Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Describes Wi-Fi Sniffing In Pending Patent

Posted by timothy on from the and-in-the-alternative-yer-honor dept.

theodp writes "After mistakenly saying that it did not collect Wi-Fi payload data, Google had to reverse itself, saying, 'it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) Wi-Fi networks.' OK, mistakes happen. But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets by operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server? Guess belated kudos are owed to the savvy Slashdot commenter who speculated back in January that the patent-pending technology might be useful inside a Google Street View vehicle. Google faces inquiries into its Wi-Fi packet sniffing practices by German and US authorities."

29 of 134 comments (clear)

  1. Wardriving? by Anonymous Coward · · Score: 4, Interesting

    A patent?

    Isn't that exactly the same thing which wardrivers have been doing since WiFi existed?

    1. Re:Wardriving? by gilesjuk · · Score: 3, Insightful

      Why patent it? is that to stop other people doing the same?

      Honestly, Google, Microsoft, IBM, Apple and co, put them on a big ship and sink it. They don't want to compete, they want to lock up very generic ideas and stop everyone else from using them.

  2. Mr Hyde? by symes · · Score: 3, Insightful

    It seems there's one bit of Google that really wants to sniff packets and another side, probably PR, that doesn't want the bad press. At the end of the day they're now just another multinational corporation with potential markets rather than individual customers.

    1. Re:Mr Hyde? by AHuxley · · Score: 3, Insightful

      "harm was done" is a slope many parts of the world do not want to slide down.
      They have strict laws to make sure you do not record people on cameras, voice calls and now data.
      What google did was intercept communications not intended for them and keep the fragments they sucked up.
      They did this around the world, long term and had to set the tech up to do it and keep the data collection going.
      When caught by the press they tried to fake their way out with a local admission and then where forced to tell more of the truth only when exposed further.
      Google missed a request from the German gov to show what data they collected and how it was stored ect.
      That kind of throws "accidental" and "pretty useless" out.
      "Accidental" would be a beta test car in one city, data dump found, turned off and local permission to wifi map requested.
      As for what it is used for, who knows what google sells in bulk beta form to its customers about its consumers (end losers).
      How many external eyes got to scan city maps with MAC, IP and plain text data for keywords?
      From spam to ip misuse to police raids to state task forces and COINTELPRO 2.0 dreams?
      The state sends out spyware/p2p hunt, finds an open MAC and wants to sneak and peak based on googles "bulk" data.
      Wrong family, wrong time, right MAC.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Mr Hyde? by TheRaven64 · · Score: 2, Interesting

      pretty useless (please give me any example of how to use this nefariously)

      If the payload happened to contain a Google search request, or an HTTP request to a site that sues Google Analytics, then they can correlate this with the other information that they have and go from a cookie (which tells you the things the user has ever searched for) to a specific computer (MAC address) and even to a specific house number. The same if the packet was sent to Google's DNS servers.

      --
      I am TheRaven on Soylent News
    3. Re:Mr Hyde? by LordLimecat · · Score: 2, Informative

      Did you miss the part where everyone already knew they were sniffing packets to determine location, and that was never being denied? The issue has always been whether payload data was being recorded. See here: http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html

      Im sorry if I come off as a google apologist, defending them all the time, but my goodness people just seem to want to ignore fact and the actual articles, so they can wildly speculate about what awful things google is doing. My understanding was that Slashdot, as a site for geek news, would be some kind of bastion of reason and intellect. Clearly, I must be new here.

    4. Re:Mr Hyde? by LordLimecat · · Score: 2, Insightful

      They did this around the world, long term and had to set the tech up to do it and keep the data collection going.

      Perhaps its silly of me to ask, but is this speculation, or fact that can be sourced?

      Google missed a request from the German gov to show what data they collected and how it was stored ect.

      My understanding from every article ive seen on the topic is that, whilst complying with the German authorities, they discovered the issue, promptly announced it, and complied with requests to delete the data. Can you provide a link that shows otherwise?

      How many external eyes got to scan city maps with MAC, IP and plain text data for keywords?

      Is this like that whole "did glenn beck rape and murder children in 1990" thing, where you can ask questions based in fantasy to imply wrongdoing? Do you have any evidence that anyone other than a computer actually saw the payload data?

      The state sends out spyware/p2p hunt, finds an open MAC

      What the hell is an open MAC? A rooted Apple computer?

      Why was your post rated insightful? One can see by references to "Open MACs", "P2P hunts", and the implication that IP addresses are personally identifying / private that you have no idea what the hell youre talking about. Half of your post is directly refuted by every article we've had on this topic since it came to light.

  3. What website is this again? by Anonymous Coward · · Score: 4, Insightful

    I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

    1. Re:What website is this again? by Anonymous Coward · · Score: 5, Insightful

      I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property. If you don't want me to decrypt your satellite feeds to get free TV then stop broadcasting it into my receiver on my property.

      I don't mind that people see me when I go out on the street.

      But at the same time, I don't want Google or any other company to film me, and digitally store every trip I make.

      But following your line of thought, I should reason that if I don't want Google to film me in my own street, then I shouldn't go outside.

    2. Re:What website is this again? by morgan_greywolf · · Score: 4, Funny

      I am totally unconcerned with Google or anyone else collecting this kind of data. If you don't want anyone to know about your access point then stop broadcasting for hundreds of feet over public property.

      In addition, start using WPA, stop broadcasting your SSID, etc.

      Personally, I do use WPA, but I still broadcast my SSID, which is currently set to 'hacker' and for some reason the neighbors say they don't want to mess with that wireless network. ;)

      --
      My blog
    3. Re:What website is this again? by FuckingNickName · · Score: 2, Insightful

      You do realise that sending an SSID over the airwaves is not an implicit offer to "the public" that you "advertise a service", yes?

      I mean, if I put a sign in front of my house giving the name of my house, am I telling you that you can come in and use it at your whim?

    4. Re:What website is this again? by ZosX · · Score: 2, Informative

      No. Not strictly broadcasting an SSID, but open, unencrypted networks are much more of a grey area. Did someone leave the AP open so they could share? Is it a businesses AP for their customers and anyone else that might be able to get it? Consider that just about every new ap out there has encryption enabled by default. Obviously someone had to open up the AP, or they are running an ancient 802.11b device. Anymore open APs are pretty much the exception the the norm. I say if its open, you might as well try to get a signal if you can. I love my G1 for that since an AP is generally a lot faster than the 1mbit, 500ms latency 3g connection.

      --
      zosxavius photography
    5. Re:What website is this again? by jabbathewocket · · Score: 2, Insightful

      That logic is precisely the definition of slippery slope... if tommorrow it is announced that a brand new version of wifi needs to be installed to prevent "breaches in security" does that mean that everyone who does not spend $$ to update immediately is deserving of being considered (legally at any rate) having "opened their network on purpose for any and all to use in any way they see fit" ?

      There are *alot* of ancient B devices, not to mention a huge number of newer G devices that simply do not interact properly (or at all) given the not always overlapping security choices.. IE Device A can use X version of G security, device B can use X Y Z and device C can only use Z type. but all support "open"

      Does that mean that because this combination of devices only works properly with open security (and requires broadcasting SSID) that these networks are LEGALLY fair game for any and all to do whatever they please with?

      Ultimately it comes down to "just because you can do it, does that make it morally and legally the right thing to do? I would say that historically the legal allowance of behavior hinges far less on the "is it possible" and more on the "is it the right thing to do"

      As far as Google vs "others" is concerned.. its again about slippery slopes.. allowing Google to capture supposedly "unidentifiable information to determine location" is a great way to open the door for others to do things that perhaps we do not as a society want them to do.. the "do no evil" mantra that Google tries to portray around itself.. should extend to not opening the door to evil, even if they are not doing the evil themselves (which is open to debate in many ways but that is a subject for another post.

  4. Beta? by Gen.+Malaise · · Score: 2, Funny

    It's now "Wardriving -Beta"

  5. Re:Wardriving by morgan_greywolf · · Score: 2, Funny

    No. That would be "GWardriving(tm) Beta"

    --
    My blog
  6. Terrible summary, yellow journalism at its finest by ukyoCE · · Score: 4, Informative

    operating a device — which 'may be placed in a vehicle' — in a 'sniffer' or 'monitor' mode and analyzing them on a server?

    As scary as the poster tries to make this sound, this is how you listen for public access points. This post is a scare-mongering dupe.

    Yellow journalism is getting to be awfully common here on Slashdot. For instance this troll of a story which just so happens to be from the same author:

    http://developers.slashdot.org/article.pl?sid=10/05/21/1427245

  7. WTF? by Arimus · · Score: 2, Interesting

    Hm, my netbook + car charger + linux + aircrack-ng does just that.
    My archos media player can do likewise.

    How can you patent this crap?

    --
    --- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
    1. Re:WTF? by jibjibjib · · Score: 2, Informative

      Because (as a little bit of common sense or a minute of reading the article would tell you) the patent is longer and more detailed than the Slashdot summary and actually describes a specific non-trivial innovation.

  8. Oh come on, this is ridiculous. by ZorbaTHut · · Score: 2, Insightful

    The patent is for capturing the metadata and analyzing it. Guess what the Google van was supposed to do? That's right: capture the metadata, and analyze it. Nobody's disputing that, nobody ever has disputed that.

    The accidental part is that it turns out they were capturing more than metadata. The patent doesn't talk about doing that, there's no evidence Google ever intended to do that, and it's difficult to determine what they could possibly gain from it anyway.

    So, here, let's improve the headline.

    "Google Has Pending Patent For Exactly The Process They Tried To Implement, But Slightly Screwed Up"

    SHOCKING!

    --
    Breaking Into the Industry - A development log about starting a game studio.
  9. Google is full of it by ugen · · Score: 2, Interesting

    I think the original "by mistake" explanation they gave is a load of cr%p. How is it even possible to "collect WiFi information by mistake"? You have to install appropriate hardware and software, run it and then place the results to some sort of a database. Basic though it may be, someone had to do this, do this on all Google street view vehicles and keep it running. We are talking an effort of multiple people. There is absolutely nothing about it that's a mistake.
    Now that they've been caught - they are resorting to bold faced lies.

    Didn't have much trust in Google until now, but this has gone beyond anything acceptable.

    1. Re:Google is full of it by shentino · · Score: 2, Informative

      They can make mistakes on what part of the packet they sniffed.

      A more accurate analogy would be going fishing for tuna and accidentally catching a dolphin.

    2. Re:Google is full of it by bk2204 · · Score: 3, Informative

      The difference here is that they actually intercepted data by mistake. If you use Kismet (probably the best wireless sniffing tool for Linux), you can set it to not save data packets, only beacon packets (which really have all the data that Google needs), but by default, it saves everything, including any data packets it sees (encrypted or unencrypted).

      It depends on what you're doing what packets you want. If you're trying to break WEP, you only care about encrypted data packets; if you're just doing innocent wardriving, you only want the beacons.

  10. Misleading summary? by chrb · · Score: 3, Insightful

    But, as Seinfeld might ask, then what's the deal with the pending Google patent that describes capturing wireless data packets

    The deal is that the patent describes capturing and analysing wireless data packets to extract the IP adress alongside GPS coordinates in order to enhance Google's IP geolocation accuracy. The "mistake" that they owned up to is actually dumping and storing all packets, not just the external IP address. Those are two different things.

    1. Re:Misleading summary? by geggam · · Score: 2, Interesting

      How about some prior art ??

      http://wigle.net/gps/gps/main/download/

      This has been running for years

  11. Re:Wifi Sniffing is an old term by Anonymous Coward · · Score: 3, Interesting

    Wifi Sniffing and wardriving are two overlapping but different concepts. Sniffing is passively capturing wireless LAN traffic, i.e. a very broad term. Wardriving is when a mobile receiver passively captures a specific subset of WLAN traffic, namely the beacon frames, for the purpose of finding and listing but not accessing wireless LANs. What Google supposedly wanted to do was wardriving. What Google actually did was Wifi sniffing.

  12. Re:xmmm by Daengbo · · Score: 5, Informative

    There is no reading comprehension in the world, apparently. This patent is about what Google claims it was trying to do -- recording SSID and MAC information for location purposes. It has nothing to do with the "mistaken" data packets (sent unencrypted over the air). How the submitter connected the two, I don't know. I suspect lack of coffee and excess Google hate.

    --
    Put identity in the browser.
  13. You insensitive clod! by Hognoxious · · Score: 4, Funny

    Whatyoutalkinbout, Willis?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  14. No. No, I would't. Not at all. by JSBiff · · Score: 2, Insightful

    They were sniffing OPEN, unencrypted networks. I don't think anyone should go to jail or even be sued for that. If you don't want people accessing your traffic, encrypt it. I mean, I could see the argument that if you used *any* kind of encryption, even WEP (which we all know is easily broken), then you have a reasonable expectation of privacy, and if someone cracks the encryption, then they should be legally liable. But really, if you don't take any measures at all to protect your wireless network, then you have no expectation of privacy.

    It's fair game for all the world, as far as I'm concerned. I don't see anything evil about that. That's like hooking your telephone speakerphone output up to a big-ass stereo, turning the volume way up, opening your windows, then complaining when passersby on the street hear your conversation.

  15. Re:Really bad PR for Google by butlerm · · Score: 2, Informative

    The point is, that even if it's not "locked down" and may even appear to be open, behaving this way in a residential area is tantamount to trespassing

    Using someone's service to actually send and receive Internet traffic is a completely different situation from analyzing unencrypted data packets. As in significantly different legal standards apply. In this case, it is ridiculous to consider passively listening to unencrypted traffic to be "trespassing", any more than parking on the side of the street would be.

    I. As it happens, the Electronic Communications Privacy Act states "It shall not be unlawful under this chapter...to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;" (18 USC 2511, 2(g))

    The wisdom of capturing traffic from a system configured so that the communication is "readily accessible to the general public" aside, Congress certainly doesn't consider such things to be a legally prohibited privacy violation. Otherwise it could be illegal, for example, to listen to a CB ("citizens band") radio just because the conversation was not addressed to you.

    Now as it happens, it is illegal to listen to phone calls on certain bands, and Congress has made such traffic not readily accessible by prohibiting the manufacture and distribution of amateur radios, etc. that can listen on those bands. As of yet, Congress has not prohibited the sale and distribution of wireless network adapters, however, nor prohibited such adapters from transmitting traffic "readily accessible to the general public".

    II. Besides the ECPA, a much older law governs what you can actually do with the contents of wireless transmissions not intended for you. Specifically, you cannot disclose the contents to others, nor can you use them for your own private benefit (cf. 47 USC 605). So it would seem that Google can legally capture the traffic, but they can neither disclose it, nor use the contents even for their own proprietary benefit.

    There is a specific exception to this provision for viewing unencrypted satellite transmission under certain conditions, but no visible exception for divulging or making private benefit of (unencrypted) wireless network transmissions.