Google Releases Wi-Fi Sniffing Audit 198
adeelarshad82 writes "In the wake of the controversy surrounding its Street View data collection processes, Google has published an independent audit of its practices, prompting a London-based privacy group to accuse Google of a 'criminal act.' The report provided some more in-depth, technical details (PDF) about what Google has already admitted to doing: storing wireless data packet information that was collected over unencrypted networks. According to the report, Street View cars collect data sent over wireless networks, and associate this information with data from a GPS unit in the vehicles. The technology used, known as gslite, then parses and stores certain identifying information about these wireless networks to a hard drive. That information includes the MAC address and the SSID amongst other things like e-mails addresses and browser history."
Google also sent a letter to House Energy and Commerce Committee leaders acknowledging their mistake and claiming they have not "conducted an analysis of the payload data in a way that allows us to know exactly what was collected."
I could protest, I suppose... (Score:4, Interesting)
...or I could congratulate Google for making more people aware that just because they cannot visualize their wireless traffic does not mean that car or truck that is sitting outside isn't recording their "innocent" online chat with that hot babe they'd just as soon their spouse doesn't know about.
Then again, perhaps I'm jaded because my very first job out of high school involved...eavesdropping. I know it is possible; I know it happens; I know encryption is your only friend.
Re: (Score:3, Interesting)
In the days CRT ruled supreme, it was entirely possible to grab video images from any television or computer monitor directly. Up until the scrapping of analogue TV, anyone with a standard TV areal plugged into a DVD player, cable box, or whatever, was unknowingly broadcasting EVERYTHING they watched. An areal is a two-way device.
(The British discovered this when the fifth broadcast channel started up at the same frequency as a few million Nintendos and a few million more VCRs. This was the ultimate in DDoS
Re: (Score:2)
(The British discovered this when the fifth broadcast channel started up at the same frequency as a few million Nintendos and a few million more VCRs. This was the ultimate in DDoS attacks, with each and every one of those devices acting as a jamming device. It cost the Government of the day a small fortune to repair, though I'm not sure their solution of re-tuning every household electronic device was the most practical of the options.)
Btw, it is called Van Eck phreaking after the guy who discovered it. As usual wikipedia has some info:
http://en.wikipedia.org/wiki/Van_Eck_phreaking [wikipedia.org]
Re:I would congratulate them too (Score:2)
Then again, perhaps I'm jaded because my very first job out of high school involved...eavesdropping. I know it is possible; I know it happens; I know encryption is your only friend.
Indeed. When driving around looking for someones house (whom I only met once at a restaurant), I got lost so I pulled out my laptop and drove around, hitting enter to refresh the wifi every few seconds. When I finally got something I pulled up Google maps and re-entered the address. (Turns out I had written a 7 but meant 1, so I was a few streets away).
I remember this was the first time I grew curious of exactly how much information I could get by just setting up the traffic watcher I use at home to gauge m
Re: (Score:2)
...my neighbour at my old house had insecured WiFi. Knowing the dangers I looked at his printer on the network, grabbed the drivers, and printed to it, giving him instructions on how to secure his WiFi, and why it was important. ...
Mod up. Probably the only way to convince most people that there really *is* a danger, and that their computer with all of its personal data is just as vulnerable.
Re: (Score:2)
...I know encryption is your only friend.
Ummm... thankfully, my only friends are people, not manipulations of data. :-)
On the other hand, to be fair to what I think you meant, encryption is NOT your only defense. Exercising appropriate restraint about what you do, say, write, and transmit is also extremely important. If you feel inclined to do, say, type, show, or talk about things you already do or might later regret, you should think twice before transmitting it electronically.
Electronic communications, like physical diaries or letters, can ofte
don't broadcast that stuff (Score:4, Insightful)
Re:don't broadcast that stuff (Score:4, Interesting)
So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?
Yes, if you can prove malice.
You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?
You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?
You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?
Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?
No, the data is really private to you and whoever you intended it for. Anyone who thinks otherwise is either stupid or malicious.
Re: (Score:3, Informative)
You have a private conversation about your MP3 collection with your friend in the park. A 3rd party picks it up with a mic. Don't broadcast that stuff?
Yes. If you want to have a private conversation, a public park is not the best place for it.
You route your data through your ISP. Your ISP records whatever it wants. Don't broadcast that stuff?
Use SSH/SSL.
You post a comment on Facebook. It's forever in Facebook's database. Don't broadcast that stuff?
The entire purpose of Facebook is to broadcast stuff. I would be very upset if I posted a comment to Facebook and it wasn't immediately available for everyone to see.
Your phone calls are recorded by your phone provider, who gives you a "convenient web-based interface to replay conversations whenever, wherever you want." (Gosh, all email is like this, and people are fine with it.). Don't broadcast that stuff?
The Stored Communications Act places certain statutory legal restrictions on these activities. Phone conversations (when not conducted on a bluetooth headset so loudly that everyone on the bus can hear you) are protected from third-party
Re: (Score:2)
Yes. If you want to have a private conversation, a public park is not the best place for it.
It was an example :) With technology available these days, it doesn't matter if you are in a park or not. TEMPEST [wikipedia.org] is old stuff. You put out a lot of signals out there. Try and enumerate the information one can access (if they could) based on the signals that you transmit (don't automatically think just of devices built as radio transmitters).
Use SSH/SSL
I am a techie. But how about my relatives who live two doors down? They use WiFi. They don't know what makes it all work, except that it lets their laptops "use the int
Re: (Score:2)
I am a techie. But how about my relatives who live two doors down? They use WiFi. They don't know what makes it all work, except that it lets their laptops "use the internet" without any wires. Read your wireless router's documentation. It most probably uses fancy words like WPA, encryption keys, etc. How many of the general public really understand it? Encryption is VERY difficult to get right and one of the main elements is educating the proper use of it.
Being willfully ignorant is hardly a compelling argument. Either your relatives are terminally stupid, deliberately unwilling to learn or you aren't very effective at teaching them what they need to know to keep themselves safe and secure. I don't buy this kind of argument at all. People aren't that stupid and they understand things of similar complexity in other contexts just fine. Stop making excuses for laziness.
Re: (Score:2)
I second the motion.
There are lots of comparisons out there.
One of the equations I see is that not everybody is a lawyer and has the time/inclination to study law, yet we all are responsible for our own actions if we break them. I don't know the detailed ins and outs of legally selling guns but if I wanted to start a business I sure as hell would look into it or at least ask a knowledgeable person in the respective fields.
Same thing with cars (yes the slashdot car example) you get behind the wheel, you bett
Re: (Score:2)
Wow, good post. Difficulty seems to arise from the fact that radio signals are by nature broadcasts into public space, even if they are specifically intended communications with a single recipient. Because they are not visible, people think of them as being private, even though the signals may travel significantly outside of their homes.
If you walk into a crowded room and yell to my buddy John "Hey, John, I'll meet you at your place at five o'clock," I just broadcast this information to anyone in the room w
Re: (Score:2)
The problem is that we want convenience with our electronic and communications. In order for that to work seamlessly, our access points are spewing out crap non-stop, advertising its existence for all to hear and explaining what kinds of connections it offers and what you'll need to connect to it. It's really convenient to do it that way because then we just turn the wifi on the lapto
Bullshit (Score:2)
>Yes, if you can prove malice.
So, you're it's illegal for me to listen to the radio if I'm not in a good mood?
Re: (Score:2)
you're saying
Re: (Score:2)
If you're in a public park, you have no expectation of privacy. If you talk about MP3s and a 3rd party hears it, that is your fault for not taking measures to ensure your privacy, like talking in your own house.
Your ISP is providing a service to you. Just like a phone provider, they are not allowed to just randomly walk in on your transmission. Landlords are also not allowed to just walk right in on you whenever they want (excluding exigent circumstances), even though they own the place.
What really gets
Re: (Score:2)
So if I were to set up a radio transmitter that transmitted certain info, can I then accuse whoever looks at that info of being a criminal?
Yes, if you can prove malice.
[...]
the data is really private to you and whoever you intended it for. Anyone who thinks otherwise is either stupid or malicious.
You see, this is where the issue arises. You call us stupid for thinking that information that you BROADCAST is not private. We call you stupid for thinking that information you BROADCAST is private.
Do you know what a broadcast is? In it's very essence, it is to purposefully making something PUBLIC. You don't BROADCAST if you don't want it to be seen or heard. Point in fact, you do not have to even broadcast your SSID! It can be kept hidden, so that only you and people you inform of can even find it.
A phone
Re: (Score:2)
I hope that this will
Re: (Score:2)
Re: (Score:2)
Errr, moderators, how is it flamebait to remind people of actual quotes and the actual (and terrifying) xenophobia that exists in the US? Surely to NOT point out that xenophobia is a serious and VERY real problem right now in every country would be the flamebait. Telling humanity that it needs to wake the eff up and cut the crap may not be... delicate, but since when have I ever been delicate? I'm about as delicate as a slice of lemon wrapped around a gold brick and/or piledriver. Marking something as flame
Who cares? (Score:5, Insightful)
They collected information which was publicly available from the street. Big deal.
Re: (Score:2)
By the same standard, extracting AT&T's iPad data was also perfectly fine - it was all publicly available from the Internet...
The problem is - if I leave my home unlocked and you enter it, it's still an illegal trespass, making off with some of my belongings, even copying documents I might store at home, would still be considered illegal... The same applies for WiFi hotspots - the hotspot IS someone's property - sure you might be somewhere where you can SEE that there is a hotspot, much like you may se
Re: (Score:2)
They collected information which was publicly available from the street. Big deal.
Available - but only with high-tech monitoring gear.
Available - but only because wireless networking is new to most folks.
Available - because the default wireless set-up is insecure - and who do we have to blame for that if not the geek who programs these systems at the OEM level?
Re: (Score:2)
Re: (Score:3, Informative)
Err, not really. The FCC limits the power of transmission, yes, but the Bluetooth Rifle (range 1.1 miles) and even the Pringles Reflector show that you can massively boost range without boosting power. If you want to be fancier, I'm pretty sure the Voyager deep-space probes were using less power than is permitted for WiFi. Ok, the data rates suffered a bit, but then what else is XZ for?
Re: (Score:2)
The FCC limits the power of transmission, yes, but the Bluetooth Rifle (range 1.1 miles) and even the Pringles Reflector show that you can massively boost range without boosting power.
No. The FCC limits the effective isotropic radiative power (EIRP) of transmissions, which takes into account the gain of the antenna. Multipoint links are limited to 4W, period. Point to point links are on a sliding scale, allowing higher power as your gain goes up (and your broadcast cone decreases). A PTP link using cantennas and consumer grade equipment will probably never achieve sufficient power to violate FCC limits.
Re: I don't think so... (Score:3, Insightful)
They've already said they have not used any of the inadvertently captured information in any product, nor did they realize they had it sitting on their development hard drives, until the dustup and review.
Presumably all they wanted was open WiFi's MAC and SSIDs so they could do basic geolocation on products that only have WiFi and not GPS. But even then, it sounds like they haven't released a product based on their collected data.
You hav
Subbtle difference: No barrier (Score:2)
Isn't that like standing on the street and using a laser listener (Google it) on your house is OK?, after all it is in plain sight, and it's only sound waves being recorded through light waves.
The subbtle difference is that the WiFi data was transmitted on the clear to begin with. It's information which is available to anyone else in the same street.
Whereas, in the laser listening, the people have supposedly closed their windows, because (at least) they probably expected some privacy.
The WiFi equivalent of the laser-listener, would be Google breaking weak WEP-protected wifi and mining that for data. The WEP shows that the people expected some privacy.
The voice equivalent would be listening to wha
Re: (Score:2)
Complaining on the ground of privacy when google scans open SSIDs, is like complaining for copyright infringement when google indexes publicly available web pages.
Or takes your picture from the street, and then puts it onto StreetView.
Google has only captured publicly available information, and images. They just were smart enough to collect it, aggregate it, and use it in a valuable way. The outrage should not be over the collection of the data, but a realization that it's out there at all. Google
My big sign. (Score:5, Funny)
I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.
Re: (Score:2)
I've printed all my private data on a giant sign that I've put on top of my house. If you read it you can expect a visit from the authorities. Please, while I might not have bothered to secure my data, I do expect you to respect my privacy.
If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.
I don't know what you'll think.. whether I am naive or you are.
Re: (Score:2)
If I leave my door unlocked, I don't think it's right to strangers to come in and snoop around.
There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).
Google did not "come in and snoop around", they passively listened from the street -- hence the analogy to a big sign on top of the house. If they have connected to the network and started making requests (e.g. connecting to SMB shares, reading shared iTunes playlists) then your analogy would be absolutely correct.
Re: (Score:2)
There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).
Google did not "come in and snoop around", they passively listened from the street -- hence the analogy to a big sign on top of the house.
How about if you leave your blinds open, and I sit in a car outside your house with a telephoto lens taking pictures of everything I can see inside, and storing them in a database?
Re: (Score:2)
Google was not looking IN, the signal was be broadcast OUT.
Re: (Score:2)
The light from inside your window is broadcast OUT as well.
Re: (Score:2)
Re: (Score:2)
There is a difference between not locking your door (inaction) and broadcasting the data to the world (action).
You broadcast a lot of information anyway. Don't think of just devices built as radio transmitters.
TEMPEST [wikipedia.org] was available eons ago. Think what is possible with technology today.
I don't know if it's legal to snoop or not. I don't think we can even tell if this data collection was malicious or just a stupid mistake, going by the information that is available to us. It's for the courts to judge.
But the possibility of data that might have been collected by such passive listening alarms me. It is not compatible w
Re: (Score:2)
Re: (Score:2)
Even if you are on a licensed frequency, unless that frequency is a cellular telephone frequency, it's not even illegal to sniff those signals, just illegal to transmit on them unless you're in distress or authorized by the licensee and/or the FCC to transmit on it.
Re: (Score:2)
Privacy Advocacy Theater (Score:5, Insightful)
I want to focus on a related problem that I’ll call privacy advocacy theater. This is a problem that my friends and colleagues are guilty of, and I’m sure I’m guilty of it at times, too. Privacy Advocacy Theater is the act of extreme criticism for an accidental data breach rather than a systemic privacy design flaw. Example: if you’re up in arms over the Google Street View privacy “fiasco” of the last few days, you’re guilty of Privacy Advocacy Theater. (If you’re generally worried about Google Street View, that’s a different problem, there are real concerns there, but I’m only talking about the collection of wifi network payload data Google performed by mistake.)
I’m looking at you, EU Privacy folks, who are investigating Google over accidental data collection. Where is your investigation of Opera, which provides Opera Mini, billed as “smarter web browsing”, smarter in the sense that it relays all data, including secure connections to your bank, through Opera’s servers? We should be much more concerned about designs that inherently create privacy risk. Oh sure, it’s easy political points to harp on accidental breaches for weeks, but it doesn’t help privacy much.
I also have to be harsh with people I respect deeply, like Kim Cameron who says that Google broke two of his very nicely crafted Laws of Identity. Come on, Kim, this was accidental data collection by code that the Google Street View folks didn’t even realize was running. (I’m giving them the benefit of the doubt. If they are lying, that’s a different problem, but no one’s claiming they’re lying, as far as I know.) The Laws of Identity apply predominantly to the systems that individuals choose to use to manage their data. If anyone is breaking the Laws of Identity, it’s the wifi access points that don’t actively nudge users towards encrypting their wifi network.
Another group I deeply admire and respect is EPIC. Here, they are also guilty of Privacy Advocacy Theater: they’re asking for an investigation into Google’s accidental wifi data collection. Now, I’m not a lawyer, and I certainly wouldn’t dare argue the law with Marc Rotenberg. But using common sense here, shouldn’t intent have something to do with this? Google did not intend to collect this data, didn’t even know they had it, and didn’t make any use of it. Shouldn’t we, instead of investigating them, help them define a process, maybe with third-party auditing from folks at EPIC, that helps them catalog what data they’re collecting, what data they’re using, etc? At the very least, can we stop the press releases that make no distinction between intentional and unintentional data collection?
I’m getting worked up about this Privacy Advocacy Theater because, in the end, I believe it hurts privacy. Google is spending large amounts of time and money on this issue which is, as I’ve described previously, an inevitability in computer systems: accidental breaches happen all the time. We should be mostly commending them for revealing this flaw, and working with them to continue regular disclosure so that, with public oversight, these mistakes are discovered and addressed. Google has zero interest in making these mistakes. Slapping them on the wrist and having them feel some pain may be appropriate, but too much pain and too much focus on this non-issue is akin to a full-on criminal trial for driving 10 miles per hour over the speed limit: everyone’s doing it. Just fine them and move on. Then spend your time going after the folks who, by design, are endangering millions of users’ privacy.
There are plenty of real, systemic privacy issues: Facebook’s data sharing and privacy controls, Opera Mini’s design (tens of millions of users relaying all of their data to Opera, by design), Google’s intentional data retention practices, web-based ad networks, We have enough real issues to deal with, who needs the advocacy theater?
Re:Privacy Advocacy Theater (Score:4, Insightful)
I thought you said "a little!"
Re: (Score:2)
intention or accident, it's a problem (Score:2)
When things get so big, I don't trust them at all.
You want some control, you've got to keep it small.
Hey.
Re: (Score:2)
Way to prevent what from becoming a real issue? The (extremely long) post points out the the threat to privacy already IS a real issue.
The problem is that instead of addressing active, ongoing, real threats to privacy, such as ISPs collecting all of your communications and sharing it freely with who knows which governments, government organizations, or commercial entities, the "privacy police" are making a big show of jumping an instance of a company who is extremely cooperative with the investigation and w
Should be (Score:4, Interesting)
Re: (Score:2)
In the US, at least, falsely accusing people is a major source of income for lawyers, newspapers, TV stations, politicians,... If you shut this line of income down and lock them up, you'd double the prison population in days.
Re: (Score:3, Insightful)
See, now, this is what I don't get: Google published this, probably after their own lawyers got a look at it, and knowing full well that people were chumming the waters for legal cases. They didn't try to hide anything, and they aren't trying to deceive anyone.
And yet, the vibe I get from their opposition isn't, "we're going to slap you on the wrist for this little unintentional crime you're completely honest about." It's more like, "This prove you're a criminal of the worst kind and deserves to have the
Re: (Score:2)
Much Ado About Nothing (Score:5, Insightful)
I made a comment a few weeks ago about people not understanding the concept of radio. People go to great expense and effort to throw their signal and information as widely as possible, and then complain when that happens. It's like people who don't want to be photographed in public.
I encrypt my wireless network, because I only want people I approve to access it. As a technically savvy individual, I use strong encryption. But ethically and (I think) legally, even if I were to use the embarrassingly-weak WEP, my intent to encrypt would be unmistakable.
WPA2/other strong encryption is like locking your house with a deadbolt and putting up an alarm. It takes a lot of work to get in.
WEP is like locking your screen door - it means 'don't come in' and while it's trivial to do so, you can't claim you thought it was OK
Unencrypted means 'come in, we have cookies!'. For things like coffee-shop hotspots, this is exactly the intent. For lazy homeowners, this is probably not what they want.
I have no sympathy for our lazy homeowners who don't want to take the time to understand exactly what that magic box does, and now are mad at Google. Admittedly, it's governments who are pursuing this, but it's tantamount to punishing someone who took a free sample from a grocery store.
tl;dr - unencrypted networks are implicit invitations to do whatever you want.
Re: (Score:2)
Unencrypted means 'come in, we have cookies!'. For things like coffee-shop hotspots, this is exactly the intent. For lazy homeowners, this is probably not what they want.
Not quite. Being in your own home still has some implication of privacy (the four walls do that). Having unencrypted wifi is more like standing outside your front door on your porch and expecting people not to look at what you're doing there.
Re: (Score:2)
In this day and age of wardriving, wifi sniffers and even your bog-standard network mappers, it's not simply standing out on the porch. It's sticking a bloody great 30' neon sign over said porch saying "look this way".
Re: (Score:2, Interesting)
I don't care if people photograph street with me in it. I can turn away. I do care when they photograph me in the street. It depends on purpose of photographing.
Re: (Score:2)
What do you do when you go up to an ATM? There's a security camera taking pictures of you.
What about if you're walking past someone who is at the ATM and it takes a picture of you?
I'm not saying that you should want your picture taken in public. But I am saying that it isn't illegal. I'm sure there are lots of celebrities who wish it was.
Re: (Score:2)
Here's the gray area. You and I would both agree that users of unencrypted wifi networks should understand all of the security and privacy implications. What's not so clear is whether they should be expected to understand the basic technologies (to include authorization and encryption algorithms) behind wireless networks.
I argue that they shouldn't. I place muc
Well, it's not a popular view ... (Score:3, Interesting)
Mod me into oblivion, but I don't get how you can have a privacy interest in data that you are transmitting unencrypted. This is not just like leaving a door unlocked or a window un-blinded (which is inaction), there is a positive action of transmitting that information in such a way that anyone can read it. Calling this unauthorized access is really bizarre -- it's like saying I eavesdrop on my neighbors when they get drunk and start yelling very loudly at each other. Is it too much to ask that if you want to keep something private you ought to refrain from actively broadcasting it to the world? To be clear, I'm not talking about inferring a lack of a right from inaction (not locking your door is not an excuse for thieves) -- only conscious actions.
Google might yet make a public service of this and send out a postcard to these addresses explaining that they have chosen to make their internet usage public and they might do well to revisit their wireless setup. Of course, normatively they should probably discard any private data they collected just as matter of decency but that's not the same as saying they should be required to by some novel notion of privacy that extends to private information even when the rightful owner has willingly made it public.
[ Also, an aside, it's 2010! Who still uses an email client that's not https (web) or SSL (pop/imap/exchange)? GMail certainly is https (all of it, not just the login). ]
Re: (Score:2)
Re: (Score:2)
I like the postcard idea (though impractical in densely populated areas) and completely agree with discarding the collected data. And the "positive action of transmitting" argument is an interesting one repeated many times in this and other privacy articles, so no modding down is warranted.
I do have questions on how I'm not sure I'd agree with this notion:
Is there any importance to the fact that protecting one's privacy is a far more technically complex (and modern) problem than locking one's door? And is
Lack of public awareness (Score:2)
there is a positive action of transmitting that information in such a way that anyone can read it. Calling this unauthorized access is really bizarre -- it's like saying I eavesdrop on my neighbors when they get drunk and start yelling very loudly at each other
Yes. And at least Google should be thanked for bringing public awareness for this problem.
Also, an aside, it's 2010! Who still uses an email client that's not https (web) or SSL (pop/imap/exchange)? GMail certainly is https (all of it, not just the login). ]
Well, most of the non-technically minded people.
Although most web-based interfaces now are HTTPS based (or feature massively huge warning banners at the log-in screen of their HTTP version giving people advices to switch their bookmakrs), lots of mail clients use plain POP / IMAP by default. And I've seen lots of institution which don't advise their users to turn encryption on.
The Thunderbird "Add account" wizard is th
Re: (Score:2)
Mod me into oblivion, but I don't get how you can have a privacy interest in data that you are transmitting unencrypted.
The privacy of unencrypted private radio communication has been legally protected in the states for the better part of 100 years. [Radio Act Of 1927]
Re: (Score:2)
Everything is correct, but in this case also reconrding is not passive. They set up the equipment to record the packets, my computer does not record packets of unencrypted networks unless I tell it to do so.
It also probably doesn't listen for WiFi packets unless you tell it to do so either. That's not what being passive is about. The issue is whether you're having to induce behavior or interact with a network to get this information. That is, those packets are being transmitted whether you're there to record them or not. Tricking the system to provide traffic or joining the network in order to see traffic would be interactive.
Jealousy (Score:3, Insightful)
The reason why these government bodies are going after Google is because Google did by accident what these bodies never imagined they could do.
And now that people have been made aware of this by Google's slip up the government cannot pull the same trick (any time soon).
Re: (Score:2)
More like Google did by accident what these bodies do regularly for the sole purpose and stated intent of violating their citizens privacy. For example this London based privacy group calling Google a criminal for accidental eavesdropping which Google completely came clean about. When they should be focused on the real privacy issues of full body scanners in airports and the thousands of CCTV cameras all over England.
I mean I realize they are just making hay with this to get some free publicity and maybe ge
Browser history? (Score:2)
Re: (Score:2)
Re: (Score:2)
Not quite the same as "browser history" which normally just resides on the local disk and is intended for local consumption. Referral links aren't exactly history.
Re: (Score:2)
Re: (Score:2)
Slashdot doesn't really get it (Score:2)
Re: (Score:2)
For a company that proclaims 'Do No Evil', sure seems a bit on the evil side guy.
You're under the assumption that a) They are lying b) This a malicious attempt and c) The engineers at Google are a pretty evil bunch.
I would find it rather odd that in a company with such a strong worded motto an order would come from high above to do something that would completely contradict it, and everybody involved would just happily go along with it without so much as a murmur to the press.
Re: (Score:2)
It's more likely that they just have agreed to a different definition of evil then the rest of the world.
Re: (Score:2)
It's more likely that they just have agreed to a different definition of evil then the rest of the world.
Yes, they must agree this during some rite of passage, perhaps during their employee induction day: Fill in some forms, get an ID card, suck a virgin dry....
Re: (Score:2)
What is it they say about law and ignorance again?
Re: (Score:2)
My parents have absolutely no fucking clue if what they transmit across there WiFi is secure or not. They assume it is, but as long as the website opens up they are blissful and ignorant to it.
Right there is the problem. Blissful and ignorant is their choice and their problem. Did you even mention to them that Wi-Fi is notoriously insecure and not very private unless you really try? Maybe they would not be so ignorant then. But that would mean they ask you to make sure they are secure, and you wouldn't want the extra work, would you?
The ultimate lesson in all of this? Don't dabble in magic if you aren't prepared to understand it.
Re: (Score:2)
Let's compare the locked door/unlocked door analogy to collecting WiFi data. My parents know if there doors are locked or not unlocked. They have absolutely no fucking clue if what they transmit across there WiFi is secure or not. They assume it is, but as long as the website opens up they are blissful and ignorant to it. I'd be willing to bet that a huge majority of majority of people are in this boat. What makes what Google is doing so bad is they are driving around exploiting this. Is it illegal? I don't know. Is it morally questionable? Certainly. For a company that proclaims 'Do No Evil', sure seems a bit on the evil side guy.
You might have a point if you can demonstrate that Google has been indexing personal data gleened from traffic captures. But I haven't seen anything that indicates that the traffic isn't simply a byproduct of their real intent - indexing wireless access points (I've done the exact same thing indexing sites using Kismet with default configs). I'd have a hard time seeing anything threatening in listing the SID and location of my WAP.
And to be clear - I get it. Yes - people were clueless. Yes - people are
Looks like they just saved header info (Score:2)
FTFA: "Subsequently, when the remainder of the frame is written to disk, its body is not recorded"
So, basically, google drove around in the street-mobile and saved mac, ip, and ssid info - big deal. Let's waste US legal system time on something more pressing.
A useless distinction (Score:2)
Props to Google (Score:2)
Gotta give some props to Google and their "Don't be Evil".
They could have tried to sweep this under the rug, pay people off, and play politics as usual. Instead, they have fully released all of the information, encouraging multiple countries to investigate them.
They could have used multiple underhanded moves to prevent this kind of investigation, but they didn't.
Good Job, Google.
This is the crux, from the PDF: (Score:2)
5. While gslite parses the header information from all wireless networks, it does not attempt
to parse the body of any wireless data packets. The body of wireless data packets is where user-
created content, such as e-mails or file transfers, or evidence of user activity, such as Internet
browsing, may be found. While running in memory, gslite permanently drops the bodies of all
data traffic transmitted over encrypted wireless networks. The gslite program does write to a hard
drive the bodies of wireless data packets from unencrypted networks. However, it does not
attempt to analyze or parse that data.
Doesn't seem illegal to me, but maybe Germany is stupid about radio signals?
-molo
This is so incedibly wrong (Score:2)
This is so incedibly wrong...
IF you sent such these informations (OR ANY OTHER) over an unencrypted WLAN (i.e. everybody can read all your data all the time and you're among the stupidest 2.6% of the population) exactly in the second when the google car passed by, then they stored the RAW PACKETS, which MIGHT include some E-Mail addresses (the ones used in the current mails, not your whole addressbook) or URLs that you are requesting right in
This summary is terrible!!! (Score:2)
What a terrible summary.
Here's what the article said:
The process also captures wireless data packets, which can include personal information like e-mails and browser history
This by itself was hysterical silliness. Browser history? Why would you transmit your browser history across the internet? You might as well have said it could include nuclear launch codes. It's theoretically possible, but just as unlikely. At least the article then goes on to indicate that while that sort of data *could* have been in the packets, Google wasn't parsing them.
The Slashdot summary on the other hand is written in a way that makes it sound
You can see the effect of this on an Android phone (Score:2)
For some time now I've noticed that the My Location radius in Google Maps for Android gets much smaller when you are in signal range of an open wireless access point. (Assuming you don't have GPS on.) Android / Maps seems to use three different RF methods of location. 1, cell towers, 2, WiFi APs, 3, GPS. (Turn off WiFi and a medium radius will revert to the typical .5-2km cell tower radius.)
There is an interesting side effect to this. I moved last November and naturally took my WiFi access point with me. I
Re: (Score:3, Interesting)
Just curious, what jurisdiction, and what laws were broken, and are those laws punishable by jail time?
Re: (Score:2)
Just curious, what jurisdiction, and what laws were broken, and are those laws punishable by jail time?
In most European jurisdictions, probably. In the UK, it probably counts as an unlawful intercept under RIPA. Yes, you can get two years for it.
Re:Parsed and stored? (Score:4, Insightful)
Re: (Score:2)
By the FCC's rules, you can receive any unencrypted data that you want
If this is specific to WiFi, then true. If to radio signals in general, not true.
Re: (Score:2)
That is probably not correct. I am not a lawyer, but the following seems to contradict your opinion:
Electronic Communications Privacy Act
The Electronic Communications Privacy Act (ECPA) sets out the provisions for access, use, disclosure, interception and privacy protections of electronic communications.
Re: (Score:2)
Not if it is in the frequency range used by cell phones. That's a paddling.
Not that anybody does that in the clear any more.
Re: (Score:2)
Re: (Score:2)
If their definition of access did not require inbound communication to the network, then that's a can of worms. You could argue that ALL electronic devices would then be illegal access to a computer network. Turn on your radio. It'll receive the WIFI signal on its antenna (Sure, it'll never get past
Re: (Score:2)
That's like saying that rape is allowed because of a lack of a chastity belt. Just because there are not security methods in place doesn't mean that you're authorized.
Oh please. If you're going to pull an analogy out of that dark place where the sun doesn't shine, at least try to come up with one that's even remotely applicable.
This is more like parking your car on a public road just outside the drive-in movie theater where you can see the screen and tuning your radio to receive the audio. The owners may not *want* you to do so, but if they have taken no measures to block the view or limit the signal they are broadcasting over the radio waves, enjoying the show from a
Re: (Score:2)
Well, I don't think that would work. That's like saying that rape is allowed because of a lack of a chastity belt. Just because there are not security methods in place doesn't mean that you're authorized.
No. It's more like saying intercourse isn't rape if the accusing party did not fight back. If you didn't take any measures to prevent it from happening, and you were not otherwise coerced to prevent action, you were obviously OK with it at the time. You can't change your mind after the fact. As the saying goes, 'Ignorance of the law is not a defense.'
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
What was parsed and stored was the Mac Address and SSIDs of the network. When you turn on your Laptop or iPhone and see a list of networks that are available for you to join, that list is their SSIDs and though you cannot see them, includes their MAC addresses.
See, without you doing anything, your laptop/iphone just PARSED AND STORED a list of Mac addresses and SSID's.
I'm sorry man. You're going to jail. I mean, you broke the law. You parsed and stored publicly broadcast announcement packets. Nevermind
Re: (Score:3, Interesting)
I condemn groups like Privacy International for using Google's screwup as a cheap PR resource to promote themselves. You want to claim that it was intentional, prove it in the court! Where's the libel law when you need it?
Re: (Score:2)
It must be a geek thing but I don't get what the problem is here.
Of course, it's a geek thing.
Wireless networking is sold as a mass market consumer product to users who are not comfortable with changing the factory defaults or straying one step beyond the automated set-up routine.
Wireless networking is sold to users who do not assume eavesdropping is a normal, everyday - morally acceptable - practice:
"See no evil, hear no evil, speak no evil, do no evil."
Re: (Score:2)