Slashdot Mirror
Google Admits To Collecting Emails and Passwords
wiredmikey writes "Alan Eustace, Google's Senior VP of Engineering & Research, just put up an interesting blog post on how Google will be creating stronger privacy controls. Right at the end is an interesting admission: that after Streetview WiFi Payload data was analyzed by regulators, their investigations revealed that some incredibly private information was harvested in some cases. Eustace noted that 'It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.'"
and who is going to get pinned at fault for all this? Google? the Consumer?
Personally: I think it should be equipment manufacturers. honestly: 99% of people want basic wep/wpa/wpa2 encryption. just build all consumer routers to REQUIRE it during setup, and provide a flash/an option to disable it.
for the 1% of people that want an unencrypted wireless router out of the box: they can stand to pay more, or learn enough about the cheap ones to know how to turn it off.
Google did not drive around for the purpose of harvesting passwords from unsecured WiFi connections. It inadvertently recorded some data that was broadcast and somewhere buried in it were some e-mail addresses and passwords.
If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
If you care, you have to encrypt a lot more than just your wifi. The guys at your ISP can see the stuff just the same as Google.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
How is this any different than what was revealed when this story first broke.
Google reported this from DAY ONE, and rather than sweeping it under the rug they tattled on themselves, and asked world governments what they should do with the data rather than simply destroying it.
THERE IS ABSOLUTE NOTHING NEW IN THIS STORY.
Just because you are late to the party don't assume nothing happened prior to your arrival.
Sig Battery depleted. Reverting to safe mode.
Unlikely, usually what they have is a hash of the password which can't readily be turned into the password. It's not considered secure to store a password in it's unencrypted form.
And why did Privacy International place Google dead last out of 23 companies examined and described its actions as "comprehensive consumer surveillance and entrenched hostility to privacy"? Please stop this automatic defense of Google. As far as I'm concerned, the company that has the most information about me is the one that presents the greatest threat to my privacy. Saying that you trust Google not to abuse it is like saying you trust gravity not to cause you to fall because it is not evil.This is a small exaggeration but what I'm getting at is that corporations of that size acquire a life of their own and there is only so much that mission statements written by their founders decades ago matter. Google will be as evil or not evil as the collective decisions of its shareholders, employees and customers are over the years and those are not any different special google kind of people. They are the same people and same market forces that that direct actions of any other corporation.
Negative moral value of force outweighs the positive value of good intentions.
Exactly. they meant no harm by this: they just wanted to know where you ARE
Correct.
so the local ads server to your connection in the future would be more relevant.
Yes. That's the only reason. I'm sure no one finds location-aware applications useful for any other reason. I mean, why would I want to be able to look up businesses in my area? Or geotag photos? Or god knows what else? Yup, the only reason Google would be doing this is to target you with ads, and no one wants it but Google. Yup, makes sense to me!
Meanwhile, Google is absolutely forcing software developers to send SSID information to Google without your permission, so that they can figure out where you are without your knowing it. Devices *definitely* don't ask you first before sending that information on. It's just forced on everyone without them ever knowing. And it's all Google's fault!
Right?
No. This is a case of lack of security on WIFI access points.
THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.
This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures. You want privacy, then close the shades and encrypt your data transmissions.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Ok hang on a second. Let's slow down with the inflammatory headlines here, okay? The Google Street View cars picked up partial hashes of data from unsecured routers. And as far as Google "admitting" to collecting the data, that was something they announced last May. So put down your rape whistle, kdawson, there's nothing sinister going on here.
Basically, unencrypted wifi connections are like running around shouting your secrets to the world. If you care about privacy, it's up to you to encrypt your connection from end-to-end.
Google happened to listen in on this stuff due to a configuration change, but without malicious intent. Now think of how trivial it would be for your neighbor's kid to listen in on your communication, skim your login information, and mess up your life.
Don't attack Google. Educate wifi owners.
The ______ Agenda
And it conveniently exposed the secret desires of governments to get their paws on this information.
Notice that they tried to delete the data, but were ordered by the governments to preserve it and hand it over.