In my view nothing wrong was done and their even flinching to this is a sign of their ignorance or malice.
  • by slimjim8094 ( 941042 ) on Friday June 11, 2010 @11:02AM (#32536580)

    I made a comment a few weeks ago about people not understanding the concept of radio. People go to great expense and effort to throw their signal and information as widely as possible, and then complain when that happens. It's like people who don't want to be photographed in public.

    I encrypt my wireless network, because I only want people I approve to access it. As a technically savvy individual, I use strong encryption. But ethically and (I think) legally, even if I were to use the embarrassingly-weak WEP, my intent to encrypt would be unmistakable.

    WPA2/other strong encryption is like locking your house with a deadbolt and putting up an alarm. It takes a lot of work to get in.
    WEP is like locking your screen door - it means 'don't come in' and while it's trivial to do so, you can't claim you thought it was OK
    Unencrypted means 'come in, we have cookies!'. For things like coffee-shop hotspots, this is exactly the intent. For lazy homeowners, this is probably not what they want.

    I have no sympathy for our lazy homeowners who don't want to take the time to understand exactly what that magic box does, and now are mad at Google. Admittedly, it's governments who are pursuing this, but it's tantamount to punishing someone who took a free sample from a grocery store.

    tl;dr - unencrypted networks are implicit invitations to do whatever you want.

    • by D Ninja ( 825055 )

      Unencrypted means 'come in, we have cookies!'. For things like coffee-shop hotspots, this is exactly the intent. For lazy homeowners, this is probably not what they want.

      Not quite. Being in your own home still has some implication of privacy (the four walls do that). Having unencrypted wifi is more like standing outside your front door on your porch and expecting people not to look at what you're doing there.

      • by jd ( 1658 )

        In this day and age of wardriving, wifi sniffers and even your bog-standard network mappers, it's not simply standing out on the porch. It's sticking a bloody great 30' neon sign over said porch saying "look this way".

    • Re: (Score:2, Interesting)

      by tokul ( 682258 )

      It's like people who don't want to be photographed in public.

      I don't care if people photograph street with me in it. I can turn away. I do care when they photograph me in the street. It depends on purpose of photographing.

      • What do you do when you go up to an ATM? There's a security camera taking pictures of you.

        What about if you're walking past someone who is at the ATM and it takes a picture of you?

        I'm not saying that you should want your picture taken in public. But I am saying that it isn't illegal. I'm sure there are lots of celebrities who wish it was.

    • by Eil ( 82413 )

      I have no sympathy for our lazy homeowners who don't want to take the time to understand exactly what that magic box does, and now are mad at Google.

      Here's the gray area. You and I would both agree that users of unencrypted wifi networks should understand all of the security and privacy implications. What's not so clear is whether they should be expected to understand the basic technologies (to include authorization and encryption algorithms) behind wireless networks.

      I argue that they shouldn't. I place muc

  • by Wrath0fb0b ( 302444 ) on Friday June 11, 2010 @11:03AM (#32536584)

    Mod me into oblivion, but I don't get how you can have a privacy interest in data that you are transmitting unencrypted. This is not just like leaving a door unlocked or a window un-blinded (which is inaction), there is a positive action of transmitting that information in such a way that anyone can read it. Calling this unauthorized access is really bizarre -- it's like saying I eavesdrop on my neighbors when they get drunk and start yelling very loudly at each other. Is it too much to ask that if you want to keep something private you ought to refrain from actively broadcasting it to the world? To be clear, I'm not talking about inferring a lack of a right from inaction (not locking your door is not an excuse for thieves) -- only conscious actions.

    Google might yet make a public service of this and send out a postcard to these addresses explaining that they have chosen to make their internet usage public and they might do well to revisit their wireless setup. Of course, normatively they should probably discard any private data they collected just as matter of decency but that's not the same as saying they should be required to by some novel notion of privacy that extends to private information even when the rightful owner has willingly made it public.

    [ Also, an aside, it's 2010! Who still uses an email client that's not https (web) or SSL (pop/imap/exchange)? GMail certainly is https (all of it, not just the login). ]

    • by thijsh ( 910751 )
      I totally agree with you. It should however be pointed out that some data that *can* be recorded because it is publicly transmitted is still not legally allowed (in at least some places). This includes common devices like older non-DECT analog wireless handset (counts as illegal wiretap) but also human voice (no recording without consent). The point is that until a specific law for a specific situation with this specific technology exists there should be no legal issues, so in this case with Google it does
    • I like the postcard idea (though impractical in densely populated areas) and completely agree with discarding the collected data. And the "positive action of transmitting" argument is an interesting one repeated many times in this and other privacy articles, so no modding down is warranted.

      I do have questions on how I'm not sure I'd agree with this notion:

      Is there any importance to the fact that protecting one's privacy is a far more technically complex (and modern) problem than locking one's door? And is

    • there is a positive action of transmitting that information in such a way that anyone can read it. Calling this unauthorized access is really bizarre -- it's like saying I eavesdrop on my neighbors when they get drunk and start yelling very loudly at each other

      Yes. And at least Google should be thanked for bringing public awareness for this problem.

      Also, an aside, it's 2010! Who still uses an email client that's not https (web) or SSL (pop/imap/exchange)? GMail certainly is https (all of it, not just the login). ]

      Well, most of the non-technically minded people.
      Although most web-based interfaces now are HTTPS based (or feature massively huge warning banners at the log-in screen of their HTTP version giving people advices to switch their bookmakrs), lots of mail clients use plain POP / IMAP by default. And I've seen lots of institution which don't advise their users to turn encryption on.
      The Thunderbird "Add account" wizard is th

    • Mod me into oblivion, but I don't get how you can have a privacy interest in data that you are transmitting unencrypted.

      The privacy of unencrypted private radio communication has been legally protected in the states for the better part of 100 years. [Radio Act Of 1927]

  • Jealousy (Score:3, Insightful)

    by El_Muerte_TDS ( 592157 ) on Friday June 11, 2010 @11:09AM (#32536674) Homepage

    The reason why these government bodies are going after Google is because Google did by accident what these bodies never imagined they could do.

    And now that people have been made aware of this by Google's slip up the government cannot pull the same trick (any time soon).

    • More like Google did by accident what these bodies do regularly for the sole purpose and stated intent of violating their citizens privacy. For example this London based privacy group calling Google a criminal for accidental eavesdropping which Google completely came clean about. When they should be focused on the real privacy issues of full body scanners in airports and the thousands of CCTV cameras all over England.

      I mean I realize they are just making hay with this to get some free publicity and maybe ge

  • How the hell do you sniff browser history over WiFi? I call bullshit on that.
  • Let's compare the locked door/unlocked door analogy to collecting WiFi data. My parents know if there doors are locked or not unlocked. They have absolutely no fucking clue if what they transmit across there WiFi is secure or not. They assume it is, but as long as the website opens up they are blissful and ignorant to it. I'd be willing to bet that a huge majority of majority of people are in this boat. What makes what Google is doing so bad is they are driving around exploiting this. Is it illegal?
    • by Flipao ( 903929 )

      For a company that proclaims 'Do No Evil', sure seems a bit on the evil side guy.

      You're under the assumption that a) They are lying b) This a malicious attempt and c) The engineers at Google are a pretty evil bunch.

      I would find it rather odd that in a company with such a strong worded motto an order would come from high above to do something that would completely contradict it, and everybody involved would just happily go along with it without so much as a murmur to the press.

      • It's more likely that they just have agreed to a different definition of evil then the rest of the world.

        • by Flipao ( 903929 )

          It's more likely that they just have agreed to a different definition of evil then the rest of the world.

          Yes, they must agree this during some rite of passage, perhaps during their employee induction day: Fill in some forms, get an ID card, suck a virgin dry....

    • What is it they say about law and ignorance again?

    • My parents have absolutely no fucking clue if what they transmit across there WiFi is secure or not. They assume it is, but as long as the website opens up they are blissful and ignorant to it.

      Right there is the problem. Blissful and ignorant is their choice and their problem. Did you even mention to them that Wi-Fi is notoriously insecure and not very private unless you really try? Maybe they would not be so ignorant then. But that would mean they ask you to make sure they are secure, and you wouldn't want the extra work, would you?

      The ultimate lesson in all of this? Don't dabble in magic if you aren't prepared to understand it.

    • Let's compare the locked door/unlocked door analogy to collecting WiFi data. My parents know if there doors are locked or not unlocked. They have absolutely no fucking clue if what they transmit across there WiFi is secure or not. They assume it is, but as long as the website opens up they are blissful and ignorant to it. I'd be willing to bet that a huge majority of majority of people are in this boat. What makes what Google is doing so bad is they are driving around exploiting this. Is it illegal? I don't know. Is it morally questionable? Certainly. For a company that proclaims 'Do No Evil', sure seems a bit on the evil side guy.

      You might have a point if you can demonstrate that Google has been indexing personal data gleened from traffic captures. But I haven't seen anything that indicates that the traffic isn't simply a byproduct of their real intent - indexing wireless access points (I've done the exact same thing indexing sites using Kismet with default configs). I'd have a hard time seeing anything threatening in listing the SID and location of my WAP.

      And to be clear - I get it. Yes - people were clueless. Yes - people are

  • FTFA: "Subsequently, when the remainder of the frame is written to disk, its body is not recorded"

    So, basically, google drove around in the street-mobile and saved mac, ip, and ssid info - big deal. Let's waste US legal system time on something more pressing.

  • I should mention that many laws regarding wiretapping or eavesdropping require "unauthorized access" to the data stream, frequently requiring an intrusion of private property. I imagine that Google's actions are legally distinguishable from such laws, since they did not access such hardware, they only passively recorded information that was visible from public locations. If they had actually communicated directly with such people's routers, and, say, established an IP address with their network router, it
  • Gotta give some props to Google and their "Don't be Evil".

    They could have tried to sweep this under the rug, pay people off, and play politics as usual. Instead, they have fully released all of the information, encouraging multiple countries to investigate them.

    They could have used multiple underhanded moves to prevent this kind of investigation, but they didn't.

    Good Job, Google.

  • 5. While gslite parses the header information from all wireless networks, it does not attempt
    to parse the body of any wireless data packets. The body of wireless data packets is where user-
    created content, such as e-mails or file transfers, or evidence of user activity, such as Internet
    browsing, may be found. While running in memory, gslite permanently drops the bodies of all
    data traffic transmitted over encrypted wireless networks. The gslite program does write to a hard
    drive the bodies of wireless data packets from unencrypted networks. However, it does not
    attempt to analyze or parse that data.

    Doesn't seem illegal to me, but maybe Germany is stupid about radio signals?

    -molo

  • amongst other things like e-mails addresses and browser history

    This is so incedibly wrong...
    IF you sent such these informations (OR ANY OTHER) over an unencrypted WLAN (i.e. everybody can read all your data all the time and you're among the stupidest 2.6% of the population) exactly in the second when the google car passed by, then they stored the RAW PACKETS, which MIGHT include some E-Mail addresses (the ones used in the current mails, not your whole addressbook) or URLs that you are requesting right in

  • What a terrible summary.

    Here's what the article said:

    The process also captures wireless data packets, which can include personal information like e-mails and browser history

    This by itself was hysterical silliness. Browser history? Why would you transmit your browser history across the internet? You might as well have said it could include nuclear launch codes. It's theoretically possible, but just as unlikely. At least the article then goes on to indicate that while that sort of data *could* have been in the packets, Google wasn't parsing them.

    The Slashdot summary on the other hand is written in a way that makes it sound

  • For some time now I've noticed that the My Location radius in Google Maps for Android gets much smaller when you are in signal range of an open wireless access point. (Assuming you don't have GPS on.) Android / Maps seems to use three different RF methods of location. 1, cell towers, 2, WiFi APs, 3, GPS. (Turn off WiFi and a medium radius will revert to the typical .5-2km cell tower radius.)

    There is an interesting side effect to this. I moved last November and naturally took my WiFi access point with me. I

Pascal is not a high-level language. -- Steven Feiner

Working...