Slashdot Mirror
Report Finds Google Supervisors Knew About Wi-Fi Data Harvesting
bonch writes "According to the FCC report, Google's collection of Street View data was not the unauthorized act of a rogue engineer, as Google had portrayed it, but an authorized program known to supervisors and at least seven other engineers. The original proposal contradicts Google's claim that there was no intent to gather payload data: 'We are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing.'"
Is there a source to what is claimed in the article? I followed the links and find nothing to substantiate. Even the NYTimes links just references their own articles.
Just cos you can, doesn't mean you should.
^^
Operation Guillotine is in effect.
I'm not really sure whats so "evil" about this. Google was simply doing what anyone else could with a computer running Wireshark could do. This would be evil if Google:
1) Collaborated with the government to alert the government about potential "illegal" activities being conducted
Or
2) Made attempts to crack wi-fi encryption
Taxation is legalized theft, no more, no less.
What does this matter now at all? CISPA is going to get passed into law at this point. I could care less about Google being a bit sleazy with regards to user privacy at this point.
Apple gets most of its money from hardware.
Microsoft gets most of its money from software licenses.
Amazon gets most of its money from people buying books and other stuff online.
Where does Google get most of its money from, to pay the salaries of over 30,000 employees as well as campuses around the world, data centers stocked with hundreds of thousands of servers, etc. It sells ads and search placement, yes, but that's not going to be enough unless it stays on top of the game of knowing how ads and search hits can be targeted to the right consumer at the right time. In other words, it needs to continually find new ways to invade the privacy of people who use its services for free.
Evil is a point of view.
- Lestat
Operation Guillotine is in effect.
Looks like Google is trying the old "Teflon Soft-shoe" in an attempt to avoid charges, fines, and other 'business costs' associated with such snooping.
Glad to see the Engineer they blamed didn't just roll over and play dead on this, or it would have been Quite Bad in the long run.
So, where does that leave "War-Drivers" who specifically snoop out WiFi?
It confirms no such thing. In fact the entire summary is out of touch with what was in the FCC report.
The entire thing is on line, you can read it for yourself. The FCC dropped the whole thing because there is no clear evidence that google violated any law.
GO READ THE FCC REPORT YOURSELF
instead of relying on a biased hack at the NYT to put their own spin on it.
There was never any intent do use this data, it was merely one engineer's pipe dream to do so.
And the fact that he MUCH LATER circulated memos that stated he was capturing freely available encrypted traffic to 7 people
does not mean they were actually aware of precisely what that meant.
Sig Battery depleted. Reverting to safe mode.
Wifi signals can be captured from space? That would be awesome for the guys on the ISS.
If they wanted to read Slashdot they could just hop on one of the undoubtedly tens of thousands of unencrypted wifis below them at any given moment.
Mind you I can't get a connection from the road let alone 1km away.
Let's sum up the whole thing, "Google had not violated any laws". That's straight from the article and the FCC investigation report. Not one single law was broken, PERIOD. So how is this news? If the NYT really wants to do news about privacy rights why doesn't it put the bullshit CISPA on the front page instead of ignoring it.
Probably never... he just read the report. Give reading a try, you might find that you like it.
So, telling the truth is shilling now? Take off the tin-foil nutball.
The soylentnews experiment has been a dismal failure.
Full underacted text (other than the name of Engineer Doe, is available here.
It was clearly a tiny project that got little oversight, and less review. For the NYT to say it was "approved" is quite beyond the facts. Collecting wifi access point locations was approved. But Engineer Doe went off the reservation and did way more than that.
Sig Battery depleted. Reverting to safe mode.
I keep reading these accusations and assumptions and almost all of them seem to ignore that the open source software (Kismet?) that they used to grab data logs it all as a default, or at least that's what I've read. Is there even an option to strip the non identifying information out? (I'm actually asking, I don't know this package).
Windows does this every time you open up your wireless network viewer. Capturing packets that were freely broadcast through the air for anyone to capture, whoopty-do, I'll keep using google.
See subject-line above: All I know, is what the 1st line of this tune states on this account (CISPA) & others like it -> http://www.youtube.com/watch?v=vfpgpf6QVnI&ob=av2n
* "You take a mortal man, & put him in control..."
(I hope President Obama has the "intestinal fortitude" to shut this CISPA thing down via VETO is all)
I mean, since it's much like many bills lately BEFORE it? It's got a LOT of "hidden in plain sight" b.s. packed into it...
(The REAL parts they want "in motion" are those... shows me 1 thing - the "powers-that-be" are reacting, & the only way they know how (more CONTROL))
APK
P.S.=> QUESTION: Is it ME, or is the world going a bit "nuts" lately around us? See - I've lived nearly 1/2 a century now, & have NEVER seen things as "out-of-kilter" on a hell of a lot of fronts as I have this past 1++ yr. now - makes me wonder, & worry (not so much for right now, but around December more than anything)... apk
Yes, he could have set a flag and not gathered any payload, just beacons and mac addresses. But Engineer Doe decided not to do this.
Kismet does not capture packet payloads when the encrypted flag is set on. There is a switch to turn off all payload capture.
Further, any SSL sessions would be captured in their encrypted state even when the router was un-encrypted. Nothing was able to
be gleaned in that data either. No bank passwords.
That they got any email addresses or content is amazing. I suppose a lot of people were using pop 3 in those days.
On the list of the 10 most popular target URLs that were able be extracted in a test run in Arizona was some Weather-Bug server.
Sig Battery depleted. Reverting to safe mode.
For those who don't know, the unmentioned program is Kismet So what if Google engineers knew about its capabilities to write pcap files? It's not an overwhelming amount of data for each Google car when compared to everything else it's collecting, and I wouldn't be surprised if it was simply left on, since I belive that's how kismet comes out of the box. The big point is Kismet also plots access point data in easily parsable formats along with signal strength, geographical coordinances, clients connected, other computers probing for certain networks unlike anything else out there so the choice for this software for wifi location collection was, without question the smartest choice. Its method of gathering data is instead of actively probing networks that respond (like Netstumbler) it instead listens silently in rfmon, or "monitor mode", and hops channels, decodes everything from layer 2, similar in principle to how a conventional radio scanner works. It can be configured to discard the pcap data, but privacy issues aside, when you're embarking on such a massively large and expensive project, I think it would suck if you later on really wished you had collected that data, especially if you find bugs and the program crashes in mysterious ways?
There is a wideband big ear over the planet, its not hard to pick up wifi and triangulate its position as a result. The difference between your WIFI receiver and a multi-billion dollar satellite network delivering data in real-time to a network of Artificially Intelligent supercomputers is minor but relevant. :)
So, in your opinion, if ANY thing is possible for everyone to do, it's fine to do it?
Funny how those doing the most to advance human civilization in terms of evolution and technological development must be pitted against those doing the least, namely, lawyers and bureaucrats...
They spent a year and tens of thousands of dollars "investigating" Google and couldn't find any violations of the law, so the make a bogus claim that Google "didn't cooperate". Why should Google? What the Feds wanted was for Google to unilaterally admit to some crime.
Those who claim Google was "stealing data" have no clue as to how wifi's work and what it takes to collect data with a "Street View" van. Mostly they are victims of Apple's and Microsoft's anti-Google FUD campaign, since they both collect the same kinds of data.
Most wifis have a radius range of about 300 feet. Traveling at 25mph a van can pass through 600 feet in about 16 seconds. It takes several minutes to crack a WEP and even more for a WPA encrypted connection. The van won't have enough time to crack into secured access points. That leaves OPEN access points. How many packets could a van collect in 16 seconds for an 11Mb/S connection? About 10,600. A typical 1500 byte packet has a maximum of 842 bytes of payload, which would total to about 9 MB of data. That "data" will be HTML code, web page elements, LOTS of graphics and tons of trivia. It *might" contain pieces of someone's email. All from Joe and Sally Sixpack who don't have enough sense to, in affect, close their blinds when they undress for bed at night, or shout all of their telephone conversations, or leave their cars and houses unlocked and the windows down or open. So, what are folks to do when they pass by, plug their ears and close their eyes for 600 feet?
Besides, ESSIDs can and often do change without notice, so they mean nothing. MAC addresses would identify hardware and Google could connect a MAC to an IP address, but gathering that information is not illegal. Besides, names, telephone numbers and house addresses have been linked together in phone books for a100 years. I can record your license plate number and look up your name and address in our state auto registration database after paying a registration fee of $50. Ditto for your house records: year it was built, how many times it was sold and for how much, the amount of taxes you payed and what is due, even a floor plan.
IF you don't want someone eaves dropping in on your wifi traffic then use WPA and/or encrypt your email and connect only with https websites.
Running with Linux for over 20 years!
Go choke to death on a hot pizza, faggot. Stuff a big slice of Domino's down your gullet and inhale until the life has drained out of you. You're a big stupid blubbery bitch and your penis smells like shrimp.
Maybe it has changed recently but for a long time webmail services would only encrypt the password submission and nothing else. The actual content of emails would be transmitted in unencrypted plain text.
I know Google has turned on HTTPS for Gmail by default in the last couple of years, that's it.
What is evil for one person to do, it is evil for many to do. What is acceptable for many to do, it is acceptable for the one to do.
For example, if it is acceptable for your neighbor to look at unencrypted web traffic for research purposes (as in, not reading the contents of e-mails to gain something such as blackmail, financial gain, etc.) it should be acceptable for a corporation such as Google to do it so long as same procedures are applied (don't look through e-mails, don't degrade the network's performance).
Similarly, if something is unacceptable for an individual to do (murder, steal, etc.) is unacceptable for groups to do.
Taxation is legalized theft, no more, no less.
There is quite a difference between sending porn thru a hacked wifi (in reality probably a totally unsecured wifi) and listing to a couple seconds of unencrypted wifi traffic as you drive down the street.
You also have to remember that the FCC said there was no evidence that what Google did was illegal. So that pretty much puts the lie to your claim that Google got off because they were Google. They got off because it wasn't a violation of law. Hacking someones internet is a violation of law. So is theft of services.
Sig Battery depleted. Reverting to safe mode.
Don't be fooled by "don't be evil".
gotta get over my google addiction, one of these days.
expandfairuse.org
How'd that go again?...Do No Evil or something like that?
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Engineer John Doe: From my point of view, the FCC is evil.
Sergey Brin: Well then you are lost!
Slashdotters don't care, because Google can do no wrong here. It's seriously the biggest collection of fanboyism on the web.
Sniffing wi-fi, hacking into other company's networks, violating the GPL by withholding source, making anti-net neutrality deals with Verizon...it's all okay because Google.
Biased hack at the NYT? How about the fact that it was submitted by Bonch, who has a clear bias against google? He's basically Florian Mueller with a different username.
I think you didn't even read the report. It explicitly states that there was intent to use the data. It was the whole point of the project according to the design document that management apparently approved without reading.
The seven engineers weren't just people he circulated memos to. They worked on the project--five tested it, another reviewed the code, and another helped in some unspecified way.
Let's be realistic here. It's extremely difficult to believe that seven engineers could work on a Street View project, managers could approve the proposal, yet not a single other soul in the company knew what was going on or intended to do anything with the data for the two years that the project ran.
"Sufferin' succotash."
Dude we know you're biased as shit. You submitted the article! Just give up and admit that you either have a clear bias or are paid by or affiliated with Microsoft, directly or indirectly.
However, the difference between Google and MS/Apple is that in MS/Apple's case it'd be a quiet settlement with no details.
With google, what happens? Straight up honesty. 100% un-redacted other than the user's names.
Do you have any actual proof to cite, aside from the fact that the title of the article is 100% the opposite of what happened?
The report that you want people to read says they intended to use the data "for other services". You're mad that the NY Times ran a story critical of Google, so you're calling the author a "biased hack" for no reason. It's posts like yours that give the Slashdot comments section the reputation for being extremely biased and myopic.
Just because the FCC dropped it for no law being broken doesn't mean Google didn't cause a serious violation of morality and trust.
I don't think this specific event was really all that bad.
What's really troubling, though, is the attitude towards the users' data. And it's not a single "rogue" guy; he talked to other people, even asking a member of the Search team if it could be useful - why didn't he or she report it? Are they really that numb towards protecting people's privacy? Consented data mining is one thing, but this was wardriving!
I'm still a Google fan - they make a bunch of things that I really like - but I think this just strengths my decision of giving up on Gmail and not joining G+ (besides the real name policy nonsense).
By the way, before you accuse me of nonsense like being a shill, I'd like to say that Google is still the only major tech company that I actually like. The others could all burn for all I care.
Dilbert RSS feed
go back to 4chan
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Lack of intent does not excuse one from breaking the law. Last year I had no intent to speed but when I did not see a posted speed on a rural road, I assumed the speed was 55mph even though it was only 45mph. The fact is, I broke the law and I had to pay the consequences. Google should be held accountable as well regardless of their intent.
"Go ahead, be evil. You've earned it!"
Maybe people will consider a different, better search engine that isn't REALLY in the business of searching through YOUR life for data that's worth money to THEM. Try Duck Duck GO, for example. Just remember, when you preen in front of a mirror, if someone is watching you back through that mirror, they get to see everything you see, and usually more. Using Google to search for things lets Google know what you are interested in searching for. Dumbasses. Even if Google pretends they're letting you be private, they know what you're searching for, no matter what mode you're searching in, especially if you're using ChromX (the OS or the browser) since your computer has to send them the search if you're using Google in any form, and your computer sends out its MAC address with your search, so the server it contacts on the internet knows to whom (on the net) to send the results.
So it comes as no surprise Google lied, or it harvested information, they're in the business of buying and selling your information. Why else do you think they have a bazillion dollars, and all these services are "FREE"? As Heinlein and many others often said, there's no such thing as a free lunch.
Google it if you don't believe me. :)
Do we need to start limiting which species get to post here???
Disclaimer: While I did work at Keyhole(what became GoogleEarth) for 1.75 years back in 2k3, and while my older brother is Google's VP-Engineering, Geo division, I have had no significant insider knowledge or discussions about this, or anything related to it, since I left that job. I also would probably be written off as a delusional paranoid schizophrenic by many, but I'll refrain from shilling half a dozen interesting tidbits about myself here. Anyway, my comment is this:
"This would be evil if Google:
1) Collaborated with the government to alert the government about potential "illegal" activities being conducted"
Now, I will mention that it is public knowledge that the CIA through it's venture capital investment arm 'In-Q-Tel' did more or less save Keyhole from going under during the hard times of 2003ish, a year or two before they were acquired by google.
I honestly can't see how people, even the author of the parent comment, can ignore that angle of the parent comment. Do you really, in any universe after the last decade, think the CIA wouldn't start scratching their heads regarding the possibilities of a dragnet of roving signals intelligence vehicles canvasing the nation, neigh, the world?? I mean, Really??. Do you really think that if they had done something illegal, or debatably unconstitutional on that scale, that they couldn't succeed in getting it brushed under the rug, under the cover that it was just a couple silly engineers stretching some bounds? Really? If so, enjoy your lack of paranoia. Ignorance is bliss.
-dmc
Well, the report confirms what was in the summary and title of this story.
The amount of wrongful moderation towards bunch and anyone critical of Google in this story is quite astonishing. Actually, not just this story but in every story on Slashdot. I'm a big fan of Google's products, I use gmail and my Android phone every day (even develop for it), but even I think this is scary and completely unacceptable. Just because its Google it doesn't make it right. You shouldn't give them a free pass on privacy violating stuff like this just because they somewhat support open source (not that much actually). In fact, Google should be held to higher standards if you like them because of that. Did you know that Google is secretly backing CISPA? At least Microsoft and Apple do it in open. But of course that wouldn't be good for Google's image.
It's time to end this abuse of mod points towards anything negative about Google and think of their actions as their own. And boy have they changed over the past 5 years. But like with piracy, I think that many Slashdotters just like them because they give free stuff. It's not so much about the privacy. If you cared about privacy you wouldn't use hosted services anyway, but desktop apps like Office.
This is the end for you, my master. (Unless I stupidly try to jump straight over you, then feel free to slice my legs off.)
icebike, Tell us who you work for, and you represent, before you shit all over this thread any more!
CS majors know the time/space tradeoff, but they never get taught the 3rd, crucial, tradeoff of the set: comprehension!
Was google harvesting unencrypted wifi traffic? Probably... so what? Who has unencrypted wifi? Even the local coffee shop that gives wifi away for free still encrypts their wifi. They just tell everyone the password.
The moral of the story is encrypt your wifi... also, zip up your fly before you go out in the morning... and bring an umbrella if it's raining.
You know... basic words to the wise... like don't go swimming in sewage. Did google spy on idiots? Probably. But who cares? What exactly are we trying to protect here? The right to be a moron? Encrypt your f'ing wifi.
And given that the FBI just effectively got the power to spy on us all through our ISPs, exactly how much of a fuss do you want to make about Google sniffing unlocked wifi access points?
We need to start encrypting everything now. Phone calls. Email.... possibly proxying everything through other countries. I mean, if you don't care if the government can or is reading your email then carry on. But don't complain when a company comes along and does not even a tenth as much. Just keep it in perspective.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Go fuck yourself subscriberfag. It's so painfully obvious that you're a paid shill that no one's going to take you seriously anyway.
There was clear evidence that Google violated laws. True, probably not USA laws, but they did the same in other countries where laws existed that made this illegal at the time.
I was promised a flying car. Where is my flying car?
Google are pure evil. i mean come on, recording the names and locations of wifi addresses? That's downright evil.
Now bundling IE with your OS and saying it's impossible to remove, faking demonstrations of browser speed for the courts? These are much better IMHO.
WTF are you people smoking. I am keeping one eye on Google, but bust them for something that actually means something.
Based on demonstrated ethics and past performance, I would choose Google over Facebook and Microsoft.
icebike, Tell us who you work for, and you represent, before you shit all over this thread any more!
Yes, we can't have facts and information cluttering up our moral outrage.
I mean, after all this was a supervisor who was aware! That's like, one step below chairman of the board, right?
Do not trust this company.
What does using unsecured wifi and blasting your private information all over the fucking public spectrum have to do with trusting Google?
Bonch is an Apple shill and MS hater.
This space for rent.
What Google wanted this information for was so that people in the area could be told about open WiFi networks and use them.
Google has no right to do that.
Just because a WiFi network is open/unencrypted does not mean someone has the right to use it.
The analogy of a peeping tom is more like a couple in a glass house made of one way mirrors and people looking, some taking pictures or videos, and some taking pictures or videos of an attraction next door. It is not like using a zoom lens or x-ray. Maybe the users did know they were in plain sight, maybe they didn't... but lets face it.. you have to be pretty ignorant with every device you use warning you insecure networks are insecure...
It is not illegal to listen to a radio scanner or even record... at least not that I am aware.
120 characters ought to be enough for anyone
More News at 11
Rogue engineer? Evil managers? Who cares who is the culprit in this particular case? The plausibility of both cases is just evidence of the real basic problem: a centralised database of public (or less public) information about every single individual in the planet should not exist in the first place.There's no problem if somebody comes under my house and snoops on my unencrypted wifi traffic. There's a problem if a single entity collects all unencrypted traffic from all the streets of the world. There's a huge problem if the same entity also collects all mac addresses, street addresses, personal names, phone numbers, web history of the same people, analyses all of them to dig for those people's problems, opinions, tastes, aspirations, and the only warranty of privacy they give is "hey, we promise that we won't ever misuse that data".
It's yet another story posted by bonch. You should by now know that he is a notorious shill that is paid to post nonsense praising Apple and dragging Google through the mud.
Hard to get your point. "Wireshark could do it, hence it isn't evil", eh?
Besides, neither me nor you can capture gazillion of bytes, google can. Neither me nor you can use it as part of our business, yet Google can.
The whole attempt to downplay this story stinks.
"Google announced that WiFi data collected in the Netherlands will be deleted. This move is being made at the behest of the Dutch Data Protection Authority, who gave an order earlier this year that all WiFi data was to be deleted." http://tech.slashdot.org/story/12/04/29/2229225/report-finds-google-supervisors-knew-about-wi-fi-data-harvesting And one more thing, lets not mix "google claims it had no intent to use that data" and "google had no intent to use that data" please.
It was clearly a tiny project that got little oversight, and less review.
Where does the "clearly" adverb come from? Why do you consider gathering unencrypted wifi traffic from the streets of half world a "tiny project"? Do you condone the fact that, as you are saying, Google treated a project with massive privacy implications with "little oversight, and less review"?
For the NYT to say it was "approved" is quite beyond the facts. Collecting wifi access point locations was approved. But Engineer Doe went off the reservation and did way more than that.
There's no proof that the plan has been approved? Who cares: there's proof that the plan has been executed, because Google did store payloads. And they lied the first time they were asked by the EU if they were doing that. Then when they were caught, they "impeded and delayed" the investigations (direct quote from the FCC report). Engineer Doe refuses to testify, why should he, if he's sure he hasn't done anything illegal?
And finally, breaking the law "by mistake" (if we want to believe them) is still illegal.
http://www.backgroundcheck.org/can-i-trust-google/
You must be some extreme google fan boy or someone morally corrupted who profits from this ad broker, as you confuse legaleze lawyer talk with a 100% un-redacted report.
According to the reasoning in this topic, it would be super ok if double click here would point a camera at each house, registering when people enter and leave. Because it's legal to film from a public road.
Ad broker washed your brain in such a way you jump to defense in their aggressive anti-privacy operations with the goal to earn money with ads at the expense of your privacy. You're such a nice, cooperative expandable product!
Hi Bonch!
I think this is scary and completely unacceptable.
Why is it "completely unacceptable" to capture data that is being broadcast in the clear over public radio spectrum in a public space? If someone wants to protect their data, their router has the tools to do this, just as if you don't want people to see you standing in your house nude you close the damned curtains.
No, I'm not defending Google, I'm defending *everyone's* right to not be penalised for something that shouldn't be considered "unacceptable".
http://blog.nexusuk.org
It was clearly a tiny project that got little oversight, and less review.
Exactly. Clearly StreetView was the main project, not the location data. That's why there are places where there are StreetView photos, but no location data. BTW, I am authorized to offer you shares in the Google Moon Base.
I am using WLAN in the place I live. The same one that many other residents use. It is password protected, but once you login, everyone is still broadcasting their data to me also. Is it ok for me to sniff that data too? In the same way, would it be ok for me to plug-in to your internet connection outside your house and sniff that data too? I mean, it's obviously your fault since you didn't use VPN. And, would it be OK for ISP's and VPN providers to sniff data that goes across them? After all, you're sending it to them yourself...
why are you so hateful towards fellow humans?
You fail at analogies, TechNY.
The question is exactly that you had to find and enter the password to sniff anything more than a snippet of encrypted data - that's all what Google would get in this case. It's like difference between Google's car snapping amongst thousands of pictures a shot of your house through open curtains while passing by and Google buying an apartment opposite to yours and setting up a camera to film you all the day. You seem to equate the two.
Oh, and about ISPs?.. That's not really relevant here, but they do that, to different degrees depending on ISPs, allowed/required by legislation levels and so on. You'd better get yourself a VPN and set it up yourself from zero.
P.S: Why did you already drop yesterday's account? It even had some positive karma from a jab at Android. And why don't you at least change naming theme, is being so unsubtle a requirement? It was a bit more of intrigue when you picked arbitrary names for your new accounts.
I am using WLAN in the place I live. The same one that many other residents use. It is password protected, but once you login, everyone is still broadcasting their data to me also. Is it ok for me to sniff that data too?
Yes, why not? If you are sending data in the clear to untrusted networks you're a complete idiot. Presumably that wifi is either a LAN where all the clients are trusted (so everyone trusts you not to do bad things with their data), or it is an internet connection, which is inherently an insecure network so anything passing over it is liable to be intercepted (often legally required to be intercepted and logged by third parties in some jurisdictions).
In the same way, would it be ok for me to plug-in to your internet connection outside your house and sniff that data too?
Yes and no. The internet is an insecure public network, so I have no real expectation for privacy. *However*, in the case of my hard-wired internet connection, I am not blasting data out into the public environment, so by tapping into it you are either tresspassing on my property (to connect to my network) or you are tresspassing on the telco's property (their copper cables), both of which are crimes.
I mean, it's obviously your fault since you didn't use VPN.
I don't need to use a VPN. Protocols I use that carry sensitive data are encrypted (e.g. ssh, https, imaps, etc). And yes, if I shoved some sensitive data in the clear over an insecure network I would only have myself to blame if someone intercepted it. (Note: if someone captured my credit card details and used them fraudulently then, whilst it would've been my fault that they got the credit card details, they are still breaking the law by using them, so I would expect them to be arrested. If they captured the details and didn't use them for anything illegal then that's just tough for me isn't it?)
And, would it be OK for ISP's and VPN providers to sniff data that goes across them?
Not sure what you mean by "VPN provider" since pretty much all sensible uses of VPN is between trusted networks (so you inherently trust the other party to not do anything bad with your data).
I would have a problem with ISPs profiling my traffic (e.g. Phorm), and I do have a real problem with legislation that forces ISPs to do this (the security services shouldn't be interested in what law abiding citizens are doing). However, as mentioned above, the traffic going through my ISP isn't being blasted out over public space. Importantly: This isn't what Google was doing - they were capturing a few packets from random in-progress connections while driving past. They would've been lucky to get any kind of useful data out of a fraction of a percent of the packets they caught, let alone tie it back to an individual and profile their browsing habits.
http://blog.nexusuk.org
Well, the report confirms what was in the summary and title of this story.
How so? Read the 3rd bullet point on page 22 of the report.
"The record also shows that Google's supervision of the Wi-Fi data collection project was minimal. In October 2006, Engineer Doe shared the software code and a "design document" explaining his plans with other members of the Street View project. The design document identified "Privacy Considerations" and recommended review by counsel, but that never occurred. Indeed, it appears that no one at the Company carefully reviewed the substance of Engineer Doe's software code or the design document."
Ceci n'est pas un sig.
Full underacted text
I'll wait for the Shatner reading.
Ceci n'est pas un sig.
Missing the point. Wireless device makers and ISPs who knowingly provided their unsuspecting customers with equipment that, by default, made the users vulnerable to snooping by ANYONE within range.
Collecting the data was irresponsible. Making clueless consumers vulnerable in this way SHOULD be criminal.
Hypothetical example:
If you stay in a hotel room with a one-way mirror, it's not the person who sees into your room who committed the crime. It's the hotel who committed the crime by renting you the room, knowing you could be spied on.
With google, what happens? Straight up honesty. 100% un-redacted other than the user's names.
Shouldn't/Isn't the FCC report publicly available even if Google doesn't release it? I mean, we can give props to Google if they link to it from their blog or otherwise increase the visibility of the report, but it seems to me that the FCC report should be public regardless of what the investigatee wants or does.
Ceci n'est pas un sig.
Perhaps CIA?
Well let's see: Keyhole is saved from going broke by In-Q-Tel (CIA venture cap firm) by a large infusion of cash, and about a year and a half later Keyhole is purchased by Google- then Google Earth is born. A few years later, this group within Google launches a fleet of GPS-equipped, WiFi signal-gathering vehicles that canvas the entire fucking nation, and... "Woops! We're sorry! We really didn't mean to record packet data from nearly every WiFi router in the nation, it was a just a mistake of some foolish engineer, acting entirely on his own, without any oversight, in this highly visible, multi-million dollar, nation-wide project.
I mean, really- Everyone Knows that the CIA would never go off reservation to get access to information, it would violate the agency's ethical code. Their track record in regards to this type of behavior is pristine, no? This having been said, who the hell cares- we'll never know what really happened, who paid for it, and what happened to the data. But to deny that the CIA would not take advantage of something they've invested money in and in which they have contacts is naive.
I think this is scary and completely unacceptable.
Why is it "completely unacceptable" to capture data that is being broadcast in the clear over public radio spectrum in a public space?
It's not that they captured some broadcast data, anyone can do that. It's that they systematically drove around and captured A LOT of broadcast data and correlated it to location information, with the intent that it could be mined for business purposes in the future.
It's the same reason why the health code is very strict for restaurants but not for personal kitchens. If I don't cook something correctly, I could make my family sick. But if a restaurant doesn't cook something correctly it could make hundreds of people sick.
Scale matters when it comes to the consequences of your actions.
Consider the humble wiretap: telephone conversations are unencrypted communications over semi-public networks, and yet unsophisticated callers presume them to be private. So there is a body of law designed to protect the privacy of our phone calls.
Yes, the neighborhood utility guy could tap the lines and listen in. But no company or enforcement agency could do so on a large scale without causing a huge scandal.
As tech-minded people, we all know that what happens on unecrypted wi-fi (and plain-text internet connections) is subject to interception by war-drivers, ISPs, and government-operated listening posts. And so it's hard to have any sympathy for folks who used unencrypted wi-fi and got caught by Street View's packet capture. But that doesn't mean it should be legal for organizations or governments to listen in. Just because they can, doesn't mean they should.
From the report, we know that Google started doing this in 2008, which *is* pretty late in the game for unencrypted wi-fi. Nevertheless, there was a time (say 2003ish) when it was fashionable to have unencrypted wi-fi. Not only did this ease compatibility problems, it made it easy for friends, family, and other visitors to get online quickly. It was also seen as an altruistic way to give internet to the masses. This started changing in the middle of the decade, but for whatever reasons there were clearly still quite a few unencrypted networks for gslite to sniff in 2008-2010.
I think it's interesting to draw the comparison between the Wi-Fi data harvesting to the News of the World --a Murdock owned news media outlet-- hacking controversy. The two aren't apples to apples comparisons, but at a basic level they both have the similarity of large companies accessing information for which they did not have authorization. Many have called for an outright boycott of Murdoch media, even in some cases a ban thereof. On the other hand, while we've seen a lot of criticism of Google's actions, we haven't seen the same volume of public outcry of boycotting Google or restricting the operations of Google enterprises. Most of the action discussed enters the realm of penalties and fines. I wonder if two forces are at play here. One, have too many become so dependent upon Google that they hesitate to support any action that would make Google services unavailable? Two, has intense dislike of Murchoch media reached a level where the application of a different standard is acceptable to many? Full disclosure, I'm a user of gmail and a viewer of Fox News, not exclusively thereof for either.
Did you know that Google is secretly backing CISPA? At least Microsoft and Apple do it in open. But of course that wouldn't be good for Google's image.
Did you know that CISPA also isn't at all what most people here seem to think it is? All it does is let the government tell ISPs that it's detecting potential cyber security threats from a computer/network - the ISP isn't required to actually *DO* anything with that info, nor is it granting the government more monitoring than it already has. As Google is also a massive ISP them backing the ability for the govt to inform them of unusual traffic makes a lot of sense. The bill may have some problem areas that need to be addressed, but unlike SOPA/PIPA its intended goal is completely reasonable and logical.
It's not that they captured some broadcast data, anyone can do that. It's that they systematically drove around and captured A LOT of broadcast data and correlated it to location information, with the intent that it could be mined for business purposes in the future.
"A lot" divided by the number of households they drove passed == practically nothing from each household. Given that they drive around in the middle of the day, the vast majority of wifi networks are going to be almost entirely idle, so they probably won't get anything from them other than the beacon. The beacon packet basically contains the SSIDs of the network (which they use to identify an access point for their wifi geolocation system), and contains no other useful data. Occasionally (probably every one in a few thousand networks) they might pick up something like a UPnP broadcast packet, which might tell you the brand of a device on the network. On networks where someone is surfing the web (again, middle of the day, so not that many), they might pick up a couple of packets from the middle of a session - its pretty unlikley that these packets are going to have much useful data in them, maybe a *fragment* of an email or something, more likley just a lump of javascript or part of an image from some random web page. On networks where someone is torrenting data, they will get a lump of binary data from somewhere in the middle of that torrent, again, doesn't really seem that useful to anyone.
Then we combine the above fact that they would've captured very little data from the average network (even less of any use) with the fact that the vast majority of the networks are encrypted, and you can see that they probably captured very little of value. Even if this was intentional, it was probably capturing the traffic "because we can" rather than them actually expecting to be able to use it for anything.
Scale matters when it comes to the consequences of your actions.
Yes, but I can't see any consequence here. Anyone who thinks google got a serious amount of useful data from this exercise is deluded and doesn't understand (a) how little time the Google car would've stayed in range of each network, (b) how little traffic the average network would've produced in that length of time, and (c) how tiny the proportion of personal data vs. random useless crap is in the average stream of network traffic.
http://blog.nexusuk.org
Nullifying this one example changes nothing. And how do you "prove" someone's evil, BTW? Trust Google at your own risk.
I have always been doubtful when people commented about how bonch had all these shill accounts, and then I saw the Wozniak Win7 phone article, and there pops up TechCar, with a clever pro MS and anti-google post; and right here all of your detractors have been modded down.
Its eerily like you really are a shill with a stable of accounts with modpoints. I mean, how is it you manage to turn MS supporting CISPA openly into a good thing, and Google not stating support for CISPA into a bad thing? How is it elsewhere you manage to turn Google's Android into a success into them "being sneaky", while poor ole MS struggles with their noble Win7 phone OS?
If you want to shill, be honest about it, dont sockpuppet.
I dont believe it IS broadcast at you. Unless Im mistaken, with any kind of wireless protection, the shared key is NOT the encryption key; rather each device negotiates its own key with the AP. You may have data flying at you, but its not data that you can read without cracking that key (which I believe you CAN do with the PSK..?).
In the same way, would it be ok for me to plug-in to your internet connection outside your house and sniff that data too?
No, because you have a reasonable expectation of privacy there. Its the difference between overhearing a shouted conversation with my neighbor, and setting up unidirectional microphones against the walls of my house and capturing a conversation with my family. One is legal, the other is very clearly a violation of wiretapping laws.