Right on. The BBC article should link to this. Better that Google nabs unsecured data without intent that someone else with intent. Too much hype.
What's worse than nabbing private packets is Google sticking a camera on a 10 foot pole and drive down residential back lanes where the camera can see over fences into private backyards and in some cases into living rooms. This happened in my town, to my house, and I felt my privacy was invaded. Google street view can see a lot more than someone walking along the street because nobody but Google is 10 feet tall.
> Google sticking a camera on a 10 foot pole ... Google street view can see a lot more than someone walking along the street because nobody but Google is 10 feet tall.
No one else has 10 foot poles or can attach cameras to them?
Link mentions collecting that private data is illegal. Is this a UK thing? Is collecting that private data illegal in the US also? was under the impression it was not illegal in the US.
TBH I'm just repeating what's been said here a few times like when that facebook snooping tool came out, I think it's all still a bit of a gray area.
But basically unless you're google I wouldn't get caught snooping on a public wifi, you're liable to serve some jail time. Which kinda reminds me I think my laptop's card is still set to promiscuous atm.
Did you read the BBC article? Your entire blog post tries to explain away the storing of private data as an accidental byproduct of capturing the names of access points. Even Google admitted this was not true.
"Engineer Doe intended to collect, store and review payload data for possible use in other Google projects."
I feel like this sentence is misleading; it implies that the 'payload' Google's interested in is personal user data, as if Google has a team of engineers in its basements looking through the cat photos and credit card numbers it captured in Wi-fi packets.
"Payload data," in this case, is most likely fragmented packets for which it can glean metrics on how to make the process more expedient in the future.
Of course, I can't say this with 100% certainty, as I'm not involved, but the entire story seems geared to make Google's capture of radio-broadcast data packets seem far more sinister than it really is.
I know it's the BBC, but I am always disappointed by the technical calibre of these reports, "The data gathered included contents of some emails and web browsing history". Guess I should read Ars.
True, just wish they'd put some meat on it! Tell us a bit about how it worked, what they captured. Then again, it is mass media and the comment is probably a reflection of me being too lazy to read the FCC report, etc. :)
Digital privacy is a really important issue. There are debates we should be having about this stuff, as a society. Google accidentally capturing some stray packets from unsecured wifi is not one of them.
They definitely use WiFi data for geolocation. I'm pretty sure that was one of the primary reasons their streetview cars were collecting wifi in the first palce.
Google KNEW it was providing internet services to everyone in Kansas City. This gave them access to ALL of the emails, ALL of the passwords, unless people took extraordinary measures, such as using a hypothetical "https" access. We spoke with one researcher and he said he didn't trust https because it ends in an 's', just like the word 'snakes.' Senior officials at Google knew that they had spent billions of dollars to provide this service to residents of the unsuspecting town. Congress to have hearings about this so-called "Internet Service." Top officials at the FCC scoffed, "How can they claim to not be evil when they provide internet service to children - some of whom are probably watching pornography?!"
You do realize that Google promised not datamine your email when building a Google-wide profile of you until March 1st?
I'm not sure I understand the point of your reply. The https here is a red herring: Google can read your email even if you use https. https only prevents intermediaries from reading your email.
In this article, Google was the intermediary. I was pointing out that when they're an ISP, they're ALWAYS an intermediary. As is every other ISP.
https is absolutely not a red herring. If you use an unencrypted wifi, and use http to access your online services, you do not care at all about security.
After the fact, blaming Google for recording open wifi data is absurd.
The point of my post was, if you're concerned about Google accessing the data between a computer and random services on the internet, then you should be REALLY concerned about them being an ISP. Just like you should be concerned about every OTHER ISP. The solution to not having ISPs - or other intermediaries - have access to all of your data is to use an https connection to your web services.
Do you see the acronym "https" show up, at all in the linked article? No. That's absurd. It is THE SOLUTION to people sniffing your emails and passwords.
What about if your door is open and you're talking loudly to your friend on speakerphone with the volume way up? Do I have to plug my ears when I walk past?
Is passive war-driving illegal? The only precedent I've found is State v. Allen (1996) [1] where war-dialing was ruled legal so long as one didn't actively try to gain access beyond the connection to the "public interface."
As billpg points out in [2], in passive war-driving you have to receive the whole 802.11 frame before you even know if it's a beacon frame, which ostensibly was Google's primary interest here. Is it odd that Google stored all captured frames to disk? It's true, they could have just logged network information and discarded the frames. Then again, consider that the default in kismet is to save both a log of networks and a pcap dump. So this may have just been an engineering shortcut -- collect the data and process it centrally.
36 comments
[ 2.9 ms ] story [ 65.3 ms ] threadhttp://blog.hackensplat.com/2010/05/google-snooping-wifi-don... (Shameless plug.)
It doesn't. You can hide the SSID.
What's worse than nabbing private packets is Google sticking a camera on a 10 foot pole and drive down residential back lanes where the camera can see over fences into private backyards and in some cases into living rooms. This happened in my town, to my house, and I felt my privacy was invaded. Google street view can see a lot more than someone walking along the street because nobody but Google is 10 feet tall.
No one else has 10 foot poles or can attach cameras to them?
There's also satellite view....
Google kinda did that, but didn't ever actually access the data apparently:
http://www.engadget.com/2012/04/28/justice-department-clears...
TBH I'm just repeating what's been said here a few times like when that facebook snooping tool came out, I think it's all still a bit of a gray area.
But basically unless you're google I wouldn't get caught snooping on a public wifi, you're liable to serve some jail time. Which kinda reminds me I think my laptop's card is still set to promiscuous atm.
"Engineer Doe intended to collect, store and review payload data for possible use in other Google projects."
"Payload data," in this case, is most likely fragmented packets for which it can glean metrics on how to make the process more expedient in the future.
Of course, I can't say this with 100% certainty, as I'm not involved, but the entire story seems geared to make Google's capture of radio-broadcast data packets seem far more sinister than it really is.
Pretty sure there is alot more they know about.
Digital privacy is a really important issue. There are debates we should be having about this stuff, as a society. Google accidentally capturing some stray packets from unsecured wifi is not one of them.
Google KNEW it was providing internet services to everyone in Kansas City. This gave them access to ALL of the emails, ALL of the passwords, unless people took extraordinary measures, such as using a hypothetical "https" access. We spoke with one researcher and he said he didn't trust https because it ends in an 's', just like the word 'snakes.' Senior officials at Google knew that they had spent billions of dollars to provide this service to residents of the unsuspecting town. Congress to have hearings about this so-called "Internet Service." Top officials at the FCC scoffed, "How can they claim to not be evil when they provide internet service to children - some of whom are probably watching pornography?!"
I'm not sure I understand the point of your reply. The https here is a red herring: Google can read your email even if you use https. https only prevents intermediaries from reading your email.
https is absolutely not a red herring. If you use an unencrypted wifi, and use http to access your online services, you do not care at all about security.
After the fact, blaming Google for recording open wifi data is absurd.
The point of my post was, if you're concerned about Google accessing the data between a computer and random services on the internet, then you should be REALLY concerned about them being an ISP. Just like you should be concerned about every OTHER ISP. The solution to not having ISPs - or other intermediaries - have access to all of your data is to use an https connection to your web services.
Do you see the acronym "https" show up, at all in the linked article? No. That's absurd. It is THE SOLUTION to people sniffing your emails and passwords.
As billpg points out in [2], in passive war-driving you have to receive the whole 802.11 frame before you even know if it's a beacon frame, which ostensibly was Google's primary interest here. Is it odd that Google stored all captured frames to disk? It's true, they could have just logged network information and discarded the frames. Then again, consider that the default in kismet is to save both a log of networks and a pcap dump. So this may have just been an engineering shortcut -- collect the data and process it centrally.
[1] http://en.wikipedia.org/w/index.php?title=State_v._Allen
[2] https://news.ycombinator.com/item?id=3908794