Slashdot Mirror
Google Grabbed Locations of Phones, PCs
1800maxim writes "As it turns out, Google didn't only grab the hotspot SSIDs and MAC addresses with its Street View cars. As this article at CNET notes, Google also recorded location data of computers using wireless cards, as well as cell phones and other Wi-Fi devices. Google's explanation is that the data collection was accidental, and they declined to answer further questions from CNET."
I don't think this activity is limited to 'street view' cars - I don't live in a country where there are any roaming the city at all, yet every mac address for all the access points I own can be located by entering them in to sites like: http://samy.pl/androidmap/index.php
I would assume Android is the culprit here. I expect Google buried some lawyer speak deep in an EULA making this activity perfectly legal. I'm not okay with it though.
Did Google forget about the "don't be evil" thing?
Yes, your honour. I swear the collection of those purses was purely accidental.
When did Apple do something similar? Did the iView-cars drive over my hole in the ground without me noticing?
What?
Somehow, I don't expect this to create the same outrage as back when Apple did something similar...
I agree. Even though in Apple's case, they DIDN'T do what Google did.
I think it's pretty clear that Google is in bed with the DHS, NSA, FBI, CIA, et fucking CETERA.
Perhaps they need to change their motto to "Don't Get Caught At Doing Evil" (not as catchy, I agree; but infinitely more accurate).
Google's business is built on having data about people. Google drives around and collects even more data about people from personal WiFi hotspots, PC WiFi cards, and phones. Only the truly naive can possibly believe this is accidental. The whole "big clumsy cuddly bear stumbling around doing silly things" excuse is getting very old, Google. Stop playing us for stupid.
they work for the NSA
Politics is Treachery, Religion is Brainwashing
Yeah, yeah DarkDust means the Location Services database "-gate", which you are right is not even remotely similar. In fact the two issues are as dissimilar as they can be. And here lies the most depressing thing — this will garner very little attention, especially outside of geek circles. I'd be surprised if this revelation, as egregious violation of privacy as it describes, will cause mainstream media excitement and force a congressional hearing and grilling like the Location Services thing did.
Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.
We've already heard the method they were using for capturing MAC addresses and how sloppy it was. We already knew they were collecting random packets, then truncating them to include the MAC Address and a small portion of the payload and then saving them. We know some of those payloads include packets sent by people GASP on their phones or laptops, therefore it stands to reason some of the MAC addresses must also be from those phones and laptops. We knew this months and months and months ago, but apparently CNET didn't make the connection so easily.
It's like we just keep rehashing the same old story over and over and over because nobody understood it the first time, and someone comes and puts a new spin on old data and suddenly it lives again. The thing is, you can change a registry key and change your MAC address. There's no big table of data somewhere that connects your MAC address to specific person. It's not even remotely the same as an IP address. Oh sure, you can say "Hey the MAC address of this device on my network matches the one on my network yesterday" but not "Hey, that's my neighbors MAC address" unless you've got some sort of access to the device in question.
So Google may know that a certain device was one place and also another place, but that's about the extent of the correlations they can really make with this data. Again, just as before, there's no reason to assume malice when sloppy coding is much more logical explanation. Google has nothing to gain and much to lose (PR-wise) by doing something like this on purpose, and a very reasonable and believable explanation was offered. Conspiracy theorists can continue to beat this dead horse if they like, but I'm an Occam's razor fan.
You're a cunt but I'm not outraged
Why is this new? The StreetView cards were set to promiscuous mode, since they sniffed data packets not intended for them. It stands to reason they recorded responses from the end devices too, not just the AP->device traffic.
Hyperbole: I use it liberally!
So we have had Google's explanation for what happened, and how a coder got lazy and just modified some existing packet capture software (which captured all packets, instead of just the ones used by networks to announce themselves). Rather than actually writing some simple routines to select which packets to record and properly remove all the payload data, he simply let it record every packet with *most* of it truncated. This left the MAC address and sometimes a portion of the payload data behind.
We all knew all this months and months ago. We knew that some of the payload data came from people using their computers/laptops/phones on WiFi networks. Does it take a super genius to realize that if they packets came from phones/laptops, and the payloads came from phones/laptops, that some of the MAC addresses might also come from those same phones/laptops? This is the same story once again rehashed and repackaged. There's absolutely 0 new information here. CNET might not have realized this was eminently obvious with the details of the original story, but most technically oriented people did.
And honestly, it's not that big of a deal. Your MAC address can't be traced back to you. It's more or less anonymous. Unless somebody has had access to your device, there's no way to tie the MAC address to you--and if that prospect concerns you, just change it. In Windows it's just a simple registry tweak to make your MAC address anything you want.
People keep saying that it was lazy coding, but how can that be right?
If you want to get the locations of access points, do you
a) write (or use) a program that records the SSID broadcasts and their location
-or-
b) write (or use) a program that captures all the traffic, truncates the frames, processes them to extract the access point broadcasts and then stores them with the location?
Hint : option 'a' is the easy one.
I do not see how option 'b' is something that can be done accidentally without a lot of extra effort.
That's because Apple users are douchebags.
...but shouldn't the real story be about how much information your gadgets are just leaking all over the place? Google didn't break into people's homes and write down the MAC addresses of every piece of tech they could find, they just recorded what was already being blasted through the airwaves. Now, I'm not saying this makes it all ok, but at least we KNOW Google is doing it - what's to stop other companies/groups/individuals from doing the same? The real issue is that the information is out there, not that someone decided to collect it.
If your Bank decided to put a list of all bank accounts that have recently been accessed on its home page, would you blame the identity thieves for stealing all your money, or would you blame the bank for broadcasting your information?
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
It already has. This is the same story for eons ago rehashed in yet another way with absolutely no new information whatsoever. Obviously, if we had payload data it wasn't from routers, so obviously there had to be MAC Addresses that weren't from routers either. We already knew all of this months and months and months ago and it caused at least as big of an uproar back then as the Apple location thing. In fact, it was bigger--since we still have governments investigating Google over this while Apple largely skated by unnoticed (other than some congressional testimony).
Apple's issues were fairly similar to be honest, in both instances it was bad coding/poor-judgment by engineers creating bad privacy practices that were, in both cases, largely overblown in the media. Google, to its credit, at least had the decency to step up and say "Yeah, our mistake. We're sorry." while Steve Jobs COMPLETELY DENIED that the iPhone tracked users. In my book, that makes him a big liar. Apple's weasely response, no doubt, would be that if the data doesn't get uploaded to them its not really "tracking". But, practically speaking, that argument doesn't hold any water since the record is created, sometimes (but not always) finds it way to Apple, and its existence creates a liability for its users even if it isn't in Apple's hands. Neither company was being malicious or trying to invade their user's privacy, but at least Google showed a lot more forthrightness and honesty while Apple tried to hide the issue.
Peter Cetera is involved with google? CARNALLY?!
In the future, I would want to not be isolated from my friends in the Space Station.
What have Apple done similar?
If you're talking about when a file was discovered which appeared to be tracking iPhone users, that's is not similar even if you squint. That's like the difference between stalking someone (following them everywhere), and passing someone on the street.
Apple collected positions of people they already knew who was (they can say it was anonymized, but that only helps if you already trust them). Google collected a list of MAC addresses at the time the Streetview car passed. Here's some even scarier news for you: They also took pictures. Legally even. Now, if you are in one of the pictures, people will be able to recognize you. If your MAC address was recorded, they will be able to recognize that an Apple device was there. They may even be able to figure out which model. However, to find out whose device, they'd have to ask Apple to look up the MAC address in their database, find the bill, and tell them the name on the bill. Which may not even be the current owner anyway. And that's assuming that Apple make their MAC addresses truly unique. Some manufacturers have been known to reuse them, which - though technically against the rules - only causes problems if two devices with the same MAC address get connected to the same network (i.e. the same Access Point).
The scary point is not that they collected MAC addresses. They still do. The scary point was that they logged more data than just the MAC address, which could contain personal data. IF the wireless network was not encrypted, AND the personal data was not sent over SSL or other secure connections. Which is why the reaction on Slashdot - when the news broke months ago - was more of a "meh". The view here is that if you run an open wireless network, it's your own damn fault, and Google is the least of your worries. Your neighbor (you know, the one who is always thinking of the children) using your network to download illegal stuff is a much bigger worry.
But, as I said, that was months ago. The only news here is that a reporter somehow found out that PCs have MAC addresses just like access points do.
Another apple fanboi without a clue as to what technology does behind the scene while he's jerking off to porn on his apple product that his lord and master Steve Jobs forbade him to have.
afaik, your street address is NOT private information. Barring the boonies and any illegal housing projects youre on a map somewhere. I havent seen a dead tree copy of yellowpages in a few years, but in some places residential addresses are listed in the book along with name and landline #
Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.
Not only that, Google equipped vehicles with special equipment specifically to go out and actively collect the data. They weren't caching data already there on already-existing devices - they were literally using spy gear to actively collect it, and even paying employees to drive around and do it.
But listen to the fanbois:
B-B-B-BUT IT'S GOOGLE!!!! THEY DON'T DO EVIL.
Bullshit. They most certainly do.
Google wants to collect MAC addresses. They do that on purpose. But they don't want mobile MAC addresses. They want FIXED ones, because that's what helps them Geolocate. Again, this all traces back to the same lazy coder who just copy and pasted some packet sniffing code into his project without bothering to change it to be smart enough to only record open wifi routers broadcast packets or to properly truncate the packet down to the MAC address. Instead he just had it take EVERY packet, keep the first 64 bytes, and dump the rest. This resulted in useless mobile MAC addresses also being recorded along with all the payload data that got Google into so much trouble.
yeah but guys, if you had the right equipment available, this is publicly available information. you could gather it too.
it's not like they're sniffing around our phones. or we haven't caught them doing so yet anyway...
How so? They ran Kismet, which if paired with a GPS captures the location of everything (both APs and devices). If you want to filter out devices, you probably need to change the code, since I've never seen an 'ignore clients' option in Kismet.
Personally, I found the capture of actual data from unencrypted networks (well, from any networks, but others are irrelevant) is pretty bad, but this? Who cares if they know that MAC address X was at location Y? It's not like there's a database linking MAC address to people.
Dilbert RSS feed
No, can't you read? Carnally with ET.
Yeah, it's so evil to create a system that allows geo-location without GPS *rolleyes* I'm sure they did this only to make the lives of stalkers easier. Certainly they would never try to do anything as helpful as allow people with crappy phones to get better location info.
Sweet, so we all have "spy gear" built into our laptops and phones now! Scanning for local wifi devices/data now qualifies you to be a spy - cool! I'm off to apply to MI5.
Even if one of their main reasons for doing all of this is to make advertising more relevant, I don't see what the problem is there. If you even let your browser display ads at all, it's better to have useful ones. Targeted advertising is hardly "evil", and if the system also benefits the public then I think it's worth it.
which is totally what she said
Yeah, I was also confused as to where the actual story is here.
which is totally what she said
Who cares if they know that MAC address X was at location Y?
If it's the MAC address of my smartphone, which I'm likely to carry around with me more or less all the time, I care a lot about who knows where that MAC address has been. While Googles rather idiotic behaviour just (may have) recorded, where said MAC address was at one point in time, the statement above is, in its broadness, quite a bit more than I would like to have to stomach.
It's not like there's a database linking MAC address to people.
yet. It's not like nobody could ever come up with that smart idea.
Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.
How is capturing a signal sent over a public frequency considered priveledged? If I had an fm transmitter that I used to broadcast my darkest secrets and someone I didn't want listening to it did could I sue them for violating my right to privacy? It isnt as if they hackedat into a network, they grabbed the same stuff anyone else with the right equipment has access to, things that are being transferred through the air, which everyone owns
Google attempted to deliberately record the location of all open wifi hotspots. What the 'accidental' part was, is that they recorded all the open wifi hotspots that shouldn't have been open - ie home users who hadn't protected their devices.
From a technical viewpoint, there's no difference between Starbuck's open wifi, and the one at my home. The point of all this is that Google's access wasn't malicious, they did accidentally collect data they didn't intend to - which is very obvious after the fact, I guess no-one thought about it enough beforehand.
They sure seem to be collecting a lot of data by accident...
My friends at Google swear up and down that every line of code in the Google codebase is reviewed several times before it is signed off and released for any purpose. Some would have caught this; it's obvious from the data what is happening. So, either my friends are liars, or Google is. I trust my friends more.
Am I part of the core demographic for Swedish Fish?
So it is ok for the phone company (and thus any law-enforcement agency who chooses to ask) to know where your smartphone has been but not Google (or John Doe driving the neighborhood in his '96 Civic while running Kismet)?
This, IMHO, is a beautiful opportunity to educate end-users, not to bash Google. If one doesn't want to be tracked across the modern globe turn off the fucking broadcasting radio in your pocket.
You (and most news articles I have read on this) fail to miss the point: this is locally public information. Publishing it worldwide may not be in violation of any laws in print (debatable), but that does not make it morally defensible.
To invoke a car analogy: this would be similar to having a worldwide database tying each license plate to its physical location on the planet. Sure, it's public information, since anyone nearby can do the same. But since each license plate can be uniquely tied to its owner, it is still a breach of privacy, whether the owner is near the car or not.
It might be good if some of the smart people commenting here would become familiar with MAC addresses and what they're used for.
You seem to understand that DNS maps domain names to IP addresses - but what maps that IP address to your specific hardware?
Those who say you can change the MAC address to anything you want - maybe they understand that they're assigned in such a way that duplication is rare to impossible. For extra credit, describe what would happen if two devices shared the same MAC address.
No, Google did not deliberately record just the location of all open wireless wifis. Google deliberately recorded all wifis, encrypted or not, public or not. There were two accidental aspects: They only needed the metadata of infrastructure devices, but they also recorded transmitted data on unencrypted wifis (public and private), possibly on encrypted wifis too, but that doesn't matter. The second aspect is that they also recorded data about client devices (phones, laptops, etc.), not just infrastructure devices (access points).
google is a front for the nsa
If it's the MAC address of my smartphone, which I'm likely to carry around with me more or less all the time, I care a lot about who knows where that MAC address has been. While Googles rather idiotic behaviour just (may have) recorded, where said MAC address was at one point in time, the statement above is, in its broadness, quite a bit more than I would like to have to stomach.
Sure, if it was a MAC tracking, that would've been a very different situation. But it wasn't, so let's not cloud the issue.
yet. It's not like nobody could ever come up with that smart idea.
Then the true problematic privacy violation would be perpetrated by that person/entity, not Google.
Dilbert RSS feed
Well, it's nobody's business if I don't mind being tracked by my phone company and law enforcement but mind being tracked by Google. Let's remember that I explicitly gave my phone company permission to do that (by contracting their services), but never gave Google that permission.
The reason why I don't see this as a real problem is because firstly it wasn't tracking, just a one time recording, and unlike the phone company Google has no real way of knowing who that address belongs to.
Dilbert RSS feed
Not to mention probably more than half the posts on every site that runs this story will be "ZOMG! Google does NO evil!" with rushes to explain away everything they did while ignoring if it wasn't for the Germans demanded to see what data was collected in the first place nobody would have even found out how much Google was snatching.
I just hope that whomever at Google came up with that stupid slogan got a free car and a hell of a bonus check, because that thing seems to work like a magic shield that makes old Jobs RDF look like a lite brite. Hell I bet if it came out tomorrow that Google was shipping everyone's data straight to the NSA there would be a thousand posts saying "But but...they do NO evil!". Gotta give whomever came up with it credit, it is a fucking brilliant piece of marketing.
ACs don't waste your time replying, your posts are never seen by me.
I still struggle to understand the point of view where this is so morbidly bad. It seems as childish as "MOM! Tommy is almost touching me!" on a long car trip. Unless the google street view cars are sitting in front of your house for a few hours collecting packets in the hopes of breaking your *hopefully* encrypted wireless traffic (just to read you G-mail message from aunt Jen or see what kind of demented animal porn you view), I don't see any reason for your panic. They are recording the location of APs for positional data, they have no use for anything else.
This, IMHO, is a beautiful opportunity to educate end-users, not to bash Google. If one doesn't want to be tracked across the modern globe turn off the fucking broadcasting radio in your pocket.
You can't just ask people to be logical like that. They will demand that Google "stop spying" on them, while completely ignoring the real possibility that their neighbor is simultaneously doing it also, this time nefariously, as well as local agencies and far-less-restrained data mining companies. These are probably the same people who think that the war on drugs is either effective or winnable.
It's actually not that mysterious as to why they did this. Android has a "nifty" feature that uses WIFI access point triangulation to improve location accuracy of the handsets, and it works even when GPS is turned off.
No way this was "accidental", as they're using the fruits of it quite readily.
If you need web hosting, you could do worse than here
yet. It's not like nobody could ever come up with that smart idea.
I'm thinking any popular social networking site that has a smartphone app. Fortunately, I don't know any like that.
Well, later guys. Time to fire up Google+ and Facebook apps on my way to work so I can see what my friends are having for breakfast!
"I know that every word that man just said is true, because it's EXACTLY what I wanted to hear." -- Space Ghost
I knew it! They're in with the aliens!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Make sure to Check In and turn on Latitude so we can meet you later for lunch!
-Goog.. .er.. your friends.
Recording everything would be the safest bet if data privacy wasn't a concern. It would remove any possibility of filter errors during the capturing. Do you really want 50,000 vans doing independent analysis?
I think my favorite motto is Kellogg's "two scoops XOR raisins"
Set your phasers on "funky"!
Unlike license plates, MAC addresses can't be tied to the owner, unless the manufacturer records the MAC addresses of sold devices linked to customers.
It also depends on MAC addresses being unique, which is only true in theory. Several manufacturers have reused MAC addresses, something which only causes problems if two devices with the same MAC address are connected to the same network.
Never forget this.
With this kind of record or respecting people's privacy I seriously have to question fandroids who rip on Apple. I had high hopes for Google but I don't trust them one bit. "Accident"? I don't think that accidentally happens, it was planned and they just got busted.
Google grabbed this info from the street, without asking permission
Why would you need permission to capture data from public spectrum?
Give me Classic Slashdot or give me death!
Google collected the data off the streets, public roads. Legally, anyone can videotape, and follow anyone this way. I have a dashboard camera and have videos of many drivers and their license plates. Is it legal for me to do so? Yes, actually.
There are also drivers with scanners and CB radios, which can also pick up some GSM signals and that's just fine to have in their car. What I'm saying is, is that picking this stuff up while driving on a public road is legal. If you don't want your wifi signal to be picked up or your cellphone data picked up, then shut them off because just because it's in your home and the fact that it can be picked up off the street means there's nothing you can do about it....
has come to life! Or whatever they called it on southpark. I for one, will not be on google+ as from the beginning it reeked of snooping, and since its designed to be one better than facebook, well... of course its going to do that.
From the makers of The Bomb - they set us up, and Anal Lube.
Oh yes... without asking permission... EVERYONE WHO HAS A FUCKING WLAN CAN SEE YOUR INFORMATION!
And google does not gain so much about the Mac + GPS location (accuracy of the WLAN range) as does EVERYONE ELSE ON THE AREA.
Google can not sell that information to anyone else anyway. It can only send easier way the correct data depending of location of the user, what Google would get anyway if using any google services on that area.
Now _only google service user gains_ something, while Google would get that info anyways.
Or do you think that MAC address is somekind super secret what no one else can see without your permission? If you are so worried, dont use wireless technologies.
And NSA, CIA and others do not need google at all.
As already in EU every search, email, typed address and so on is logged for months by operators. You can not do anything about it anymore. Governments gets that info and you can be damn sure that it is hands of those agencies without your permission and without Google or any other company than ISP's.
Google only serve its users better way without gaining anything else than better opinion by people (nothing technical).
So if you want to worry about something, worry about operators. It is funny how people forget that all their data travels trough their operators and they know everything.
"fanbois"
Are you 12 years old?
Wow, you have really stuck your head in the sand. First of all the factual errors in your post, the iPhone did NOT track users. That is a fact and once the simple minded folks got past the FUD they should be able to see that. Second, for you to think this was an accident is beyond stupid. You have to code specifically FOR this scenario, it just doesn't happen accidentally. The iPhone had a cell tower database that was unencrypted and a but too large, both could be easily seen as accidents. Google IS invading people's privacy, this is just one more step in their weird decision making and for you to give them a free pass is unbelievable.
I guess they shouldn't obscure faces and license plates too, then?
Now onto the new story, it sounds like the exact same thing, the software is listening for unencrypted wifi access points, have you ever checked the available networks in your average staples/bestbuy or any place that sells new laptops? New laptops are almost always set up as mini ad-hoc networks, which sounds to me like an automatic process that scans for open wifi, would take a second look at.
How so? They ran Kismet, which if paired with a GPS captures the location of everything (both APs and devices). If you want to filter out devices, you probably need to change the code, since I've never seen an 'ignore clients' option in Kismet.
Maybe their project manager should have realized that 'accidentally' collecting that data could have legal and PR consequences, and that it might be worth their while to make sure that they don't 'accidentally' collect that data.
Nah. Project management is for suckers. Just go out there and do dumb things - it'll work out in the end.
Meh. The telephone companies have been doing this for a while now. The wifi chip in your phone records nearby SSIDs even when you have turned your wifi off. The telephone companies record which SSIDs you're near and this allows them to more quickly determine your location for the numerous reasons they might want to do so. I don't believe that anything I'm broadcasting over the air-waves is private. The fact that Google also recorded this information is irrelevant to me.
Check out my lame java blog at www.javachopshop.com
Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit).
Google recorded something I was intentionally broadcasting. Boohoo.
Check out my lame java blog at www.javachopshop.com
It's easier to ask forgiveness later then permission first. I believe Google knew what they were doing. I also believe some engineers that worked on the code raised ethical questions that were later squashed. Google is all about data collection.
They recorded either all raw radio wave data or minimally converted everything to digital according to the WiFi protocols. So if someone accessing their bank at the the time Google drove by then Google captured their bank data. If someone used weak pass phrases for their WiFi then the stored data is easily decoded.
I am very libertarian. It doesn't matter if a law says I can't listen into a radio wave, the truth is I can and so can anyone else. It's my fault for not encrypting my data securely. It's my responsibility to know that encryption has it's best practices and to use them as well as to be informed that I am taking a calculated risk in transmitting data wirelessly since nothing is guaranteed.
Radio signals are public.The trick is decoding them. Decoding them should not be illegal since bad guys don't obey the law. To me it's like arresting people for eves dropping at the next table when people can clearly hear them at the other end of the room. If you want privacy, go somewhere private and secure.
Seriously this is one of the most moronic statements i've read today. Google does alot of sketchy things, honestly my biggest complaints with them are programs like google toolbar that seem to install themselves on new PCs and slip in with software. But really, they've already explained what they were doing, it it makes perfect sense why others were hit by it. Google was gathering information on public access points to be able to map them, the access point data that was gathered was from routers that were set to appear as Public (unencrypted and non-hidden). People are making it sound like google was sitting outside of peoples houses for days at a time, when they were not gathering more information than one could gather driving by at 35-50MPH. That is more or less on par with a couple arguing loudly on a park bench, complaining about what a jogger heard.
he was involved with Chicago actually.
That's not the point. Parent said it couldn't happen accidentally, but it obviously can, even if it can be considered criminal negligence.
Being an accident only means it wasn't their intent, not that it isn't their fault.
Dilbert RSS feed
The traffic being unencrypted does not mean it was “broadcast” (as in: intended for everybody), and the fact that they had to use passive mode confirms it. Visible light and acoustic wave come out of my house all the time, but it's not great practice to acquire them for business purpose without asking me.
You're standing on a busy street corner screaming at the top of your lungs, then getting upset that someone overheard you because you meant for it to be a private communication. Also, whether or not you encrypted the data does not change whether you broadcast it.
Check out my lame java blog at www.javachopshop.com
If they make a hash of the IP and store the hash instead of the MAC address, would people be pissy about it? You couldn't query a hash DB the same way, you could only query with "I see these mac addresses, where am I" type questions. Problem solved -- right?
Google shouldn't have admitted anything. They made a mistake by leaving a debugging feature in production code and collected a lot of data they shouldn't have. The right thing to do would have been to handle the problem internally - fix the problem and delete the data, end of story, no harm done. By admitting they made a mistake they're only putting themselves in trouble and potentially allowing governments to get access to the data.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.
Non-programmer spotted!
"When information is power, privacy is freedom" - Jah-Wren Ryel
Oh fucking please, they used vehicles equipped with average off-the-shelf wifi equipment to collect data that devices were openly broadcasting.
They weren't caching data already there on already-existing devices
What does this even mean? You obviously have no idea what you're talking about.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I propose that "Do No Google" replace "Do No Evil" as being more encompassing...or more correct.
A series of bad decisions can deplete a company's goodwill reservoir exponentially.
How many PR mistakes does Google need to reach terminal velocity?
And when you sit in your home and have a discussion with someone, perhaps you should be rather upset if someone drove around in a van with eavesdropping equipment and recorded your conversation.
Yeah, only a non-programmer would think that software doesn't just "accidentally" record extra information that it wasn't programmed to...
C'mon, how do you write a program to log all MAC addresses, and not realize that it's going to collect all MAC addresses? Do you think they just talk to their vans and there was some sort of ambiguity? Like they said, "Google Van, please record MAC addresses and GPS coordinates", and it just interpreted it wrong because they were unclear?
Isn't it a bit funny how Google seems to keep "accidentally" recording so much data? There was nothing accidental about it. At best, it wasn't their primary focus, but it's extremely simplistic to think they didn't know what their software was doing.
Obviously, if we had payload data it wasn't from routers, so obviously there had to be MAC Addresses that weren't from routers either.
Really? So, when this story first came out, you think it was "obvious" that Google was collecting MAC addresses from client devices as well? I don't mean in retrospect now that this story is out, but that at the time, you *specifically* had the thought "they also collected MAC addresses from clients, not just from the access points."?
And further, you think that this is something that most people thought as well? Really?
It's pretty obvious that they left debugging features in place in the production code. No conspiracy necessary.
"When information is power, privacy is freedom" - Jah-Wren Ryel
So what you're saying is that if I whip out my phone in the streets of NYC, snap a shot of traffic, and fail to then photoshop out all the license plates before posting that shot on the web, I'm being morally indefensible?
Your incorrect usage of the word "whomever" makes you look like a retard, and causes people with half an ounce of intelligence to stop reading your post, since you are incapable of communicating correctly.
The information is BROADCASTED publicly -- if you don't want them to see you then Wifi has the option of hiding the network name; which is clearly indicating that you don't want others seeing you - without doing that you are willfully going naked from view of a PUBLIC SPACE -- so its 100% fair game they snap your photo and there is nothing you can do about it (or should expect to.)
One could argue that merely broadcasting things into the public space is enough; however, due to the nature of the technology this is unavoidable so the hidden network flag should provide a legal means for something that is technically impractical so the hidden network flag is a virtual fence.
Encryption is another matter; but if you broadcast your MAC, or other data unencrypted then its fair game-- the encrypted data is fair game; the issue there is whether somebody has a right to break your encryption-- not whether they are allowed to receive the signals you are projecting directly at them (again, in a public space.) This is like pushing nude photos of yourself onto people going past your house. You could put the photo in an envelope and still do it-- but you are an idiot if you get upset somebody bothers to open that envelope you gave them!
Democracy Now! - uncensored, anti-establishment news
Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.
So what you're saying is that you've never used off-the-shelf software to do something and you have absolutely no experience using Kismet.
Hello, of course Google collects WiFi SSID information, how else do you think the WiFi location services work? This isn't just Google, but also Sony, and SkyHook (Apple) to name a few. There's nothing suspicious or illegal about it either. If you don't want it collected, don't broadcast it, sheesh.
I've used Kismet to do site surveys before. By default, it's dumping packets for anything it can find. I could probably go through my laptop and find old caps with fragments of data from neighboring networks that had nothing to do with the entity that I was surveying. With that in mind, it's not particularly shocking that Google has done something similar. But do keep trying to push this as an intentional, malicious, or at least "dumb" act. Because everyone likes ignorance if it's packaged in snark.
Not if your discussion is being done via bullhorn.
I have to ask. In every Google article on Slashdot, I notice these angry anonymous posts attacking people who are critical of Google. It's obvious that it's the same person. Do you work for them or something?
C'mon, how do you write a program to log all MAC addresses, and not realize that it's going to collect all MAC addresses? Do you think they just talk to their vans and there was some sort of ambiguity? Like they said, "Google Van, please record MAC addresses and GPS coordinates", and it just interpreted it wrong because they were unclear?
You don't write your own software. You use a common off-the-shelf app that provides a data dump with everything you need. It's called Kismet. You should take a look at it.
You actually believe their story that they accidentally enabled a "debugging feature" for all the years they collected and archived the data? Even more incredible, you're actually arguing that it should have been kept a secret and that the public should never have found out about it?
The only reason Google admitted it in the first place was due to threat of investigation by the German government. If Google had their way, we most definitely would have never known about it. That's not a good thing.
I'm pretty sure it was Sergey or Larry that came up with it...so yeah, I'd say they've been pretty well compensated for it.
What does it being off-the-shelf equipment have to do with anything? It doesn't matter if they were "openly broadcasting." By that logic, I could stand outside your house with extra-sensitive microphones and listen to the conversations your having. After all, you're "openly broadcasting" the sound waves through the surrounding atmosphere.
There's such a thing as a reasonable expectation of privacy.
Slashdotters keep focusing on the fact the routers were unencrypted, and that doesn't matter legally or ethically. By that logic, I could listen in on the conversations in your house from the street using sensitive microphones without repercussion, or I could peek through your windows using binoculars if you left a curtain cracked open.
Clearly, you can gather a lot of information with Google's equipment and software driving. These were residential areas, so the speed was more likely to be 15-20 MPH and not the speedy pace you imply.
It's absolutely nothing like that. The networks were set up in households with an expectation of privacy, not out in a park. Also, Google's data collection goes far beyond merely overhearing someone's loud argument.
Hi, anonymous Google defender who appears in every Google article.
Your post is bizarre. According to you, it's okay for Google to spy on you because your neighbor might be spying on to too. You also ignore the fact that people explicitly give permission to phone companies to know their MAC address, while Google drove their data-sniffing software around residential areas without warning.
The war on drugs comment is also completely random and irrelevant.
They "accidentally" collected this data for 4 years, totaling over 600 gigabytes of data. Furthermore, they only admitted to it under inquiry from German regulators. Come on.
You're getting modded down (using the "Overrated" modifier which avoids meta-moderation), but the truth is that Google collected the data for a whopping 4 years and archived about 600 gigabytes of data. That's a pretty long-term "accident" to overlook. If not for German regulators, we would never have even heard about it.
I keep seeing this opinion on Slashdot, and I guess that it must be due to some incorrect belief that Google proactively stepped forward and admitted what happened, when the opposite is true.
Google's data collection occurred over 2006-2010, a period of four years in which they archived over 600 gigabytes of data. Four years. That's a long time to not be aware that your own software is sniffing everything. You're really telling me they never did a test run and noticed that they were archiving everything in range?
Furthermore, Google only admitted to the issue under threat of investigation by German regulators. Otherwise, you would have never known about it, and it's likely the data collection would have continued. What likely happened is that, internally, Google ignored the privacy issue because, like many Slashdotters, they incorrectly assumed that any publicly accessible network is fair game and that it's not their problem if it ends up in the recorded data. When they realized the information would be seen by German regulators and that it would create a public controversy, they suddenly acted as if they didn't know what was going on and that it was all a big accident they were trying to rectify through honesty.
Even if it was an accident, it's a criminally negligent one. But come on. Four years of accidental data collection? To believe that requires a level of gullibility that's never afforded to Microsoft or Apple around here. Let's be open about it--there is a pro-Google bias on Slashdot in which they are given the benefit of the doubt in all situations while their competitors are chastised for lesser flaws.
They may or may not need to obscure faces, depending on their use of the picture. But it's entirely legal to collect such data.
Same goes for this data. They might need to redact the MACs if they intend to publish the data they collected. But there's no reasonable way to argue that they violated anyones rights by collecting the data in the first place.
Give me Classic Slashdot or give me death!
By that logic, I could stand outside your house with extra-sensitive microphones and listen to the conversations your having. After all, you're "openly broadcasting" the sound waves through the surrounding atmosphere.
That might be a fair comparison if Google were listening from extremely long distances, beyond the normal range of a consumer device, using special antennas. But they weren't.
"When information is power, privacy is freedom" - Jah-Wren Ryel
OK, let me rephrase. If this tool does something you want, but also does things you don't want, then it may not be the right tool for the job. (A hammer will kill pesky houseflies, but it will also leave holes in your walls.) Try it like this:
The TSA wants to collect information about each passenger (whether or not they are carrying prohibited items). They have a tool that collects that information, but also collects information that the TSA doesn't need, but that has potential to upset people (images of their privates). If the TSA goes forward with using that tool, they can expect blowback. It might be a great tool for collecting the desired information, but that by-product causes problems - perhaps enough problems that it's worth finding a different tool.
This isn't so much a technical problem as a management problem. I don't think it's intentional or malicious, but it might qualify as dumb. The snark comes in when you've got an ex-CIO pooh-poohing project management at the same time that Google is having a really hard time putting this one to bed.
If they wanted to keep it a secret they could have and we wouldn't know to this day.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Google gathered information being broadcast out in the open. Google isn't bad, broadcasting information is bad. This "news" is FUD trying to build a case against Google.
Having to work for a living is the root of all evil.
Google, to its credit, at least had the decency to step up and say "Yeah, our mistake. We're sorry."
The article I read (conveniently linked above) says:
Well, I guess if you *really* love google you can consider repeated denials for comment to be an apology.
doesn't get uploaded to them its not really "tracking" [snip]
its existence creates a liability for its users[snip]
at least Google showed a lot more forthrightness and honesty
So the existence of anonymous data creates a liability for the users. But Google collecting personally identifiable information and making it searchable on their website and by their phones while not allowing you to opt-out is ... nothing to worry about. Its the same thing.
Google didn't admit to anything. Google got caught. When each little bit of information was discovered they stopped denying that part, but forced people to keep digging to find out what other information they stored and made searchable. They did it for FOUR YEARS. Nobody does something for FOUR YEARS and then honestly believes "Omg I had no idea I was doing that!". On top of everything, they don't offer any opt-out. All the outrage, no opt-out.
You're a fan-boy at heart, ignoring whatever is convenient so Google can be a good guy.
Your analogy prompts one of my own to answer your question. Grabbing 'public' wifi data is like killing and eating a wild rabbit. If the occasional person does it, there isn't a problem. Even if a lot of people do it, it isn't a huge deal. One a company comes in and systematically does it to virtually all of them, you have a problem.
So, if you go out and shoot a rabbit and eat it for dinner, you have done nothing wrong. If Hasenpfeffer Incorporated sends trucks around the nation to systematically shoot every single rabbit in the country so that they can sell the meat, then we have a problem.
Given Google's history, and the fact that no one has tried to do what they are doing before, I would be likely to give them the benefit of the doubt that they did not intend to be evil by collecting more data than they should have. The ignorance excuse does not extend forward though. If in six months, it comes out that they still gathering that kind of data, they don't get to claim ignorance.
"something which only causes problems if two devices with the same MAC address are connected to the same network."
Someone fails to understand how MAC cloning works...
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Google was basically a peeping tom with peoples information. It was wrong and dumb. But going out and leaving your from door open is too. Why do people lock their doors but leave their networks open?
Funny, Jobs says that they are using the data collected from iPhones to produce a traffic monitoring application. It's funny watching the iPhone fans talk about the tracking. Half of them insist that everything is OK because the iPhones sent no data back to Apple, and the other half insist that everything is OK because the TOS and Apples public statements clearly states that they are collecting data from your phone, so you agreed to it.
Apple secretly pulled data that was not being publicly broadcast from phones. Apple admitted this. Yes, they said it in a way that would make most people think the opposite, but they definitely admitted it, and they will surely pull out their statement when they get busted again.
Google collected publicly broadcast data. Googles problem is not in the single act of harvesting a single piece of data. It is in the scale of what they did. Much like hunting a single rabbit isn't a problem, while systematically hunting down every single rabbit on the planet certainly is a problem.
You can call me a Google apologist if you want, but much as I wouldn't call the ancient North American Indians evil for having wiped out virtually all of the mega-fauna on the continent, I would not call Google evil for over harvesting 'public' wifi data. I would chalk them both up to being ignorant of the ramifications of their actions. I would call the harvesting of that kind of data today evil. Just as I would call knowingly wiping out established species today evil.
So, if you go out and shoot a rabbit and eat it for dinner, you have done nothing wrong. If Hasenpfeffer Incorporated sends trucks around the nation to systematically shoot every single rabbit in the country so that they can sell the meat, then we have a problem.
But the analogy only works in so far as there are a limited number of rabbits to be had and hunting on a systematically large scale depletes the populations. Meanwhile, systematic capturing of broadcasted, unencrypted network traffic does not decrease the availability of that traffic (although if it did - it'd probably be a Good Thing... security awareness).
The analogy would be different if having a large amount of rabbit from various locations easily accessable would be an issue.
Given Google's history, and the fact that no one has tried to do what they are doing before, I would be likely to give them the benefit of the doubt that they did not intend to be evil by collecting more data than they should have. The ignorance excuse does not extend forward though. If in six months, it comes out that they still gathering that kind of data, they don't get to claim ignorance.
I think the real issue here isn't that Google was able to record this information (any wifi device does this as the most basic level). The problem is that Google didn't realize the significance of the junk traffic and systematically scrub / destroy it (where wifi devices differ is comitting data to long-term storage). It appears that Google won't continue that particular behavior.
OK, let me rephrase. If this tool does something you want, but also does things you don't want, then it may not be the right tool for the job. (A hammer will kill pesky houseflies, but it will also leave holes in your walls.) Try it like this:
The tool is perfectly suitable for what they need. The problem is that they didn't scrub the data they collected and then destroyed everything else collected.
The TSA wants to collect information about each passenger (whether or not they are carrying prohibited items). They have a tool that collects that information, but also collects information that the TSA doesn't need, but that has potential to upset people (images of their privates). If the TSA goes forward with using that tool, they can expect blowback. It might be a great tool for collecting the desired information, but that by-product causes problems - perhaps enough problems that it's worth finding a different tool.
If I'm walking past a security camera in a public location and it gets pictures of me naked because I'm wearing no clothes, I have little reason to be upset about my nudity being captured. What the TSA is currently doing is taking steps to expose me beyond what I've chosen to expose in public. The problem here is that there's a large population who think they're wearing the finest new Emporer fashion and don't like the idea that they've been naked all along.
This isn't so much a technical problem as a management problem. I don't think it's intentional or malicious, but it might qualify as dumb. The snark comes in when you've got an ex-CIO pooh-poohing project management at the same time that Google is having a really hard time putting this one to bed.
I don't have much say on the management issue but I'd imagine if I'm a big believer in PM processes, this would irk me. As I noted, I think the real problem here is that Google didn't properly handle the data. Either the people running the project or some layer of management should have realized the potential of the data they were collecting and ensuring it was handled more appropriately.
Yeah, only a non-programmer would think that software doesn't just "accidentally" record extra information that it wasn't programmed to...
Correct, because a programmer would realize that you often receive a lot of data, and then you filter out the stuff you don't want. Buffer overflows are a perfect example of someone not filtering enough on the incoming data. Of course, receiving a lot of data and then filtering out what you don't want isn't limited to programming. It is also done while driving, having a conversation in a crowded rooms, cooking, walking down the street, etc..
"Whomever" was used correctly the second time around, but there is a comma splice/run-on sentence.
In any case, since the sentence in question began with "Gotta", I sincerely doubt the poster gives a rip about your concern.
"Do no evil" , BTW, was not created by marketing people, or originally intended as marketing. An engineer came up with it as a replacement of a more complex set of rules about how to behave, for internal use at Google, and people liked it for its simplicity, so they adopted it. It took on an external role later, I suppose.
...the future crusty old bastards are already drinking the Kool-Aid.
If it was one of them then they rightly deserve to go down with Jobs and Gates in the "bloody brilliant bastard" hall of fame, because like Jobs and his "one more thing" and hipster persona or Gates with his "I'm just a little nerd" act while behind the scenes in the 90s making Darth Vader look like a Care Bear it has to be one of the most simple yet fucking brilliant pieces of marketing ever created.
hell I bet tomorrow they could announce they are sending every drop of data they've ever collected to the NSA while simultaneously replacing the background of all Google apps with Goatse and there would be thousands of posts all over the web screaming "But but but...they do NO evil, so it must all be a misunderstanding!". Hell old Jobs would kill for an RDF that powerful!
ACs don't waste your time replying, your posts are never seen by me.
yeah but guys, if you had the right equipment available, this is publicly available information. you could gather it too.
Sure you could gather it, and you could also store it like Google - but why would you unless you wanted to do something with the data?
But the fact that there is no good reason to keep the data for years didn't bother you guys with the WLAN data either (or you bought the "can't destroy the evidence" defense.
But this isn't really about what and why Google choses to collect data. It's all about them lying about it. After being caught lying about storing random data from WLANs. Wake up and smell the turds.
Fandroids hate facts.
It's pretty obvious that they left debugging features in place in the production code. No conspiracy necessary.
What "conspiracy"? I'm just calling the defense (that *YOU* are stating, not Google) that they simply left some debugging features in place.
Right, they left it in place in their vans all over the world. And they somehow never noticed this?
The most obvious answer is that Google simply chose to log everything, and sift through it later. That way an *actual* bug would be less likely to omit important data.
C'mon, how do you write a program to log all MAC addresses, and not realize that it's going to collect all MAC addresses? Do you think they just talk to their vans and there was some sort of ambiguity? Like they said, "Google Van, please record MAC addresses and GPS coordinates", and it just interpreted it wrong because they were unclear?
You don't write your own software. You use a common off-the-shelf app that provides a data dump with everything you need. It's called Kismet. You should take a look at it.
Either way, it's impossible to argue the data collection was accidental. You don't send a van out running software without having RTFM and testing it out in some trial runs.
Not if your discussion is being done via bullhorn.
Bullhorns imply you want your words heard by many people. The WiFi equivalent of a bullhorn would be either a signal booster or a publicly advertised network (like at a coffee shop).
It's possible to eavesdrop on conversations in your house from miles away, no bullhorn required. But people reasonably don't expect this to happen. The same is true for their WiFi signals. People reasonably don't expect a company going around and logging their information like this.
I'm not terribly outraged by this, although I do think Google knowingly went well beyond what is reasonable. I mostly find the nerd hypocrisy here to be ridiculous.
Apple gets called "evil" and thoroughly trashed here for *not* recording people's, or even any particular device's, locations, but Google gets a pass for *actually* treading on this territory (definitely logging the location of devices), and even logging actual network traffic!
If Google had come clean about gathering device information other than for access points back when the story originally broke, I'd buy their story. But even when presented with the opportunity to come clean about the scope of their data gathering they elected to hide that information until they were outed.
If it's an accident, you don't try to hide it under the rug, you clean it up properly.
We are the 198 proof..
If they wanted to keep it a secret they could have and we wouldn't know to this day.
Yeah, because then they would have found a way to silence the German officials who found out they were lying about not storing any data from the WLANs but the SSID. Is this an official admission that Google usually uses assassinations in cases like this?
Fandroids hate facts.
Yeah, it's so evil to create a system that allows geo-location without GPS *rolleyes*
If you even remotely think that that is what this is about, you are completely lost. Way off.
Fandroids hate facts.
Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.
You don't want anyone picking up your wireless? Don't use one.
fucking wankers
Be seeing you...
You all act like if google did something bad. They didn't. They collected data is you and me are streaming out there.
Anyone can do this. ANYONE.
The government, a foreign government, mcdonalds, the homeless dude across the street you give quarters to.
You don't want peeps to know where you are at? Don't use fucking wireless.
If you use wireless, shut the fuck up, and grow a set, and join us in reality.
If you don't want your wifi going outside your house? Either don't use it, or leadline your house.
The reality is, anyone can read the data out there. Accept that, and plan around that. Encrypt your shit, turn off wifi when your not using it, or whatever, but quit throwing a fit because people can get your wifi also.
This is how life is now. Google didn't do anything wrong, at all. If anyone did, it was you for using wireless.
Be seeing you...
Well, that is a hard habit to break.
...the future crusty old bastards are already drinking the Kool-Aid.
Someone fails to understand how MAC cloning works...
If by "someone" you mean "you". I'm assuming you think that by making your router clone your PC's MAC address, you are putting two copies of the same address on the same network, when in fact you are putting a copy of the address on a different network. Ports on a router lead to separate networks. Your "Internet" port (or similar) is the interface that is assigned the cloned address, and all other ports on your average consumer-level home network router are on a network separate from that.
Can you stop posting repeatedly about how 600GB is big and hard to miss? On your home machine, yes you'd notice it. However, compared to the size of four years worth of high-res panoramas taken every few meters on a significant fraction of the world's developed roads? In that context, 600GB is quite literally nothing. When a car dumps 1TB of photos, you're not necessarily going to notice that an adjoining tar file of text logs is a couple MB too large. When you store that on 10000 machines, you're not going to notice that each one is using 60MB of hard drive space more than you expected.
Are you running apache anywhere? Can you recite the exact settings and the log retention time? Might there be extra switches you left on and forgot about?
I keep seeing this opinion on Slashdot, and I guess that it must be due to some incorrect belief that Google proactively stepped forward and admitted what happened, when the opposite is true.
Not true. Germany wanted to audit Street view. They had no idea about the packet sniffing. When Google was asked, they did their own internal audit first to find out what the German audit would reveal. That is when this issue was discovered, and that is when Google came forward with it. Nobody outside of Google had the slightest inkling of this sort of issue, and had Google simply deleted the data at that time (as I'm sure many companies would have), it's very likely that nobody would know about it now. Instead, they did the right thing.
Google's data collection occurred over 2006-2010, a period of four years in which they archived over 600 gigabytes of data. Four years. That's a long time to not be aware that your own software is sniffing everything. You're really telling me they never did a test run and noticed that they were archiving everything in range?
Each of the recorded packets was truncated, removing *MOST* but not all of the payload data. Google was after MAC addresses in order to create a Skyhook competitor. So most of the recorded data is data Google DID intend to record, and not data they did not intend to record.
Furthermore, there's a huge difference between saying that "Google didn't know" and "Nobody at Google knew". I'm just as positive that somebody at Google knew as I am that Google itself did not know. The thing is, the person at Google who knew, didn't think anything of it. The privacy implications just never occurred to them. The data was "mostly" cleaned of payload data and never actually seen by human eyes, merely automatically parsed to extract MAC addresses. The coder who set the whole thing up just got sloppy/lazy and didn't really consider the implications of his approach.
Furthermore, Google only admitted to the issue under threat of investigation by German regulators. Otherwise, you would have never known about it, and it's likely the data collection would have continued. What likely happened is that, internally, Google ignored the privacy issue because, like many Slashdotters, they incorrectly assumed that any publicly accessible network is fair game and that it's not their problem if it ends up in the recorded data. When they realized the information would be seen by German regulators and that it would create a public controversy, they suddenly acted as if they didn't know what was going on and that it was all a big accident they were trying to rectify through honesty.
Even if it was an accident, it's a criminally negligent one. But come on. Four years of accidental data collection? To believe that requires a level of gullibility that's never afforded to Microsoft or Apple around here. Let's be open about it--there is a pro-Google bias on Slashdot in which they are given the benefit of the doubt in all situations while their competitors are chastised for lesser flaws.
Your cynicism simply doesn't fit the facts. If Google was as evil as you think, we'd have never known about any of this. They revealed it before any German auditors had seen anything. It would have been so easy to cover their trail. We're talking about ONE hard drive's worth data at *Google* of all places. That's such an insignificant amount of data. How could such a tiny bit of *FRAGMENTARY* data (remember most of each packet was truncated before it was recorded) be a motive for Google to expose itself to this sort of scrutiny and liability? That doesn't make any sense whatsoever. It would be like suspecting Bill Gates of mugging a panhandler.
As for a pro-Google bias on Slashdot, every story posted by Timothy is pretty strongly anti-google, and he posts A LOT of stories. Check the history.
What you've CLEARLY failed to grasp is that this story isn't new or news. It's just a different rehash of a VERY old story about Wifi Sniffing (somebody just realized that a packet that has payload data also shockingly has a MAC address with it and thinks we didn't already figure this out).
Google apologized many times, but they're done talking about it now. It's been a year. They probably apologized half a dozen times--hell they even got called before Congress (a long with Apple) and apologized there as well. Now if you're asking have they apologized for sniffing MAC addresses (and not the data they collected accidentally), then the answer is almost certainly no--nor should they.
Here are some other things you've failed to grasp:
1) MAC addresses are not personally identifiable information nor was the Apple data you quoted me on "anonymous". It, in fact, was personally identifiable because a database of device ID's for iPhones *does* exist, unlike MAC addresses.
2) Google doesn't allow you to "opt-out" because they already opted everyone out. They disabled this feature after the security researcher questioned pointed it out. You want to be "double opted-out"?
3) Google sniffed the MAC addresses on purpose. That was the whole point of the sniffing. They've never, ever denied that (nor should they, its a perfectly legitimate and useful thing to do--Skyhook does the same thing and that's why your iPod touch can locate itself without having GPS). What they didn't realize was that they also hadn't fully truncated the payload data of the packets they sniffed to get at the MAC addresses. Because the packet data they recorded was MACHINE PARSED (to extract the MAC addresses), nobody realized the extra data was there. If they had been recording it on purpose, however, they wouldn't have been truncating packets *at all*.
4) Of course those mac addresses were recorded! Of course they were used in Google maps. Google has said this all along. It was their DEFENSE, not something they were ashamed of. CNET is reporting on something that was eminently obvious to everyone when the initial story broke, assuming it's some shocking new angle when it's simply not.
You simply don't have a very good handle of the facts, but I don't blame you--very few people do. They go off half-cocked, read poorly-researched articles by CNET and then assume they know what happened.
Or they would have just deleted it? Or not turned it over? Germany didn't know it existed; they weren't looking for it. They were worried about the PICTURES being taken by streetview, not packet data. Google would have been breaking the law, of course, but how would they have been caught? They very probably would have gotten away with it.
You're very confused. I have an iPhone myself, and I happen to like it very much--but lets all take our fanboy hats off and try to get some perspective on these two situations. If you view them from a distance, without letting your emotions for Apple into the picture, I think you'll agree they are VERY similar situations.
The iPhone was, for diagnostic reasons, recording cellphone tower data that ultimately equated to a log of its users locations. Apple's intent here was purely to be able to use the log file to diagnose and help fix phones sent to them for service. It was not malicious, but it *was* tracking. Because the log file existed, law enforcement agencies were collecting it from peoples phones without a warrant or pen register. This was problematic. Apple was not being malicious or TRYING to track its users, but that's effectively what happened. In other words, a poor design decision made by an Apple engineer led to a scenario with UNINTENDED privacy consequences.
As for the Google situation, Google wants to compete with a company called Skyhook. Skyhook uses a database of GPS coordinates combined with Wifi Router MAC addresses as a method of Geolocation for wifi-only devices. Each one of those MAC Addreses represents a wifi network that covers a specific geographic area. So if your wifi-only device can see 3 particular WiFI mac addresses, you can look into your database, figure out where those 3 networks overlap in the real world, and get a pretty good sense of where the wifi-only device (like an iPod Touch or a iPad) is even though it does not have GPS. Neat trick, right?
So Google wants to get in on that action. The first thing they need to is get their own database. That means basically going to each Lat/Long coord and recording what WIFI MAC addresses have reception in that location. Turns out, Google already has cars driving pretty much everywhere. Some smart guy somewhere says "Hang on, here's a thought, what if we had our cars that are already doing the mapping make this database. We could kill two birds with one stone!"
Good idea so far, right? There's just one problem, the Google engineer tasked with this gets lazy. He copies and pastes some raw packet capture code rather than write some from scratch. This code just captures EVERY packet--this is the simplest form of packet interception, not something you specifically have to "code for" as you say. Now all he wants is the MAC addresses, so he makes one tiny modification to this code causing it to truncate all but the first 64 bytes of the packet. This means MOST of the payload data is tossed out, and all the of the Mac addresses remain.
There's just one problem: Not ALL of the payload data is tossed out, and not ALL of the MAC Addresses are wifi routers sending out broadcast packets. Some of them are actually Mobile devices (which doesn't help Google's Geolocation database). So Google gets a lot of extra/unnecessary data. No big deal, right? Nobody will care, and the important thing is the code compiles and runs.
Now this is CLEARLY laziness/sloppiness and not malice. The fact that most of the payload data has been excluded (was truncated) is pretty solid proof of that. If Google was really after it, why would they only be logging a fraction of it and tossing the rest? Even after several years of this code running on Street View cars, they only had a few gigabytes of data total. It all fits on a single (small) hard drive. If you still think Google did this on purpose, you've only traded in your fanboy hat for a tinfoil one.
Neither one of these situations are intentional invasions of privacy, but ill-considered actions which lead to very unintentional privacy consequences. All of this, in both situations, was all very reasonable and seemingly very effective ways to complete a certain task--the consequences simply were not fully-considered beforehand.
What other possible use is there for a bunch of SSIDs, MAC addresses and GPS co-ordinates? You can't do anything useful with that data other than link addresses to locations. It allows both Google and their customers to do geo-location without GPS. What am I apparently missing?
which is totally what she said
The street view cars were connecting to networks to _find out where they were_ ...
why is it surprising that they recorded the location?
The payload information was surprising, yes, but the location???
- imma
What other possible use is there for a bunch of SSIDs, MAC addresses and GPS co-ordinates? You can't do anything useful with that data other than link addresses to locations. It allows both Google and their customers to do geo-location without GPS. What am I apparently missing?
The fact that Google also collected random data from the networks ("by accident") and stored them for years? Which came out right after they denied publicly that they stored anything but what you just claimed they stored? You sure forgot that because that was over a year ago.
Fandroids hate facts.
Not if your discussion is being done via bullhorn.
Bullhorns imply you want your words heard by many people. The WiFi equivalent of a bullhorn would be either a signal booster or a publicly advertised network (like at a coffee shop).
It's possible to eavesdrop on conversations in your house from miles away, no bullhorn required. But people reasonably don't expect this to happen. The same is true for their WiFi signals. People reasonably don't expect a company going around and logging their information like this.
The problem is that we have people using bullhorns to communicate and don't realize the implications of doing so. Then they're all shocked when people can hear what they're saying just by listening.
I'm not terribly outraged by this, although I do think Google knowingly went well beyond what is reasonable. I mostly find the nerd hypocrisy here to be ridiculous.
Apple gets called "evil" and thoroughly trashed here for *not* recording people's, or even any particular device's, locations, but Google gets a pass for *actually* treading on this territory (definitely logging the location of devices), and even logging actual network traffic!
I expect I'd be upset if I thought Google was actually logging the data in the sense of trying to catalog and use it. The fault that I lay at Google's feet is to not have realized the potential sensitivity of what they were collecting and done proper cleanup afterwards. As for Apple.... unless I'm missing something, Apple was not doing the exact same thing as Google was. The method and intent is likely as important as the resulting data. And so to decode the "nerd hypocrisy", you probably have to go in to the details.
Either way, it's impossible to argue the data collection was accidental. You don't send a van out running software without having RTFM and testing it out in some trial runs.
Not impossible at all. Kismet provides data in various different formats. And even then, if what you're doing is extracting particular pieces of data from the traffic capture but not paying much attention to everything else, it isn't unreasonable to not really notice what else you've captured.
I used to occasionally run Kismet during my commute. I was curious about what access points I could see during my route and what state of configuration they were in (with the expectation to scoff at all the default unsecured - actually surprised that those numbers had fallen out in the real world). After doing this for a few months, I was going back through my directory to clean up. Just for giggles I decided to actually look at the caps I had collected and see if there was anything interesting in the packet payloads. Most of it was junk; driving around isn't a particularly good way to snoop on a network. But I did find one email password from a slice of captured POP traffic. So I did end up with someone's sensitive data sitting on my drive for possibly several months despite the fact that I wasn't particularly interested in it or being aware of it.
I suspect this is more or less what happened with Google. Scanning through the Google van captures might have turned up nothing. But Google was doing this on a larger scale so the odds were in the favor of something turning up due to the sheer amount of unsecured traffic out there.
I'm pretty sure the data was on the order of bytes, and it was only from unsecured connections. If Google wanted to snoop, there are far easier and more effective ways for them to do it than a bunch of guys out wardriving. Have you ever heard of this little service called Gmail? How about Google Checkout?
which is totally what she said
What you've CLEARLY failed to grasp is that this story isn't new or news.
The only person clearly failing to grasp anything here is you with the point behind my post. I'll address a couple points then explain it in plain english.
1) MAC addresses are not personally identifiable information nor was the Apple data you quoted me on "anonymous". It, in fact, was personally identifiable because a database of device ID's for iPhones *does* exist, unlike MAC addresses.
So, connecting a MAC address to a physical home address is not personally identifiable? Putting that connection into a publicly accessible search engine like google.com does not qualify as a database? But location data stored only on your own phone & computer is not anonymous enough for you.
2) Google doesn't allow you to "opt-out" because they already opted everyone out. They disabled this feature after the security researcher questioned pointed it out. You want to be "double opted-out"?
Uh, no. They disabled the google.com search. They still have my information and they still use it.
3) Google sniffed the MAC addresses on purpose. That was the whole point of the sniffing. They've never, ever denied that (nor should they, its a perfectly legitimate and useful thing to do--Skyhook does the same thing and that's why your iPod touch can locate itself without having GPS). What they didn't realize was that they also hadn't fully truncated the payload data of the packets they sniffed to get at the MAC addresses. Because the packet data they recorded was MACHINE PARSED (to extract the MAC addresses), nobody realized the extra data was there. If they had been recording it on purpose, however, they wouldn't have been truncating packets *at all*.
MAC addresses don't float around the packet. You don't need to store any payload data to get the address. It is at the same place every time. If you only want the MAC address (sender or receiver), you only get the MAC address because you only look at those specific bytes. There is nothing accidental about reading or storing payload data. Nor is there anything accidental about storing the physical address where you got that MAC address, connecting the two, and allowing everybody to search it.
4) Of course those mac addresses were recorded! Of course they were used in Google maps. Google has said this all along. It was their DEFENSE, not something they were ashamed of. CNET is reporting on something that was eminently obvious to everyone when the initial story broke, assuming it's some shocking new angle when it's simply not.
Their defense was "ya we did it"? That is not a defense, that is "pleading guilty". Their defense is that unencrypted wireless networks are public conversation and thus not subject to wiretapping laws. What CNET is reporting in *this* article is confirmation of the presumption that client MAC addresses were recorded. No, its not a new angle, it is confirmation of a slightly older angle.
You simply don't have a very good handle of the facts,
Next time hold off on that crap until I actually share what I know of the facts and you take the time to figure out if I don't understand the facts, or merely disagree with you.
Now on to the plain English: My point in my last post is that i think claiming Google to be the innocent bumbling forthright apologetic simpleton giant while portraying Apple as an evil sadistic cash-cow that wants to steal your baby's soul to power their puppy masher is silly. They used different methods to do the same kind of thing with slightly different, though very comparable, privacy concerns, reactions, & solutions. I'm more suspect of Google in this matter though because of Google's business model: get as much information as possible so they can sell it. They don't "accidentally gather information", they "accidentally? violate
Let's make this short: why do you like it so much being lied to by Google? Why do you like it that Google sells your data?
Fandroids hate facts.
You (and most news articles I have read on this) fail to miss the point: this is locally public information.
fail to miss the point?
Publishing it worldwide
where can i find this data? i never saw it published.
But since each license plate can be uniquely tied to its owner, it is still a breach of privacy, whether the owner is near the car or not.
how is a fixed wireless access point MAC ties uniquely to its owner?
So, connecting a MAC address to a physical home address is not personally identifiable? Putting that connection into a publicly accessible search engine like google.com does not qualify as a database? But location data stored only on your own phone & computer is not anonymous enough for you.
So you're concerned about the privacy implications of someone knowing the location and/or MAC address of your router? And again, it's no longer in a searchable database. Those queries were disabled. Why are you suddenly outraged about something so mundane now, and not years ago when Skyhook did it? Bottom line here, explain to me your worst case scenario. Give me some nightmare scenario that explains how this could have some negative impact on someone's life. If you can't, its not a privacy issue.
P.S. If you don't want Google having "your data", just login to your router, change the mac address to something new, and then put it on silent mode so that it doesn't announce itself. There's your opt-out, right there. Or, hell, put some encryption on it. The MAC address would be encrypted as well the payload with WPA (or even WEP if you just want to stop casual knowledge of your router's MAC address from getting out).
MAC addresses don't float around the packet. You don't need to store any payload data to get the address. It is at the same place every time. If you only want the MAC address (sender or receiver), you only get the MAC address because you only look at those specific bytes. There is nothing accidental about reading or storing payload data. Nor is there anything accidental about storing the physical address where you got that MAC address, connecting the two, and allowing everybody to search it.
No, they're at the front of the packet all the time, which is why each packet was truncated. We have someone who basically had some code that could parse MAC addresses, and some code from another project that was raw packet interception. Rather than taking the time to figure out EXACTLY which part of the packet he would need each time, he simply cut off all but the front few bytes (I believe it was the first 64 bytes) and dumped it into a file, then fed the file into a second program to parse out the MAC Addresses. He basically copied and pasted some code from a different project to make a quick and dirty solution.
Never attribute to malice that which is adequately explained by stupidity. It was a lazy, kludgey solution that some coder thought would save him a few hours of time writing some proper code that would have intercepted packets, checked their frame info to see if they were SSID announcements, parse to the mac address, then save only the mac address. He figured who would know the difference if the final output was the same? He didn't think it through, obviously.
Now you might say this means "Google did it on purpose", but clearly this is just one programmer not considering his actions, rather than an entire company acting with malice. You would be ignoring that there's no motive for Google to do this on purpose that makes any bit of sense, nor any explanation for why they would WANT to do this but then actively cripple their own data collection by truncating most of it. The level of ineptitude you're suggesting Google possesses if they did this on purpose is a few orders of magnitude greater than if they did it on accident.
Their defense was "ya we did it"? That is not a defense, that is "pleading guilty". Their defense is that unencrypted wireless networks are public conversation and thus not subject to wiretapping laws. What CNET is reporting in *this* article is confirmation of the presumption that client MAC addresses were recorded. No, its not a new angle, it is confirmation of a slightly older angle.
Again, no! You still are not getting it. They intentionally captured MAC addresses--capturing of private payload data was accidental. It's convoluted analogy time. It's