Slashdot Mirror
Google Admits To Collecting Emails and Passwords
wiredmikey writes "Alan Eustace, Google's Senior VP of Engineering & Research, just put up an interesting blog post on how Google will be creating stronger privacy controls. Right at the end is an interesting admission: that after Streetview WiFi Payload data was analyzed by regulators, their investigations revealed that some incredibly private information was harvested in some cases. Eustace noted that 'It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.'"
Google policy is inadequate to protect your data. Encrypt your wifi. That is all.
The World Wide Web is dying. Soon, we shall have only the Internet.
This is entirely different what the summary and the title implies, which is deliberately seeking out email or password data.
While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
and who is going to get pinned at fault for all this? Google? the Consumer?
Personally: I think it should be equipment manufacturers. honestly: 99% of people want basic wep/wpa/wpa2 encryption. just build all consumer routers to REQUIRE it during setup, and provide a flash/an option to disable it.
for the 1% of people that want an unencrypted wireless router out of the box: they can stand to pay more, or learn enough about the cheap ones to know how to turn it off.
Google did not drive around for the purpose of harvesting passwords from unsecured WiFi connections. It inadvertently recorded some data that was broadcast and somewhere buried in it were some e-mail addresses and passwords.
If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Google screwed up here, accidentally capturing all of this data. Why they didn't just delete it, rather than doing this whole "hair shirt" thing is more than a bit weird.
But: whose fault is it, actually? If you transmit a radio signal into the public domain, do you have any expectation of privacy? Seems to me that the people using unsecured networks share a large portion of the blame here.
For the obligatory car analogy: leaving your router unlocked is like leaving your car unlocked. Transmitting unencrypted login credentials using your unlocked router is like - what? Maybe parking your car in the Bronx and leaving the keys in the ignition?
Enjoy life! This is not a dress rehearsal.
How is this any different than what was revealed when this story first broke.
Google reported this from DAY ONE, and rather than sweeping it under the rug they tattled on themselves, and asked world governments what they should do with the data rather than simply destroying it.
THERE IS ABSOLUTE NOTHING NEW IN THIS STORY.
Just because you are late to the party don't assume nothing happened prior to your arrival.
Sig Battery depleted. Reverting to safe mode.
Google is a very simple company in the grand scheme of things. All they want is to advertise to you.
All the free services they provide, allow them to get to know what you want, so their advertisements are better targeted: HOPEFULLY allowing you to find what you want.
I'm sorry: I fail to see the "evil" part of that. they don't sell customer information, they sell anonymous -group- information, and allow advertisers to target ads at those groups. I'm sorry, but I fail to see the evil in somebody knowing that the people interested in "fuzzy kittens" went up by one after you happened to search for it.
And why did Privacy International place Google dead last out of 23 companies examined and described its actions as "comprehensive consumer surveillance and entrenched hostility to privacy"? Please stop this automatic defense of Google. As far as I'm concerned, the company that has the most information about me is the one that presents the greatest threat to my privacy. Saying that you trust Google not to abuse it is like saying you trust gravity not to cause you to fall because it is not evil.This is a small exaggeration but what I'm getting at is that corporations of that size acquire a life of their own and there is only so much that mission statements written by their founders decades ago matter. Google will be as evil or not evil as the collective decisions of its shareholders, employees and customers are over the years and those are not any different special google kind of people. They are the same people and same market forces that that direct actions of any other corporation.
Negative moral value of force outweighs the positive value of good intentions.
Exactly. they meant no harm by this: they just wanted to know where you ARE
Correct.
so the local ads server to your connection in the future would be more relevant.
Yes. That's the only reason. I'm sure no one finds location-aware applications useful for any other reason. I mean, why would I want to be able to look up businesses in my area? Or geotag photos? Or god knows what else? Yup, the only reason Google would be doing this is to target you with ads, and no one wants it but Google. Yup, makes sense to me!
Meanwhile, Google is absolutely forcing software developers to send SSID information to Google without your permission, so that they can figure out where you are without your knowing it. Devices *definitely* don't ask you first before sending that information on. It's just forced on everyone without them ever knowing. And it's all Google's fault!
Right?
No. This is a case of lack of security on WIFI access points.
THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.
This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures. You want privacy, then close the shades and encrypt your data transmissions.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Ok hang on a second. Let's slow down with the inflammatory headlines here, okay? The Google Street View cars picked up partial hashes of data from unsecured routers. And as far as Google "admitting" to collecting the data, that was something they announced last May. So put down your rape whistle, kdawson, there's nothing sinister going on here.
Google didn't abuse their position as Google to collect this data. Were they skimming emails, search terms, etc for passwords, that would be an abuse. However, they were driving around in a car with a wireless router, something I could do with about as much efficiency. The people whose data they collected didn't entrust it to Google to keep private; they were simply broadcasting data.
Certainly, Google has a responsibility to not collect, store, and use this data, but they didn't do that. They accidentally copied/pasted the wrong code segment, and ended up logging more than they intended to. Furthermore, once they discovered their mistake, they disclosed this information, and begin working with local governments to correct their mistake. I believe that they acted admirably in this situation; many other companies simply wouldn't have disclosed this information in order to protect their image.