FTC Ends Probe of Google StreetView Privacy Breach

← Back to Stories (view on slashdot.org)

FTC Ends Probe of Google StreetView Privacy Breach

Posted by samzenpus on Wednesday October 27, 2010 @09:59AM from the move-on-nothing-to-see-here dept.

GovTechGuy writes "The Federal Trade Commission (FTC) wrote to Google on Wednesday to end its probe into a major privacy breach in which the company collected and stored private user information, such as passwords and entire e-mails, without even realizing it after the search giant promised to improve its privacy practices."

99 comments

Min score:

Reason:

Sort:

I'm sure that... by Bill_the_Engineer · 2010-10-27 10:02 · Score: 4, Interesting

I'm sure that Eric Schmidt being Barrack Obama's "informal" technology advisor had nothing to do with it.

--
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
1. Re:I'm sure that... by Microlith · 2010-10-27 10:13 · Score: 5, Insightful
  
  I know, it couldn't have anything to do that nothing transmitted in the clear over unregulated frequencies is considered secret in any way, and therefore Google arguably did nothing wrong whatsoever.
  It had to be political gaming by CEOs to protect them from Federal legal action for violating... what law again?
2. Re:I'm sure that... by bonch · 2010-10-27 10:43 · Score: 0, Flamebait
  
  Google arguably did nothing wrong whatsoever
  This is how low Slashdot has sunk. Years ago, this site was very pro-privacy. We're now at the point where a company can archive your emails and passwords, claim it was an accident, and get off the hook by promising not to do it again next time--and that's "doing nothing wrong whatsoever" according to the posters here.
  What the fuck?
3. Re:I'm sure that... by Wyatt+Earp · 2010-10-27 10:46 · Score: 1
  
  If we turned the clock back to when Microsoft was putting all the Terraserver photos up, if they'd had a database of IP and geographical coordinates, a community like /. would have gone nuts.
  But for some reason when Google does creepy crap, they get a free pass.
  I don't think for a second Google was just connecting data from unsecured transmitters, with the computing power they have I'd bet they were grabbing encrypted and unencrypted data to go over later.
4. Re:I'm sure that... by microbee · 2010-10-27 10:54 · Score: 1
  
  The fuck is that the world is not ideal. There are good guys, bad guys, corporations, governments, investors and shareholders. Google, as a for-profit corporation, has been acting with good intentions, and in fact doing as well as a corporation could possibly do. Punishing someone without legal basis is not the way to make the world better, especially after he himself reported the incidence to the authorities and the public instead of covering it up.
  If you truly believe what Google did deserved punishment, lobby for a law that prohibits collecting data in unsecured networks that broadcast themselves onto the public space. But this time, leave Google alone.
5. Re:I'm sure that... by LordLucless · 2010-10-27 10:54 · Score: 5, Insightful
  
  This is how low Slashdot has sunk. Years ago, this site was very pro-privacy. We're now at the point where a company can archive your emails and passwords, claim it was an accident, and get off the hook by promising not to do it again next time--and that's "doing nothing wrong whatsoever" according to the posters here.
  No, we're just very pro personal responsibility. If you're broadcasting unencrypted data into the street, reading it shouldn't be a crime. If you don't know how to encrypt your wireless data - even with easily-cracked encryptions, that at least require some deliberate effort to crack - then you shouldn't it be broadcasting it into people's face. If Google were getting this data by cracking WEP, or performing MitM attacks, then I'm sure you'd see people up in arms.
  Complaining about this is like complaining that a vehicle equipped with an audio recorder picked up your shouted argument from the street. If you weren't screaming at the top of your damn lungs, nobody would have heard anything.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
6. Re:I'm sure that... by wolrahnaes · 2010-10-27 11:00 · Score: 5, Informative
  
  Or that there's no reason for a probe to ever have been started. They gathered data from open radio transmitters. There is absolutely ZERO privacy expectation for anything transmitted on open protocols in the clear, so I say tough shit to anyone whose "private" data was captured.
  If I strap a tape deck to my radio scanner and drive around recording whatever comes across am I violating the privacy of people who I pick up? Hell no. So why is it such a big deal for Google to do exactly the same with digital data rather than analog voice?
  It's already been stated that the reason the data was captured is that Google chose to do things "The Unix Way" and basically strap together a few common apps in their cars, including a packet capture tool. This makes sense since Wireshark (and assumedly all other software that relies on libpcap) can record signal strength with every packet received. Run that constantly and have something logging your GPS position regularly enough, then you can just feed the data in to a processing tool after the fact to go through and create a rough map of what WiFi BSSIDs are where (which is exactly what the data was gathered for, iPhones and Android phones among others can use the WiFi devices they see to get their location).
  There's no logical reason they should even have to change what they're doing, but since the majority of the world seems to not understand that they may as well be yelling their personal data in to a CB mic if they send it over unencrypted WiFi, they're changing their toolset anyways to please the public. As such, since there wasn't a problem in the first place and the activity people bitch about is stopping, there's no reason the FTC needs to do a damn thing. There are plenty of other real problems out there for them to deal with.
  
  --
  I used to get high on life, but I developed a tolerance. Now I need something stronger.
7. Re:I'm sure that... by Anonymous Coward · 2010-10-27 11:05 · Score: 0
  
  Someone mod parent up. This is the damned truth.
8. Re:I'm sure that... by techno-vampire · 2010-10-27 11:10 · Score: 1
  
  You make a good point, but you forget something: if that's what Google was collecting data for, there was no need to record the packets in the first place. All they needed was the GPS data, signal strength and BSSID involved. I'm not saying that they were planning to make improper use of the data, just that there was no need to record it in the first place if what you say is true.
  
  --
  Good, inexpensive web hosting
9. Re:I'm sure that... by Anonymous Coward · 2010-10-27 11:15 · Score: 0
  
  He didn't say that. What he did say can be more accurately stated as: if you want to keep something secret, you should think twice before acting on that impulse in open view. Like Googling for "How to kill my neighbor." Searches are kept, which comes as a surprise to most of the population.
  Also, this persecution complex on /. is getting really old. Any time there is a contrary opinion the inevitable response is "help! I'm being oppressed!"
10. Re:I'm sure that... by PietjeJantje · 2010-10-27 11:16 · Score: 0, Flamebait
  
  Google, as a for-profit corporation, acts in the best interests of its owners - its share holders. The rest is PR and marketing, i.e. they tell you what you want to hear. For some reason people seem to realize this kind of audience targeting when its not them being targeted, i.e. a conservative presidents using Christians to get elected - not to serve their interests but just as an election vehicle, but when it's Obama using an election vehicle for the left ("change", "yes we can") or Google says it does no evil (yet it censored Tank Man for market and opportunity) they suddenly are blind and deaf. Fan boys. They are half of the problem, not just the corporations and their politicians. Become more critical. It's ok. You are not payed to protect Google against the evils of people who are critical of companies making money out of their privacy, unless you're on of their sock puppets always popping up in these topics.
11. Re:I'm sure that... by Anonymous Coward · 2010-10-27 11:19 · Score: 0
  
  He didn't say that.
  Link fail.
12. Re:I'm sure that... by PietjeJantje · 2010-10-27 11:27 · Score: 0, Troll
  
  Spammers gather email addresses from the open internet. According to your argument it is ok to spam millions of email addresses. Also, I could stand across the street and watch you leave the house and take notes. The government could also do this, watching thousands of civilians in a gigantic operation. According to your simple pro-google argumenation, this is ok. Why is it exactly you are defending an ad broker that needs more profit every year selling your private data to the highest bidder, and which works with an army of lobbyists to make sure your rights are not defended? Are you a lobbyist?
13. Re:I'm sure that... by Alrescha · 2010-10-27 11:38 · Score: 1
  
  "Spammers gather email addresses from the open internet. According to your argument it is ok to spam millions of email addresses."
  Nope, Google didn't intend to collect this information, and didn't use it for anything.
  "Also, I could stand across the street and watch you leave the house and take notes."
  And it's perfectly legal for you to do so.
  A.
  
  --
  ...bringing you cynical quips since 1998
14. Re:I'm sure that... by Goaway · 2010-10-27 12:02 · Score: 1
  
  Spammers gather email addresses from the open internet. According to your argument it is ok to spam millions of email addresses.
  Well, that sure wins this week's prize for least well-constructed argument.
15. Re:I'm sure that... by bjourne · 2010-10-27 12:02 · Score: 1
  
  So anyone entering a password on a non-HTTPS encrypted page deserves to have their account details stolen?
  
  --
  Football Odds
16. Re:I'm sure that... by Anonymous Coward · 2010-10-27 12:24 · Score: 0
  
  No kidding. How does one make the logical leap from 'gather' to 'spam' and not feel their brain convulse.
17. Re:I'm sure that... by LordLucless · 2010-10-27 12:36 · Score: 3, Insightful
  
  Uh-huh, and just because someone publishes a publicly accessible webpage available over http doesn't mean you have any right to access it, right? You should be getting written permission to "hack into" their computer by accessing it via publicly-accessible protocols they have explicitly installed and made available?
  There are well-documented methods for establishing whether you want somebody to be able to use your connection. Not using them, and then complaining that someone uses it is like bitching that Google indexes your site, because you didn't setup robot.txt.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
18. Re:I'm sure that... by mysidia · 2010-10-27 13:33 · Score: 1
  
  what law again?
  Wiretap laws? The same ones you might violate running tcpdump on someone's network without permission, to capture e-mail contents?
19. Re:I'm sure that... by Anonymous Coward · 2010-10-27 13:51 · Score: 0
  
  If you're on unencrypted wireless, yes.
20. Re:I'm sure that... by Anonymous+Brave+Guy · 2010-10-27 13:54 · Score: 1
  
  If you don't know how to encrypt your wireless data - even with easily-cracked encryptions, that at least require some deliberate effort to crack - then you shouldn't it be broadcasting it into people's face.
  The fact that you find this a reasonable position to take shows exactly why laws are necessary.
  
  Complaining about this is like complaining that a vehicle equipped with an audio recorder picked up your shouted argument from the street. If you weren't screaming at the top of your damn lungs, nobody would have heard anything.
  It's nothing like that at all, mainly because the average person would be well aware that they were screaming at the top of their lungs in the street, while the average person doesn't have a clue about WEP, WPA, etc. because they just bought some kit from their ISP and plugged it in, trusting that it would just work and not do crazy things like broadcasting all your private stuff to the world.
  If you really think it is reasonable to expect everyone to be an expert on everything that could possibly affect them and never to make mistakes, then I hope your car gets stolen tomorrow, because you had the wrong security system fitted and a thief just took your vehicle from right outside your home, even though you'd done everything you were supposed to to keep it secure. And then I hope you can't afford to buy a replacement because you get sued into insolvency for all the casual infringements of Copyright Law you make every week without even realising because you're not a $400/hour IP lawyer. And then I hope you get the bill from the Tax Man for back taxes on every little thing you should ever have admitted to and paid tax on even though you didn't realise you had incurred any liability because you're not a $400/hour accountant. And then since you won't be able to pay that, you can go to jail, and spare the rest of us living in the horrible world you apparently want to create.
  
  --
  If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
21. Re:I'm sure that... by LordLucless · 2010-10-27 14:07 · Score: 2, Insightful
  
  then I hope your car gets stolen tomorrow, because you had the wrong security system fitted and a thief just took your vehicle from right outside your home, even though you'd done everything you were supposed to to keep it secure.
  Except in this case, people hadn't done everything they were supposed to do to keep it secure. If my car got stolen because I was too stupid to push the little "lock" button on my keychain, then damn straight I'd deserve it. Likewise, if I hadn't put in a tax return for 10 years, I'd expect to be hammered hard.
  This isn't about people not doing absolutely everything perfectly. It's about them not even doing the minimum. WEP has been trivially crackable for ages - but even if people use WEP, I'd be offended if Google had cracked it. It would have shown intent, that they were deliberately trying to capture stuff that people were trying to protect.
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
22. Re:I'm sure that... by slimjim8094 · 2010-10-27 14:41 · Score: 3, Insightful
  
  They were using Kismet, which by default captures all unencrypted packets it hears. They forgot to change the default - which, incidentally, is something the WiFi owners are guilty of as well.
  It would be different if they changed the configuration in order to capture packets, instead of simply forgot.
  
  --
  I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
23. Re:I'm sure that... by Anonymous+Brave+Guy · 2010-10-27 14:49 · Score: 1
  
  Respectfully, you're completely missing the point. You and I might know what WEP is. Probably 99.something% of people do not. To them, the minimum is understanding which connectors go where to get power into the device, and how to run some Windows wizard on their PC to find to the wireless network, assuming they even did that themselves instead of getting the store or the guys from their telco/ISP who provided the wireless hardware to do it for them. Intimate knowledge of the relative security of different wireless protocols and encryption standards is waaaaay beyond minimum, and the fact that you don't realise that shows just how coloured your perception of the world is in this particular area.
  It is not reasonable to allow one technically knowledgeable commercial organisation to sell a mass market product that comes with a massive security hole by default, and then allow another technically knowledgeable commercial organisation to exploit that hole, and then to blame the innocent user who was just trying to get on with their life for the consequences. This is why we impose rules on the commercial organisations via legislation: so that the little guy doesn't have to be an expert on everything just to get a fair deal.
  It's the same reason we still call a thief a thief if they take your car, even though you left it unlocked (or, to give a fairer analogy, you did lock it, but you didn't know, because the manufacturer didn't tell you, that you also had to pop the hood and flick a special combination of hidden levers to make the lock actually secure the vehicle).
  
  --
  If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
24. Re:I'm sure that... by Anonymous Coward · 2010-10-27 14:56 · Score: 0
  
  I'd be offended if Google had cracked a simple XOR encryption. But that didn't take place, so I take no offense.
  And let's be fair. The blame here isn't solely on the end-users: it's also on the consumer router companies. It took them YEARS to learn better. Router security used to be a massive embarrassment.
  As such I think it's irresponsible to proclaim that laws should be drafted to protect the person's privacy in regards to open WiFi, when the very basis for the law results from clear negligence on the user's and manufacturer's behalf. It's an ill-thought-out attempt to reclassify one of the purposes of WiFi, regarding truly open communication. It'll just end up doing more harm than good.
25. Re:I'm sure that... by LordLucless · 2010-10-27 15:10 · Score: 1
  
  Respectfully, you're completely missing the point. You and I might know what WEP is. Probably 99.something% of people do not.
  They don't need to know what WEP is. They need to know what "encryption" (the general meaning of the term) or "secure" is (these being the two labels I've usually seen on home devices). They also need to be able to read the manuals and setup instructions that come with their device, which explicitly explain how they should be configured.
  
  It's the same reason we still call a thief a thief if they take your car, even though you left it unlocked (or, to give a fairer analogy, you did lock it, but you didn't know, because the manufacturer didn't tell you, that you also had to pop the hood and flick a special combination of hidden levers to make the lock actually secure the vehicle).
  No, it's not like that. The "levers" aren't obscure or hidden away. You're going to have to go into the control panel to setup your internet connection. On most home routers I've seen, the encryption settings are right there in front of the user. If your ISP is shipping the device pre-configured for you, then they should be configuring it properly, and have their ass hauled across the coals if they're not (i.e. Selling a product as pre-configured, when it's configured insecurely).
  Your car-stealing analogy starts to break apart when you get into the guts of it. There are publicly accessible WiFi hotspots. Their main distinguishing feature is that they're unencrypted. We don't have unlocked, public-use cars floating around the place for people to confuse with privately-owned cars, so the analogy isn't really apt.
  Hell, I believe early versions of XP would automatically connect to unsecured WiFi networks if it found. In the spirit of your previous post, it would be appropriate for me to wish you imprisoned in a federal jail on computer hacking charges because your computer automatically hooked up to a WiFi network that was advertising itself for public use,
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
26. Re:I'm sure that... by 1u3hr · 2010-10-27 16:04 · Score: 2, Insightful
  
  It's nothing like that at all, mainly because the average person would be well aware that they were screaming at the top of their lungs in the street, while the average person doesn't have a clue about WEP, WPA, etc. because they just bought some kit from their ISP and plugged it in, trusting that it would just work and not do crazy things like broadcasting all your private stuff to the world.
  If you buy a "piece of kit", it's your responsibility to learn how to use it safely. Whether it's a chainsaw or a router.
  If the kit from the ISP included a manual, than the user should have RTFM. Every wifi router manual I've seen explains how to use WPA or WEP quite clearly in the first few pages. If the manual wasn't included or was unclear, if the user should sue his ISP for leading him to expose his "private stuff".
  In real life, I've noticed that even average homeowners seem to have worked this out. About 5 years ago when I turned on my laptop at home I could see 5 or so local wifi router signals, 2 or 3 were unencrypted. Now I can see 7 or 8, maybe one is unencrypted. On local TV there have been a couple of scare stories about how easy it is to snoop on wifi, that probably raised awareness. That's all it needs, not an advanced degree.
27. Re:I'm sure that... by rjch · 2010-10-27 16:58 · Score: 1
  
  Google arguably did nothing wrong whatsoever
  This is how low Slashdot has sunk. Years ago, this site was very pro-privacy. We're now at the point where a company can archive your emails and passwords, claim it was an accident, and get off the hook by promising not to do it again next time--and that's "doing nothing wrong whatsoever" according to the posters here.
  What the fuck?
  I'd say Slashdot is still pro-privacy. Post a link about some company using sneaky methods to track users, restore deleted cookies or have Facebook haemorrhage information you've marked as to be viewed "by friends only", and you'll get lots of comments from people who are upset or even outraged.
  However to my mind, when someone broadcasts this information unencrypted, they're asking for trouble and have lost their right to bleat about privacy. Personal responsibility still applies. Complaining that Google collected your passwords and bits of your email over your unencrypted wireless link is only one step below complaining that your neighbour knows about the affair you're having with your secretary because you had phone sex with her over a megaphone.
28. Re:I'm sure that... by Sloppy · 2010-10-27 17:23 · Score: 1
  
  trusting that it would just work and not do crazy things like broadcasting all your private stuff to the world.
  In non-techie dumbed-down laymen's terms: BROADCASTING IS WHAT IT DOES. IT'S A RADIO. NOTICE THE LACK OF WIRES CONNECTING THE COMPUTERS?
  Transmitting the information is what the customer bought it for. If you speak into a walkie talkie and then pretend to not know that someone else with a walkie talkie can hear you, you're not showing mere lack of technical expertise; you're showing incredible (not just in the sense of "extreme" but also "unbelievable" or "improbable") lack of common sense. Why would you speak into a walkie talkie unless something else can receive it?
  It's absurd to think that you can have a wifi router on one side of the house, a laptop on the other side, see 4 bars on your laptop's network icon thingie, and not think that the same damn signal can be seen 20 feet outside your front window. Your great grandmother in 1940 knew better than that, and maybe even on some nights she listened to radio broadcasts from hundreds of miles away that were intended for listeners in other cities; how can someone claim this as being arcane knowledge that requires expertise? For Fuck's Sale, I see 4 other house's essids right now, and I'm not approaching this as an expert; I'm just clicking on the little bars icon, and there they are, with mine among them.
  You don't have to know what WPA2 is. All the layman has to know is that he does not know and that he has not taken action to do anything about it. A kid speaking into a walkie talkie to his buddy, knows that if he doesn't speak in a super seekrit code, then some other kid with a walkie talkie (perhaps not even maliciously) might overhear and understand the conversation. The kid doesn't need to be an expert on walkie talkie to understand that (though he might need some expertise in doing something about it, coming up with a good code). Likewise, the wifi user, not knowing what WPA2 vs WEP is, knows that if he didn't do anything to limit which devices his laptop's radio is talking to, then such devices may include things other than his router.
  I don't believe you're that dumb. Really, I don't. (I might call you an asshole, but you're probably not stupid.) But just in case you really are, then I feel I can talk to you as a relative expert. So let me tell you something: If it Just Works without effort, then it's not secure. If you haven't set up a shared secret or directly exchanged public keys, then you have no reason to suspect there's any real protection from eavesdropping, malicious or otherwise. And if you don't know WTF I'm talking about when I say "shared secret" then guess what: your system is not secure. That's just how it is and how it will always be. It is not a defect in the system, or a flaw in the design (other than perhaps giving users like you too much credit). It's just how every single cryptosystem in the history (past and future) of the universe works: the user has to make an effort. This effort can be a relatively easy thing, like entering the same passphrase on two devices, or even pressing a button on two devices at the exact same time. But it's gotta be something, and without that "something" then insecure is the default. Do laymen really not know that? Even though their great grandmothers did?
  
  --
  As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
29. Re:I'm sure that... by Sloppy · 2010-10-27 17:51 · Score: 1
  
  It is not reasonable to allow one technically knowledgeable commercial organisation to sell a mass market product that comes with a massive security hole by default
  It is very reasonable, because the "massive security hole" is conditional.
  The only way to avoid the "massive security hole" that you speak of, is for the router to refuse to work in an unencrypted mode. i.e. Kill the "just works" aspect to it. If you haven't entered a passphrase, then no connection for you.
  But that's actually not reasonable at all, because some people want open wifi! And open wifi actually isn't necessarily dumb, as long as your applications secure their connections at a higher level. Some people are so quick to blame the network equipment makers for Google being able to read passwords and emails -- why not blame the app developers whose apps send passwords without TLS, or sends email without OpenPGP? Insecure Wifi is really just a special case of Insecure Internet.
  Heh, in a perverse way, I'd love to see the government pass a law that email clients must refuse to send an email that isn't encrypted. Right hand (consumer advocates), please meet left hand (NSA).
  
  --
  As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
30. Re:I'm sure that... by 91degrees · 2010-10-27 18:33 · Score: 1
  
  Seems a bit of a stretch. By the same token I could place microphones absolutely everywhere and record everyone's conversations in parks, restaurants and other public places. Interception of electronic communication appears to be covered under the same laws as bugging private conversation under Title 18 of the US Code.
31. Re:I'm sure that... by vegiVamp · 2010-10-27 18:49 · Score: 1
  
  Deserves is a rather strong word; but if you additionally do so over a non-encrypted wireless link and then act surprised about it I *will* slap you, yes.
  
  --
  What a depressingly stupid machine.
32. Re:I'm sure that... by Anonymous Coward · 2010-10-27 18:52 · Score: 0
  
  And more importantly, they need to know that unencrypted packets sent on open wireless networks are broadcast over the air and can be easily captured by anyone in the range of the wireless network.
33. Re:I'm sure that... by 91degrees · 2010-10-27 19:18 · Score: 1
  
  This is somewhat tortuous logic.
  
  The whole point of publishing a webpage is for people to view it. And you have to go to some level of effort to make it visible in the first place. That is thw hole point of a web page. If you don't protect your Wi-fi, then perhaps you are allowing other people to connect to it but you're not doing it to show the whole world youe emails. It's what they call the "reasonable man" test. Is it reasonable to assume that the owner of the network expects honest people to be driving past and recording his email? Is it reasonable to assume that the owner of a webpage expects people to visit the site and download?
34. Re:I'm sure that... by 91degrees · 2010-10-27 19:33 · Score: 1
  
  If I strap a tape deck to my radio scanner and drive around recording whatever comes across am I violating the privacy of people who I pick up?
  
  Yes.
35. Re:I'm sure that... by tagno25 · 2010-10-27 20:51 · Score: 1
  
  The router should ship in a mode where the wifi is OFF, and requires you to go into the config to turn it on. If you do not choose encryption it should yell at you, but allow you to have it unencrypted.
36. Re:I'm sure that... by buck-yar · 2010-10-27 23:32 · Score: 1
  
  Its more like complaining that someone with a sensitive mic captured a conversation between you and you're wife in your bedroom by being in the apartment next door and putting a mic up to the wall.
  Shouting on the street, anyone can hear without trying. Someone made a deliberate effort to capture personal information. A microphone is as specialized of equipment as a 802.11g receiver.
37. Re:I'm sure that... by tibman · 2010-10-28 01:14 · Score: 1
  
  Google still has to follow the laws. The Laws of each country are different. It would be against the Law to show "Tank Man" to the Chinese public. What you see as good and evil seems Absolute and not grounded in the reality we live in. In reality each group or subgroup has their own definition of what's good and evil and Google is doing a good job doing no evil whether you want to admit it or not.
  
  --
  http://soylentnews.org/~tibman
38. Re:I'm sure that... by 1800maxim · 2010-10-28 01:35 · Score: 1
  
  First of all, why did they use Kismet? What connection does wireless network detection have with Google maps and Google street view?
  
  Second, if you think this was done in error, by mistake, I think you're pretty naive. It not only happened in the US, it also happened in Canada. The street view mapping process took several months.
39. Re:I'm sure that... by GooberToo · 2010-10-28 01:44 · Score: 1
  
  This is already commonly done by law enforcement as well as PIs. When you are in public space, you have absolutely not expectation of privacy - so says the law. The law is entirely on their side and completely supports exactly what you are advocating.
  
  laws as bugging private conversation
  Notice the key word there. Technically, you can not have a private conversation in a public space.
  Laws vary wildly from state to state. Just the same, generally, what I'm saying is accurate.
40. Re:I'm sure that... by hoshino · 2010-10-28 01:54 · Score: 1
  
  You are getting angry over something you did not even bother to understand. Google logs wireless access points with GPS data and signal strength in order to provide location-detection functions in Google Maps.
  How else do you think an iPod touch magically figures out its location without a GPS receiver?
  And Google is not even the first or only one to use Wi-Fi signals as a poor man's GPS. http://www.skyhookwireless.com/howitworks/
41. Re:I'm sure that... by Anonymous Coward · 2010-10-28 03:30 · Score: 0
  
  You don't deserve to have your car stolen just because you failed to lock it. Just as, you don't deserve to be shot just because you failed to wear kevlar. Just because something isn't adequately protected doesn't mean it's okay to steal or otherwise compromise it.
42. Re:I'm sure that... by Anonymous+Brave+Guy · 2010-10-28 04:02 · Score: 1
  
  Likewise, the wifi user, not knowing what WPA2 vs WEP is, knows that if he didn't do anything to limit which devices his laptop's radio is talking to, then such devices may include things other than his router.
  This is where we disagree. You are just assuming that the above is fact. However, I suspect that if you actually did a survey, across a representative sample of the entire wifi-using population, you would find that a lot of people do assume that a home network is limited to their home, wireless or not.
  Given how these services are marketed to non-technical folks, I really don't think that's an unreasonable assumption on their part. After all, despite your implications to the contrary, there are numerous off-the-shelf products that come with robust security preconfigured and no user action required to protect the communications. Chances are, you have at least a couple of such devices on your person right now.
  
  I don't believe you're that dumb. Really, I don't.
  That's very decent of you. It's also quite fortunate: you won't get very far in life if you assume that anyone who takes a different view to your own is stupid and/or ill-informed, particularly when the person you're speaking to works on (among other things) network security devices for a living, and probably has access to much more empirical data about how real users behave than you do.
  In any case, it is not me that you have to educate. It's not my wifi data that Google would have been capturing, at least not in any form that's likely to be worth their effort to decrypt. It's all the people who don't know about the things we're discussing that the law needs to be looking out for, just as (for example) the law in most places gives certain basic rights to consumers or employees to prevent abuse by much more powerful traders and employers.
  
  --
  If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
43. Re:I'm sure that... by Anonymous+Brave+Guy · 2010-10-28 04:10 · Score: 1
  
  I agree with you that the network itself is not the only problem here, and things like using unencrypted channels or running hosts with exposed vulnerabilities also deserve a share of the blame.
  Nevertheless, selling wifi devices that are open by default to a market who mostly want to use them in closed systems violates the basic engineering principle of failing to safe. The default should be the safe option, and action (and therefore awareness) should be required if you want to do something else, not the other way around.
  
  --
  If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
44. Re:I'm sure that... by PietjeJantje · 2010-10-28 20:26 · Score: 0, Flamebait
  
  Nope, you won it. Yours is infinitely less well-constructed.
  
  But carry on battling privacy for the sake of billionaires, without any argumentation at all. I suspect you are not a lobbyist, but just a mere complete and total idiot.
45. Re:I'm sure that... by PietjeJantje · 2010-10-28 20:28 · Score: 0, Troll
  
  You have problems understanding an argument. I recommend brain amputation, it can only get better.
lol by Anonymous Coward · 2010-10-27 10:11 · Score: 0

like any privacy breaches are investigated by any government agency.
privacy is dead - get over it.
1. Re:lol by bonch · 2010-10-27 10:33 · Score: 1
  
  It only dies if you let it.
Still being Sued by Canada by WillAffleckUW · 2010-10-27 10:11 · Score: 1, Flamebait

All your Privacy is belong to Canada and the EU.
Not in America, sadly.
No rights for you!

--
-- Tigger warning: This post may contain tiggers! --
1. Re:Still being Sued by Canada by Monkeedude1212 · 2010-10-27 10:23 · Score: 2, Funny
  
  Here in Canada we saw one of the Google Cars parked outside a Tim Hortons for a really long time, turns out the winter months were so cold the fuel line froze up. We sent the Engineers back to the States telling them we'd drive it back once it warmed up, but we've actually set it up so we can recieve all the wireless traffic between Alaska and the rest of the states.
2. Re:Still being Sued by Canada by FooAtWFU · 2010-10-27 10:25 · Score: 4, Insightful
  
  If suing Google after they collected the passwords you transmitted unencrypted over wireless networks is *really* your idea of "privacy" . . . you're going to be in a big surprise when someone less friendly than Google does the same thing.
  
  --
  The World Wide Web is dying. Soon, we shall have only the Internet.
3. Re:Still being Sued by Canada by WillAffleckUW · 2010-10-27 10:46 · Score: 1
  
  I hear if you listen to the Alaskan signals you can get Sarah Palin's credit card info on a clear day.
  
  --
  -- Tigger warning: This post may contain tiggers! --
4. Re:Still being Sued by Canada by bonch · 2010-10-27 10:47 · Score: 1, Insightful
  
  This stupid argument gets brought up every single time by Google fans. Entering someone's home, even if the front door is unlocked, is still an act of trespassing.
  Why were they archiving that data in the first place? You really believe that it was just a big, dumb accident? This is Google we're talking about.
5. Re:Still being Sued by Canada by WillAffleckUW · 2010-10-27 10:47 · Score: 3, Interesting
  
  See, in other countries - like say, Canada or the UK or the EU - corporations aren't People. And they have no rights.
  
  --
  -- Tigger warning: This post may contain tiggers! --
6. Re:Still being Sued by Canada by wolrahnaes · 2010-10-27 11:02 · Score: 3, Informative
  
  FUCK. It's not like entering someone's home, it's like turning to the same channel they're talking on on a CB. THEY ARE BROADCASTING IN THE CLEAR. THEY HAVE NO FUCKING PRIVACY!
  
  --
  I used to get high on life, but I developed a tolerance. Now I need something stronger.
7. Re:Still being Sued by Canada by WillAffleckUW · 2010-10-27 12:15 · Score: 1
  
  FUCK. It's not like entering someone's home, it's like turning to the same channel they're talking on on a CB. THEY ARE BROADCASTING IN THE CLEAR. THEY HAVE NO FUCKING PRIVACY!
  Maybe not in America.
  But they do have the Right of Privacy as People in Canada. And in the EU.
  What is legal in one country may be an unconstitutional illegal act in another country.
  Try doing what you're talking about in Tianamin Square in China. You'll see that different countries have different rules - FAST.
  
  --
  -- Tigger warning: This post may contain tiggers! --
8. Re:Still being Sued by Canada by victorhooi · 2010-10-27 13:27 · Score: 2, Interesting
  
  heya,
  You're an idiot.
  Now, I know people in Canada like to trumpet about how WE'RE NOT THE US!!
  Lol, personally, here in Australia, I find it quite funny. And likewise, Europeans want nothing to do with those horrible Americans *eye rolls*. The fact that they're inward-looking and quite a bit xenophobic (disguised as nationalistic pride) has nothing to do with it.
  However, apply some logic here. The parent had it dead on. Whichever idiot used the "walk into somebody's home" argument is either technically incompetent (which in itself isn't a negative thing, although I do wonder why they're reading Slashdot), or just an idiot, full stop.
  This is like broadcasting in clear on the CB.
  Personally, I think the Canadians and EU are probably just annoyed off at the whole American hegemony or whatever, or the fact that Google is an American corporation, and they didnt' think of it first...lol. That, or this is some silly populist pandering exercise, designed to make ti look like their privacy commissioners are actually doing real work.
  I mean, seriously, Google is hardly going to kick and scream, they're an easy target in that sense, they'll just shrug and move on. Why don't you actually try targeting something that shows balls, like I don't know...real companies who actually violate your privacy?
  Cheers,
  Victor
9. Re:Still being Sued by Canada by mysidia · 2010-10-27 13:38 · Score: 1
  
  This stupid argument gets brought up every single time by Google fans. Entering someone's home, even if the front door is unlocked, is still an act of trespassing.
  But taking pictures of you naked mowing your lawn in the front yard viewable from the street is not trespassing.
  If you don't want people going around with pictures, you really should cover up -- use encryption, and stop broadcasting uncoded materials with sensitive information, for the world to hear/see.
10. Re:Still being Sued by Canada by qmaqdk · 2010-10-27 19:52 · Score: 1
  
  ...And likewise, Europeans want nothing to do with those horrible Americans *eye rolls*. The fact that they're inward-looking and quite a bit xenophobic (disguised as nationalistic pride) has nothing to do with it.
  Now, should I just respond in kind by making up my own random "fact" about you personally or Australians in general? Or should I ask for a citation on the above?
  You choose, mate.
  
  --
  My UID is prime. Hah!
11. Re:Still being Sued by Canada by maxume · 2010-10-27 21:30 · Score: 1
  
  Nuh-uh dude, the photons coming from his body clearly belong to him.
  
  --
  Nerd rage is the funniest rage.
Whoops! by Mikkeles · 2010-10-27 10:11 · Score: 3, Insightful

Gee, we got caught; better do it differently next time. (After all, there's no penalty).

--
Great minds think alike; fools seldom differ.
1. Re:Whoops! by Monkeedude1212 · 2010-10-27 10:26 · Score: 2, Informative
  
  It's hard for there to be a penalty for something that isn't against the law.
2. Re:Whoops! by Anonymous Coward · 2010-10-27 10:36 · Score: 0
  
  You're an idiot. They came clean on this without being prompted. If anything, they should be commended for how they handled the situation.
  Either way, if you think about it, that data would be COMPLETELY useless to them anyway.
3. Re:Whoops! by bonch · 2010-10-27 10:38 · Score: 1
  
  No penalty because there's no outcry. People give Google a pass because Google gives them free email, a free search engine, and a free browser. It doesn't seem to occur to Google's fans that their search and advertising platforms are as closed source and proprietary as Windows, and that all the free services only exist to get people's personal data indexed.
4. Re:Whoops! by bonch · 2010-10-27 10:50 · Score: 1, Troll
  
  Actually, many local areas prohibit unauthorized access of computer networks. It's also unethical. However, I realize this is Slashdot where Google can do no wrong, even when their CEO comes right out and tells you not to give a shit about your privacy as an individual.
5. Re:Whoops! by Anonymous+Psychopath · 2010-10-27 11:00 · Score: 5, Insightful
  
  No penalty because there's no outcry. People give Google a pass because Google gives them free email, a free search engine, and a free browser. It doesn't seem to occur to Google's fans that their search and advertising platforms are as closed source and proprietary as Windows, and that all the free services only exist to get people's personal data indexed.
  I'm pro-privacy, but this is silly. It's no secret that you pay for Google services by allowing them to target advertising at you. That's their business model and not only do they not make any attempt whatsoever to hide it, they point it out every time they have an earnings call.
  I fail to see why those shouting their secrets from a street corner have an expectation of privacy. We are responsible for our own privacy, not Google and not the government.
  
  --
  Eagles may soar, but weasels don't get sucked into jet engines.
6. Re:Whoops! by Anonymous Coward · 2010-10-27 11:25 · Score: 0
  
  Good thing there is a law.
  Not our fault your country stomps on your rights to privacy.
7. Re:Whoops! by ChilyWily · 2010-10-27 11:40 · Score: 1
  
  That is precisely why my outrage is at the FTC Director. His response to this fiasco is completely outrageous. I'm generally opposed to cases where offenders 'settle' with the Government because it holds back regulation and stricter laws. In effect, corporations/people with deep pockets get away with a slap on their wrist. In this case, we did not even see that much resolve.
  Yet, who is going to hold Mr. FTC Director accountable? The behavior he displays is one of complete detachment from safeguarding the ever more uninformed and (alas) apathetic public - I wish he would have given a full accounting of what was obtained and how it was deleted/purged from further exploitation.
to date by nimbius · 2010-10-27 10:23 · Score: 2, Insightful

i have yet to see any corporation with a major internet presence or market segment come close to following or guaranteeing their privacy policies with complete certitude. Companies from AT&T to Facebook to Chase never see a punishment for these leaks, or rather if Google does it would be an exception to the longstanding rule of american internet commerce.

outrage does nothing. Users should take this revelation as an opportunity to improve their general knowledge of internet security.

--
Good people go to bed earlier.
1. Re:to date by Ethanol-fueled · 2010-10-27 10:28 · Score: 1
  
  Companies from AT&T to Facebook to Chase never see a punishment for these leaks
  That's because those companies are data aggregation partners of the federal government and other entities.
2. Re:to date by VGPowerlord · 2010-10-27 10:38 · Score: 2, Informative
  
  i have yet to see any corporation with a major internet presence or market segment come close to following or guaranteeing their privacy policies with complete certitude.
  
  Google's Privacy Policy has nothing to do with this, unless you're implying that Google got everyone in major rural areas to somehow agree to said policy before Google drove out in their Streetview cars.
  
  --
  GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
And what was the FTC's conclusion? by ChilyWily · 2010-10-27 10:24 · Score: 1

David Vladeck, director of the FTC consumer protection bureau, said the agency will end its inquiry because Google has promised to improve its privacy practices.

Is this promise legally binding? What kind of 'improvement' can the average person expect? What if a person who wants to collect similar information just shows up in front of people's home and the offices of [insert big corporation name here] and tries the same thing. Is the Law the same? Me thinks FTC Director needs to be made accountable.
They didn't *get caught* by DrYak · 2010-10-27 10:31 · Score: 5, Interesting

Gee, we got caught; better do it differently next time.
Well, the fact is, Google discovered the abnormal storage themselves. And reported it immediately.
Storing that data was not their intention, only making a map of SSIDs.
It's not like they where planning to keep this data and profit by re-selling it to marketeers (FaceBook, I'm looking at you !)
I stay with my belief :
- The clueless users who don't secure their network are the problem.
- Even if Google did got punished, this won't suddenly make the clueless users less vulnerable to anyone with bad intentions.
- And, if the next recording guy is a bad guy, it's very unlikely that he'll report himself. He'll just run away unnoticed with the data, and try to sell it.

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
1. Re:They didn't *get caught* by bonch · 2010-10-27 10:54 · Score: 1
  
  It's not like they where planning to keep this data and profit by re-selling it to marketeers
  How do you know what Google was planning to do?
  
  - Even if Google did got punished, this won't suddenly make the clueless users less vulnerable to anyone with bad intentions.
  But it would discourage other more malicious parties from accessing networks for nefarious purposes, such as selling it to marketeers.
  Google we're talking about. They should receive some kind of punishment for "accidentally" collecting that data in the first place. That's a mistake that shouldn't be made and should be publicly discouraged due to the dangers for abuse. Blaming clueless users isn't a valid response, because leaving your door unlocked doesn't mean it's okay for a stranger to enter your house.
2. Re:They didn't *get caught* by papasui · 2010-10-27 11:09 · Score: 1
  
  You mean after being investigated in Germany for the same thing right?
3. Re:They didn't *get caught* by Anonymous Coward · 2010-10-27 12:20 · Score: 0
  
  No, the German investigation started after Google admitted that they accidentally collected data.
Without realizing ? by vawarayer · 2010-10-27 10:34 · Score: 1

without even realizing it
Google sniffing out all this stuff by accident? ! **sneeze** bullshit !
Would it be an accident, it'd even be scarier. It'd mean that the search giant don't know what they're doing.
1. Re:Without realizing ? by Anonymous+Psychopath · 2010-10-27 11:08 · Score: 3, Insightful
  
  without even realizing it
  Google sniffing out all this stuff by accident? ! **sneeze** bullshit !
  Would it be an accident, it'd even be scarier. It'd mean that the search giant don't know what they're doing.
  I don't think you've ever used a sniffer. Google drove around with a wireless sniffer that recorded traffic to a log file. The guys in the van would upload all their logs to a central location where they were parsed to build a database of access point SSIDs and MAC addresses for geolocation. The problem is a sniffer dump contains a lot of raw packet data, more than just the information they needed, because that's what a sniffer is supposed to do; capture all the traffic it finds.
  
  --
  Eagles may soar, but weasels don't get sucked into jet engines.
2. Re:Without realizing ? by vawarayer · 2010-10-27 11:28 · Score: 1
  
  My point exactly. You seem to know what you're talking about. So did Google. So it is reasonable to assume that they knew that
  
  A sniffer dump contains a lot of raw packet data.
  and that
  
  [it] captures all the traffic it finds
3. Re:Without realizing ? by Anonymous Coward · 2010-10-27 13:21 · Score: 0
  
  So you know these things, but you don't know about software bugs?
4. Re:Without realizing ? by Anonymous Coward · 2010-10-27 13:34 · Score: 1, Insightful
  
  My point exactly. You seem to know what you're talking about. So did Google. So it is reasonable to assume that they knew that
  
  A sniffer dump contains a lot of raw packet data.
  and that
  
  [it] captures all the traffic it finds
  It's a reasonable assumption, but that doesn't indicate any intention to purposefully capture the extra data. It's more likely an engineer didn't anticipate or fully consider the consequences. Maybe they thought the chances of someone using unencrypted passwords over unencrypted wifi while the Google car happened to be driving past and in range were so remote that it didn't bear further examination (clearly if this was the case, they were wrong).
  This isn't directed to you personally, but Slashdot is a strange place. On the one hand, there were many here that argued against the extradition of McKinnon since the DOD had done such a piss-poor job of securing their network. They argued that the DOD deserved whatever it got. On the other hand, Google is vilified for this invasion of privacy even though those affected had made no effort at all to make their data private. I don't think we can have it both ways.
5. Re:Without realizing ? by ericlj · 2010-10-28 03:34 · Score: 1
  
  That argument would be a lot more persuasive if they didn't have code that parsed out the "accidentally" captured information and stored it. They knew exactly what they were doing.
  See this: http://www.theregister.co.uk/2010/06/04/schmidt_wifi/
  Of course, you probably believe that rogue engineers were able to plant code into the Google black helicopter fleet.
Conclusion... by webbiedave · 2010-10-27 10:39 · Score: 1

StreetView snapped a pic of the FTC chairman standing outside of a strip club, smoking reefer and kicking a puppy.

Probe ended.
Re:Microsoft and Google by ozzee · 2010-10-27 10:51 · Score: 3, Informative
You are flaming, right? Let me give you the benefit of the doubt. Let's compare the two.
- Google fesses up to it's mistake, Microsoft fights. If it was not for Google owning up to the error, no-one would have known, while Microsoft tried hard to keep quiet comments like "Knife the Baby".
- Google made no financial advantage from this while Microsoft made a whole business by killing competitors using it's monopoly advantage.
- Google did not intend to breach privacy laws, Microsoft knew and were warned on previous occasions that they were to stop the practice.
- It's not really clear that Google really breached the law, the information they collected was in the clear, i.e. if you go yelling you account numbers and passwords from the rooftops and someone with taking a family video records inadvertently, I suggest that it's hard to prove that the cameraman is at fault. Microsoft was found guilty and convicted of its crime.
... just to point out a few, I can go on if you like.
I think it's important to compare like cases if you don't want to be marked a troll.
How in the world did Google get all this info? by Anonymous Coward · 2010-10-27 10:52 · Score: 0

How on earth did Google get all of this information? Surely they must have done something underhanded, untoward and illegal! They sent a group of 50 engineers to break any site that they came in contact with..... err no. Is it really that they happened to stumble upon wide open networks and happened to log some of the data being publicly broadcast by people who have no idea that they are broadcasting sensitive private data in the clear? But, instead of telling these people, giving them a clue that they are being ignorant and dangerous, we shoot the messenger for telling them, allowing bad people to take full advantage of their stupidity. This in turn helps two groups: 1 the federal government in spying on people. You don't have to have a court order if all you need is a receiver. It also helps people wanting to commit crimes. Google gets beaten upon for telling people "Hey dummy, you are broadcasting private data in the clear!". People respond: "You have no business in my data, delete all your records immediately!" Googles reply "You betcha". Bad guy comes along, cleans idiot out, idiot facing bankruptcy: "Google did this, they let people know that I was an idiot".
1. Re:How in the world did Google get all this info? by sl149q · 2010-10-27 11:42 · Score: 1
  
  Put a WiFi packet sniffer into a bunch of cars that purposely drive around every habitable road in NA and Europe. Log all captured packets.
  Collect enough raw packets for a long enough period and you WILL get sensitive information. Mostly like 99.999% of all the data collected was only useful for its intended purpose (WiFi mapping.) But even .001% will get you lots of hits when you do it across a fleet of cars 40-50 hours a week for a year or two.
  And only in aggregate does it start looking like a breach of privacy.
  If this was a serious problem, i.e. that people are war driving and collecting this type of data and using it to hack into peoples email and bank accounts... then we should be glad that Google has brought the problem to the public's attention. There is no real use that they (Google) could make use of the data collected (they can get better info faster in their normal course of business.)
Privacy BEACH?! by MasterGwaha · 2010-10-27 11:37 · Score: 1

I can't believe their Street View team managed to get that van onto a private beach! So awesome! Google will stop at nothing to collect data!
1. Re:Privacy BEACH?! by Anonymous Coward · 2010-10-27 11:51 · Score: 0
  
  Glad I'm not the only one who read the headline that way. Anon for obvious reasons.
Marketing data, anyone? by cdrguru · 2010-10-27 11:48 · Score: 1

I want to get the pricing on purchasing the geographicly broken down list of WiFi routers in the US. Now that this information is available, I am sure it is for sale.
So then we can see if Belkin, DLink or Netgear has a bigger presence in Tampa, FL.
Why would anyone want this data? Well, it might come in handy if you have found a backdoor into DLink routers. Or, if you are associated with a retailer that is about to offer a big discount on Netgear routers only to find out that they aren't very popular in your particular part of the world.
I guess the next question should be what else Google might have for sale now?
Thank god that's over by mgiuca · 2010-10-27 17:08 · Score: 3, Funny

Well I for one am glad this is over and Google understands what it did is wrong and nobody will try something like this again.
I'm glad this issue got some public attention, and everyone learned a valuable lesson (which should already have been obvious): reading other people's wi-fi is wrong.
Now I can go back to setting my router to no encryption and be safe in the knowledge that nobody will read the passwords and bank details I will inevitably send in the clear.
My Kingdom for a by justinlee37 · 2010-10-27 17:56 · Score: 1

Mod Point. That was brilliantly argued and said, friend. If I happen to get mod points soon, I'll come back and mod you up.
Undetectable : Not stopping malicious parties by DrYak · 2010-10-27 23:40 · Score: 1

It's not like they where planning to keep this data and profit by re-selling it to marketeers
How do you know what Google was planning to do?
Well, you know, the fact that they didn't get caught trying to sell the data, but spontaneously announced it as soon as they noticed it. That might be a sign that selling wasn't their main target. I mean, normally I would expect a little bit more discretion from someone trying to sell shady data.

- Even if Google did got punished, this won't suddenly make the clueless users less vulnerable to anyone with bad intentions.
But it would discourage other more malicious parties from accessing networks for nefarious purposes, such as selling it to marketeers.
Explain how ? The whole story caught up wind because Google openly admitted it as soon as they found the bug in their data-collecting setup. Had they kept the thing silent, nobody would have noticed. (Or at least not until much later)
No intrusion at all happens during such recording. It's not detectable and done from a distance. (It's not like stealing data from a server, where you have to breaking into it first, and leaving traces of the exploit/rooting). If done from within a normal looking car instead of a freakin' google-car, nobody will notice.
The malicious party will simply record the data and leave the street unnoticed. Eventually, much later, we might realize that it did happen if we stumble on the data in the wild (if the source of the data is still recognizable after processing).
No way to catch the criminals and punish them. So no way from discouraging them to do it : You only get punished if you get caught, and it's hard to get caught in such circumstances (you just listen passively to data, and you're not even physically in the direct vicinity but instead in a street nearby).

Google we're talking about. They should receive some kind of punishment for "accidentally" collecting that data in the first place. That's a mistake that shouldn't be made and should be publicly discouraged due to the dangers for abuse.
Google made a few mistake :
- They wrote buggy code which recorded more data than it should. (They only were after the SSIDs, after all)
- They underestimated the amount of idiot users making stupid thing like sending critical data in the clear.
But they did not invade privacy, the same way you don't invade privacy if you over hear something shouted loud in the middle of a street.
The data wasn't technically private: it was thrown at anyone standing around. Google's cars happened to be on its trajectory at the right time.

Blaming clueless users isn't a valid response, because leaving your door unlocked doesn't mean it's okay for a stranger to enter your house.
It's not okay for a stranger to enter your house without your permission if you leave it open BUT if you make something like that, you shouldn't blame anyone else but yourself if bad things happens to you. Most insurance companies will laugh at you if you complain of being burgled while leaving your door open (and in fact some will even require an alarm system).
And the unlocked door is a bad metaphor, because it requires someone to go and try to see if the door is unlocked, and eventually enter the room - action that you have to decide to do, not things you can do by accident.
Whereas open WiFi is more closely related to a megaphone : You just blast data around for anyone to hear. Anyone could passively intercept them, without any required action - no need to open a door, the secret is audible from the street.
If you discuss with your neighbor across the street, each standing on his lawn and using a megaphone to shout answers, you wouldn't in your right mind discuss sensitive data using such a setup, because anyone could hear even if by incident.
Well, s

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
dumbest comparison ever (and wrong, too) by 1800maxim · 2010-10-28 01:28 · Score: 1

Someone who publishes a web page does it for the sole purpose of broadcasting its content.

Someone who is using a router at home without encryption is probably someone who doesn't know about encryption, does not the implications of not having it on (face it, which manual says on the open box ENCRYPT OR ELSE YOUR BANKING INFO IS AVAILABLE TO ANYONE), or could not make it work. Early routers did not make this a very straightforward process among the countless menu options there exist.

And all those users who left open connection may have understood that other people could connect to their router and share the connection, but I am certain they did not understand that their own communication can be easily intercepted, including passwords and banking info.
1. Re:dumbest comparison ever (and wrong, too) by Mathinker · 2010-10-28 02:20 · Score: 1
  
  > Someone who publishes a web page does it for the sole purpose of broadcasting its content.
  You lack imagination. The publisher could very easily intend only to publish for a small set of viewers. On the face of it, that was exactly the intent for the intercepted email (it presumably wasn't narcissistic messages people sent to themselves).
  > ENCRYPT OR ELSE YOUR BANKING INFO IS AVAILABLE TO ANYONE
  You also seem to lack a basic understanding of computer security. If accessing your on-line banking using an unencrypted WiFi connection reveals your banking info, that merely means that your bank has no freaking clue about computer security, because it should be using end-to-end encryption and possibly some kind of token-based authentication. (And in that case, your unencrypted router is probably the least of your worries, since the link just before the bank itself is a much better place for criminals to siphon off this information --- albeit, they'd need quite a bit heftier equipment to make use of the greater concentration.)
  Of course, the absolutely most likely way Joe Clueless's banking info is revealed is that he's been rooted.
Re:Microsoft and Google by Anonymous Coward · 2010-10-28 02:35 · Score: 0

You are flaming, right?
Really don't understand what the poster's sexual orientation has to do with anything, or how or points address that.....