Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Says It Mistakenly Collected Wi-Fi Data While Mapping

Posted by timothy on from the just-accidentally-of-course dept.

Even if Google says there's nothing to worry about, newviewmedia.com writes, the company "said it would stop collecting Wi-Fi network data from its StreetView cars, after an internal investigation it conducted found it was accidentally collecting data about websites people were visiting over the hotspots. From the WSJ article: 'It's now clear that we have been mistakenly collecting samples of payload data from open [i.e. non-password-protected] Wi-Fi networks, even though we never used that data in any Google products.'"

12 of 215 comments (clear)

  1. Hey, by Threni · · Score: 5, Insightful

    they're not called `open networks` for nothing. Tighten up, or shut up. Oh, and postmen read your postcards too.

    1. Re:Hey, by marcansoft · · Score: 4, Insightful

      It's not a man-in-the-middle attack. They were probably just capturing all WiFi traffic in order to search for hotspots, but forgot to filter it so only beacon frames were stored. A proper set of cards sniffing are much more effective at detecting faint hotspots than just mashing on the "scan" button on one card, which probably discards stray beacons.

      It's your fault if you're broadcasting your data all over the airwaves unencrypted where anyone with a passive receiving antenna can pick it up.

    2. Re:Hey, by Anonymous+Brave+Guy · · Score: 4, Informative

      Sure, and your sister was asking for it with that dress she was wearing, right?

      Fortunately, most of the world is enlightened enough to realise that such statements are absurd, and just because someone is vulnerable to something unpleasant that does not make it their fault if someone else does that unpleasant thing to them.

      FWIW, the actions described would probably be criminal and carry jail time if they occurred in the UK (e.g., under the Wireless Telegraphy Act 2006).

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
    3. Re:Hey, by marcansoft · · Score: 4, Informative

      I disagree. An open network is not an invitation to join it and use it (associate), but an unencrypted network is an invitation for anyone to sniff your traffic passively. This would be like satellite TV providers sending their feeds unencrypted and then complaining that non-subscribers are watching their channels. What do you expect if you're broadcasting your data on the air in the clear into public space?

      Granted, sniffing everything is not nice of Google (and probably an unintended screwup), but you really shouldn't expect that people won't do it.

    4. Re:Hey, by Mordok-DestroyerOfWo · · Score: 4, Funny

      What Ben Roethlisberger does on his own time is his business.

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
    5. Re:Hey, by Ganthor · · Score: 4, Insightful

      OK Here's my view. Flamebait or not.
      Google have repeatedly demonstrated some sketchy regard for privacy of others. They have to be dragged kicking and screaming to implement procedures that allow people to remove street view pictures for example.

      I agree that in pushing the envelope that they will come across some interesting social topics like the ones that they found in the first run of street view and the one they are back peddling now. And I do believe in the large amount of good Google have done for open source and data use for the public good, (Google earth and maps for instance).

      However Google repeatedly are coy whenever they think about collecting information and get asked for explanations on what they will be doing with it.

      In this instance I read a BBC article that indicated that the German government asked to review the data and that's when Google "discovered" this "gaff". It wasn't Google unprompted..

      What makes even more sobering reading is Google's own blog which admits they were intending on collecting wi-fi SSID's and MAC addresses.
      http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html
      For what purpose, I ask, would MAC addresses be collected?

      However officially Google now admit to collecting snippets of payload data which is something they expressly ruled out in the original blog. They say this was a mistake...I have my doubts.

      Think it through...They are collecting this data ... the data is 3 years old....did they just sit on it and do nothing with it?
      Surely when they started extracting the SSID's and MAC's, they would've noticed the snippets of people emails and websites they also captured...surely the tested the code and the data collected? And then what did they do...Nothing! They didn't exercise any moral judgment and raise the issue of people's privacy on unencrypted networks. They have the platform they could have won some serious brownie points by telling people how to protect themselves. But did nothing. I don't believe they held all this data and didn't know what it was.

      This is yet another example of a "mostly good" company collecting peoples personal data for reasons us mere mortals can't understand.

      I think there is a real difference between data that is public to your neighbors and then someone posting that data on a billboard in the the main street. For instance, when I'm on holiday perhaps?
      Clearly here is an example of data that is not private, in the public domain but is not intended to be distributed to strangers. That level of privacy is not covered by the current laws but needs to be in my opinion.
      I could go on but I recon half the people who started reading have stopped already;-), ... suffice to say, I'll be doing less of my searches with Google as a direct result, and ensuring my network is buttoned up even tighter the ever.

    6. Re:Hey, by khchung · · Score: 4, Insightful

      So I assume you would be OK if Google told you their street view cars also contained sensitive microphones, which just happened to record some dirty jokes you told your friend on the street? And now everyone can get on the street view, see your (blurred) image and click "hear recordings" to hear your dirty joke too, you would be OK with that too? After all, whatever you did in public should be ok to be publicized, right?

      Seriously, if you don't think there is something wrong with collecting local and transient data and putting them into a big permanent database correlating with other data, by a private corporation that is best known to profit from large scale datamining, you just haven't thought deeply about the issue.

      --
      Oliver.
  2. Sounds like my daughter when she was 6 by Locke2005 · · Score: 5, Insightful

    Me: "Why are there drawings all over the wall?!?"
    Her: "It was an accident! I didn't mean to do it!"

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  3. Re:Shenannigans! by Anonymous Coward · · Score: 5, Insightful

    Yeah you do. When you say "Hey, let's see what open wi-fi stuff is out there", and tune into those signals, you pick up on some spare traffic...and if you're saving every packet you come across for later processing (like 'what open wi-fi router was this'), then yeah, it's going to get saved like the rest.

    Then they looked at the data they'd saved, said "Oh hey we didn't mean to get that stuff". Kind of like if you're logging all data that someone sends when they're connected to your open Telnet port, and you realize later that it saves their username/password along with the rest--it wasn't a conscious decision, you might not have thought about it at all, you might never plan to even look at the logs except in some specific cases, and while a workaround might take some time...you kind of drop a brick when your legal team realizes you have it.

  4. Re:I use Google a lot but... by marcansoft · · Score: 5, Informative

    AP information is packet data (they're called beacon frames). Looking for beacon frames is a lot more effective at finding APs on the move than using whatever built-in scan feature your card drivers have. They probably had a SNAFU and forgot to filter out data packets in their capturing setup, instead storing everything that hits the antenna (or some engineer didn't realize it would be an issue).

  5. Kismet Does This Automatically by docstrange · · Score: 5, Informative

    I wonder if they were using "off the shelf" open source tools to collect this information.

    By default Kismet will log the pcap file, gps log, alerts, and network log in XML and plaintext.
    http://www.kismetwireless.net/documentation.shtml

    It is entirely possible that they were using off the shelf open source tools and this log type was simply not turned off in the configuration file.

    --
    Remember that you are unique, just like everybody else.
  6. Re:Google is great and all... by Dirtside · · Score: 4, Insightful

    As far as I can tell, Google posted this message without being forced to by any government. Most companies would keep this kind of thing quiet, or lie about it, especially if privacy advocates got wind of it. Google, within a few days of finding out about the issue, posts an APOLOGY for doing something that MIGHT have possibly damaged a few people, IF the information they collected had been leaked.

    Unless we have reason to believe otherwise, Google screwed up, and as soon as they were aware of the mistake, took steps to rectify it and then went public about the mistake. If we get evidence that Google is lying about this, that's another story, but has there been any such evidence yet? I'm all for raking corporations over the coals when they make mistakes and don't own up, but how often do you see a giant corporation blurting out "mea culpa" like this?

    Also:

    As much as I like Google I hope they get the book thrown at them over this. To claim that they have accidently been collecting this data for three years is just silly.

    It's not remotely silly. A week ago I discovered a DB table at my (multinational media conglomerate) company that had been silently logging data for -- wait for it -- three years. It wasn't any personal info, or data we needed, but everyone had forgotten about it. The idea of Google making a similar mistake is not "silly" at all.

    --
    "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased