Slashdot Mirror
Google Grabbed Locations of Phones, PCs
1800maxim writes "As it turns out, Google didn't only grab the hotspot SSIDs and MAC addresses with its Street View cars. As this article at CNET notes, Google also recorded location data of computers using wireless cards, as well as cell phones and other Wi-Fi devices. Google's explanation is that the data collection was accidental, and they declined to answer further questions from CNET."
You didn't get the memo ? That's out a loooong time ago already.
Google's business is built on having data about people. Google drives around and collects even more data about people from personal WiFi hotspots, PC WiFi cards, and phones. Only the truly naive can possibly believe this is accidental. The whole "big clumsy cuddly bear stumbling around doing silly things" excuse is getting very old, Google. Stop playing us for stupid.
Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.
We've already heard the method they were using for capturing MAC addresses and how sloppy it was. We already knew they were collecting random packets, then truncating them to include the MAC Address and a small portion of the payload and then saving them. We know some of those payloads include packets sent by people GASP on their phones or laptops, therefore it stands to reason some of the MAC addresses must also be from those phones and laptops. We knew this months and months and months ago, but apparently CNET didn't make the connection so easily.
It's like we just keep rehashing the same old story over and over and over because nobody understood it the first time, and someone comes and puts a new spin on old data and suddenly it lives again. The thing is, you can change a registry key and change your MAC address. There's no big table of data somewhere that connects your MAC address to specific person. It's not even remotely the same as an IP address. Oh sure, you can say "Hey the MAC address of this device on my network matches the one on my network yesterday" but not "Hey, that's my neighbors MAC address" unless you've got some sort of access to the device in question.
So Google may know that a certain device was one place and also another place, but that's about the extent of the correlations they can really make with this data. Again, just as before, there's no reason to assume malice when sloppy coding is much more logical explanation. Google has nothing to gain and much to lose (PR-wise) by doing something like this on purpose, and a very reasonable and believable explanation was offered. Conspiracy theorists can continue to beat this dead horse if they like, but I'm an Occam's razor fan.
Why is this new? The StreetView cards were set to promiscuous mode, since they sniffed data packets not intended for them. It stands to reason they recorded responses from the end devices too, not just the AP->device traffic.
Hyperbole: I use it liberally!
Not really. My home (static, used for a long-long time) ip address was paired with coordinates roughly three years ago, long before I used an android phone at home. It locates me with a scary precision ~10 meters. I live 10 meters away from the street.
It already has. This is the same story for eons ago rehashed in yet another way with absolutely no new information whatsoever. Obviously, if we had payload data it wasn't from routers, so obviously there had to be MAC Addresses that weren't from routers either. We already knew all of this months and months and months ago and it caused at least as big of an uproar back then as the Apple location thing. In fact, it was bigger--since we still have governments investigating Google over this while Apple largely skated by unnoticed (other than some congressional testimony).
Apple's issues were fairly similar to be honest, in both instances it was bad coding/poor-judgment by engineers creating bad privacy practices that were, in both cases, largely overblown in the media. Google, to its credit, at least had the decency to step up and say "Yeah, our mistake. We're sorry." while Steve Jobs COMPLETELY DENIED that the iPhone tracked users. In my book, that makes him a big liar. Apple's weasely response, no doubt, would be that if the data doesn't get uploaded to them its not really "tracking". But, practically speaking, that argument doesn't hold any water since the record is created, sometimes (but not always) finds it way to Apple, and its existence creates a liability for its users even if it isn't in Apple's hands. Neither company was being malicious or trying to invade their user's privacy, but at least Google showed a lot more forthrightness and honesty while Apple tried to hide the issue.
No, they didn't. They just redefined the meaning of 'evil'.
Pray they don't redefine it any further
PlusFive Slashdot reader for Android. Can post comments.
Google wants to collect MAC addresses. They do that on purpose. But they don't want mobile MAC addresses. They want FIXED ones, because that's what helps them Geolocate. Again, this all traces back to the same lazy coder who just copy and pasted some packet sniffing code into his project without bothering to change it to be smart enough to only record open wifi routers broadcast packets or to properly truncate the packet down to the MAC address. Instead he just had it take EVERY packet, keep the first 64 bytes, and dump the rest. This resulted in useless mobile MAC addresses also being recorded along with all the payload data that got Google into so much trouble.
How so? They ran Kismet, which if paired with a GPS captures the location of everything (both APs and devices). If you want to filter out devices, you probably need to change the code, since I've never seen an 'ignore clients' option in Kismet.
Personally, I found the capture of actual data from unencrypted networks (well, from any networks, but others are irrelevant) is pretty bad, but this? Who cares if they know that MAC address X was at location Y? It's not like there's a database linking MAC address to people.
Dilbert RSS feed
A street address does not reveal what your online activities may be. But between you and your hardware mac addresses and your isp with their assigned ip address, one can most certainly sniff out passing packet information. A I am sure you know there are federal laws that prevent others from accessing your mail and reading it. IMHO any packet passing through your router via modem via your isp should have the same outright protection as a letter in your mailbox. Regardless if your wifi is password protected. How many mail boxes have locks on them? What Google did was the equivalent of going through your street mail box, reading parts of a letter, except in digital, wireless form by way of capturing packets. Think about it.
Yeah, it's so evil to create a system that allows geo-location without GPS *rolleyes* I'm sure they did this only to make the lives of stalkers easier. Certainly they would never try to do anything as helpful as allow people with crappy phones to get better location info.
Sweet, so we all have "spy gear" built into our laptops and phones now! Scanning for local wifi devices/data now qualifies you to be a spy - cool! I'm off to apply to MI5.
Even if one of their main reasons for doing all of this is to make advertising more relevant, I don't see what the problem is there. If you even let your browser display ads at all, it's better to have useful ones. Targeted advertising is hardly "evil", and if the system also benefits the public then I think it's worth it.
which is totally what she said
They sure seem to be collecting a lot of data by accident...
My friends at Google swear up and down that every line of code in the Google codebase is reviewed several times before it is signed off and released for any purpose. Some would have caught this; it's obvious from the data what is happening. So, either my friends are liars, or Google is. I trust my friends more.
Am I part of the core demographic for Swedish Fish?
You (and most news articles I have read on this) fail to miss the point: this is locally public information. Publishing it worldwide may not be in violation of any laws in print (debatable), but that does not make it morally defensible.
To invoke a car analogy: this would be similar to having a worldwide database tying each license plate to its physical location on the planet. Sure, it's public information, since anyone nearby can do the same. But since each license plate can be uniquely tied to its owner, it is still a breach of privacy, whether the owner is near the car or not.
Many data analysts adhere to the motto, capture first, prune later. It's not like the data costs them a lot of money sitting there waiting for script to happen.
And BTW, the future is already here. The sloppy code in question probably dates back to 2006 if the data collection began in 2007. Internal policies could have changed three times over since then.
And a big round of -1 for all the people out there running unsecured Wi-Fi for the convenience of having no drapes.
They recorded either all raw radio wave data or minimally converted everything to digital according to the WiFi protocols. So if someone accessing their bank at the the time Google drove by then Google captured their bank data. If someone used weak pass phrases for their WiFi then the stored data is easily decoded.
I am very libertarian. It doesn't matter if a law says I can't listen into a radio wave, the truth is I can and so can anyone else. It's my fault for not encrypting my data securely. It's my responsibility to know that encryption has it's best practices and to use them as well as to be informed that I am taking a calculated risk in transmitting data wirelessly since nothing is guaranteed.
Radio signals are public.The trick is decoding them. Decoding them should not be illegal since bad guys don't obey the law. To me it's like arresting people for eves dropping at the next table when people can clearly hear them at the other end of the room. If you want privacy, go somewhere private and secure.
And when you sit in your home and have a discussion with someone, perhaps you should be rather upset if someone drove around in a van with eavesdropping equipment and recorded your conversation.
The information is BROADCASTED publicly -- if you don't want them to see you then Wifi has the option of hiding the network name; which is clearly indicating that you don't want others seeing you - without doing that you are willfully going naked from view of a PUBLIC SPACE -- so its 100% fair game they snap your photo and there is nothing you can do about it (or should expect to.)
One could argue that merely broadcasting things into the public space is enough; however, due to the nature of the technology this is unavoidable so the hidden network flag should provide a legal means for something that is technically impractical so the hidden network flag is a virtual fence.
Encryption is another matter; but if you broadcast your MAC, or other data unencrypted then its fair game-- the encrypted data is fair game; the issue there is whether somebody has a right to break your encryption-- not whether they are allowed to receive the signals you are projecting directly at them (again, in a public space.) This is like pushing nude photos of yourself onto people going past your house. You could put the photo in an envelope and still do it-- but you are an idiot if you get upset somebody bothers to open that envelope you gave them!
Democracy Now! - uncensored, anti-establishment news
Let's make this short: why do you like it so much being lied to by Google? Why do you like it that Google sells your data?
Fandroids hate facts.