Google Describes Wi-Fi Sniffing In Pending Patent

theodp writes "After mistakenly saying that it did not collect Wi-Fi payload data, Google had to reverse itself, saying, 'it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks.' OK, mistakes happen. But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets by operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server? Guess belated kudos are owed to the savvy Slashdot commenter who speculated back in January that the patent-pending technology might be useful inside a Google Street View vehicle. Google faces inquiries into its Wi-Fi packet sniffing practices by German and US authorities."

xmmm

[trelamenos]

first post! :D can anyone explain me what google is up to?? cause i am seeing a lot like these posts recently....

Re:xmmm

[Daengbo]

There is no reading comprehension in the world, apparently. This patent is about what Google claims it was trying to do -- recording SSID and MAC information for location purposes. It has nothing to do with the "mistaken" data packets (sent unencrypted over the air). How the submitter connected the two, I don't know. I suspect lack of coffee and excess Google hate.

Re:xmmm

[Hognoxious]

How the submitter connected the two, I don't know.

He's scaremongering, like he does 99% of the time.

The other 1% he just gets it totally wrong.

Re:xmmm

[sjdude]

excess Google hate

Will it be OK for us to hate Google once they've proven absolutely and undeniably that they are are evil? Or is it OK to start sometime before then? IMHO, a "Surgeon General's warning" ought to placed on everything Google does.

Re:xmmm

[Daengbo]

Hate Google. I don't care. Just make sure your hate doesn't lower your reading comprehension score to zero and you start sounding like Twitter. mkay?

Re:xmmm

[master5o1]

I don't see how scaremongering and being wrong is mutually exclusive.

Google is evil

[For+a+Free+Internet]

I think they are sniffing my ass and selling f the olfactory data to Satan and Iran.

Wardriving?

A patent?

Isn't that exactly the same thing which wardrivers have been doing since WiFi existed?

Re:Wardriving?

[gilesjuk]

Why patent it? is that to stop other people doing the same?

Honestly, Google, Microsoft, IBM, Apple and co, put them on a big ship and sink it. They don't want to compete, they want to lock up very generic ideas and stop everyone else from using them.

Re:Wardriving?

[PolygamousRanchKid+]

Isn't that exactly the same thing which wardrivers have been doing since WiFi existed?

Yeah, but the wardrivers didn't patent it.

Cop Car: "Hey buddy, pull over! You are wardriving and thus infringing on a patent owned by the Google corporation!"

Re:Wardriving?

[shentino]

Prior art.

Re:Wardriving?

[LingNoi]

Yes it is, and sadly even though everyone on Slashdot realises this there doesn't seem to be a way for us to tell the patent office about the prior art.

Re:Wardriving?

[Apple+Acolyte]

Yeah, because Apple has never brought to market any worthwhile technology on its own.

Re:Wardriving?

Because Corporations like Google own the U.S. Government

Re:Wardriving?

And?
Google has brought innovation, Microsoft has, IBM, countless others too.
Don't just single out Apple.

But all of them are hurting innovation simply due to their size and the broken patent system that they all abuse.

Re:Wardriving?

Richard Pryor.

Re:Wardriving?

[Ofloo]

I agree, besides Google didn't invent this, .. people have been doing this for years, .. patents should be banned, to allow progress. Really how does one justify earning billions just by patenting something, .. In my eyes Google is just the same as MS or any other major corp, .. and because of the privacy issue i'm not using any of their services aside from their search engine, .. looking for a better one however.

Wardriving

...invented by Google(tm)*

* Patent pending. All rights reserved.

Re:Wardriving

[morgan_greywolf]

No. That would be "GWardriving(tm) Beta"

Re:Wardriving

[Artifakt]

One group Google does not want to go against is GWAR.
http://www.gwar.net/

Mr Hyde?

[symes]

It seems there's one bit of Google that really wants to sniff packets and another side, probably PR, that doesn't want the bad press. At the end of the day they're now just another multinational corporation with potential markets rather than individual customers.

Re:Mr Hyde?

No shit, Sherlock.

Re:Mr Hyde?

[vrmlguy]

Maybe I'm stupid, but it looks like apples and oranges to me. Google was/is collecting packets to capture the *header* information; this data allows them to deduce other people's locations. Google was also, in some cases, also collecting *payload* data, which is (a) accidental, and (b) pretty useless (please give me any example of how to use this nefariously). Germany is pretty upset about it, probably because they want to establish a precedent that people shouldn't do this rather than any belief that actual harm was done.

Re:Mr Hyde?

[postbigbang]

Capturing and doing various tricks to strip headers, reassemble payloads, and otherwise dither with wired and wireless packets in fixed and non-stationary ways has been done since before Sergi Brin was out of diapers. I'm guessing that prior art eats their expensive lunch.

Of course, the not-invented-here syndrome coupled to over-paid internal IP attorneys will argue contrarily.

Re:Mr Hyde?

[AHuxley]

"harm was done" is a slope many parts of the world do not want to slide down.
They have strict laws to make sure you do not record people on cameras, voice calls and now data.
What google did was intercept communications not intended for them and keep the fragments they sucked up.
They did this around the world, long term and had to set the tech up to do it and keep the data collection going.
When caught by the press they tried to fake their way out with a local admission and then where forced to tell more of the truth only when exposed further.
Google missed a request from the German gov to show what data they collected and how it was stored ect.
That kind of throws "accidental" and "pretty useless" out.
"Accidental" would be a beta test car in one city, data dump found, turned off and local permission to wifi map requested.
As for what it is used for, who knows what google sells in bulk beta form to its customers about its consumers (end losers).
How many external eyes got to scan city maps with MAC, IP and plain text data for keywords?
From spam to ip misuse to police raids to state task forces and COINTELPRO 2.0 dreams?
The state sends out spyware/p2p hunt, finds an open MAC and wants to sneak and peak based on googles "bulk" data.
Wrong family, wrong time, right MAC.

Re:Mr Hyde?

[TheRaven64]

pretty useless (please give me any example of how to use this nefariously)

If the payload happened to contain a Google search request, or an HTTP request to a site that sues Google Analytics, then they can correlate this with the other information that they have and go from a cookie (which tells you the things the user has ever searched for) to a specific computer (MAC address) and even to a specific house number. The same if the packet was sent to Google's DNS servers.

Re:Mr Hyde?

[theshowmecanuck]

So are you saying patents shouldn't be granted if the research it is based on is actually an illegal activity (given that you said war driving is illegal in some countries)?

BTW, I think if this is not covered by prior art (the practice of war driving), it is for sure an obvious extension of it.

Re:Mr Hyde?

Just think of it as Doubleclick dba Google and the picture is clear.

Every would be accidental acquisition of some sort of user data simply isn't accidental at all. Don't be fooled by any explanations since such explanations will always have an element of omission or deception. Don't ever think data requested to be deleted was ever truly deleted, it's just suppressed from immediate use but likely still stored somewhere on a server or backup tapes for future use at some point.

Everyone has to decide for themselves if they want to keep supporting Doubleclick via the Google branded products.

Re:Mr Hyde?

[Mindcontrolled]

At least around here (Germany) patents actually can't be granted if they are based on illegal activities - as long as there is no legal use. It's a rarely invoked clause, though, given that basically nothing is purely illegal.

Re:Mr Hyde?

[LordLimecat]

Did you miss the part where everyone already knew they were sniffing packets to determine location, and that was never being denied? The issue has always been whether payload data was being recorded. See here: http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html

Im sorry if I come off as a google apologist, defending them all the time, but my goodness people just seem to want to ignore fact and the actual articles, so they can wildly speculate about what awful things google is doing. My understanding was that Slashdot, as a site for geek news, would be some kind of bastion of reason and intellect. Clearly, I must be new here.

Re:Mr Hyde?

[LordLimecat]

They did this around the world, long term and had to set the tech up to do it and keep the data collection going.

Perhaps its silly of me to ask, but is this speculation, or fact that can be sourced?

Google missed a request from the German gov to show what data they collected and how it was stored ect.

My understanding from every article ive seen on the topic is that, whilst complying with the German authorities, they discovered the issue, promptly announced it, and complied with requests to delete the data. Can you provide a link that shows otherwise?

How many external eyes got to scan city maps with MAC, IP and plain text data for keywords?

Is this like that whole "did glenn beck rape and murder children in 1990" thing, where you can ask questions based in fantasy to imply wrongdoing? Do you have any evidence that anyone other than a computer actually saw the payload data?

The state sends out spyware/p2p hunt, finds an open MAC

What the hell is an open MAC? A rooted Apple computer?

Why was your post rated insightful? One can see by references to "Open MACs", "P2P hunts", and the implication that IP addresses are personally identifying / private that you have no idea what the hell youre talking about. Half of your post is directly refuted by every article we've had on this topic since it came to light.

Re:Mr Hyde?

[theArtificial]

If the payload happened to contain a Google search request, or an HTTP request to a site that sues Google Analytics

I had no idea HTTP requests could sue! Think of the possibilities!


*I'm sure you probably ment uses

Re:Mr Hyde?

[vrmlguy]

I said:

... collecting *payload* data, which is (a) accidental, and (b) pretty useless (please give me any example of how to use this nefariously).

You replied:

Just think of it as Doubleclick dba Google and the picture is clear.

Every would be accidental acquisition of some sort of user data simply isn't accidental at all. Don't be fooled by any explanations since such explanations will always have an element of omission or deception. Don't ever think data requested to be deleted was ever truly deleted, it's just suppressed from immediate use but likely still stored somewhere on a server or backup tapes for future use at some point.

Everyone has to decide for themselves if they want to keep supporting Doubleclick via the Google branded products.

Sorry, not clear at all. I accept that Doubleclick potentially has access to the data, and I'll even accept that some copies of the data will stick around indefinitely. Now please explain how a random couple of minutes of data from my home WiFi is useful to anyone? The only thing that I can see it being used for is statistical analysis, maybe for web ranking the popularity of sites. Even then your analysis is flawed because you're only seeing non-encrypted access points; people at a coffeehouse or public library tend to visit different sites than people at home or work.

Re:Mr Hyde?

[Dare+nMc]

After a google search (oh the irony) I went to this site (while using Wifi) http://whatismyipaddress.com/ and guess what, google (or any other visited website) doesn't need to get lucky with Wifi data to know what city I am in, when I am using my WiFi connection.

to a specific computer (MAC address) and even to a specific house number.

not really, mostly wifi is used by "laptops" If they have a cookie already, and a plenty of unique information on your computer, knowing a rough estimation of where your laptop was in a 5 minute window, isn't vary valuable (IMHO). Then again google as a company is making millions fractions of a penny at a time from us, so who knows maybe my data may be worth $.0001 more valuable knowing a probability of my location 2* better.
All of this value and more is likely coming to google soon, or already without the scraped data. Sounds like google is going to be using wifi mac addresses as locations anyway. So they will be constantly refining a map of all public facing IP addresses, and by extension computers using them, that is more reliable anyway.

Re:Mr Hyde?

[AHuxley]

I will bite :)
"They did this around the world, long term and had to set the tech up to do it and keep the data collection going." http://www.google.com/hostednews/afp/article/ALeqM5h8imuNrdgq9uo-_uDoktPD05Y2Rw
Google said Street View cars have been collecting WiFi data in Australia, Austria, Belgium, Brazil, Britain, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hong Kong, Hungary, Ireland, Italy, Japan, Luxembourg, Macau, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, Romania, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan and the United States.
Google missed a request from the German gov to show what data they collected and how it was stored ect.
http://news.cnet.com/8301-30684_3-20006157-265.html
"Google skips German deadline for Wi-Fi data"
"we need to review, we are continuing to discuss the appropriate legal"
The Media Access Control (MAC) is like a unique number in a wifi devices hardware. Not easy to change and google collected it too with the users data packets, SSID (Service Set Identifier) and their locations.
http://www.pcworld.com/businesscenter/article/197349/google_rejects_german_request_for_wifi_data.html
As for the COINTELPRO idea, what happens when a state task force or city PD wants to run its own cyber department but cannot seem to get long term, rolling blanket city wide warrants?
They might just buy data in bulk from the private sector and then set up their own intelligence gathering networks.
Mistakes will be made.

Re:Mr Hyde?

[Cyberllama]

It was 600 gigabytes of data out of god knows how much total. It was easy for it to not be noticed. They intentionally collected MAC addresses. there's nothing wrong with that. The problem was that they recycled some code from another project and that resulted in the entire packet (instead of just the MAC address) sometimes being saved.

But understand we're talking about a few packets per network. This is a tiny tiny tiny amount of data. The code also switched networks every second, so we're talking about less than 1 seconds worth of traffic per network. It doesn't help Google do anything. If they say this was done accidentally, you should believe them because there's NO REASON why they would collect such useless data on purpose.

You have to be a non-technically oriented or uninformed paranoid conspiracy theorist to conclude Google this was done on purpose. When you look at the facts, it's clear that they're telling the truth. Logic should make it clear that it was accidental.

Re:Mr Hyde?

[MokuMokuRyoushi]

Whether or not it was accidental is practically irrelevant. Whether or not it was useful is especially irrelevant. The fact stands that Google collected private data.

To exemplify this, imagine walking by an open book which you understand to be my private journal, and taking a peek without regard to that fact. My private property, my private "data". Whether or not you can use the line you copied from my journal, you have violated my privacy. And probably pissed me off, no matter how little you copied onto a pad in your pocket.

Re:Mr Hyde?

Another large company (who's name is a fruit that stares with an A =P) already uses WiFi MAC address for GPS-like location finding, which means some company out there has already sniffed packets prior to Google.

If you get upset at Google that, then you should also start protesting this other company.

Re:Mr Hyde?

[fyrewulff]

When caught by the press they tried to fake their way out with a local admission and then where forced to tell more of the truth only when exposed further.

Bzzt. Google came clean about it themselves. The press never found anything. If Google had just silently deleted the data instead of being a "good citizen" and saying they had done it, we wouldn't even know about this right now.

Google clearly learned it's lesson from this. Don't be the good citizen, just shut up and delete the data without saying anything because stupid idiots will always be stupid idiots.

Re:Mr Hyde?

[AHuxley]

Go read early statements.
http://www.nytimes.com/2010/05/15/business/15google.html
"... But the company explicitly said then that it did not collect or store so-called payload data — the actual information being transmitted by users over unprotected networks."
Or read from :
http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html
"we did not collect payload data " changes to "mistakenly collecting samples of payload data" then they tack on 'we never used that data"
Also note how they only talk of Ireland and Germany.
You can also go back and read
http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-google-cars.html
where they talk of Germany "as the German DPA states, illegal to collect WiFi network information" but just seem to side step the issue with "We do not believe it is illegal"

Re:Mr Hyde?

(please give me any example of how to use this nefariously).

Your pass words are in this pay load for one thing and if you using any service that isn't encrypted those passwords they are there in plain text. You can reassemble these packets and see a copy of the web pages you are viewing or read the email you just downloaded. Its damn near like looking over your at your screen. Download a copy of wireshark and play it with. It is rather interesting what you can see in a packet dump.

Wifi Sniffing is an old term

[jsse]

It's now termed as Wardriving

Re:Wifi Sniffing is an old term

Wifi Sniffing and wardriving are two overlapping but different concepts. Sniffing is passively capturing wireless LAN traffic, i.e. a very broad term. Wardriving is when a mobile receiver passively captures a specific subset of WLAN traffic, namely the beacon frames, for the purpose of finding and listing but not accessing wireless LANs. What Google supposedly wanted to do was wardriving. What Google actually did was Wifi sniffing.

What website is this again?

I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

Re:What website is this again?

I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

I don't mind that people see me when I go out on the street.

But at the same time, I don't want Google or any other company to film me, and digitally store every trip I make.

But following your line of thought, I should reason that if I don't want Google to film me in my own street, then I shouldn't go outside.

Re:What website is this again?

[morgan_greywolf]

I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property.

In addition, start using WPA, stop broadcasting your SSID, etc.

Personally, I do use WPA, but I still broadcast my SSID, which is currently set to 'hacker' and for some reason the neighbors say they don't want to mess with that wireless network. ;)

Re:What website is this again?

[ukyoCE]

But following your line of thought, I should reason that if I don't want Google to film me in my own street, then I shouldn't go outside.

No. By follow his line of thought, you should reason that if you go outside yelling "free money" and throwing dollar bills on the ground, that people will follow you and pick them up.

Don't publicly advertise a service if you don't want it open to the public. Duh.

Re:What website is this again?

Photographs are an entirely different topic that has its own array of considerations. A reasonable expectation of privacy does not extend to any place in public view or on public property. For street view as it exists now you can't really claim that you had a reasonable expectation of privacy when the photographs were taken from a vehicle on public streets of you in public places.

If it came to the point that cameras owned by a single entity were everywhere, and were able to track an individual from the moment they left a private location until they again entered a private location, then you might be able to make the case that the ubiquity of coverage was itself a violation of your privacy. That has not happened yet.

Re:What website is this again?

Meanwhile, I have 4 seperate Linksys WRT54G-TM units sporting directional antennae in the attic along each of the outside walls in my house. Each broadcasts the SSID and makes NO use of encryption. When the most sensitive site I could possibly log in to without requiring https is going to sell my strawberry harvest datum to its sales 'partners' anyway? It seems to me that security should be starting a little further from home.

In addition to good will toward and from my neighbors, I receive plausible deniability and the 'occasional' monetary donation from anonymous philanthropists (One cannot resell internet access via my current provider).

In all honesty, other than a little bandwidth (which I control from my edge router), what advantage do I have in keeping other people out?

• My private shares are password protected and the non-password protected shares aren't intended to be private.
• Any sacrosanct websites already have encryption in the form of SSL (https)
• My internal network stuffs are properly hardened and firewalled from both the Internet zone as well as the wireless zone. It's seriously not much more work to have 2 zones setup proper than one (You do have your network properly secured from the WORLDWIDE internet, don't you?).
• My neighbors know where to throw a few bucks when they need minor repair, etc.

Oh, and the neighbors listen when I tell them to Stay Off My Lawn. ...
Profit?

Re:What website is this again?

[FuckingNickName]

if you would kindly give me your address, cowardly Anonymous Coward, I shall be following you around and recording you for the next six months of your life whenever you are on public property, also recording you in your home as far as those light/infrared/etc waves are being broadcast out to public property. I shall be putting out all this information on the Internet.

If you don't want anyone to know about your life, lock yourself up in your home in a Faraday cage.

Re:What website is this again?

[FuckingNickName]

You do realise that sending an SSID over the airwaves is not an implicit offer to "the public" that you "advertise a service", yes?

I mean, if I put a sign in front of my house giving the name of my house, am I telling you that you can come in and use it at your whim?

Re:What website is this again?

[ZosX]

No. Not strictly broadcasting an SSID, but open, unencrypted networks are much more of a grey area. Did someone leave the AP open so they could share? Is it a businesses AP for their customers and anyone else that might be able to get it? Consider that just about every new ap out there has encryption enabled by default. Obviously someone had to open up the AP, or they are running an ancient 802.11b device. Anymore open APs are pretty much the exception the the norm. I say if its open, you might as well try to get a signal if you can. I love my G1 for that since an AP is generally a lot faster than the 1mbit, 500ms latency 3g connection.

Re:What website is this again?

[noidentity]

Haha, good idea. How about "malware quarantine lab" as the SSID?

Re:What website is this again?

[ThreeGigs]

His name is Brad Pitt.
And you'll have to fight the other 20 people doing the same thing.

See? Already happening. Already commonplace. Completely accepted and even encouraged by society. I'm thinking your attempt at shock and awe and putting themselves in other shoes, etc., etc. has failed because you're simply quoting S.O.P. for celebrities. _They_ know the rules.. the _real_ rules of privacy. Public is public, and privacy can never be assumed.

Re:What website is this again?

Well, that strawman was quickly and predictably erected - and it sounds even sillier all typed out.

Brad Pitt chooses a profession in which success is defined by public familiarity. Yet still Brad Pitt has large private grounds, 24-hour bodyguards and expensive lawyers to limit what he believes to be intrusions on his privacy. Do you?

While we're at it, why have a nation of laws when the richest 20 men on the planet could afford their own army? They know the real rules of living: survival of the fittest, and protection never assumed.

Re:What website is this again?

Unencrypted networks are not a grey area. You're just making them out to be since it fits your immoral and illegal behaviour.
1) The majority of new APs do not have encryption enabled by default
2) If you are unsure of its reason for being open, assume the safest option, not the one that just happens to suit you
3) The AP is broadcasting its open status, not the owner. Last I checked, electronic devices do not have the legal right to grant permission to their connection

This isn't ethical rocket science, just another example of the free culture "Generation Me" retards.

Re:What website is this again?

what advantage do I have in keeping other people out?

Well, you're neighbors could, for example, use your connection to download The Hurt Locker or other unwatchable crap, or to download kiddy porn (SFW). You'd be the one to get sued and arrested...

Re:What website is this again?

FYI: You can not not broadcast the SSID. Turning off SSID broadcasts only removes them from the beacon frames. The beacon frames themselves and the SSID string in all other management frames can not be turned off. The SSID and more importantly the MAC addresses of all participating devices are clear text information even if your network is WPA(2) encrypted.

Re:What website is this again?

[LordLimecat]

Its been said a thousand times before...
Turning off broadcasting is absolutely pointless if you use WPA. Any tool that will allow you to crack WPA or mess with the AP will also uncover the AP almost instantly if there is ANY activity, and your laptop will periodically announce to the world that it knows that SSID.

Re:What website is this again?

[mlts]

One thing I discovered is that some mainstream brands of wireless APs are *still* defaulting to wireless enabled, completely open. They could at least print some random diceware-esque code (so the words are easy to remember, but the WPA key is of a decent length) on the bottom of the machine (or even better, hot-stamp it into the plastic so the printing doesn't rub off.)

I also have seen devices grab a firmware upgrade without anyone knowing, reset to a default config, and since the LAN is so standard, nobody notices that the WPA settings dropped because all the machines ended up just connecting openly when the WPA2 preshared key didn't work.

My take: Grey area as the AC said. Mainly because an open wireless connection could be looked at as an invitation for anyone to hop on, as in a coffee shop (so permission is implicit), or it can be looked at as a personal connection because the router defaulted that way (so permission needs to be explicit like entering a house.) Most likely this would get settled in the courts how the side with the deepest pockets wants it settled, likely where the open wireless owner is responsible for everything and anything that goes through their device.

Re:What website is this again?

[jabbathewocket]

That logic is precisely the definition of slippery slope... if tommorrow it is announced that a brand new version of wifi needs to be installed to prevent "breaches in security" does that mean that everyone who does not spend $$ to update immediately is deserving of being considered (legally at any rate) having "opened their network on purpose for any and all to use in any way they see fit" ?

There are *alot* of ancient B devices, not to mention a huge number of newer G devices that simply do not interact properly (or at all) given the not always overlapping security choices.. IE Device A can use X version of G security, device B can use X Y Z and device C can only use Z type. but all support "open"

Does that mean that because this combination of devices only works properly with open security (and requires broadcasting SSID) that these networks are LEGALLY fair game for any and all to do whatever they please with?

Ultimately it comes down to "just because you can do it, does that make it morally and legally the right thing to do? I would say that historically the legal allowance of behavior hinges far less on the "is it possible" and more on the "is it the right thing to do"

As far as Google vs "others" is concerned.. its again about slippery slopes.. allowing Google to capture supposedly "unidentifiable information to determine location" is a great way to open the door for others to do things that perhaps we do not as a society want them to do.. the "do no evil" mantra that Google tries to portray around itself.. should extend to not opening the door to evil, even if they are not doing the evil themselves (which is open to debate in many ways but that is a subject for another post.

Re:What website is this again?

[mlts]

Even if the SSID isn't broadcast, it is still findable by a decent wardriver.

My view on wireless security is twofold:

First, if nothing is using the wireless router, most routers have a checkbox to turn the wireless off, or just physically detach the power and network cords. An attacker can't attack what isn't available.

Second, WPA2-PSK at the minimum, maybe WPA if some old device can't be updated to use it. Ideal would be WPA2-Enterprise and a RADIUS server, and the best is authentication using smart cards, but some devices like Android phones don't work with WPA2-Enterprise. Of course, a random PSK passphrase goes without saying. Easy to do -- grab KeePass, tell it to do a random 63 character passphrase, copy and paste it to the AP and devices. Or if one doesn't trust a program, there is always DiceWare.

After these two things, stuff like hidden SSIDs and MAC address validation are icing on the cake. If it makes someone feel better that it might deter a casual attacker, go ahead. However, I just don't bother, because the security obtained isn't worth the hassle, and anyone who knows their stuff can easily bypass both methods.

Re:What website is this again?

Um. Why would you disable encryption if you did *not* want it to be used by anyone?

I certainly disabled encryption because I do want others to use it. It's just the goddamn internet connection (you know, to the one and same internet you'd get anywhere), not my crown jewels.

Furthermore from the 802.11 service set:
"A client device receives broadcast messages from all access points within range ***advertising*** their SSIDs" (emphasis mine)

Is this some kind of trick question?

Re:What website is this again?

[ukyoCE]

In the case of a closed network with the SSID broadcast, we have an even more obvious analogy. You're broadcasting that the SSID exists, but demanding a key to authorize access.

So what you're suggesting is that it should be illegal to walk down the street writing down the addresses written on mailboxes or store fronts. That's obviously absurd.

Re:What website is this again?

[Daengbo]

Sending ("announcing") an SSID over the airwaves is the definition of advertising its existence.

Re:What website is this again?

[Nyder]

I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

I don't mind that people see me when I go out on the street.

But at the same time, I don't want Google or any other company to film me, and digitally store every trip I make.

But following your line of thought, I should reason that if I don't want Google to film me in my own street, then I shouldn't go outside.

But the security camera in the store is okay? How about the atm you walked by? chances are it took your picture also.

the light you stopped at? Didn't see the camera on it?

Re:What website is this again?

[FuckingNickName]

You are one of about three people with that straw man.

No-one disagrees that broadcasting an SSID is advertising the existence of the station, but it doesn't follow that broadcasting the SSID is advertising a service for the public. It's the difference between "here's my house, it's called XYZ" and "here's my house, it's called XYZ, please feel free to come in and use it".

Perhaps you could take some time to think of reasons why you might want to make everyone aware of the existence of something in the vicinity without implying that it's there for anyone to use.

Re:What website is this again?

Faggot.

Beta?

[Gen.+Malaise]

It's now "Wardriving -Beta"

Nigger logic!

Evolution gave up on niggers eons ago when it became apparent that niggers were a waste of time. Since then niggers have been stuck in time as a sub-human species, chosen for extinction by natural selection. Niggers have injected themselves into countries and societies around the world where they do not belong and are not wanted. For niggers, this is the only way they can survive, by demanding gibs muh dat everywhere they go and never contributing to that support or that society. For humans, natural selection can’t wipe niggers from the face of the Earth fast enough.

Niggers like to claim they have made important additions to society wherever they have gone. But humans don’t count quadrupled numbers of murder, rape, robbery, and all violent crime as valuable additions. Welcome to nigger logic.

When humans seek to decrease crime there are a few ways to go about it. Decrease the number of niggers in an area, and crime will decrease massively across the board. This is proven with DOJ statistics. The cities in the U.S. with the lowest crime are cities with the lowest number of niggers. Legally carrying a concealed weapon has helped to lower crime rates too even in cities with high percentages of niggers. Shanequa or Tyrell don’t want to git done kilt an sheeit while takin’ whitey’s wallet, gnomesayin?

In Detroit, nigger ground zero, they look at things a bit differently. Instead of learning from whitey and helping natural selection along by getting rid of themselves, niggers think banning TV news crews will prevent crime. Since niggers always blame anything other than themselves, and Detroit is more nigger fuxated than South Africa, the mayor has no choice than to blame TV crews and their cameras. Because a nigger mayor blaming niggers would make no sense at all. Nigger logic must be applied.

http://deadniggerstorage.org/

Terrible summary, yellow journalism at its finest

[ukyoCE]

operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server?

As scary as the poster tries to make this sound, this is how you listen for public access points. This post is a scare-mongering dupe.

Yellow journalism is getting to be awfully common here on Slashdot. For instance this troll of a story which just so happens to be from the same author:

http://developers.slashdot.org/article.pl?sid=10/05/21/1427245

WTF?

[Arimus]

Hm, my netbook + car charger + linux + aircrack-ng does just that.
My archos media player can do likewise.

How can you patent this crap?

Re:WTF?

[jibjibjib]

Because (as a little bit of common sense or a minute of reading the article would tell you) the patent is longer and more detailed than the Slashdot summary and actually describes a specific non-trivial innovation.

Really bad PR for Google

This is really bad PR for Google, but seriously, people should just get over it already. What's the big fuss anyways!? Unencrypted, unsecured WiFi and you bitch when someone sniffs it? This is no different than talking out loud on a commuter train and then kicking up a fuss that someone was listening. Idiots should feel lucky that it was Google doing the sniffing, and pray that someone with less benign intentions wasn't. Now if Google were actually doing something, like mining very specific data out of the sampled packets, then we a bit more of a problem (but still something that the WiFi owners should have prevented through encryption), but so far I don't seem to see anyone suggesting that this was done.

Re:Really bad PR for Google

[erroneus]

There are some people who perceive an unlocked door as an "open door." This is simply not the case. A closed door needn't be locked to send the message that privacy may be desired. An open window is not an invitation for people to stare in from the outside, let alone climb into someone's home.

The point is, that even if it's not "locked down" and may even appear to be open, behaving this way in a residential area is tantamount to trespassing. The front door of a home may or may not be locked, but the act of testing to see if a door is locked or unlocked may be considered a crime. Actually entering a private residence after finding the door to be unlocked, whether by mistake or otherwise, is still an act of trespassing.

Doing all of this wirelessly certainly adds more physical distance in the act committed, but it doesn't change what it is.

An open access point in a business is often and mostly perceived as "free service." An open access point in a residence is not. I find it hard to understand why others may not see the difference.

Re:Really bad PR for Google

[Ash-Fox]

So, what you're saying is, these people are tresspassing on Google's property by broadcasting data into Google's streetview trucks?

I can't see this comment of your making sense any other way, since system wasn't being interactive with the networks (ie: talking to them) to get the data, they were just recieving unencrypted broadcasted data.

Re:Really bad PR for Google

What part about talking out loud on the train did you not understand? This is not about walking into a unlocked residence, which is an entirely absurd analogy. It is about overhearing a conversation made in a way that shouldn't have had any expectation of privacy in the first place. To that point, you may not want me to stare into your house, but if you're sitting there butt naked with the curtains open, you'd be out of your mind to expect any sort of privacy. In many countries, you wouldn't be able to complain if I took a photo of you either. You probably WOULD be able to sue me if I published it though, which is exactly my point.

As far as non-secured business WiFi being a service, and residential WiFi not being perceived as a "free service", that is merely your cultural understanding, and far from being a universal truth.

And the "physical distance" of the technological barrier.... well, if I were speaking Greek and you were standing around, that would probably be an equivalently technical distance. You probably wouldn't understand what the hell I was saying. But why on earth should I have expectations that not even the Greek would understand me? Answer: I shouldn't. Plain-text un-encrypted data over public air waves are no different than conversations on the train. There is no security, and there sure is no expectation of privacy. Don't like it? Then just don't do it!

Re:Really bad PR for Google

[AHuxley]

What's the big fuss anyways!
The legal idea of a man in the middle attack with nation wide premeditated long term personal for profit data retention.

Re:Really bad PR for Google

The legal idea of a man in the middle attack with nation wide premeditated long term personal for profit data retention.

Except that it isn't much of an attack if it was unencrypted, raw data from an unsecured location being spewed over publicly accessible air waves now, is it. Besides, just because Google has a patent pending on gathering said data, doesn't mean that it was intentional this time, or that they were using it for "long term personal for-profit data retention" as you put it. Could they? Yeah, sure. But that doesn't mean they did.

This entire whooplah should REALLY have had the headline: "WiFi equipment manufacturers STILL selling routers with no security as factory shipping default."

But the unwashed masses go in an uproar over Google doing something evil. The same unwashed masses got a nice cozy feeling knowing that warrantless wire taps by the government were used to keep the terarists from getting their dirty hands on nucular weapons, too, so perhaps I should be the one buying a hint here...

Re:Really bad PR for Google

[rkww]

It's illegal in the UK

Re:Really bad PR for Google

Interesting, so James Bonde now enforces eaves droppers?

But all snug remarks aside, I really actually do find that interesting. In Japan, it is quite different. If a signal goes over airwaves, there are no laws against interception. As a matter of fact, there are laws to the contrary. You can encrypt it, but you can't sue a person for decrypting it. The police use a digitally encrypted radio system, because it isn't illegal to intercept that either.

There are, however, laws against using this information obtained from communications un-intended for yourself, for any purpose whatsoever. Interestingly, it's the eavesdropping law, that has been in place before the existence of public radio broadcasts. In Japan, if someone on the train talks about something, say for the purpose of this post that they talk about an imminent IPO of sorts, and you act upon that information and buy certain stock, you're in trouble. Same with intercepted radio waves. But if you don't use it for some purpose, you are free to listen all you want. But the line is drawn at radio waves. If you need to use physical means to eavesdrop, say, planting a bug on a landline phone, you're in deep shit. So in that sense, in Japan, if there is a reasonable assumption of privacy, which means a physical means beyond that of a paper wall, you're protected. If it isn't a physical means, you better think hard about the security measures you've put in place before divulging important secrets. Now that all mobile phones are digital, and I'm not an 18 year old I haven't bothered, but back in the day and age when analog mobile phones were the norm, I'd use a scanner to listen in all the time. Just plain old fun. One time I caught a guy having telephone sex. Amusing. ;-)

Re:Really bad PR for Google

[erroneus]

"Weak encryption" was the excuse for DeCSS's being broken and yet we all agree that it was an eventuality that any encryption would have been broken eventually and, in fact, if it were stronger, it would have made the prize all the more enticing. "Unencrypted data" is therefore an open invitation?

As I said in my piss poor analogy, just because someone has an open window, it is not an invitation for anyone to look in!!! This "expectation of privacy" stance is nonsense as regardless of the technical merits behind the discussion, technical merits have no influence over the perception of the general public. We have email that is all but completely unencrypted and yet we would all be pretty upset to find that some government agency or even a commercial entity would examine our email to use against us or for their own purposes.

There is not only an expectation of privacy, there is an expectation that people will not do things that the rest of the world finds questionable. And if you REALLY think your position is valid, I can only believe that everything you have is encrypted and that everything you do is hidden and that you are not vulnerable to anything. I'm fairly certain that is not the case. But if it were and I were to find a weakness or an oversight on your part, would it be fair to exploit your lack of knowledge or understanding of technology to my gain and your detriment and then tell you that you invited me to do it?

Re:Really bad PR for Google

[butlerm]

The point is, that even if it's not "locked down" and may even appear to be open, behaving this way in a residential area is tantamount to trespassing

Using someone's service to actually send and receive Internet traffic is a completely different situation from analyzing unencrypted data packets. As in significantly different legal standards apply. In this case, it is ridiculous to consider passively listening to unencrypted traffic to be "trespassing", any more than parking on the side of the street would be.

I. As it happens, the Electronic Communications Privacy Act states "It shall not be unlawful under this chapter...to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;" (18 USC 2511, 2(g))

The wisdom of capturing traffic from a system configured so that the communication is "readily accessible to the general public" aside, Congress certainly doesn't consider such things to be a legally prohibited privacy violation. Otherwise it could be illegal, for example, to listen to a CB ("citizens band") radio just because the conversation was not addressed to you.

Now as it happens, it is illegal to listen to phone calls on certain bands, and Congress has made such traffic not readily accessible by prohibiting the manufacture and distribution of amateur radios, etc. that can listen on those bands. As of yet, Congress has not prohibited the sale and distribution of wireless network adapters, however, nor prohibited such adapters from transmitting traffic "readily accessible to the general public".

II. Besides the ECPA, a much older law governs what you can actually do with the contents of wireless transmissions not intended for you. Specifically, you cannot disclose the contents to others, nor can you use them for your own private benefit (cf. 47 USC 605). So it would seem that Google can legally capture the traffic, but they can neither disclose it, nor use the contents even for their own proprietary benefit.

There is a specific exception to this provision for viewing unencrypted satellite transmission under certain conditions, but no visible exception for divulging or making private benefit of (unencrypted) wireless network transmissions.

Re:Really bad PR for Google

Why you come back with even more bad analogies is beyond me...

"Weak encryption" was the excuse for DeCSS's being broken and yet we all agree that it was an eventuality that any encryption would have been broken eventually and, in fact, if it were stronger, it would have made the prize all the more enticing. "Unencrypted data" is therefore an open invitation?

Weak or not, encryption would be a notion that there are some measure in place to prevent eavesdropping. Whether or not decrypting it would be acceptable or not is an entirely different issue though, because there was no encryption. When someone on the train realizes you're listening and changes languages to something you don't understand, there's a reasonable level of protection. But if they keep talking on in English (in an English speaking country) what expectations are there? In a public location?

As I said in my piss poor analogy, just because someone has an open window, it is not an invitation for anyone to look in!!!

That's where you lose me. Most people would not look in, just out of common courtesy. Being nice people. But there are NO EXPECTATIONS OF PRIVACY if you leave the window, or even curtains open, and it is facing a public location. If you walk by naked in front of said window and I happen to see you, that's your problem. Seriously.

There is not only an expectation of privacy, there is an expectation that people will not do things that the rest of the world finds questionable. And if you REALLY think your position is valid, I can only believe that everything you have is encrypted and that everything you do is hidden and that you are not vulnerable to anything.

I do not walk naked in front of open windows because I know there is a chance someone WILL be looking. When my curtains are open, I behave in a way that will not leave me looking like a fool, regardless of the fact that I'm in my own house. I close the curtains if I'm fairly certain I don't want to be seen.

I don't use unencrypted WiFi because it certainly isn't a safe practice as I've got quite a bit more going on my network than just chit chatting on instant messaging. At least I would have a leg to stand on if I DID encrypt, and someone still eavesdropped and decrypted. That is a "speaking in another language on the train" analogy. But, in my case, I don't inherently trust any form of WiFi security, so I use a wired LAN. That's the STFU in the train analogy.

I don't send highly confidential information via email, and you shouldn't either. Especially over unencrypted WiFi.

I don't speak of things I don't want heard when I'm in a public location like riding a train.

These are all preventative measures to make sure that none of my communications that are not secured, or generally do not have any expectation of privacy are not heard or seen by an unintended third party. That doesn't mean I wouldn't be pissed if you were listening, it just means I would be a fool to claim you did a wrongdoing even though I had no expectation in the first place. That's significantly different from an invitation to be exploited, and significantly different from having even a thin expectation of privacy.

So let me get it, you walk naked in front of open window, communicate via email things like the full details of your banking account a PI, and openly discuss private and intimate matters on a crowded commuter train? And you expect no one to see, listen, or act based on that? One thing is for sure, you really do have more faith in the human race than I do!

Re:Really bad PR for Google

[_Sprocket_]

"Unencrypted data" is therefore an open invitation?

I don't know where encryption works in to any of this, but yes. You broadcast unencrypted signals, you shouldn't be upset if someone has the gall to listen in.

And if you REALLY think your position is valid, I can only believe that everything you have is encrypted and that everything you do is hidden and that you are not vulnerable to anything.

My wireless network is encrypted. My personal files are on a system on my own network. None of this is open to the public. I have a reasonable expectation of privacy.

I run some personal sites dedicated to various hobbies / interests. Some of that content is open to the public. It would be silly for me to get upset and claim those files are there just for me and my hobby community and Google's spiders have no business crawling it (which they do). It'd be even more foolish for me to put my personal files there.

Re:Really bad PR for Google

[erroneus]

Once again, would it be fair to exploit your lack of knowledge?

The bigger problem here is that not everyone knows enough about locking their stuff down and they never will. It is an unreasonable expectation.

At any given moment, your guard may be down even if most of the time it is not. Is it then okay to exploit you when your guard is down for any reason at all? This is the basic question at the core of this issue. "Is it okay to prey upon the ignorance of the masses?"

Re:Really bad PR for Google

I agree that there's an implied privacy of all wireless communications between a computer and the wireless router, even if the wireless network is unencrypted. The law may not protect those unencrypted transmissions, but I think everyone including Google considers eavesdropping on them an invasion of privacy. Fortunately, from what I understand, Google's recording of that traffic was only the briefest of snippets.

Recording of the router's broadcasted SSID, on the other hand, is like Google driving down the street and writing down the addresses posted on mailboxes. It is not comparable to opening up the mailbox and reading postcards inside.

Do you have a problem with the latter, or only the former?

Re:Really bad PR for Google

[_Sprocket_]

Once again, would it be fair to exploit your lack of knowledge?

The bigger problem here is that not everyone knows enough about locking their stuff down and they never will. It is an unreasonable expectation.

No - it's not an unreasonable expectation. They may be surprised by how public they've been all along. I understand the feelings of shock and anger that can entail. But at the end of the day, the unreasonable expectation was that anything these people were doing in the clear on an unencrypted network was private.

At any given moment, your guard may be down even if most of the time it is not. Is it then okay to exploit you when your guard is down for any reason at all? This is the basic question at the core of this issue. "Is it okay to prey upon the ignorance of the masses?"

The very same systems I mentioned that Google spiders also contain controls that keep a certain amount of content private within said communities. If Google started running exploits against un-patched software to allow their bots to spider this content, you might have a point. But that isn't the case with my sites. Google's bots are only accessing what I have allowed anyone to access.

Now - if Google manages to index a personal file from one of those sites, it's my own fault. I can be embarrassed about it. And if I were less understanding of the technology, I might even feel upset and angry at Google. But I doubt anyone would claim that Google has exploited my lack of knowledge and placed an unreasonable expectation on me.

Keep in mind that, as far as I've read so far, Google is not indexing data from these wireless networks. They are picking it up as a byproduct of mapping them out. I've done the same countless times while wardriving using Kismet. Usually I just dump the directories. Once in awhile I'll go see what it was I've picked up. The vast majority is unintelligible junk - parts of a TCP session that has no interest. Once I picked up someone in a marina looking up a boat parts supplier web site. Another time, I picked up the credentials for a POP account. If I really wanted to get more data of that sort, I'd be better off coming back to the insecure networks and camping out for awhile. It doesn't sound like this is what Google is doing.

Oh come on, this is ridiculous.

[ZorbaTHut]

The patent is for capturing the metadata and analyzing it. Guess what the Google van was supposed to do? That's right: capture the metadata, and analyze it. Nobody's disputing that, nobody ever has disputed that.

The accidental part is that it turns out they were capturing more than metadata. The patent doesn't talk about doing that, there's no evidence Google ever intended to do that, and it's difficult to determine what they could possibly gain from it anyway.

So, here, let's improve the headline.

"Google Has Pending Patent For Exactly The Process They Tried To Implement, But Slightly Screwed Up"

SHOCKING!

Re:Oh come on, this is ridiculous.

[shentino]

What's interesting is that gubbermints are wanting to get their grubby paws on the data that Google accidentally pilfered, probably as a means of doing an end run around the 4th amendment and/or similiar laws in other countries.

Missing the point?

[pj81381]

The patent, titled "Wireless network-based location approximation", describes packet analysis for determining location, which nobody denies was being done intentionally by Google, and says nothing of using payload data. This was what sparked the current wave of privacy inquiries anyway, as well as the incorrect comment that they weren't capturing payload data.

Google is full of it

[ugen]

I think the original "by mistake" explanation they gave is a load of cr%p. How is it even possible to "collect WiFi information by mistake"? You have to install appropriate hardware and software, run it and then place the results to some sort of a database. Basic though it may be, someone had to do this, do this on all Google street view vehicles and keep it running. We are talking an effort of multiple people. There is absolutely nothing about it that's a mistake.
Now that they've been caught - they are resorting to bold faced lies.

Didn't have much trust in Google until now, but this has gone beyond anything acceptable.

Re:Google is full of it

[maxume]

They aren't denying that the intentionally drove around and monitored for wireless access points and then logged information about the access points.

The part they say is a mistake is that they stored the payload from some of the packets that they captured. The payload might contain some interesting unencrypted data, but the chances of that are pretty slim. There really isn't much a business could use the information for.

Re:Google is full of it

[shentino]

They can make mistakes on what part of the packet they sniffed.

A more accurate analogy would be going fishing for tuna and accidentally catching a dolphin.

Re:Google is full of it

[AHuxley]

Depends on the business your in.
Recall how Tor was used to gain a few email pw of embassies in 1997?
Somebody put much effort and company cash into fitting many of the google data collection vehicles.
Supporting the wifi data collection long term on a wide scale is not 'free'.
Someone saw value in the packets longterm.
Or random workers to set up world wide spontaneous packet sniffing in Googles name and with company cash.

Re:Google is full of it

[maxume]

Seriously? The vehicles were in a given location for a few minutes. They might have captured a few hundred kilobytes from a given router. The kilobytes are as likely to be some banal story about some skanky celebrity as they are to be anything else, and there is at least some chance that any private information is encrypted.

They absolutely were packet sniffing, but it's just retarded to insist that it is somehow useful information surveillance, they simply didn't capture enough data and there are too many easier ways, they were packet sniffing in order to build a location service.

Re:Google is full of it

[bk2204]

The difference here is that they actually intercepted data by mistake. If you use Kismet (probably the best wireless sniffing tool for Linux), you can set it to not save data packets, only beacon packets (which really have all the data that Google needs), but by default, it saves everything, including any data packets it sees (encrypted or unencrypted).

It depends on what you're doing what packets you want. If you're trying to break WEP, you only care about encrypted data packets; if you're just doing innocent wardriving, you only want the beacons.

Re:Google is full of it

This has been discussed many, many times on SlashDot already. If you don't understand how it could have happened, you don't want to understand:

1. Google was trying to collect certain meta-data from wireless networks to help locate phone without GPS (which is what the patent was for).
2. To do this, it logged some information for further analysis.
3. Erring on the side of (a) not having to regather all information from scratch, and (b) simplicity, some Google programmer just logged pretty much everything the vans were seeing without thinking about what else was in this data.
4. While looking through this data in preparation for the German audit, someone realized "Oh Shit, there is data in here we shouldn't have."

Whether you believe this happened or not, I don't know. But if you think this CAN'T happen, you have no idea what it means to be a software developer and have no business commenting on this story.

Re:Google is full of it

[khchung]

The difference here is that they actually intercepted data by mistake.

Do you work for Google and personally know everyone involved in collecting the data? If not, it is quite a big leap of faith to make that assertion.

If you use Kismet (probably the best wireless sniffing tool for Linux), you can set it to not save data packets, only beacon packets (which really have all the data that Google needs), but by default, it saves everything, including any data packets it sees (encrypted or unencrypted).

And are we also to believe that nobody noticed how fast the disks are filling up (geez, wouldn't you think they made an estimate on how much disk they need before the project started?), and everybody up and down the data processing chain did NOT notice the extra bulk of data when they analyze them? ("Gee! I expected only 200M per day, but I run through 2G of data for the day but still only got 200M worth of results? Wouldn't we speed up the process if we collect less junk? Let's see what's the junk data are...")

It might be easy to swallow if it happened in the government or the people involved are minimum wage joe sixpacks. This happening in a company that specializes in mining and correlating huge amounts of data, which is also famously for hiring only the brightest, smartest and creative employees, it take a lot of faith to believe this can be an "accident".

Re:Google is full of it

And are we also to believe that nobody noticed how fast the disks are filling up (geez, wouldn't you think they made an estimate on how much disk they need before the project started?), and everybody up and down the data processing chain did NOT notice the extra bulk of data when they analyze them? ("Gee! I expected only 200M per day, but I run through 2G of data for the day but still only got 200M worth of results? Wouldn't we speed up the process if we collect less junk? Let's see what's the junk data are...")

It might be easy to swallow if it happened in the government or the people involved are minimum wage joe sixpacks. This happening in a company that specializes in mining and correlating huge amounts of data, which is also famously for hiring only the brightest, smartest and creative employees, it take a lot of faith to believe this can be an "accident".

except that the wifi data is a drop in the bucket compared to the camera data... When they are collecting 10-100GB of image data, the variance in JPEG compression size of that data is probably more than all the WIFI data that they might have collected.

Re:Google is full of it

[Cyberllama]

You clearly didn't read the full explanation.

They wanted to collect MAC addresses for Geolocation. Perfectly legal, totally useful, a boon to society.

They recycled code that someone had made for another purpose without carefully checking the data it was recording. They intentionally ran this software on every Google Streetview car for years, they did not intend for it to be collecting the extra data, but were unaware.

So they thought they were only collecting one type of data, but apparently collected 600 gigs worth of packets over the years. If you think about it, this is a trivial amount of data for Google. It's easy to see how they could have not noticed it.

They never connect to anyone network for more than a second, so even if they stopped next to your house, they'd only get a single packet or two. There's NO practical value in doing this. There's no commercial value in this data. If they were doing this on purpose, you think they'd be taking as much payload data as possible, not just a packet or two per network before stopping.

Their explanation makes sense in that it seems like something that could plausibly happen. Moreover, they have no motive to break the law to collect USELESS data. With those 2 things in mind, the only logical thing to do is to believe them. It just doesn't make sense to believe they are lying when they have a reasonable explanation and no motive to have done this on purpose.

Re:Google is full of it

[khchung]

except that the wifi data is a drop in the bucket compared to the camera data... When they are collecting 10-100GB of image data, the variance in JPEG compression size of that data is probably more than all the WIFI data that they might have collected.

Are we to believe that the same processing steps are used to process both the camera data AND the wifi data, that they would not be separated (with appropriate markers correlating them) and processed by different processes? Isn't that common sense given that camera data (i.e. pictures) and wifi packets are wholly different type data and require different processing?

And are we to believe that everybody up and down the stream processing the wifi data won't notice the extra bulk of data coming in?

Come on, guys! This is /.! We are supposed to be technically competent people here! If you are going to make excuses, at least make some technically sound ones!

Re:Google is full of it

Remember, this is the street view car. You think they're going to waste their best talents on some grub driving around a city? I think not. They probably paid some grunt to drive around while the entire operation is automated.

Think about what data it's capturing: PICTURES. Pictures, even at low res, will run you 1-2 MB standard digital camera. The street view car's images are panoramic, one shot for every 10-20 meters. Going down a regular neightbourhood street will probably go through 200-400MB. In a day, the car might take 500 GB of image data.

So yes, even 2GB of packet data that might have been stored in the log file somewhere and not the MAC address database might go unnoticed.

Re:Google is full of it

From a processing point of view, this amount of data is inconsequential. Let's start with some estimates. Street view is in >30 countries, so it's safe to assume at least 30 cars. It is likely for cost reasons that these are driving almost all the time (365 days/year). The reality is probably more cars with some amount of downtime, but the number of car-days should still be conservative. Google admitted that they had this bug for 3 years and gathered 600G of extra sniffed data.

Combining those, we get:
    600*1024/(30*365*3) = 18.7 MB/car/day

Could an internet company with hundreds of thousands of computers not notice 18.7 extra MB from each daily car run? Yeah, I'd say that is plausible. That amount of data is a tiny drop in a field full of buckets.

Re:Google is full of it

[I)_MaLaClYpSe_(I]

A more accurate analogy would be going fishing for tuna and accidentally catching a dolphin.

This is why another poster said that accidental would be if that had happened on one car in one city during a beta test.

Because after that, you look at the data you have gathered and discover your accident. Imho this should be discovered even before such a beta test, as any company that respects privacy should have internal audits set up that discover that kind of misconfiguration.

So, after Google went fishing for tuna and accidentally caught many dolphins, they must have noticed this but obviosly decided that they were absolutely okay with a process that illegally caught as many dolphins as tuna fish and even decided to do this all over the world for years.

Accident? I don't think so. Within that four years that Google has been sniffing the private data, many persons must have noticed that fact.

This means that Google does not give anything about privacy and does not even implement the most basic protections against accidental privacy violations in their workflow.

Google is probably the one company with the most intimate knowledge about a very large mass of people. They know all your search terms (Google Search), your emails (GMail), your documents (Google Docs), your journeys (Google maps) and even your health records (Google Health). Also they now have pictures of your car, your house and garden as well as the SSID of you WLAN, your MAC and in some cases even some data from within your WLAN.

Now, if such a powerful company with that large amount of private data demonstrates, that it is not even remotely capable of not driving through the whole world without violating everybody's privacy, don't you think that this should in fact concern me or anybody?

Misleading summary?

[chrb]

But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets

The deal is that the patent describes capturing and analysing wireless data packets to extract the IP adress alongside GPS coordinates in order to enhance Google's IP geolocation accuracy. The "mistake" that they owned up to is actually dumping and storing all packets, not just the external IP address. Those are two different things.

Re:Misleading summary?

[geggam]

How about some prior art ??

http://wigle.net/gps/gps/main/download/

This has been running for years

Re:Misleading summary?

[virtualonliner]

But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets

The deal is that the patent describes capturing and analysing wireless data packets to extract the IP adress alongside GPS coordinates in order to enhance Google's IP geolocation accuracy. The "mistake" that they owned up to is actually dumping and storing all packets, not just the external IP address. Those are two different things.

In fact, when the story broke out about wi-fi, I suspected it as much. They are sinifing all the IP packaets! To those who say, if you don't want it sniffed, then encypt it or it's on public property and everyone can sniff it or whatever, lets face it, not everyone has the ability to do that. And even if it's not encrypted, does not mean everyone has a right to read it. It's supposed to be my traffic. It's akin to llistening to my wireless calls by capturing wireless traffic that is supposed to be meant for me!

By the way, crying foul when someone captures your unencrypted data is not like getting watched by someone when you stand naked in your window. There is a difference. The watching someone naked bit does not require effort on the part of you eyes. It just happens naturally when you are just wondering around (unintentionally). On the other hand, Google actively drove around the country, intentionally to capture data. It's shady to say the least. And EVIL.

wardriving

[phrostie]

i realize that it may not be their intent to patent wardriving, but wouldn't that be covered by this?

haha

hello mister egg, meet mister face.

I would classify this as 'EVIL' wouldn't you?

[ControlsGeek]

Google is redefining the word Evil as we speak. Someone like Kevin Mitnick would be serving time if they were caught doing this.

Re:I would classify this as 'EVIL' wouldn't you?

Do no evil, then go public

Re:I would classify this as 'EVIL' wouldn't you?

"Do no evil" != "Don't be evil"

You insensitive clod!

[Hognoxious]

Whatyoutalkinbout, Willis?

Re:You insensitive clod!

Muh dik.

Re:You insensitive clod!

[gwbennett]

Apparently not "too soon" for the mods ;)

Google had to reverse itself

[Hognoxious]

Google had to reverse itself

It became elgooG?

Peeping Toms

[clyde_cadiddlehopper]

Prior artists

No. No, I would't. Not at all.

[JSBiff]

They were sniffing OPEN, unencrypted networks. I don't think anyone should go to jail or even be sued for that. If you don't want people accessing your traffic, encrypt it. I mean, I could see the argument that if you used *any* kind of encryption, even WEP (which we all know is easily broken), then you have a reasonable expectation of privacy, and if someone cracks the encryption, then they should be legally liable. But really, if you don't take any measures at all to protect your wireless network, then you have no expectation of privacy.

It's fair game for all the world, as far as I'm concerned. I don't see anything evil about that. That's like hooking your telephone speakerphone output up to a big-ass stereo, turning the volume way up, opening your windows, then complaining when passersby on the street hear your conversation.

Re:No. No, I would't. Not at all.

No, this is like using a long range mic to pick up private conversations.

Yes, if they want to have a "private" conversation, they should have it inside a sound proof room, just like Google cheerleaders like you insist everyone should use encryption to avoid this. Try telling that to grandma.

Re:No. No, I would't. Not at all.

If you don't want someone to steal your stuff lock it up!

Okay, yes you have something of a point in that common sense tells us to gaurd our things against theft. However, just because something that isn't yours is easy to steal doesn't make it right or legal.

Sorry, but you and everyone else that using this kind of argument are way of base for what you're trying to prove with it.

Germany's govt should do what's right....

[yargnad]

and use Google's data to prosecute the owners of these networks since it's illegal to leave your WiFi unsecured in Germany. STATE POWER!!!!

Seinfeld...

[nthitz]

I don't think Jerry would actually pose that question...

Stop infringing on Google's patent now!

Or face multi-billion dollar lawsuits and jailtime, thief!!

The lawsuits miss the point

[Pablo+Escobar]

As I pointed out this morning here - http://theamericandictator.com/content.php/133-Google-has-created-a-virtual-GPS-on-YOUR-laptop-desktop-computer-cellphone.-Really! Google isn't collecting wifi info without a reason. It is collecting the data because it is using it create an unbeatable virtual GPS on every wifi equipped device - laptop - netbook - desktop - cellphone - etc. etc. And THAT data, delivered to google realtime, is also made available through an open API, to everyone. The social implications of having your physical location monitored, reatlime, all the time, is chilling.

a patent on evil. hmmm. business, take note.

[swschrad]

if you are going to be evil, you will have to buy a license from Google.

Lesser of two evils?

For one, if its an unsecured network. Then.......its unsecured. Der! Anybody and everybody can sniff whatever they want from whoever they want. Big Deal. Second, if someone is sniffing my packets then I would rather have google do it than someone else who probably has more malicious reasons than custom adds on my next browser search. There are organizations out there collecting massive amount of information from secured networks and everybody doesn't care as much. Why? Because we know who google is and can find them. So lets charge them with a load of crap because we are frustrated that these "professional" tech people cant find the real threat. HEY EVERYBODY LOOK WHAT GOOGLE IS DOING!! Nevermind that I cant stop my company from being hacked.

No free lunch

[westlake]

If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

This argument becomes tiresome.

It was settled - legally - in the earliest days of radio, on the perfectly intelligible grounds that leeches undermined the funding of subscription services which might not otherwise be viable.

You were never entitled to freely tap into the water, power, sewer, and phone lines which might cross your property.

The carrier wave of the satellite broadcast falls on your property as freely as a sunbeam, a snowflake or a hailstone.

But to extract the content - capture and decrypt the signal - you have to mount a dish.

Install - and modify - a receiver.

To any other eyes than your own, it's a tap.

Re:No free lunch

Tapping into water, power, sewer, and phone means making use of capacity that would otherwise be available to other users. It makes use of infrastructure that someone else owns and has the right to control access to. Decrypting a broadcast signal does not deprive other users of anything.

Prior art

[Rijnzael]

WiGLE

Raw packets

Here is a good technical description from a packet level:
http://erratasec.blogspot.com/2010/05/technical-details-of-street-view-wifi.html

Don't worry, be complaliant...

[rinoid]

Nah don't worry, Google is your friend, your lover, your new red bicycle.

Trust us. We are not evil.

Those who eschew Apple just b/c they are on top, or b/c of some perceived wrong doing, Google knows when, where, and what your search, whom you talk to, where you travel, and in some cases what you buy.

Quit blaming the users!

I'm not a sysop or a sysadmin or sys-anything, but I am reasonably competent in administering my own computer. I can read a manual, interpret a manual, and search Google - and I'm used to doing it because most times saying one has a Mac to tech support is a conversation killer. However, after setting up 4 different wireless routers, my verdict is that 3/4 setups were probably beyond the capability of the average computer user. One setup was beyond the capability of my ISP's tech support - it was their router and they had me exchange the whole thing, only to have the problem recur. I have twice been advised by ISP tech support to leave all the defaults and to leave the router unencrypted. Trying to figure out how to get an encrypted network was a journey through Documentation That Really Sucks(TM) and Interfaces That Really Suck(TM). The only one that worked without me wanting the last 2 hours of my life back was Apple's own, so last time I moved I said ixnay on the wireless offer, got a cable modem and plugged an Apple Airport Express into it.

Sigh

[Cyberllama]

When did Google "deny" this before "reversing themselves"? They were asked to turn over data by the Germans (who have an irrational fear of having pictures of their houses taken). They looked at it first, realized there was more there than they had been intending to collect and to their credit, rather than try to delete or hide it, they announced it and issued a mea culpa.

Anyways, there's apparently no new news for this story included in the summary, so why are reposting and reshashing old stuff? This is such a non-story . . .