Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Admits To Collecting Emails and Passwords

Posted by kdawson on from the but-we-didn't-inhale dept.

wiredmikey writes "Alan Eustace, Google's Senior VP of Engineering & Research, just put up an interesting blog post on how Google will be creating stronger privacy controls. Right at the end is an interesting admission: that after Streetview WiFi Payload data was analyzed by regulators, their investigations revealed that some incredibly private information was harvested in some cases. Eustace noted that 'It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.'"

13 of 157 comments (clear)

  1. Don't wait for Google policy. by FooAtWFU · · Score: 5, Informative

    Google policy is inadequate to protect your data. Encrypt your wifi. That is all.

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.
    1. Re:Don't wait for Google policy. by rtfa-troll · · Score: 5, Insightful

      If you care, you have to encrypt a lot more than just your wifi. The guys at your ISP can see the stuff just the same as Google.

      --
      =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
    2. Re:Don't wait for Google policy. by icebike · · Score: 3, Funny

      Not with SSL.

      If you are using their mail servers, they might be able to read your mail.

      That's why I use gmail, I might as well go directly to the place where its all going to end up anyway.

      --
      Sig Battery depleted. Reverting to safe mode.
    3. Re:Don't wait for Google policy. by FooAtWFU · · Score: 5, Funny

      Oh no! Google has my Gmail password?!?!!? :)

      --
      The World Wide Web is dying. Soon, we shall have only the Internet.
    4. Re:Don't wait for Google policy. by hedwards · · Score: 3, Insightful

      Unlikely, usually what they have is a hash of the password which can't readily be turned into the password. It's not considered secure to store a password in it's unencrypted form.

  2. No, google admits to collecting wifi packet data by A+beautiful+mind · · Score: 5, Informative

    This is entirely different what the summary and the title implies, which is deliberately seeking out email or password data.

    While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  3. and who is going to get pinned at fault? by phyrexianshaw.ca · · Score: 3, Insightful

    and who is going to get pinned at fault for all this? Google? the Consumer?

    Personally: I think it should be equipment manufacturers. honestly: 99% of people want basic wep/wpa/wpa2 encryption. just build all consumer routers to REQUIRE it during setup, and provide a flash/an option to disable it.

    for the 1% of people that want an unencrypted wireless router out of the box: they can stand to pay more, or learn enough about the cheap ones to know how to turn it off.

  4. Not very private. by BitterOak · · Score: 5, Insightful

    Google did not drive around for the purpose of harvesting passwords from unsecured WiFi connections. It inadvertently recorded some data that was broadcast and somewhere buried in it were some e-mail addresses and passwords.

    If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.

    --
    If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
  5. Re:boycott google by icebike · · Score: 3, Insightful

    How is this any different than what was revealed when this story first broke.

    Google reported this from DAY ONE, and rather than sweeping it under the rug they tattled on themselves, and asked world governments what they should do with the data rather than simply destroying it.

    THERE IS ABSOLUTE NOTHING NEW IN THIS STORY.

    Just because you are late to the party don't assume nothing happened prior to your arrival.

    --
    Sig Battery depleted. Reverting to safe mode.
  6. Re:No, google admits to collecting wifi packet dat by Archangel+Michael · · Score: 4, Insightful

    This is a problem of privacy

    No. This is a case of lack of security on WIFI access points.

    THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.

    This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures. You want privacy, then close the shades and encrypt your data transmissions.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  7. Re:Also by DIplomatic · · Score: 5, Insightful

    Ok hang on a second. Let's slow down with the inflammatory headlines here, okay? The Google Street View cars picked up partial hashes of data from unsecured routers. And as far as Google "admitting" to collecting the data, that was something they announced last May. So put down your rape whistle, kdawson, there's nothing sinister going on here.

  8. Data collection qua Google by Ruke · · Score: 5, Interesting

    Google didn't abuse their position as Google to collect this data. Were they skimming emails, search terms, etc for passwords, that would be an abuse. However, they were driving around in a car with a wireless router, something I could do with about as much efficiency. The people whose data they collected didn't entrust it to Google to keep private; they were simply broadcasting data.

    Certainly, Google has a responsibility to not collect, store, and use this data, but they didn't do that. They accidentally copied/pasted the wrong code segment, and ended up logging more than they intended to. Furthermore, once they discovered their mistake, they disclosed this information, and begin working with local governments to correct their mistake. I believe that they acted admirably in this situation; many other companies simply wouldn't have disclosed this information in order to protect their image.

    1. Re:Data collection qua Google by cgenman · · Score: 4, Insightful

      Basically, unencrypted wifi connections are like running around shouting your secrets to the world. If you care about privacy, it's up to you to encrypt your connection from end-to-end.

      Google happened to listen in on this stuff due to a configuration change, but without malicious intent. Now think of how trivial it would be for your neighbor's kid to listen in on your communication, skim your login information, and mess up your life.

      Don't attack Google. Educate wifi owners.

      --
      The ______ Agenda