Slashdot Mirror
Google Admits To Collecting Emails and Passwords
wiredmikey writes "Alan Eustace, Google's Senior VP of Engineering & Research, just put up an interesting blog post on how Google will be creating stronger privacy controls. Right at the end is an interesting admission: that after Streetview WiFi Payload data was analyzed by regulators, their investigations revealed that some incredibly private information was harvested in some cases. Eustace noted that 'It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.'"
Clearly it hasn't been working... Oh well...
One thing I know, and that is that I am ignorant...
Google policy is inadequate to protect your data. Encrypt your wifi. That is all.
The World Wide Web is dying. Soon, we shall have only the Internet.
This is entirely different what the summary and the title implies, which is deliberately seeking out email or password data.
While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
and who is going to get pinned at fault for all this? Google? the Consumer?
Personally: I think it should be equipment manufacturers. honestly: 99% of people want basic wep/wpa/wpa2 encryption. just build all consumer routers to REQUIRE it during setup, and provide a flash/an option to disable it.
for the 1% of people that want an unencrypted wireless router out of the box: they can stand to pay more, or learn enough about the cheap ones to know how to turn it off.
Google did not drive around for the purpose of harvesting passwords from unsecured WiFi connections. It inadvertently recorded some data that was broadcast and somewhere buried in it were some e-mail addresses and passwords.
If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Google screwed up here, accidentally capturing all of this data. Why they didn't just delete it, rather than doing this whole "hair shirt" thing is more than a bit weird.
But: whose fault is it, actually? If you transmit a radio signal into the public domain, do you have any expectation of privacy? Seems to me that the people using unsecured networks share a large portion of the blame here.
For the obligatory car analogy: leaving your router unlocked is like leaving your car unlocked. Transmitting unencrypted login credentials using your unlocked router is like - what? Maybe parking your car in the Bronx and leaving the keys in the ignition?
Enjoy life! This is not a dress rehearsal.
Exactly. they meant no harm by this: they just wanted to know where you ARE so the local ads server to your connection in the future would be more relevant.
Honestly, I applaud them for getting so much free advertising out of this. even people that have never used a computer/don't have internet at home now know who they are.
Eric Schmidt flat-out said that the only people who care about privacy have something to hide, and they were caught archiving neighborhood WiFi data "accidentally." I don't know why people still treat Google as some benevolent open source company--their search and advertising platform is as closed source and proprietary as Windows.
Every free service they offer is to get you onto their indexing and advertising platforms. They use the moniker of "open" to attract people and trick them into think Google is ethical and is "one of them." And yet, no matter how many times it's proven what a sham their do-no-evil mantra is, they continue to have defenders who want everything they use to be Google-branded.
Eventually, the tide is going to turn, and they're going to be as derided as Microsoft. The transition is happening. Until then, you'll still get people who actually believe Google is an open company that's all about the engineering.
While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.
Google is a big company full of a lot of really smart people. How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data? Their intentions may not have been 'evil' but negligence is no excuse. Not acting to prevent this type of data being gathered in the first place is 'evil' enough.
How is this any different than what was revealed when this story first broke.
Google reported this from DAY ONE, and rather than sweeping it under the rug they tattled on themselves, and asked world governments what they should do with the data rather than simply destroying it.
THERE IS ABSOLUTE NOTHING NEW IN THIS STORY.
Just because you are late to the party don't assume nothing happened prior to your arrival.
Sig Battery depleted. Reverting to safe mode.
If someone is broadcasting their 'sensitive data' by shouting through a bullhorn for the whole world to hear, they shouldn't be surprised if someone wrote down what they heard, nor should they complain.
The Privacy minister in Canada is suing them for violating the RIGHTS of Canadian citizens worldwide as well as those EU citizens - both of whom have stronger privacy RIGHTS than we peons do here in America.
I hope they break them up - serves them right.
-- Tigger warning: This post may contain tiggers! --
it took regulators this long to figure it out!? I haven't even seen the data yet I could have told you that they would have found emails and passwords -- if you snoop traffic from thousands of unencrypted Wifi nodes you're going to come up with all sorts of things, including email addresses and passwords. I bet they even captured some credit card numbers and social security numbers too.
I just don't see why this is a crusade against Google when anyone driving down the street can do the same thing. If regulators want to bust someone, they should bust Wifi equipment manufacturers that allow the devices to broadcast unencrypted traffic by default. (though to be fair, the most recent access point I purchased did use WPA by default).
Instead of the uproar against someone picking up cleartext broadcasts, why isn't there an uproar about so many people broadcasting their private communications in cleartext!?
"Google Admits To Collecting Emails and Passwords." Yeah, it's called Gmail. At least the article summary was closer to reality than usual. Since we're on the subject: has anyone else been getting the suspicion that article summaries from other Slashdot editors lately are really kdawson also?
How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data?
Quality Assurance testing is three parts sweat and one part luck. If the testing was done in a neighborhood with no open wifi, they wouldn't see anything that would requiring fixing. Remember where Google lives: I would expect most wifi links to be either closed, or wide open (as in public access points in cafes).
A limiter to your theory, however, is that all data has a "half life". Password and emails change. People move. People die. Over time the data in the database (sorry for the redundant redundancy) becomes more stale and inaccurate until, at some point in the future, using said database results in more "misses" than hits.
Perhaps there is a silver lining behind that cloud after all.
Seven puppies were harmed during the making of this post.
While clearly not OUTRIGHT evil, Google certainly defines "no evil" down into a far grayer area than we might have hoped.
Anyone else struck by the correlations between tech companies and politics? While there may be differing degrees, nobody but NOBODY is anywhere close to what I'd consider clean and ethical.
And why did Privacy International place Google dead last out of 23 companies examined and described its actions as "comprehensive consumer surveillance and entrenched hostility to privacy"? Please stop this automatic defense of Google. As far as I'm concerned, the company that has the most information about me is the one that presents the greatest threat to my privacy. Saying that you trust Google not to abuse it is like saying you trust gravity not to cause you to fall because it is not evil.This is a small exaggeration but what I'm getting at is that corporations of that size acquire a life of their own and there is only so much that mission statements written by their founders decades ago matter. Google will be as evil or not evil as the collective decisions of its shareholders, employees and customers are over the years and those are not any different special google kind of people. They are the same people and same market forces that that direct actions of any other corporation.
Negative moral value of force outweighs the positive value of good intentions.
Let's post the same story every month, but change the headline with new and obvious information to suggest a new story. I mean seriously, did anyone doubt that somewhere in 6 gigabytes of random data snippets there wouldn't be a password or two? Of course there were. We already knew this. There's no news here except that Canada confirmed what Google already told us. Wow, thanks Canada.
Also, what's the same is that the idiots who are broadcasting their person info are still doing it at local wifi hotspots and their own wide-open home nets. They're lucky that it was Google who captured that data. If it was anyone else, no one would ever have known until something bad happened, or at all. Google can adapt and improve. Dumb users? Not so much.
This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
They were running Kismet, by default it stores the information captured in a file. Google noticed this later and reported on themselves to give the governments involved the chance to tell them how to destroy the data. This was not intentional capturing, and it only captured what these people were willfully transmitting in the clear over the air.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Google is a big company full of a lot of really smart people. How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data? Their intentions may not have been 'evil' but negligence is no excuse. Not acting to prevent this type of data being gathered in the first place is 'evil' enough.
Must we really rehash that here just for you?
Howbout using something to search the intewebs and find out how this happened. You could maybe use something like Google?
It was a very low level beacon capture that stored too much data by accident. But because it did capture the beacon packets (and because that is all google was interested in) the fact that more than beacons were picked up in clear text from people too stupid to secure their routers wasn't even noticed.
Sig Battery depleted. Reverting to safe mode.
This is simple confirmation of what was expected. Anyone who has spent some time sniffing unencrypted wifi traffic (i.e. wardriving) has likely seen the exact types of data that's being described. That Google's tools (and I suspect they were re-purposing the same OSS tools we all have access to) during extensive amounts of wardriving is no surprise. The real question is what Google had planned to do with this data.
There are plenty of people who haven't spent any time watching Kismet and ARE surprised at this. It seems to me that this surprise has over-ridden the real question. It's as if Google were the only entities out there doing these things. That their here-unto-unmolested privacy has been pierced by Google's roving gaze. In reality, they've always been exposed and likely exposed to far more than Google's Streetmap vans. But they are keen to lash out at Google.
But again - all this thrashing about is a red herring. The issue really is what Google was doing with this data. It does look like Google was picking up additional information that they weren't interested in. It doesn't look like they were trying to record full sessions and capture sensitive data per se. And if this is so, Google's proper handling and purging of extra data would be a Good Idea. Just as it would be a Good Idea for people to understand the nature of the public networks they put sensitive information on.
Exactly. they meant no harm by this: they just wanted to know where you ARE
Correct.
so the local ads server to your connection in the future would be more relevant.
Yes. That's the only reason. I'm sure no one finds location-aware applications useful for any other reason. I mean, why would I want to be able to look up businesses in my area? Or geotag photos? Or god knows what else? Yup, the only reason Google would be doing this is to target you with ads, and no one wants it but Google. Yup, makes sense to me!
Meanwhile, Google is absolutely forcing software developers to send SSID information to Google without your permission, so that they can figure out where you are without your knowing it. Devices *definitely* don't ask you first before sending that information on. It's just forced on everyone without them ever knowing. And it's all Google's fault!
Right?
Does this really surprise anyone? I know that it doesn't surprise me. Another great reason why all of your passwords should not be the same thing.
"To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
No. This is a case of lack of security on WIFI access points.
THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.
This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures. You want privacy, then close the shades and encrypt your data transmissions.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Before people start freaking out about how evil Google is, I wanted to temper the rage by pointing out that Google's involvement is purely passive. Their collection techniques were solely collecting wifi payloads that were visible from the street, and never actually attempted communication with any routers. It would be a completely different story if Google had actively logged into routers and collected data, as that would be a major criminal violation. But they didn't.
I'm not suggesting that saving the data was entirely ethical, but they weren't out there to collect it. If anything, this demonstrates just how ridiculously insecure an unencrypted wifi network is. If you do nothing else, at least use WEP, despite all it's vulnerabilities. It will keep 99% of people out of your network (i.e. the casual neighbor looking for a free connection when their own service is not working).
Google is a big company full of a lot of really smart people.
And every single one of them was working on this problem? Really?
How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data?
Because they screwed up?
Their intentions may not have been 'evil' but negligence is no excuse.
Of course it's an excuse. Negligence happens. Are you saying Google must be perfect, and if not, they're not allowed to ever do anything?
Besides which, if anyone was negligent, it was people running unsecured WAPs and then sending passwords in cleartext. But no, we must blame Google for capturing unencrypted wireless traffic... hell, if you ask me, we should be thanking Google for bringing to light a real problem with home wireless installations.
Not acting to prevent this type of data being gathered in the first place is 'evil' enough.
Wait, so now "evil" is simply defined as "fucking up sufficiently to piss you off"? Interesting.
You seem to think advertising is limited to popups and banners.
any location aware application IS advertising. that's almost ALL it is. knowing what local businesses are nearby through the use of a tool: is almost the definition of advertising.
advertising is a WIDE array of topics and applications. when you geotag a photo, and want people to see your photo with your name before anyone else's photos of the same subject: that's advertising.
This is kind of akin to saying that if I were to drive around my city to create a map of coffee shops and it's my fault that I saw people enjoying their coffee outside due to negligence.
Ok hang on a second. Let's slow down with the inflammatory headlines here, okay? The Google Street View cars picked up partial hashes of data from unsecured routers. And as far as Google "admitting" to collecting the data, that was something they announced last May. So put down your rape whistle, kdawson, there's nothing sinister going on here.
THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.
Nope. Is an unlocked door an invitation to break in? Of course not. Google's vans acted just like burglars scoping out a neighborhood, going door to door to check which ones are unlocked. Not only that, they actually broke in to some of these analogous homes, and took souvenirs with them (emails, passwords).
This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures.
Taking pictures like that is illegal too.
Well analyzed. I don't get peoples explosions at Google for doing exactly what they advertise they do: collect data, and sell targeted ads to companies, while trying to anonomise the data that other companies see.
as far as it goes: they do a pretty damn good job of it too.
Facebook conspiracy: Data mining for the CIA
My loyal readers may recall that DARPA (Defense Advanced Research Projects Agency) has some grotesque tentacles: the Information Awareness Office (IAO); TIA (Total Information Awareness, renamed Terrorism Information Program); and TIPS (Terrorism Information and Prevention System).
It is commonly believed that in 2003 an irate American people forced the government to stop these Orwellian command-and-control police state operations--or did they?
Congress stopped the IAO from gathering as much information as possible about everyone in a centralized nexus for easy spying by the United States government, including internet activity, credit card purchase histories, airline ticket purchases, car rentals, medical records, educational transcripts, driver's licenses, utility bills, tax returns, and all other available data. The government's plan was to emulate Communist East Germany's STASI police state by getting mailmen, boy scouts, teachers, students and others to spy on everyone else. Children would be urged to spy on parents.
These layers of the mind control infrastructure were seemingly dead and buried. But was the stake actually driven through its evil heart? History leads us to believe that it was not.
Then shazam here comes the privacy killing juggernaut called Facebook.
Facebook, however, does what Chairman Mao, Joseph Stalin, or Adolf Hitler could not have dreamt of - it has a half billion people willingly doing a form of spy work on all their friends, family, neighbors, etc.--while enthusiastically revealing information on themselves. The huge database on these half a billion members (and non-members who are written about) is too much power for any private entity--but what if it is part of, or is accessed by, the military-industrial-national security-police state complex?
We all know that "he who pays the check, calls the shots," therefore; whoever controls the purse strings controls the whole project. When it had less than a million or so participants, Facebook demonstrated the potential to do even more than IAO, TIA and TIPS combined. Facebook really exploded after its second round of funding--$12.7 million from the venture capital firm Accel Partners. Its manager, James Breyer, was formerly chairman of the National Venture Capital Association and served on the board with Gilman Louie, CEO of In-Q-Tel, a venture capital front established by the CIA in 1999. In-Q-Tel is the same outfit that funds Google and other technological powerhouses. One of its specialties is "data mining technologies."
Dr. Anita Jones, who joined the firm, also came from Gilman Louie and served on In-Q-Tel's board. She had been director of Defense Research and Engineering for the U.S. Department of Defense. This link goes full circle because she was also an adviser to the secretary of defense, overseeing DARPA, which is responsible for high-tech, high-end development.
But as bad as the beginning of Facebook is, the parallels between the CIA's backing of Google's dream of becoming "the mind of God," and the CIA's funding of Facebook's goal of knowing everything about everybody is anything but benign.
Furthermore, the CIA uses a Facebook group to recruit staff for its National Clandestine Service. Check it out if you dare.
Do not become a victim of this full frontal assault on your personal information. Think twice about putting your entire life on Facebook or by that matter on any social media site. None of it is ever private. Everything you put online stays online forever in a server farm somewhere for anyone to analyze you and the people you love. They do not care about your privacy at all and put great value on uncovering all they can about you. They have an agenda that will become more and more apparent to people as time goes by. Believe it or not there is a great change coming in our culture that many choose to be blind too. The mass loss of liberty and freedom we are experiencing is just a signal to the direction this is all going.
"Flyin' in just a sweet place,
Never been known to fail..."
How the hell is this google's fault anyway? If you don't want your "incredibly private" information in other's hands, then don't fucking broadcast it into the air unencrypted for anyone in a 500' radius to pick up and record. How is this different than reading your email into a radio broadcast and then being shocked (shocked) that someone recorded it by accident. This is stupid.
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
I don't think so. I'm Anonymous.Coward@gmail.com, and they haven't so much as Buzzed me.
This is entirely different what the summary and the title implies, which is deliberately seeking out email or password data.
While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.
Sorry but I consider purposely violating my privacy pretty evil. Thanks
Door?
Locked?
Are you daft?
Tell you what, Mr Bad Analogy Guy, you move all your valuables out onto the middle of the street tonight and leave them there for a week for all passers by to peruse and see how much is still there next friday.
There is no expectation of privacy for things you broadcast to the world at large.
They did not Break into anything. They drove down the street, with their windows rolled down listening, and idiots like you were busy shouting your credit card numbers and sexual orientation from the curb side.
Sig Battery depleted. Reverting to safe mode.
...in some instances entire emails and URLs were captured, as well as passwords
What passwords were recorded? Surely not email login passwords right? What email systems aren't using encryption to send that type of data?
They were running Kismet, by default it stores the information captured in a file. Google noticed this later and reported on themselves to give the governments involved the chance to tell them how to destroy the data. This was not intentional capturing, and it only captured what these people were willfully transmitting in the clear over the air.
You don't accidentally capture information because you left the default settings on when you were gathering data around the world.
I agree, his analogy is wrong.
But, I would be truly peeved to learn that anyone was sitting out in the street and recording traffic for any significant period of time. You want to "glance" at my traffic the same way a regular person would "glance" into my house windows while walking down the sidewalk, that's reasonable. But you want to camp out on the sidewalk and point a camera into my windows 24x7 and save it all to a database for later use and I do have a problem with that - same as I would with a long-term packet dump. If nothing else, because it is essentially stalking.
And that's the case even for encrypted traffic - even when the encryption is not cracked - as some amount of information can be gleaned from traffic analysis.
When information is power, privacy is freedom.
If you're broadcasting unencrypted data, YOU'RE the one tossing your privacy away. Sorry.
"The large print giveth, and the small print taketh away" -- "Step Right Up", Tom Waits
I agree, his analogy is wrong.
But, I would be truly peeved to learn that anyone was sitting out in the street and recording traffic for any significant period of time. You want to "glance" at my traffic the same way a regular person would "glance" into my house windows while walking down the sidewalk, that's reasonable.
Driving down the street at 25MPH would seem to fall into your definition of reasonable. No?
Google didn't sit outside of your house. That was probably the local cops you saw out there.
Google just drove down the road, with its well marked car, at just under the speed limit. Once. Months ago.
Sig Battery depleted. Reverting to safe mode.
But it might not be much of a stretch to figure out that John smith (johnsmith@email.com, 123 streetname in cityville USA who likes SciFi, BDSM, classical music, communicates with person A,B,C in their contact list and surfs heavily between 9pm-4am from 2008-2011) is the same John Smith who now lives in the UK, communicates with a lot of the same people and enjoys similar habits in 2012.
Google didn't abuse their position as Google to collect this data. Were they skimming emails, search terms, etc for passwords, that would be an abuse. However, they were driving around in a car with a wireless router, something I could do with about as much efficiency. The people whose data they collected didn't entrust it to Google to keep private; they were simply broadcasting data.
Certainly, Google has a responsibility to not collect, store, and use this data, but they didn't do that. They accidentally copied/pasted the wrong code segment, and ended up logging more than they intended to. Furthermore, once they discovered their mistake, they disclosed this information, and begin working with local governments to correct their mistake. I believe that they acted admirably in this situation; many other companies simply wouldn't have disclosed this information in order to protect their image.
When they got caught, they were forced to own up to it or risk a backlash. That totally makes them not evil! Nobody pay attention to this critical story about Google!
The news here is that what was in the data is specifically being detailed. It says right in the article that they didn't know exactly what was in the data at first, so you're lying when you say there's nothing new here. The news is that it's been confirmed by regulators (not Google) that there were entire emails, URLs, passwords, and more archived by Google.
Like I said in another post, Google can do no wrong to some folks around here. Eric Schmidt actually came out and said that only people with something to hide care about privacy, and even that doesn't sway people like you. Fans to the bitter end, I guess.
They didn't GET CAUGHT.
They reported this prior to any investigation.
Sig Battery depleted. Reverting to safe mode.
Leaving your door open still requires someone to go onto your property and actually depending on what they're doing in some instances they are allowed into your house if you leave your house open. All they have to do is say they were concerned that your house was attacked and stepped in to check on you.
Taking pictures of naked people viewable from the streets isn't illegal. The whole tabloid media makes huge chunks of money from doing that.
The original poster is correct. While Google shouldn't have collected the data they are the people you have to worry about the least. People are opening themselves up to anyone to potentially allow them to do whatever they want with your data. Google came clean and admitted to what they were doing without anyone forcing them to. I'd be more worried about all the other people that were potentially doing the same thing for illegal means.
Rather than picking on Google it would be much more productive to get on the backs of network hardware manufacturers and find out why they're making the defaults for their hardware insecure. They should make it harder to make enable your hardware to be open than to be closed.
The only thing that will come out of picking on Google is that this gets reported numerous times and more and more people are made aware of how easy it is to mess with people's internet connections. I'm not saying this shouldn't have been made public. Google should answer for their mistake but they're not the real problem and no matter what happens to Google the underlying problem does not go away.
Obligatory.
xkcd figured it out, so they had to reconsider their plan.
You're wrong, there is a shifty guy in a Google t-shirt outside in my bushes at all hours. I know he's up to no good because he has a cape, top hat and long moustache that curls at the ends.
It is true the fundamental problem lies in a lack of security. But Google shouldn't be recording it, especially because their cars so thoroughly scan the country.
And your example of photographing someone in their house is not a good one, because that most likely breaks well-established privacy laws. Yes, even if the person left their window open, they likely have an expectation of privacy because they are in their home.
Driving down the street at 25MPH would seem to fall into your definition of reasonable. No?
Right. Which is why I think this case isn't a problem.
I just take issue with the broader argument that it is reasonable to expect to lose all expectation of privacy when out in public.
When information is power, privacy is freedom.
The scoring itself is insightful:
Moderation -2
50% Troll
30% Overrated
20% Insightful
It is frequently illegal to access unsecured wifi if you are not an authorized user. Google's collection of data off an unsecured wifi network constitutes unauthorized access. In many places, it is illegal.
THAT is a LARGE reason why Google should be held accountable for DATA that is floating in the middle of a PRIVATE NETWORK. The problem is GOOGLE decided that the LAW didn't APPLY to THEM.
Except he might not like classical music anymore, he might have grown out of Sci Fi, and he might have moved from BDSM to scat. Habits change - there's a mistaken assumption out there that they stay the same - so you keep getting spammed for ads for new barbecue sets right after you just bought a new barbecue - umm hello. Waste of an ad.
Seven puppies were harmed during the making of this post.
THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE.
Well, it clearly is illegal under GERMAN law, and Google did it on GERMAN streets.
I'm pretty confident I could dig up a few other countries in the "rest of the world" that have similar laws.
It isn't like a naked woman dancing in front of an open window. Obviously the woman would know that she could be seen. Most people who use WIFI are not aware of the consequences. Google staff, and the people who developed the google cars which gathered the data were aware of the possibility.
The fact that a person does not weld their car to the floor does not mean that it is reasonable for someone to come along and steal it. If I walk along the street talking to a friend on my phone, that does not make it OK for someone with a directional microphone to listen in to the conversation. And if I use an unencrypted wifi it is not alright for Google to come along and record the data.
You have got to learn that there is more than one issue here. First the person who steals the data. Second the person who left the data insecure. The failure of the latter does not excuse the action of the former. Think about that before you comment next time.
Now, stop being dim and go tidy your room.
They should have destroyed it before they even asked for help.
Part of "Don't Be Evil" is "Don't Cooperate With Evil"
And after their recent run in with possibly state sponsored hacking of political activists in China, they should defnitely be wary of trusting even the government.
Not to mention that simply even holding this information, even under lock and key, is an invitation to the information being hacked and leaked, both by crackers and covert government agents alike.
knowing what local businesses are nearby through the use of a tool: is almost the definition of advertising.
If I asked for a piece of information and Google responded with exactly the information I wanted, I wouldn't consider the response to be advertising, and I certainly wouldn't be upset about receiving such information (and neither would any reasonable person IMHO).
$ make available
they also created a dump of your emails
if people give out their passwords for free, they must not care
Right. Google "accidentally" copied and pasted the wrong code segment, and "accidentally" ended up loggin more than they "intended" to. Wink. Wink. They also "accidentally" never noticed that their storage media was filling up must faster than originally planned.
Why would they be logging any information at all from unencrypted wifi? I drive around all the time with an iPhone and an iPad and I sometimes even "borrow" open wifi bandwidth. I have never once purposely or "accidentally" logged any information coming from the wifi. Maybe I'm just dense, but I can't even imagine how I could "accidentally" log data.
They "disclosed" the information after they got caught.
If Microsoft had done this, people would be throwing an absolute shit fit. Google does it and people fall all over themselves tying to explain how Google wouldn't do anything bad, it was all just a tragic "accident."
Dude, stop drinking the Google kool-aid. Seriously, you Google fanboys take the prize. We Apple fanboys can't even hold a candle to you.
It is quite interest to see /. turns into a Google apologist fest whenever there is new about this Google "wifigate" (along the same lines as the iPhone "antennaegate").
The usual slew of /.er who rant against Facebook violating privacy (in spite of people putting those stuff up there themselves in the first place), rant against ad agencies tracking your online activities through tracking images in email (in spite of the fact it is the user's email client that initiate contact to the tracking servers), now suddenly rush to Google's defense all saying that it is wifi users fault for not encrypting their wifi traffic (hey, you sent out those data yourself).
All notions of human decency thrown out of the window whenever Google is involved.
Nevermind that most free wifi are unencrypted, and not all POP mail servers supports TLS, and many email clients will just happily check for email whenever it can connect to the server, no way of knowing if the network link is secure or not.
Nevermind that the wifi data of the users are also captured, who have no control on how the wifi access point is configured. Did I mention that most free wifi access are unencrypted? Why encrypt when you are providing free wifi for other people to use.
Saying it is ok to capture these data is tantamount to saying it is ok to wiretap free public phones. If I put out a phone for public to use for free (which many businesses do in the past before mobile phone), it is NOT ok for me to listen onto the phone conversation, much less some unrelated mega corporation. But for Google, it is ok to do so, and on a massive global scale, too.
Following your logic, I bet you guys would be all perfectly happy in these hypothetical cases too?
goes to show that there is no such thing as security. it also shows how easy it is to abuse any tool, no matter how foolproof its made.
Understanding is much like a 3-edged-sword. in this: there are always 2 sides and the truth.
I t will eventually dawn on people that "free" never is, and I'm unsure just how high the price in the end will turn out to be. Privacy is not accidentally defined as a human right, but companies like Google and Facebook started their growth in an era of unprecedented attacks on the private sphere (appreciate your privacy? You MUST be a terrorist).
It will be interesting how they cope with the returning desire of people to control their own information. So far, the signs are not good.
Insert
> Google noticed this later and reported on themselves
Just to correct a point that keeps recurring, Google were not proactive in this issue and did not "report themselves".
Following the discovery that Street View cars were fitted with Wifi sniffing equipment, which raised queries from German and UK authorities, on 27 April Google responded with a blog post in which they said Google does not collect or store payload data. This was repeated in releases sent to data protection authorities.
The Data Protection Agency in Hamburg was unconvinced and asked Google to provide a manifest of the exact data that was being collected. Google then discovered that they were collecting payload data and blogged accordingly.
You will notice that at all times Google were reacting to requests.
No it's your fault when you have listening equipment pointed at their conversation just like peeping toms are arrested with photography equipment outside windows.
So Google is appointing a Director of Privacy, Alma Whitten, from the UK, the country with more surveilance cammeras per person than any other country on the planet. She assures us that, "We are now strengthening our internal privacy and security practices with more people, more training and better procedures and compliance." Oh just wonderful! With all the Chinese programmers at Google, it really makes me feel really much more secure. China is such a bastion of personal privacy, what could possibly go wrong?
If you are using wireless, it's roughly the equivalent of standing in the public square with a megaphone and shouting your data to someone else on the other side of the public square. If you happen to speak a password, an e-mail, or transmit an image of a naked woman--everyone else in the public square can hear it--including Google if they happen to be driving by the public square.
But somehow everyone is freaking out. Google is teh evil because they happened to capture what someone was screaming at the top of their lungs in the public square.
I have captured wireless data from my neighbors while troubleshooting problems at my home and work. Granted, I only save my capture files if I need to send them off to someone else for assistance or I need to analyze them later, but still...
There's no place like