Why Google's Wi-Fi Payload Collection Was Inadvertent 267
Reader Lauren Weinstein found a blog post that gives a good, fairly technical explanation of why Google's collection of Wi-Fi payload data was incidental, and why it's easy to collect Wi-Fi payload data accidentally in the course of mapping Wi-Fi access points. "Although some people are suspicious of their explanation, Google is almost certainly telling the truth when it claims it was an accident. The technology for Wi-Fi scanning means it's easy to inadvertently capture too much information, and be unaware of it. ... It's really easy to protect your data: simply turn on WPA. This completely stops Google (or anybody else) from spying on your private data. ... Laws against this won't stop the bad guys (hackers). They will only unfairly punish good guys (like Google) whenever they make a mistake. ... [A]nybody who has experience in Wi-Fi mapping would believe Google. Data packets help Google find more access-points and triangulate them, yet the payload of the packets do nothing useful for Google because they are only fragments."
Well duh (Score:5, Insightful)
Of course it was accidental, after all, their corporate slogan is "Do no evil". Obviously they wouldn't do anything that would be evil.
Re: (Score:3, Insightful)
Thats just externally. Internally their slogan is "Do what you want until it threatens to make our image worse than the competition".
Admittedly with their main competition being Microsoft they could screw up seriously badly and still be a thousand times 'holier' than
Microsoft & Steve Beelzeballmer. The only other competition they have is Apple and they have no chance of competing in terms of
loyalty/fanboyism. Google has a fan club, Apple has a following.
Its not that Google are any better than anyone els
Re:Well duh (Score:4, Interesting)
Its not that Google are any better than anyone else
I would argue that; whether for PR reasons, technical reasons, or other, most of google's offerings are open in some way or other-- Gmail, for example, seems to be the only major email provider that does not restrict auto-forwarding, or client access, or contact export, or anything else. Yahoo, MS, and AOL all have some form of lock-in.
So forgive me if I tend to cut them rather more slack than MS or AOL; the best thing about google is that if they ever become the Super Boogeyman, I can just pick up my data and leave.
Re: (Score:3, Insightful)
I agree that Google is the lesser of all the available evils. That just goes to show you how fucked up the choices are. Then again, any public corporation is beholden to make each quarter look better than the last, and money is not only the first priority, but #2, #3 and often #4 as well. Protecting consumer privacy is pretty low on that list.
Re:Well duh (Score:5, Insightful)
Just see it this way - it's sometimes easier to log every information available when collecting the data and then filter out the interesting parts later. Especially when it's in the prototype state. And suddenly a prototype goes into production just because it works good enough.
Re: (Score:3, Interesting)
Just see it this way - it's sometimes easier to log every information available when collecting the data and then filter out the interesting parts later. Especially when it's in the prototype state. And suddenly a prototype goes into production just because it works good enough.
Yeah, right. Why not use this to justify the Sony rootkit too: "It's easier to just root the PC when preventing unauthorized action being done to the CD. And suddenly a prototype goes into production just because it works good enough."
Do you buy that?
No, the truth is people are defending Google not because it make sense, but because they want to believe Google is the good guy. This is no different from Creationists wanting to believe their idea in face of opposing evidence, it's only matter of degree.
Re: (Score:3, Interesting)
the truth is people are defending Google not because it make sense, but because they want to believe Google is the good guy.
Truer words were never spoken. We need good guys, and will invent them if necessary. All of our historic "legends" were likely nothing like the myths that surrounded them, and some were outright asshats. In popular culture (Star Trek specifically), I love how Zephram Cochrane [wikipedia.org] was actually just trying to get rich when he came up with the warp drive, there was no "higher calling" to
Re: (Score:2)
Re: (Score:3, Informative)
Inadvertent Or Not ... (Score:4, Insightful)
If I accidentally run over someone with my car because I wasn't paying attention to what I was doing, it doesn't absolve me of the liability - even if that old lady had it coming, er, was jaywalking.
Re:Inadvertent Or Not ... (Score:4, Insightful)
You are correct, but that assumes the law makes sense in the first place. While Google may have broken a law, it's better to ask about (and get changed) laws that should not exist (or only exist to make politicians feel as if they are accomplishing something).
Re: (Score:3, Informative)
So you say a law making it illegal to capture, store and distribute personal data is bogus? Because that is the German version of the law you just attacked. You know, that law also makes it illegal to scrape websites and build a database of mail-addresses to spam. It makes it illegal for merchants to collect data from their customers and sell it behind their back. It makes it illegal to combine data from multiple sources to create a profile. It even is forcing some of the data collection companies to open t
Re: (Score:2)
So you say a law making it illegal to capture, store and distribute personal data is bogus
That depends on how you define the words "personal" and "data". If I copy down 2 digits from your credit card number, I've "captured" your "personal data", but there's dick-all I can do with it. Likewise, if I copy down your full name and address from the phone book, I've "captured" a chunk of your "personal data" which may actually be useful, but did I do anything wrong?
Re:Inadvertent Or Not ... (Score:5, Interesting)
It may well be that one day I paid with my c/c and you noted first two digits. Indeed nothing you can do with them. Next day I again paid with my c/c and you noted next two digits. Now it makes four. Next day ... [repeat until the logical end.] This is how you can get my entire c/c record. Any single observation is useless; but when combined they are very much useful.
Yep, which would require a concerted effort to gather the required data, not just a single drive-by capture of a small portion of your CC number. If I came back enough times, then yes, I could get the info, but why would I bother? If I were interested in your CC, I'd just copy down the whole damn thing the first time.
Anyway, if google wanted access to the data you were sending back-and-forth between your computer and router, it'd be pretty pointless for them to go grab a few dozen packets every couple weeks since the data is unlikely to be related. It would be like me coming over to your house every few weeks, writing down 2 numbers from a random document that you have lying around, and hoping to eventually construct a CC number from the jumble I've gathered. The CC analogy is a fun one, but doesn't really reflect the situation.
The society instead decided to prohibit all intercepts since they have hardly any social advantages to begin with.
If that were true, I could go to jail every time windows picks up a new access point.
Besides, there is an easy way to have an unlisted phone number.
There is an easy way to encrypt your packets.
Re:Inadvertent Or Not ... (Score:4, Informative)
distribute personal data
It is important to note that Google didn't distribute the data. Nobody is even suggesting that (I know, not even you). People are behaving as if Google published this data on Street View - "here are the packets you can find 101 Johnson st!". As far as we know (and as Google has stated) they did not ever even look at this data.
If there's a law against only storing such data it almost runs into philosophy - is something stored if it is never accessed? Is just the potential to access it enough, even if they never do? (does a tree falling in a wood make a sound if nobody is there to hear it?). If just the potential to access it is enough then we're all guilty because we all have the "potential" to access the open Wifi networks in the first place.
Re: (Score:3, Interesting)
Is something stored if it is never accessed?
Imagine that you had some inconvenient photos, and if those photos are "accessed" your political career will end. Someone stole the photos. But they called you to assure that those photos will be never accessed. Will that be as good as if you personally destroyed all media those photos were on?
If just the potential to access it is enough then we're all guilty because we all have the "potential" to access the open Wifi networks in the first place.
I can't ima
Re:Inadvertent Or Not ... (Score:5, Insightful)
They may have broken the letter of the law, but almost positively not the spirit. In any case, the law is seriously flawed if it prevents Google's activity. And here's why:
People were going to great lengths to literally broadcast the information into the car. How the hell can Google be held responsible for hearing it? If you put 50kW of The Office into my house from a hundred miles away, how is it illegal for me to watch it? And I know it's not illegal for me to record it.
You don't *need* any analogies for this situation - IT'S A BROADCAST. They're all radio waves. Everybody understands FM, AM, TV broadcasts and would think it absolutely ridiculous for a broadcaster to get all up in arms about somebody receiving it. That's what WiFi is, but with somewhat less power, so it comes up less often.
Can everybody PLEASE stop using analogies? They only serve to cloud the issue, and everybody already understands radio. It's a matter of making it clear to everybody that WiFi is radio.
Re:Inadvertent Or Not ... (Score:5, Funny)
You don't *need* any analogies for this situation - IT'S A BROADCAST. They're all radio waves. Everybody understands FM, AM, TV broadcasts and would think it absolutely ridiculous for a broadcaster to get all up in arms about somebody receiving it. That's what WiFi is, but with somewhat less power, so it comes up less often.
Can everybody PLEASE stop using analogies? They only serve to cloud the issue, and everybody already understands radio. It's a matter of making it clear to everybody that WiFi is radio.
So you're saying I should have used a radio controlled car analogy? OK, but I've never used one of those to run over an old lady before.
Re: (Score:2)
In any case, the law is seriously flawed if it prevents Google's activity. And here's why:
People were going to great lengths to literally broadcast the information into the car. How the hell can Google be held responsible for hearing it?
Because Google went to equally "great lengths" to receive the data, and store it.
Re:Inadvertent Or Not ... (Score:4, Interesting)
People go to greater lengths than Google did to receive TV broadcasts, such as from outside the usual service area. It's a whole hobby - see http://en.wikipedia.org/wiki/TV_and_FM_DX [wikipedia.org]
This is a case of people of people who purchased a product to send and receive information to all computers in a particular radius, and are then upset when Google finds itself inside that radius and receives the information it's being sent. That's not exactly 'great lengths'.
Re: (Score:2)
Before the age of digital tuners in stereos, I can recall carefully adjusting the tuner knob so that the tape I was recording would have less static.
Shame on me.
Re: (Score:3, Interesting)
IT'S A BROADCAST
Other than radio, it is an addressed broadcast. See, every packet has a destination written on it. That makes the argument a little more interesting. It is more like a postcard - yes, you can read it (no encryption), but it has an address. The law considers postcards to be covered by the telecommunications privacy regulations.
Re:Inadvertent Or Not ... (Score:4, Informative)
It is more like a postcard - yes, you can read it (no encryption), but it has an address.
... except for the broadcast packets.
Re: (Score:3, Informative)
Which don't contain e-mail addresses, passwords and HTTP traffic, which this was all about, so your argument is what, exactly?
Re: (Score:3, Insightful)
If you stand on the street shouting your home telephone number, don't be surprised if someone phones it.
Re:Inadvertent Or Not ... (Score:4, Informative)
At best it's more like a public bulletin board in your neighborhood. You write the name of the intended recipient on the postcard, and pin it to the board. There are no magic RF fairies that deliver your 802.11 packets only to the intended recipients.
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
I do not understand this argument. How is your data private if its sitting out in open air?
We're talking about electro-magnetic waves here, right?
Light is electro-magnetic waves. So what you're saying is that anyone looking into my private house can not possibly ever violate my privacy, because I was "broadcasting" it into open air, right? I could close the curtains, after all.
While that is true (closing the curtains), the reverse is not. Just because I did not close the curtains does not automatically mean you can point a camera at my bedroom and that's ok.
I don't know if geeks just don't get it
Re: (Score:3, Insightful)
The law considers postcards to be covered by the telecommunications privacy regulations.
So Google action's here are similar to looking at the receiver and sender addresses, and the postage stamp on the postcard, and reading a few words of the card in the process. Don't tell me that postal workers won't inadvertently catch a word or two of someone's postcard when reading the public information of the addresses?
Re: (Score:3, Insightful)
So Google action's here are similar to looking at the receiver and sender addresses, and the postage stamp on the postcard, and reading a few words of the card in the process. Don't tell me that postal workers won't inadvertently catch a word or two of someone's postcard when reading the public information of the addresses?
Postal workers do not save a copy of it, and they don't save copies of thousands and thousands of postcard texts. I'm pretty sure that if one of them did, he would be in just as much trouble.
So we agree, I assume?
Re: (Score:3, Informative)
Google isn't being held responsible for hearing it - Google is being held responsible for storing and indexing it.
You don't even understand what the issue is - you shouldn't be lecturing other people.
Re:Inadvertent Or Not ... (Score:4, Interesting)
Inadvertent or not Google broke laws in some countries. Accidentally breaking the law doesn't eliminate responsibility or culpability - even if people shouldn't have left their WiFi unsecured. If I accidentally run over someone with my car because I wasn't paying attention to what I was doing, it doesn't absolve me of the liability - even if that old lady had it coming, er, was jaywalking.
Not necessarily. If a law in a country is based on strict liability then you are probably correct because strict liability does not require a "guilty state of mind." For example, statutory rape in the U.S. is generally a strict liability crime (e.g. it wouldn't necessarily help Adam if he truly believed that Eve was of legal age if in reality she's a minor because state of mind isn't a factor for strict liability crimes).
However, strict liability isn't the only level of culpability; in the U.S. the other levels are negligently, recklessly, knowingly, and purposefully. To use your driving example: if somebody were driving negligently (shown by not paying attention) and hit an old lady who is jaywalking it is a very different matter than if he is driving recklessly (shown by steering with his feet) or purposefully (shown by keeping a tally on his website of how many old ladies he has run over). If the jaywalking old lady is killed, this distinction may mean the difference between manslaughter and murder.
To apply these culpability levels to the issue at hand it will be necessary to look to the statutes themselves; if the statute defines "illegal data collection" as being an act that is done purposefully, then negligence may not rise to that level. If it is determined that an error in Google's code is the reason behind the data collection and that the presence of the error in the code is due to negligence on the part of Google then it's entirely possible that no law was broken.
Re: (Score:2)
Inadvertent or not Google broke laws in some countries. Accidentally breaking the law doesn't eliminate responsibility or culpability - even if people shouldn't have left their WiFi unsecured. If I accidentally run over someone with my car because I wasn't paying attention to what I was doing, it doesn't absolve me of the liability - even if that old lady had it coming, er, was jaywalking.
Actually, it does change things to some extent. Manslaughter becomes murder (didnt see the old lady, or saw her and ran her down intentionally). Same applies here in a similar fashion. Illegal? Yes. As illegal as if it was done intentionally? No, probably not (if these countries' laws are similar to US ones).
Re: (Score:2)
Intent does make a big difference in the law. If you run someone over because you were negligent you are responsible for manslaughter. If you ran the same person over on purpose you are responsible for the much more serious crime of murder.
Re: (Score:2)
The law is not nearly as simplistic as you make it sound. Some laws require mens rea. Some laws are strict liability. Some laws require specific intent. I can't say I'm knowledgeable of the situation with the laws that Google violated, but they may be guilty of anything depending of how the law is actually written.
I'd suggest that you search for some of the terms above and read up.
Re: (Score:2)
The difference between that and accidentally storing useless bits of data is obvious.
This is /. and I was required to use a car analogy. I could have just as easily said "If I find an iPhone prototype and use the personal information in it to accidentally steal someone's identity, it doesn't absolve me of the liability - even if that old lady had it coming, er, left her iPhone behind in that bar."
Re: (Score:2, Interesting)
This is /. and I was required to use a car analogy. I could have just as easily said "If I find an iPhone prototype and use the personal information in it to accidentally steal someone's identity, it doesn't absolve me of the liability - even if that old lady had it coming, er, left her iPhone behind in that bar."
Nonsense. Maybe you should come up with an analogy that doesn't involve anything being damaged, destroyed, killed, or harmed in any way, and with the action being invisible to the supposed victim.
Common sense. (Score:2)
No privacy laws is somehow better?? (Score:4, Insightful)
Re: (Score:3, Insightful)
I don't think Google are the good guys, but I don't agree with criminalizing passive recording of stuff people are *broadcasting* (yes, that's what APs do).
It's like walking around naked and complaining people are seeing your private parts.
Re:No privacy laws is somehow better?? (Score:4, Insightful)
Re: (Score:2)
What if you're recording a movie, and a naked person walks past the spot you're recording, and you accidentally record it, so you apologize and offer to delete what you've recorded, and then five governments intervene?
Re: (Score:3, Interesting)
No. Passing scanning/sniffing means they were only receiving packets, not sending. An example is if you're trying to get an hidden SSID: you can either passively wait for a computer to connect to the AP to capture the SSID, or you can actively send "disconnect packets" to force c
Re: (Score:2)
Bogus argument (Score:4, Informative)
The argument is that capturing data packets is useful to find the SSID of access points which send beacon frames with blank SSID field or where only a client is within range but not the access point itself. That argument is bogus. The mobile devices which will later use the mapped SSIDs and BSSIDs to calculate their own position do not see anything but the beacon frames. It is therefore entirely sufficient to capture just the beacon frames.
There is a legitimate argument that Google was just lazy (or "scientific") by capturing everything they can get in the field and analyzing later. There is however no technical reason for this and we should not make one up to defend Google.
Re: (Score:2)
Yes the argument reads like BS to me:
The problem with NetStumbler is that while it's easy to use, it isn't comprehensive. It doesn't capture the raw signals from access-points, but instead relies upon the underlying operating system (Windows) to do the work for it. A lot of information is lost in the process. In order to comprehensively map access-points, you need to capture the raw wifi signals and packets, such as through a "packet-sniffer".
They seem to be claiming that you need a packet sniffer to bypass the operating system. They give the example of how it works in Windows, which I doubt google are using. In practice they would most likely run linux with a hacked wifi card driver which captures the information they want in the way they want.
Comment removed (Score:3, Insightful)
Re:I honestly don't understand the fuss (Score:5, Insightful)
There's a very sensitive infrared camera and microphone outside your house right now, and we're disturbed by your interactions with your plushie. In the spirit of blind justice, I'm going to upload to /b/ and let the People decide.
If you broadcast your movements via radio (and air movements), why on earth would you expect anyone to consider it private?
A thick Faraday cage. If you need it, use it.
Re: (Score:2)
That is an entirely stupid analogy, since people have obvious reasons to expect privacy when behind their own walls. On the other hand, no one broadcasting unscrambled and unencrypted radio has any reason to expect privacy.
If I pick up my FRS radio and start talking to a friend on it, should I have any expectation that no one else is listening? Of course not. It's an open system transmitting in the clear for which transceivers are available at pretty much every store with an electronics section. How is
Re: (Score:3, Insightful)
That is an entirely stupid analogy, since people have obvious reasons to expect privacy when behind their own walls. On the other hand, no one broadcasting unscrambled and unencrypted radio has any reason to expect privacy.
We're comparing people sending out unencrypted infra-red e-m waves while behind their own walls to people sending out unencrypted microwave e-m waves while behind their own walls. Unless wavelength is philosophically important in your argument, I'd say the analogy is fairly sound.
If you want privacy, even WEP is enough to be legally sufficient
In what rational way can a transmission be of "legally sufficient" format for no-one to be allowed to snoop? This sounds like a daft DMCA-style confounding of social and technical problems. My reasonable expectation is that you don
Re: (Score:3, Informative)
The obvious difference being I radiate infrared light incidentally.
What does "incidentally" mean? It is not your intention to broadcast infrared outside your property for others to pick up? Well, guess what, it's not Joe Public's intention to broadcast his wifi data outside his property for others to pick up either. It's just incidental to the science behind radio.
I can't stop from doing so
A sufficiently thick wall of the appropriate material would do the job.
and unless I have some scientific background, chances are I don't even know that I'm doing so.
And unless you have some technical background, chances are you don't know much about what that flashing wireless router is doing either.
It is very different from me making an active attempt to make a radio broadcast using specialized equipment.
Since
Re: (Score:3, Insightful)
Everyone knows that the radio signals they use reach farther than their house
Do they? Does everyone know the nature of radio? Is it self-evident that encryption means more than joining your laptop with your base station? IOW, why should it even be obvious that the laws of physics permit someone to pick up someone else's payload - maybe there's something about radio which means you have to pair the receiver/transmitter in a particular way? We know this isn't so, but you lack imagination to imply that it's obvious - you need to either understand some principles of radio or to be told.
Re: (Score:2)
If you're broadcast your data via radio, why on earth would you expect anyone to consider it private?
The expectation of privacy can be legally defined.
In the US, The Radio Act of 1927 made a clear distinction between public broadcast and private networks and services.
Things like marine radio. Police and fire services.
Subscription radio.
The decision was made that these evolving technologies and services were too valuable to the community to be casually subverted by an eavesdropper.
There would be rules again
A little too easy (Score:4, Insightful)
The good guys? (Score:2, Insightful)
Re:The good guys? (Score:5, Interesting)
Whether or not they are the good guys, laws that attempt to contravene physics are a bad idea. If the packets had been encrypted, it wouldn't have mattered that Google captured them--without the key, they're just noise. You could pass a law saying that capturing packets broadcast without encryption is illegal, or you could pass a law saying that if you want your packets to be private, you should encrypt them, and if you don't encrypt them, you have no expectation of privacy. Which of these two laws do you honestly think makes the most sense?
Normally wiretapping involves a deliberate act of bypassing some kind of lock, if only the lock on the box that contains the wires. Here there was no lock, and the packets were hitting the antenna without any special effort on Google's part, and Google did have a legitimate purpose in putting up the antenna and listening for packets. Yes, they got more packets than their legitimate purpose required. Maybe they did so deliberately, although I can't see any reason why that would have been useful to them. But making it illegal is a really expensive way to solve the problem, and it doesn't solve the fundamental problem, which is that people are sending their personal information over the network in the clear.
Re: (Score:3, Insightful)
No, there's a big difference. If I steal your bike, you don't have it. If I receive what you transmit with your radio, you haven't lost anything. You didn't have any privacy, because you were broadcasting your packet, so you haven't lost your privacy.
This is more like if you get the word "loser" tattooed on your forehead, and then you demand that the government pass a law that says that not only can nobody take pictures of you that show the tattoo, and not only can they not comment on it, but they are
Re: (Score:3, Insightful)
The Google car *was* in a public place: the road. And what it did was much more equivalent to just shooting a picture that happened to have your face in it than deliberately shooting a portrait of you without your consent.
As for "personal data", how is Google to know that data you've broadcasted for all to see is personal?
If you don't want people to see your data, don't broadcast it.
Re: (Score:2)
Yes because hackers use the data for personal gain, while google.. oh, wait.
inadvertent to collect, but not to keep (Score:3, Insightful)
My concern with what Google, and many other firms, are doing is that they are dedicated huge amounts of resources to collected huge amount of data on people. As profit making entities, these firms must at some point monetize this data to get a return on investment. Therefore, if google is keeping data other than basic acces point information, then they must be planning to do something with it.
Re: (Score:2)
"It may be inadvertent to collect, but keeping it requires a conscious and deliberate effort to allocate resources."
Usually, deleting some stuff is much more difficult than retaining everything, simply because it requires you to figure out what to delete and what to keep. Storage is cheap. Just saying.
Re: (Score:2)
I seem to recall that when Google provided some governments with the data they'd accidentally collected, it fit on less than a DVD. As an ex-Googler, that amount of data was absolutely irrelevant three years ago - I used ten times that much for scratch space for personal projects. I can't imagine it's somehow gotten [i]more[/i] important.
While I agree Google did nothing wrong... (Score:2)
And that the people should have been using WPA if they wanted a private network, and DEFINITELY HTTPS for passwords and such if they didn't mind opening their network...
Despite that, Google should have had more sense.
Why, if they only needed packet headers, did they not wipe the packet contents before saving 'em?
Seems like a simple and obvious thing to do to prevent possible future action against them.
I trust Google on this one. (Score:2, Interesting)
volume, people! (Score:2)
Yes, I'm sure it's easy to accidentally capture a few more packets than you thought.
It's probably only a little bit less easy to also accidentally store the whole packets on your harddrive, instead of just the bits you care about.
But once you have several frigging drives full of the stuff, you ought to notice, don't you think?
The defense rests. Oh no wait... what about this? (Score:2)
Re: (Score:3, Interesting)
Nothing explains why they stored the data so far. Recording names of access points? Okay. Recording locations of access points? Mmmmaybe. Recording data retrieved by connecting to unsecured access points? No. How can that data be used for any honest purpose? And let's be clear about this: collecting and storing data is an act directed by software which was written by a person or persons who were acting under direction ostensibly by specification. You find those specifications and directors and you w
Re:So? (Score:5, Informative)
Despite what everyone thinks (and how it seems to the uninformed) it very likely was accidental. If I was tasked to correlate Access Points to their locations, the simplest way would be to dump raw wireless traffic to one file, and raw GPS data to another. Later, you can zip them both up and run some analysis, and get the data you want out.
It'd be real easy to forget to filter the packets you dump to only anonymous, non-data-carrying packets. More than likely the people who designed it just forgot to, or figured it would be no big deal if they just never used that info. Sloppy engineering maybe, but certainly not malicious.
Privacy? (Score:2)
Shouldn't you have some say as to whether your access point is published to the whole world?
It's always seemed ass-backwards to me that you have to take specific action and pay to not have your name and address published in a phone directory. This seems like the same sort of thing. Too hard to go and ask everybody for permission? Too bad - that's not an excuse for violating privacy.
Re: (Score:3, Insightful)
No privacy was violated, it's not like the guy in van drove up the to the house, and shoved an antenna though the mail slot. I mean this is like complaining the guy making a movie in his backyard recorded your shouting over his fence, don't shout then!
Re: (Score:3, Insightful)
Re: (Score:2)
Looking through windows is different because the windows are obscuring the contents of the house, making it reasonable to assume that those contents are private.
Not so with broadcast SSIDs. It's called broadcast for a reason: you want people to see and know about it. If you don't, don't broadcast an SSID!
As for collecting the other information, in a sane world, that would be legal. This information is also broadcast, it's just that almost nobody who uses WiFi daily knows this. That information has every rea
Re: (Score:2)
Ummm, excuse me? Windows are obscuring the contents of the house? I think you may have them confused with walls or perhaps curtains. The primary function of windows is to let light, i.e. radiation, i.e. signal, travel through them. By your lights anyone with windows who doesn't keep blinds constantly drawn (in which case what's the point of the wi
Re: (Score:2)
The world's tiniest open source violin weeps for your inability to alter the fundamental laws of physics. If I may offer a much more apt analogy; what Google did is akin to saying "If you want to get to the library, go down Main Street and take a left at the red house with a blue door and an apple tree in the yard" where it's your red house with a blue door and apple tree in question
Re: (Score:3, Insightful)
Your selective quoting and attempted sarcasm are rather pointless since I was merely pointing out the flaw in the suggestion I received. But your attempt at wit is noted.
As for your analogy, it is not apt. Let me fix it for you:
"If you want to get to the library, go down Main Street and take a left at the house that has a big screen TV and large leather couch in the living room."
Either you get that privacy is being increasingly encroached upon and that encroachment is a problem, or you don't. You don't
Re: (Score:2)
Despite what everyone thinks (and how it seems to the uninformed) it very likely was accidental. If I was tasked to correlate Access Points to their locations, the simplest way would be to dump raw wireless traffic to one file, and raw GPS data to another. Later, you can zip them both up and run some analysis, and get the data you want out
Your definition of "accidental" is very strange. You are saying that you would have, not accidentally but fully intentionally, chosen the simplest method which would be collecting all wireless traffic including private data that you are not allowed to collect. When laws make a difference between doing something intentionally or without intent, the question is not whether you intended to break the law or not, the question is whether you intended to do what you did. I would hope that these Google engineers ha
Re: (Score:3, Interesting)
Regardless of whether it's accidental, or difficult as the OP suggests, the reality is that both of those are merely excuses and rationalizations for externalizing the bad effects of behavior while privatizing the profits. Try translating those excuses to another industry and see how satisfying an answer they are. Consider medicine, there are undeniable benefits to modern therapies. However because it's hard to get right, we don't just accept any random treatment. Before companies unleash their new products
Re:So? (Score:4, Insightful)
Re: (Score:3, Interesting)
You may find your mistake early, after gigabytes worth of data. Then you fix it before it becomes TB or PB of data. Right?
We're all allowed mistakes. Mistakes of this size from the uber-geeks of Google isn't a mistake. It's negligence..... not quite of BP's size, but just as shamelessly stupid.
Re: (Score:2)
Next time they will use hostilewrt...
Re: (Score:3, Insightful)
I think what is more likely is that someone came to the engineer and said they needed to get the data and nobody really bothered to think of the privacy concern since it was going to be used internally anyway. Sure, if the engineer was told that the requirements demanded better privacy, he could have stripped the payloads, but if someone asked you to just get the data, it's less likely you'd think of that as a problem.
I would redefine it as sloth on the part of the management for not considering the issues
Re: (Score:2)
I think what is more likely is that someone came to the engineer and said they needed to get the data and nobody really bothered to think of the privacy concern since it was going to be used internally anyway. Sure, if the engineer was told that the requirements demanded better privacy, he could have stripped the payloads, but if someone asked you to just get the data, it's less likely you'd think of that as a problem.
I would redefine it as sloth on the part of the management for not considering the issues, as opposed to lazy engineers.
This is exactly what I was thinking, but I forgot to express it in my comment.
Re: (Score:2)
Mods Fail To Get Simple Things Right, Again (Score:3, Insightful)
Your ends-justifies-the-means concept holds no water.
My wifi access points are a matter of public knowledge. After all-- they're freaking radios. What's not public knowledge is anything after the location of it, and its authentication- if any.
The data that flows there is mine, and no one elses. The other MAC addresses associated with the AP are also my business, and no one else's. Differing jurisdictions have different views of the severity of the theft that their mindlessly-stupid shark-like gobbling did. I hope they suffer the higher of the common denominators of justice.
At the time of this writing, the parent post is marked "Troll".
How is this trolling? Consequentialism [wikipedia.org] is a valid thing to argue against. Granted, you may disagree with parent's opinion of what is and is not a private component of a Wi-Fi transmission. If you disagree with him that a violation has occurred then you would necessarily also disagree that Google should suffer legal action from any sort of justice system. If that's the case, then the respectable non-cowardly way to handle it is to argue aga
Re: (Score:3, Insightful)
The thing most people forget to ask, but was asked in this article, is something you conveniently forgot to mention. Here it is:
What possible use could google have for this data? What would be their motive here?
As the article says, there's almost no personal data in the emails. Even if there is, there's so little of it that what useful purpose could it serve? You'd have a hard time correlating it to any one person, or even finding out what it is. There's going to be so little data here, and it'll be so frag
Re: (Score:3, Interesting)
The thing most people forget to ask, but was asked in this article, is something you conveniently forgot to mention. Here it is:
What possible use could google have for this data? What would be their motive here?
As the article says, there's almost no personal data in the emails. Even if there is, there's so little of it that what useful purpose could it serve? You'd have a hard time correlating it to any one person, or even finding out what it is. There's going to be so little data here, and it'll be so fragmented, that turning it into anything useful would be impossible.
On the other hand, why would google risk collecting this data when they knew what was going to happen if it got out? The risk vs. reward here just doesn't make sense. They're going to risk their reputation on... what? Collecting a few fragments of unencrypted wifi traffic that probably contains so little information and could very well be generated by a bot running on your machine.
I'm not going to believe google did this on purpose until someone can give me a motive that doesn't sound like something from a UFO convention.
What if this were a calculated marketing maneuver designed to test the waters and find out how much people really care about privacy and the possible hard-to-justify violation thereof? This is, after all, a company that would make far less money if everyone had excellent online privacy. How much people are willing to protect that privacy and how much outrage they express at real or perceived violations of it could be very important data to a company like Google.
This is data that would be difficult for
Re: (Score:2, Interesting)
They accidentally recorded parts of publicly broadcasted data....
It is not much different from a phone recording a conversation in a busy enviroment and being blameed for accidentally recoring parts of other people's conversations that you walked past...
Re: (Score:2)
Re: (Score:2)
Providing "My Location" for Wifi-enabled but GPL-less devices, like my E65.
AP name is data like any other, it comes through the same medium as any other Wifi packets. Using *only* those packets requires active filtering.
Was it sloppiness or on purpose? Only they know (but why come out with it if it was on purpose?). The thing is: should it be illegal? I
Re: (Score:2)
They didn't "come out with it." They were required to provide it by government demands. They had to provide it or get thrown in jail.
It is hugely irresponsible to simply do what they did. Hugely irresponsible to do this in countries where it is not legal to do so. Should it be illegal? I have to disagree with you there. It should be completely illegal to do such in private residential areas.
They could have and most certainly should have collected only the data they needed/desired. Collecting addition
Re: (Score:2)
Should it be illegal? I have to disagree with you there. It should be completely illegal to do such in private residential areas.
Why? When you're broadcasting an unencrypted radio signal you have absolutely zero expectation of privacy for communications over that channel. I believe that this was a bad idea for Google, but only because of reactions like this being inevitable. Driving around capturing any unencrypted WiFi packets is exactly the same as if I was to press the "scan" button on my FRS/GMRS radio and drive around listening to random people talk. They're on an open, unprotected channel, there's nothing wrong with listeni
Re: (Score:2)
And how did the government knew about it in the first place?
http://yro.slashdot.org/story/10/05/14/2259204/Google-Says-It-Mistakenly-Collected-Wi-Fi-Da [slashdot.org]
Re: (Score:2)
Hmm, I didn't knew that.
Re: (Score:2)
No, the governments only demanded that they turned the data over after Google willingly revealed that they accidentally collected the data.
If Google was a little less forthcoming and just quietly deleted the data once they saw their mistake the private data wouldn't now be in the hands of countless governments.
Re: (Score:2)
AP name is data like any other, it comes through the same medium as any other Wifi packets. Using *only* those packets requires active filtering.
The last article I read said the software filtered out (discarded) encrypted packets. It would (presumably, in my experience anyway) be technically similar to filter only for whatever kind of packet the AP name is broadcast in.
Re:So? (Score:5, Informative)
Yes, they should have only saved the SSID, location, and signal strength. Instead, they used off the shelf software which saved more data. There is no reason to believe this was intentional.
That's fine and legal to do in the USA, as you have no expectation of privacy using unencrypted broadcast:
http://www.law.cornell.edu/uscode/uscode18/usc_sec_18_00002511----000-.html [cornell.edu]
TITLE 18 > PART I > CHAPTER 119 > 2511
(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person—
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;
(v) for other users of the same frequency to intercept any radio communication made through a system that utilizes frequencies monitored by individuals engaged in the provision or the use of such system, if such communication is not scrambled or encrypted.
In the US, if you transmit in the clear on unlicensed spectrum, they can legally pick it up due to two different, non-overlapping legal clauses. ( Note, I am not a lawyer, this is not legal advice, this is but one of possibly relevant laws, etc.)
The problem is they didn't need to do so, and it creeps people in the US out. So even here where it is legal, they probably shouldn't have from a PR point of view.
In some other countries it is not legal to collect that data, and doing so intentionally might lower your penalties, but still does not make it legal.
If people have something to hide (Score:2)
They can ask google to remove the pictures. That's more than you can ask the government when its cameras pick up you.
Re: (Score:2)
Who can forget the work of great American computer scientists from Leibniz (Combinatorica) to Berners-Lee?
Celebrate the fact that work leading up to today's Internet was a damn good cooperative effort.
Re: (Score:2)
And if you use a RADIUS server and certificates instead of PSK, would it be even harder to crack or the same?
Re:FR0$T P&$$ (Score:5, Interesting)
You make an excellent point.
For my part, I'd like to point out that if Google wanted to read your email, they wouldn't bother collecting wifi data. They'd just read yer fucking email.