Slashdot Mirror
FTC Ends Probe of Google StreetView Privacy Breach
GovTechGuy writes "The Federal Trade Commission (FTC) wrote to Google on Wednesday to end its probe into a major privacy breach in which the company collected and stored private user information, such as passwords and entire e-mails, without even realizing it after the search giant promised to improve its privacy practices."
Gee, we got caught; better do it differently next time. (After all, there's no penalty).
Great minds think alike; fools seldom differ.
I know, it couldn't have anything to do that nothing transmitted in the clear over unregulated frequencies is considered secret in any way, and therefore Google arguably did nothing wrong whatsoever.
It had to be political gaming by CEOs to protect them from Federal legal action for violating... what law again?
i have yet to see any corporation with a major internet presence or market segment come close to following or guaranteeing their privacy policies with complete certitude. Companies from AT&T to Facebook to Chase never see a punishment for these leaks, or rather if Google does it would be an exception to the longstanding rule of american internet commerce.
outrage does nothing. Users should take this revelation as an opportunity to improve their general knowledge of internet security.
Good people go to bed earlier.
If suing Google after they collected the passwords you transmitted unencrypted over wireless networks is *really* your idea of "privacy" . . . you're going to be in a big surprise when someone less friendly than Google does the same thing.
The World Wide Web is dying. Soon, we shall have only the Internet.
This stupid argument gets brought up every single time by Google fans. Entering someone's home, even if the front door is unlocked, is still an act of trespassing.
Why were they archiving that data in the first place? You really believe that it was just a big, dumb accident? This is Google we're talking about.
This is how low Slashdot has sunk. Years ago, this site was very pro-privacy. We're now at the point where a company can archive your emails and passwords, claim it was an accident, and get off the hook by promising not to do it again next time--and that's "doing nothing wrong whatsoever" according to the posters here.
No, we're just very pro personal responsibility. If you're broadcasting unencrypted data into the street, reading it shouldn't be a crime. If you don't know how to encrypt your wireless data - even with easily-cracked encryptions, that at least require some deliberate effort to crack - then you shouldn't it be broadcasting it into people's face. If Google were getting this data by cracking WEP, or performing MitM attacks, then I'm sure you'd see people up in arms.
Complaining about this is like complaining that a vehicle equipped with an audio recorder picked up your shouted argument from the street. If you weren't screaming at the top of your damn lungs, nobody would have heard anything.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
without even realizing it
Google sniffing out all this stuff by accident? ! **sneeze** bullshit !
Would it be an accident, it'd even be scarier. It'd mean that the search giant don't know what they're doing.
I don't think you've ever used a sniffer. Google drove around with a wireless sniffer that recorded traffic to a log file. The guys in the van would upload all their logs to a central location where they were parsed to build a database of access point SSIDs and MAC addresses for geolocation. The problem is a sniffer dump contains a lot of raw packet data, more than just the information they needed, because that's what a sniffer is supposed to do; capture all the traffic it finds.
Eagles may soar, but weasels don't get sucked into jet engines.
Uh-huh, and just because someone publishes a publicly accessible webpage available over http doesn't mean you have any right to access it, right? You should be getting written permission to "hack into" their computer by accessing it via publicly-accessible protocols they have explicitly installed and made available?
There are well-documented methods for establishing whether you want somebody to be able to use your connection. Not using them, and then complaining that someone uses it is like bitching that Google indexes your site, because you didn't setup robot.txt.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
My point exactly. You seem to know what you're talking about. So did Google. So it is reasonable to assume that they knew that
A sniffer dump contains a lot of raw packet data.
and that
[it] captures all the traffic it finds
It's a reasonable assumption, but that doesn't indicate any intention to purposefully capture the extra data. It's more likely an engineer didn't anticipate or fully consider the consequences. Maybe they thought the chances of someone using unencrypted passwords over unencrypted wifi while the Google car happened to be driving past and in range were so remote that it didn't bear further examination (clearly if this was the case, they were wrong).
This isn't directed to you personally, but Slashdot is a strange place. On the one hand, there were many here that argued against the extradition of McKinnon since the DOD had done such a piss-poor job of securing their network. They argued that the DOD deserved whatever it got. On the other hand, Google is vilified for this invasion of privacy even though those affected had made no effort at all to make their data private. I don't think we can have it both ways.
then I hope your car gets stolen tomorrow, because you had the wrong security system fitted and a thief just took your vehicle from right outside your home, even though you'd done everything you were supposed to to keep it secure.
Except in this case, people hadn't done everything they were supposed to do to keep it secure. If my car got stolen because I was too stupid to push the little "lock" button on my keychain, then damn straight I'd deserve it. Likewise, if I hadn't put in a tax return for 10 years, I'd expect to be hammered hard.
This isn't about people not doing absolutely everything perfectly. It's about them not even doing the minimum. WEP has been trivially crackable for ages - but even if people use WEP, I'd be offended if Google had cracked it. It would have shown intent, that they were deliberately trying to capture stuff that people were trying to protect.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
They were using Kismet, which by default captures all unencrypted packets it hears. They forgot to change the default - which, incidentally, is something the WiFi owners are guilty of as well.
It would be different if they changed the configuration in order to capture packets, instead of simply forgot.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
If you buy a "piece of kit", it's your responsibility to learn how to use it safely. Whether it's a chainsaw or a router.
If the kit from the ISP included a manual, than the user should have RTFM. Every wifi router manual I've seen explains how to use WPA or WEP quite clearly in the first few pages. If the manual wasn't included or was unclear, if the user should sue his ISP for leading him to expose his "private stuff".
In real life, I've noticed that even average homeowners seem to have worked this out. About 5 years ago when I turned on my laptop at home I could see 5 or so local wifi router signals, 2 or 3 were unencrypted. Now I can see 7 or 8, maybe one is unencrypted. On local TV there have been a couple of scare stories about how easy it is to snoop on wifi, that probably raised awareness. That's all it needs, not an advanced degree.