Slashdot Mirror
Report Finds Google Supervisors Knew About Wi-Fi Data Harvesting
bonch writes "According to the FCC report, Google's collection of Street View data was not the unauthorized act of a rogue engineer, as Google had portrayed it, but an authorized program known to supervisors and at least seven other engineers. The original proposal contradicts Google's claim that there was no intent to gather payload data: 'We are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing.'"
Is there a source to what is claimed in the article? I followed the links and find nothing to substantiate. Even the NYTimes links just references their own articles.
^^
Operation Guillotine is in effect.
I'm not really sure whats so "evil" about this. Google was simply doing what anyone else could with a computer running Wireshark could do. This would be evil if Google:
1) Collaborated with the government to alert the government about potential "illegal" activities being conducted
Or
2) Made attempts to crack wi-fi encryption
Taxation is legalized theft, no more, no less.
What does this matter now at all? CISPA is going to get passed into law at this point. I could care less about Google being a bit sleazy with regards to user privacy at this point.
Apple gets most of its money from hardware.
Microsoft gets most of its money from software licenses.
Amazon gets most of its money from people buying books and other stuff online.
Where does Google get most of its money from, to pay the salaries of over 30,000 employees as well as campuses around the world, data centers stocked with hundreds of thousands of servers, etc. It sells ads and search placement, yes, but that's not going to be enough unless it stays on top of the game of knowing how ads and search hits can be targeted to the right consumer at the right time. In other words, it needs to continually find new ways to invade the privacy of people who use its services for free.
Evil is a point of view.
- Lestat
Operation Guillotine is in effect.
Looks like Google is trying the old "Teflon Soft-shoe" in an attempt to avoid charges, fines, and other 'business costs' associated with such snooping.
Glad to see the Engineer they blamed didn't just roll over and play dead on this, or it would have been Quite Bad in the long run.
So, where does that leave "War-Drivers" who specifically snoop out WiFi?
It confirms no such thing. In fact the entire summary is out of touch with what was in the FCC report.
The entire thing is on line, you can read it for yourself. The FCC dropped the whole thing because there is no clear evidence that google violated any law.
GO READ THE FCC REPORT YOURSELF
instead of relying on a biased hack at the NYT to put their own spin on it.
There was never any intent do use this data, it was merely one engineer's pipe dream to do so.
And the fact that he MUCH LATER circulated memos that stated he was capturing freely available encrypted traffic to 7 people
does not mean they were actually aware of precisely what that meant.
Sig Battery depleted. Reverting to safe mode.
If you're talking about using encryption rather than broadcasting everything you do to everyone on your block, I disagree. You can, and you should.
Sorry, this is really a non issue for me. Google went around and did the equivalent of listening while people shouted from their rooftops. If you don't want people knowing what you're saying, don't shout it from your rooftop. The same goes for spewing unencrypted traffic across your neighborhood.
Wifi signals can be captured from space? That would be awesome for the guys on the ISS.
If they wanted to read Slashdot they could just hop on one of the undoubtedly tens of thousands of unencrypted wifis below them at any given moment.
Mind you I can't get a connection from the road let alone 1km away.
Let's sum up the whole thing, "Google had not violated any laws". That's straight from the article and the FCC investigation report. Not one single law was broken, PERIOD. So how is this news? If the NYT really wants to do news about privacy rights why doesn't it put the bullshit CISPA on the front page instead of ignoring it.
Probably never... he just read the report. Give reading a try, you might find that you like it.
So, telling the truth is shilling now? Take off the tin-foil nutball.
The soylentnews experiment has been a dismal failure.
Full underacted text (other than the name of Engineer Doe, is available here.
It was clearly a tiny project that got little oversight, and less review. For the NYT to say it was "approved" is quite beyond the facts. Collecting wifi access point locations was approved. But Engineer Doe went off the reservation and did way more than that.
Sig Battery depleted. Reverting to safe mode.
I keep reading these accusations and assumptions and almost all of them seem to ignore that the open source software (Kismet?) that they used to grab data logs it all as a default, or at least that's what I've read. Is there even an option to strip the non identifying information out? (I'm actually asking, I don't know this package).
Yes, he could have set a flag and not gathered any payload, just beacons and mac addresses. But Engineer Doe decided not to do this.
Kismet does not capture packet payloads when the encrypted flag is set on. There is a switch to turn off all payload capture.
Further, any SSL sessions would be captured in their encrypted state even when the router was un-encrypted. Nothing was able to
be gleaned in that data either. No bank passwords.
That they got any email addresses or content is amazing. I suppose a lot of people were using pop 3 in those days.
On the list of the 10 most popular target URLs that were able be extracted in a test run in Arizona was some Weather-Bug server.
Sig Battery depleted. Reverting to safe mode.
For those who don't know, the unmentioned program is Kismet So what if Google engineers knew about its capabilities to write pcap files? It's not an overwhelming amount of data for each Google car when compared to everything else it's collecting, and I wouldn't be surprised if it was simply left on, since I belive that's how kismet comes out of the box. The big point is Kismet also plots access point data in easily parsable formats along with signal strength, geographical coordinances, clients connected, other computers probing for certain networks unlike anything else out there so the choice for this software for wifi location collection was, without question the smartest choice. Its method of gathering data is instead of actively probing networks that respond (like Netstumbler) it instead listens silently in rfmon, or "monitor mode", and hops channels, decodes everything from layer 2, similar in principle to how a conventional radio scanner works. It can be configured to discard the pcap data, but privacy issues aside, when you're embarking on such a massively large and expensive project, I think it would suck if you later on really wished you had collected that data, especially if you find bugs and the program crashes in mysterious ways?
Consider what you're saying. It's like condoning someone who breaks
Wrong. There were no locks for them to break
and enters
Wrong. People were transmitting their information into the street, Google didn't have to enter anything
Want to try again with another analogy?
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Oooh, let me try. It's like two people having sex in their street-facing bedroom without closing the curtains, and complaining when a passerby sees them.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
They spent a year and tens of thousands of dollars "investigating" Google and couldn't find any violations of the law, so the make a bogus claim that Google "didn't cooperate". Why should Google? What the Feds wanted was for Google to unilaterally admit to some crime.
Those who claim Google was "stealing data" have no clue as to how wifi's work and what it takes to collect data with a "Street View" van. Mostly they are victims of Apple's and Microsoft's anti-Google FUD campaign, since they both collect the same kinds of data.
Most wifis have a radius range of about 300 feet. Traveling at 25mph a van can pass through 600 feet in about 16 seconds. It takes several minutes to crack a WEP and even more for a WPA encrypted connection. The van won't have enough time to crack into secured access points. That leaves OPEN access points. How many packets could a van collect in 16 seconds for an 11Mb/S connection? About 10,600. A typical 1500 byte packet has a maximum of 842 bytes of payload, which would total to about 9 MB of data. That "data" will be HTML code, web page elements, LOTS of graphics and tons of trivia. It *might" contain pieces of someone's email. All from Joe and Sally Sixpack who don't have enough sense to, in affect, close their blinds when they undress for bed at night, or shout all of their telephone conversations, or leave their cars and houses unlocked and the windows down or open. So, what are folks to do when they pass by, plug their ears and close their eyes for 600 feet?
Besides, ESSIDs can and often do change without notice, so they mean nothing. MAC addresses would identify hardware and Google could connect a MAC to an IP address, but gathering that information is not illegal. Besides, names, telephone numbers and house addresses have been linked together in phone books for a100 years. I can record your license plate number and look up your name and address in our state auto registration database after paying a registration fee of $50. Ditto for your house records: year it was built, how many times it was sold and for how much, the amount of taxes you payed and what is due, even a floor plan.
IF you don't want someone eaves dropping in on your wifi traffic then use WPA and/or encrypt your email and connect only with https websites.
Running with Linux for over 20 years!
You're right of course.
Sending out vans en masse to peoples' neighborhoods with equipment and software that's specifically designed to pluck wifi traffic out of the airwaves is no different from strolling down the sidewalk and happening to glance into someone's window. Why, just the other day I was on my way home, glanced over, and idly picked up several packets of someone's e-mail and a bit of their usenet traffic before I could think to look away. How silly of me.
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
What is evil for one person to do, it is evil for many to do. What is acceptable for many to do, it is acceptable for the one to do.
For example, if it is acceptable for your neighbor to look at unencrypted web traffic for research purposes (as in, not reading the contents of e-mails to gain something such as blackmail, financial gain, etc.) it should be acceptable for a corporation such as Google to do it so long as same procedures are applied (don't look through e-mails, don't degrade the network's performance).
Similarly, if something is unacceptable for an individual to do (murder, steal, etc.) is unacceptable for groups to do.
Taxation is legalized theft, no more, no less.
The wifi data was half-in, half-out of their private homes
No, it was out. The Google car never entered their property, and yet was able to capture that information in its entirety. It was wholly out of their home.
It was meant to be used by them, in their homes
They might have intended for it to only be in use in their home, but they never took the simple necessary technological measure to make it so (encrypting it) which is not a difficult thing to do with a home-use wi-fi router, even for a novice. It just requires them to read the manual.
and technology had to be specifically modified and sent out in order to intercept it
No, no it didn't. One of the details in this case is that Google basically just used an off-the-shelf piece of software to dump all publicly available information. They caught that data because they didn't customize it.
If Google itself had condoned it, there would be little difference between that and seeking to obtain Zero-Day exploits to commercial systems - with the exception that these are private individuals, not mere corporations.
And the fact that there was no security to actually exploit.
With all the hullabaloo from the MPAA and RIAA about ownership rights to for-profit data, we have at least as much right to our data as private citizens
You do. So bloody well tick the little box that says "WEP". Note that's not going to protect you against even the most inept hacker, as its known broken, but Google wouldn't have read your data.
Otherwise there's no point to having a government, if it doesn't uphold our rights.
See, I don't really see the "right to run wi-fi without reading the manual" as worthy of government protection.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
If you had a laptop with you, you probably did.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
There is quite a difference between sending porn thru a hacked wifi (in reality probably a totally unsecured wifi) and listing to a couple seconds of unencrypted wifi traffic as you drive down the street.
You also have to remember that the FCC said there was no evidence that what Google did was illegal. So that pretty much puts the lie to your claim that Google got off because they were Google. They got off because it wasn't a violation of law. Hacking someones internet is a violation of law. So is theft of services.
Sig Battery depleted. Reverting to safe mode.
Yes, when do we go after Microsoft for leaving that packet sniffing option on as a default installation option?
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
How'd that go again?...Do No Evil or something like that?
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Engineer John Doe: From my point of view, the FCC is evil.
Sergey Brin: Well then you are lost!
Biased hack at the NYT? How about the fact that it was submitted by Bonch, who has a clear bias against google? He's basically Florian Mueller with a different username.
No, that's not remotely what I'm saying, and your Matthew Shepard comparison is wildly off base.
If you have unencrypted WiFi, you are broadcasting, quite literally, whatever you're doing. All I'm saying is if you're out in public, people can take your picture. You might not like it, but they can. If you yell at your wife on the front porch or in the house if you're loud enough, the neighbors can hear you. I'm not saying you need to encrypt everything, or that you need a vault. I'm saying don't broadcast to the world if you don't want the world to hear you.
I'm very much pro-privacy, but if you want your privacy (as I do), you can't put the burden on the entire rest of the world to preserve it for you. We railed against the DMCA because it criminalized circumventing even useless protection measures, but somehow when they're OUR useless protection measures, it's different? No, it's not. What I'm saying is that if you don't want your papers and personal effects gone through, don't leave them lying in the street for people to pick up and read.
Dude we know you're biased as shit. You submitted the article! Just give up and admit that you either have a clear bias or are paid by or affiliated with Microsoft, directly or indirectly.
However, the difference between Google and MS/Apple is that in MS/Apple's case it'd be a quiet settlement with no details.
With google, what happens? Straight up honesty. 100% un-redacted other than the user's names.
Do you have any actual proof to cite, aside from the fact that the title of the article is 100% the opposite of what happened?
I don't think this specific event was really all that bad.
What's really troubling, though, is the attitude towards the users' data. And it's not a single "rogue" guy; he talked to other people, even asking a member of the Search team if it could be useful - why didn't he or she report it? Are they really that numb towards protecting people's privacy? Consented data mining is one thing, but this was wardriving!
I'm still a Google fan - they make a bunch of things that I really like - but I think this just strengths my decision of giving up on Gmail and not joining G+ (besides the real name policy nonsense).
By the way, before you accuse me of nonsense like being a shill, I'd like to say that Google is still the only major tech company that I actually like. The others could all burn for all I care.
Dilbert RSS feed
How easy it is to do depends very much on who you are. My problem with things like this is it actually encourages bad security. If we go around telling people that it's ok to just demand the world turn around when they do the digital equivalent of walking down the street naked, are they really better off than if we tell them "Hey, there's this check box you can set on your router that makes it all but impossible for people to snoop on you. If you don't check it, ANYBODY who bothers to try will see everything you do."?
It's all well and good to have laws about this stuff. We COULD enact a law making sniffing unencrypted WiFi illegal. IMO, it's far far better to just encrypt the damn thing and be done with it than hope when someone does capture your traffic, that you'll find out. Realistically, unless it's a high profile case like this, you'll never know.
No, that's not remotely what I'm saying, and your Matthew Shepard comparison is wildly off base.
You're saying that the onus on people if they don't want others to take advantage of them is to hide all their vulnerable points. And I'm saying that's the sign of a lawless anarchy where people aren't presumed to have rights.
If you have unencrypted WiFi, you are broadcasting, quite literally, whatever you're doing. All I'm saying is if you're out in public, people can take your picture. You might not like it, but they can.
A very apt parallel. Under American Common Law, your likeness - as well as your signature - is your private property. People can no more snap you without your consent without being liable for violating your property rights than they can take an image of your signature and print it onto whatever they like. American Common Law remains in effect, but has been forgotten amid a heap of baseless legislation that lacks the authority to actually be law. People in the U.S. have forgotten their system, in favor of a johnny-come-lately. As one result, basic concepts and premises of law ("maxims") have been lost to them, and we get news stories in which some new situation brought about by new technology makes it all seem like an open question again. It's not.
If you yell at your wife on the front porch or in the house if you're loud enough, the neighbors can hear you.
And they now have lasers that can be pointed at windows and pick up conversations based on how the glass vibrates. The laser and the person using them are both located outside the house, so according to your reasoning it's perfectly fine as well. So, be sure to pick up some air pumps made for aquariums at the pet store and tape them to your windows, or it's your fault for being lax on the data security.
If my neighbors are installing surveillance equipment in order to overhear me shouting at my wife, and they couldn't overhear it any other way, they're not going to last as my neighbors for long.
I'm not saying you need to encrypt everything, or that you need a vault. I'm saying don't broadcast to the world if you don't want the world to hear you.
I'm very much pro-privacy, but if you want your privacy (as I do), you can't put the burden on the entire rest of the world to preserve it for you.
I'm typing this reply from my laptop, in a public location. As I type, there is cash in my wallet as we speak. Just sitting there. For anybody to pick up and take! Mind you, they'd need to have developed certain skills in order to do so. But they could do it! And it sounds like according to your reasoning, if they did it would be my fault because I expected the rest of the world not to deliberately attempt to pick my pocket. Whereas I'm more in favor of the traditional Middle Eastern response to people who are caught pickpocketing, in order to discourage it.
We railed against the DMCA because it criminalized circumventing even useless protection measures, but somehow when they're OUR useless protection measures, it's different? No, it's not.
Of course it's no different, if you're arguing the issue in the context they've handed you.
The actual difference is that before things like the DMCA, before a lot of this corrupt baseless legislation got passed, there were no victimless crimes in this country! You weren't hauled in before a magistrate and tried in a chancery court for offenses "against the state". You were brought to court when there was an injured party: you had either detrimented their right to life, liberty or propert
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
No, it was half-in, half-out. By that I mean it was being used in their homes, and "leaked" out because that's what airwaves do. Which isn't typically a big deal, since one hardly expects people to be sitting outside trying to pick it up.
Yes. In other words, you need to consider more than just the most common case. You also need to consider edge cases, and the potential damage versus the likelihood versus the difficulty to mitigate. In this case, the edge case is likely - anyone with a laptop could do it, and have been known to (see wardriving), the damage is potentially severe - especially if you do stupid stuff like sending sensitive data in the clear over email, and the difficulty to mitigate is trivial.
There's nothing technologically complicated about using a handgun either, and using one could certainly save you from a violent mugging.
No. However, securing your router doesn't inflict bodily harm on a human being, require special licensing, or open you to the possibility of charges arising from its use (yet). Are you sure you're not BadAnalogyGuy in drag? Having a gun is a complex piece of mitigation, involving training and licensing, and may not even be effective, as presence of a firearm might prevent, or it might provoke escalation. Better mitigation would simply be not to go to dangerous areas at night. Not foolproof, but it reduces the chances of occurrence down to the point where I've never been mugged in my life.
Whenever you leave your home, there is also a slight chance that it will rain no matter what the weather report says.
Which is why I keep an umbrella in the car.
You might get slammed by a car as you cross the street, therefore you should never leave the house without a pair of clean underwear on, in case you have an unanticipated ambulance ride to the hospital to worry about
And that's at a level of severity I really don't worry about. For various values of "clean" anyway.
And you might run into some tourists from Spain who don't speak English while you're out.
Again, level of severity is negligible. Why do I care if I can speak to the tourists or not?
Therefore, you should never leave the house without a loaded handgun, a large umbrella, a pair of clean underwear on, and a Spanish-to-English translation dictionary. Otherwise, it's your own damn fault.
Well, if you get caught in the rain without an umbrella, yes, it is your own damn fault. What do you want, the government to outlaw rain?
My point, however, remains. Kismet does not come standard, you have to purposely install it - usually to sniff another person's otherwise-private network traffic.
Your threshold for "modification" seems to be unrealistically low - considering that would mean my grandma's computer with Open Office on it would be considered "specially modified technology".
And a wireless router does not come standard either. You need to purposely install it, usually to transmit information. If you wish to restrict the information it transmits, it behoves you to configure it so it operates in a way that you see fit. If you do not have the time or the capacity to read a simple instruction manual, then you should hire someone who does. The 12 year old kid down the street charges reasonable rates I hear. If you don't understand the device you installed, nor had an informed person configure it for you, then yes, you were negligent and the fact that you didn't know that you were shouting your information for all to hear merely emphasizes that point.
You seem to be adopting the position that no, that's perfectly alright, the citizenry had no reasonable expectation of a right to privacy there. That packet sniffing, as deliberate as it usually has to be, is just as easy to do and probably as someone glancing in your window.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Why would we?
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
How easy it is to do depends very much on who you are. My problem with things like this is it actually encourages bad security. If we go around telling people that it's ok to just demand the world turn around when they do the digital equivalent of walking down the street naked, are they really better off than if we tell them "Hey, there's this check box you can set on your router that makes it all but impossible for people to snoop on you. If you don't check it, ANYBODY who bothers to try will see everything you do."?
I can appreciate that. It's a very noble sentiment, and I feel it myself.
What I have to keep in check, though, is that a desire to shape public policy - even in this case for something like technological education - does not enable myself or anyone else to remake the law in ways that violates someone's rights. The desire to reshape society for what often started out as noble goals as you've described, is now often misused when politicians play on emotions to gain public support for further erosion and inroads into the legal structure and the political assessment about what rights we have. Two hundred years of this stuff has caused the the average person to misremember the basis of the political and legal structure that prior generations of citizens had designed. And this is all to the temporary benefit of politicians in power. So I'm careful to keep my ideas of "what's right for people" from coloring my determinations about their rights, and must refer to what had originally been put in place. Common sense dictates that, legally, personal data is private and since you can't get at it without trying you have every reason to expect privacy.
We both know that's not true technologically, but from a legal standpoint it could work. There are any number of things which could be done technologically, that are against the law. Since the laws were designed to uphold rights, this should probably be one of them - and my understanding of American Common Law is that it probably already is. Common Law doesn't rely on a lot of legislation being passed, but on the operation of basic rights in a common sense manner.
It's all well and good to have laws about this stuff. We COULD enact a law making sniffing unencrypted WiFi illegal. IMO, it's far far better to just encrypt the damn thing and be done with it than hope when someone does capture your traffic, that you'll find out. Realistically, unless it's a high profile case like this, you'll never know.
You're talking about passing legislation specifically forbidding it. I think it probably makes sense, to deter people from packet sniffing personal data. Yes, from a technological standpoint people should probably be encrypting anyway. And if the cost-to-benefit ratio prompts them to do that, they will. The law, however, isn't supposed to tamper with the cost-to-benefit ratios of people who aren't violating the rights of others, just to prompt them into one choice or another. That would violate freedom as well, and today it happens frequently when politicians attempt to set public policies. They're not supposed to. The law is there to preserve rights, and by making a determination about whether rights to personal data privacy are guaranteed or not, the law would be doing its job.
I think it's already done this, but clarifying it would be good if there's public disagreement about that point.
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
Cite, please. It's my understanding that if you're in public, people absolutely can take your picture and do not need your consent. If you're correct, I'd like an explanation how paparazzi aren't all in jail.
Perhaps we're getting to the core of the issue. You're arguing from a base where law isn't actually law. I can't follow you there.
Yes, and infrared cameras that see through your walls. I suppose that's what muddies the waters. It comes down to the "reasonable person" test. IIRC, it's been decided (in court) that reasonable people do get protection from being spied on via IR cameras. I think it's reasonable to assume there's not a laser microphone pointed at your windows, too. I just don't feel that unencrypted wifi streaming out of your house deserves the same protection when it's trivial to encrypt it. I don't think we should have to IR shield our houses. I don't think we should have noise generators on our windows. I do think we should encrypt our wifi.
No, it's a form of encoding. If you're going to claim that as encryption, I can as reasonably claim that this is a private conversation between me and you, and that anyone else reading it has violated my rights because I encrypted it in ASCII or Unicode, or whatever prior to uploading it. It's not MY fault everyone else's computer is capable of decrypting it.
No, it was half-in, half-out. By that I mean it was being used in their homes, and "leaked" out because that's what airwaves do. Which isn't typically a big deal, since one hardly expects people to be sitting outside trying to pick it up.
Yes. In other words, you need to consider more than just the most common case. You also need to consider edge cases, and the potential damage versus the likelihood versus the difficulty to mitigate. In this case, the edge case is likely - anyone with a laptop could do it, and have been known to (see wardriving), the damage is potentially severe - especially if you do stupid stuff like sending sensitive data in the clear over email, and the difficulty to mitigate is trivial.
No. You're discussing technological feasibility - and how complex it would be to implement, as well as risk-reward ratios. Which completely fails to address the matter in terms of rights in law. You do this several times throughout your response.
There's nothing technologically complicated about using a handgun either, and using one could certainly save you from a violent mugging.
No. However, securing your router doesn't inflict bodily harm on a human being, require special licensing, or open you to the possibility of charges arising from its use (yet). Are you sure you're not BadAnalogyGuy in drag? Having a gun is a complex piece of mitigation, involving training and licensing, and may not even be effective, as presence of a firearm might prevent, or it might provoke escalation. Better mitigation would simply be not to go to dangerous areas at night. Not foolproof, but it reduces the chances of occurrence down to the point where I've never been mugged in my life.
...such as here...
Whenever you leave your home, there is also a slight chance that it will rain no matter what the weather report says.
Which is why I keep an umbrella in the car.
You might get slammed by a car as you cross the street, therefore you should never leave the house without a pair of clean underwear on, in case you have an unanticipated ambulance ride to the hospital to worry about
And that's at a level of severity I really don't worry about. For various values of "clean" anyway.
And you might run into some tourists from Spain who don't speak English while you're out.
Again, level of severity is negligible. Why do I care if I can speak to the tourists or not?
Therefore, you should never leave the house without a loaded handgun, a large umbrella, a pair of clean underwear on, and a Spanish-to-English translation dictionary. Otherwise, it's your own damn fault.
Well, if you get caught in the rain without an umbrella, yes, it is your own damn fault. What do you want, the government to outlaw rain?
No. I'm demonstrating the impracticality of having a government refuse to acknowledge your rights, and leave you to fend for yourself in every eventuality.
My point, however, remains. Kismet does not come standard, you have to purposely install it - usually to sniff another person's otherwise-private network traffic.
Your threshold for "modification" seems to be unrealistically low - considering that would mean my grandma's computer with Open Office on it would be considered "specially modified technology".
If your grandmother can pick up my wifi data with Open Office, please do arrange a meeting with her for me.
Part of my point was that someone would have to modify the technology or use the software in order to pick up someone else's personal wifi data, thus legally establishing intent. If you demonstrate intent to nab someone's papers, or in this case wifi data, you've demonstrated an intent to violate t
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
Do we need to start limiting which species get to post here???
Cite, please. It's my understanding that if you're in public, people absolutely can take your picture and do not need your consent. If you're correct, I'd like an explanation how paparazzi aren't all in jail.
Common practice within the Union about a century ago; I came across it years ago in research and no longer have the historical reference, unfortunately. I did find cites just now, though.
As to the paparazzi, part of it would most likely be that the country's forgotten that by now, or that as public figures celebrities are presumed to be accessible in that regard. I'm honestly not sure how much of which. It would be kind of interesting for celebs to copyright their likeness in this day and age though, and then sue tabloids for distributing without permission.
Perhaps we're getting to the core of the issue. You're arguing from a base where law isn't actually law. I can't follow you there.
Yes and no. It's the venue of law the Constitution was written in, and the American variant of Common Law remains the law of the land. However, it is prevalently ignored today by the majority of citizens, who have not heard of it. Yet.
Yes, and infrared cameras that see through your walls. I suppose that's what muddies the waters. It comes down to the "reasonable person" test. IIRC, it's been decided (in court) that reasonable people do get protection from being spied on via IR cameras. I think it's reasonable to assume there's not a laser microphone pointed at your windows, too. I just don't feel that unencrypted wifi streaming out of your house deserves the same protection when it's trivial to encrypt it. I don't think we should have to IR shield our houses. I don't think we should have noise generators on our windows. I do think we should encrypt our wifi.
And there we disagree. Or rather, I don't think we should be considered to be obliged to encrypt our wifi in order to secure our right to privacy on it. But I do like how well you've summarized the matter.
No, it's a form of encoding. If you're going to claim that as encryption, I can as reasonably claim that this is a private conversation between me and you, and that anyone else reading it has violated my rights because I encrypted it in ASCII or Unicode, or whatever prior to uploading it. It's not MY fault everyone else's computer is capable of decrypting it.
Impressive! I honestly don't have a response to that one right now. I'll have to think about that one for a while. Thanks for the new (to me at least) point. Very refreshing to encounter.
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
No. You're discussing technological feasibility - and how complex it would be to implement, as well as risk-reward ratios. Which completely fails to address the matter in terms of rights in law.
You're discussing "adding" a new right. That is, that people have the right to broadcast their information and demand that people not read it. This is not currently a right, as TFA states. You are looking to expand government protection into a new area. I'm providing reasons why that protection is unnecessary. Those reasons are technical, and risk related, as well as moral - that is, making individuals take responsibility for their own dissemination of their data.
If your grandmother can pick up my wifi data with Open Office, please do arrange a meeting with her for me
Hell, my grandma can do that with a base install of windows, if you don't secure your wi-fi.
True, but irrelevant. We're not discussing how using wifi routers violates someone else's rights.
Yes, you are. You're discussing how to restrict my right to access information that a wi-fi router transmits into public space.
If you demonstrate intent to nab someone's papers, or in this case wifi data, you've demonstrated an intent to violate their rights and act on it.
And my point was that by installing a router and configuring it to broadcast unencrypted data, you've demonstrated an intent to share that data.
Another dodge. You maintain that in using open wifi routers, one has relinquished any right to expectations of privacy. And that is bunk.
Why is that bunk? In using a public park, you relinquish any expectations of privacy. In using public transport, you relinquish any expectation of privacy. The very definition of public is that is distinct from private.
Yet you neglect that the same argument would be absurd for either, which was my point.
No, you were making a ridiculous analogy between two things that are not analogous.
At this point, you're visibly sabotaging the conversation.
No, I'm mocking you. I'm doing so in an attempt to dissuade you from making ridiculous and emotionality-laden comparisons to mass butchery any more.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
No, it's a form of encoding. If you're going to claim that as encryption, I can as reasonably claim that this is a private conversation between me and you, and that anyone else reading it has violated my rights because I encrypted it in ASCII or Unicode, or whatever prior to uploading it. It's not MY fault everyone else's computer is capable of decrypting it.
I think the distinction there would probably have to be intent, and basis.
By intent, I mean that there's a difference between engaging in a forum discussion, and deliberately attempting to intercept someone's comm traffic via their wifi signals. That's a close enough approximation to the guaranteed Fourth Amendment right of citizens to be secure in their papers (whether those papers are in the home, out outside of it) for me to equate them. Others may interpret that differently.
When I say basis, I mean that Google for example is a corporation with a stated basis of operation. While it's true that a lot of what I post could be searched for around the internet and compiled in a central database (Facebook does it), nothing authorizes Facebook to monitor citizens by doing this. They work for the Information Awareness Office, which compiles that information on citizens for the federal government's uses. Again, nothing authorizes the federal government to do that to its citizens, so there's a problem of it not being within its stated basis. Here, Google appeared to do it unintentionally and that would be a little different.
To intentionally violate someone's rights, there obviously must be intent and it must be acted upon. This is a distinction made in law, and it's a different way to distill the situation than the technological basis that most of the rest of Slashdot is using for this discussion. Still, I think it has the ability to get to the nitty-gritty about what expectations we have or don't have with other parties better than the technological perspective, without getting into direct morality which can rapidly get pretty nebulous indeed.
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
Disclaimer: While I did work at Keyhole(what became GoogleEarth) for 1.75 years back in 2k3, and while my older brother is Google's VP-Engineering, Geo division, I have had no significant insider knowledge or discussions about this, or anything related to it, since I left that job. I also would probably be written off as a delusional paranoid schizophrenic by many, but I'll refrain from shilling half a dozen interesting tidbits about myself here. Anyway, my comment is this:
"This would be evil if Google:
1) Collaborated with the government to alert the government about potential "illegal" activities being conducted"
Now, I will mention that it is public knowledge that the CIA through it's venture capital investment arm 'In-Q-Tel' did more or less save Keyhole from going under during the hard times of 2003ish, a year or two before they were acquired by google.
I honestly can't see how people, even the author of the parent comment, can ignore that angle of the parent comment. Do you really, in any universe after the last decade, think the CIA wouldn't start scratching their heads regarding the possibilities of a dragnet of roving signals intelligence vehicles canvasing the nation, neigh, the world?? I mean, Really??. Do you really think that if they had done something illegal, or debatably unconstitutional on that scale, that they couldn't succeed in getting it brushed under the rug, under the cover that it was just a couple silly engineers stretching some bounds? Really? If so, enjoy your lack of paranoia. Ignorance is bliss.
-dmc
Well, the report confirms what was in the summary and title of this story.
The amount of wrongful moderation towards bunch and anyone critical of Google in this story is quite astonishing. Actually, not just this story but in every story on Slashdot. I'm a big fan of Google's products, I use gmail and my Android phone every day (even develop for it), but even I think this is scary and completely unacceptable. Just because its Google it doesn't make it right. You shouldn't give them a free pass on privacy violating stuff like this just because they somewhat support open source (not that much actually). In fact, Google should be held to higher standards if you like them because of that. Did you know that Google is secretly backing CISPA? At least Microsoft and Apple do it in open. But of course that wouldn't be good for Google's image.
It's time to end this abuse of mod points towards anything negative about Google and think of their actions as their own. And boy have they changed over the past 5 years. But like with piracy, I think that many Slashdotters just like them because they give free stuff. It's not so much about the privacy. If you cared about privacy you wouldn't use hosted services anyway, but desktop apps like Office.
icebike, Tell us who you work for, and you represent, before you shit all over this thread any more!
CS majors know the time/space tradeoff, but they never get taught the 3rd, crucial, tradeoff of the set: comprehension!
Was google harvesting unencrypted wifi traffic? Probably... so what? Who has unencrypted wifi? Even the local coffee shop that gives wifi away for free still encrypts their wifi. They just tell everyone the password.
The moral of the story is encrypt your wifi... also, zip up your fly before you go out in the morning... and bring an umbrella if it's raining.
You know... basic words to the wise... like don't go swimming in sewage. Did google spy on idiots? Probably. But who cares? What exactly are we trying to protect here? The right to be a moron? Encrypt your f'ing wifi.
And given that the FBI just effectively got the power to spy on us all through our ISPs, exactly how much of a fuss do you want to make about Google sniffing unlocked wifi access points?
We need to start encrypting everything now. Phone calls. Email.... possibly proxying everything through other countries. I mean, if you don't care if the government can or is reading your email then carry on. But don't complain when a company comes along and does not even a tenth as much. Just keep it in perspective.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
There was clear evidence that Google violated laws. True, probably not USA laws, but they did the same in other countries where laws existed that made this illegal at the time.
I was promised a flying car. Where is my flying car?
Bonch is an Apple shill and MS hater.
This space for rent.
Making sniffing of wifi illegal is a complete lack of understanding on how the technology works. It is unlicensed spectrum and any bit pattern your wireless device emits will be recieved by every reciever on the same band. At what level is "sniffing" sniffing?!
I suspect that this case will follow the same path as using a scanner to tape and record radio conversations... an act in itself which is not illegal.
120 characters ought to be enough for anyone
The analogy of a peeping tom is more like a couple in a glass house made of one way mirrors and people looking, some taking pictures or videos, and some taking pictures or videos of an attraction next door. It is not like using a zoom lens or x-ray. Maybe the users did know they were in plain sight, maybe they didn't... but lets face it.. you have to be pretty ignorant with every device you use warning you insecure networks are insecure...
It is not illegal to listen to a radio scanner or even record... at least not that I am aware.
120 characters ought to be enough for anyone
At this point, you're visibly sabotaging the conversation.
No, I'm mocking you. I'm doing so in an attempt to dissuade you from making ridiculous and emotionality-laden comparisons to mass butchery any more.
You've done all three in this instance, and so you will only have dialogues with people who tolerate that. Ta.
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
You do realize every wifi radio recieves every bit on the same frequency of every in range device regardless of if it is encrypted or on the same SSID. The fact that it's not presented to YOU is because some engineer decided it was irrelivant is a symantec. If you send it, every device on the same frequency recieves it. If it does anything with your pattern of bits is up to the device. This is physics.
The fact that the bits you transmitted form a discernable pattern using known standard which has personal importance to you is no reason that you should expect such data to be private... I mean it's not like they tuned their recievers to a frequency you are of some expectation to have rights over. Their recievers (however they are programmed to recieve) have equal right to the band your wifi is transmitting on.
120 characters ought to be enough for anyone
And I'll only have dialogues with people who don't think that requiring people to secure their router is equivalent to allowing murder gangs to roam the streets unopposed. From we're I sit, it's all plus.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
If you had a laptop with you, you probably did.
Your laptop will immediately discard any data from an unsecured and unencrypted network that it is not connected to.
Rogue engineer? Evil managers? Who cares who is the culprit in this particular case? The plausibility of both cases is just evidence of the real basic problem: a centralised database of public (or less public) information about every single individual in the planet should not exist in the first place.There's no problem if somebody comes under my house and snoops on my unencrypted wifi traffic. There's a problem if a single entity collects all unencrypted traffic from all the streets of the world. There's a huge problem if the same entity also collects all mac addresses, street addresses, personal names, phone numbers, web history of the same people, analyses all of them to dig for those people's problems, opinions, tastes, aspirations, and the only warranty of privacy they give is "hey, we promise that we won't ever misuse that data".
If my eyes see two ugly people having sex, believe me, they're going to be discarding hell for leather too.
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
"Google announced that WiFi data collected in the Netherlands will be deleted. This move is being made at the behest of the Dutch Data Protection Authority, who gave an order earlier this year that all WiFi data was to be deleted." http://tech.slashdot.org/story/12/04/29/2229225/report-finds-google-supervisors-knew-about-wi-fi-data-harvesting And one more thing, lets not mix "google claims it had no intent to use that data" and "google had no intent to use that data" please.
It was clearly a tiny project that got little oversight, and less review.
Where does the "clearly" adverb come from? Why do you consider gathering unencrypted wifi traffic from the streets of half world a "tiny project"? Do you condone the fact that, as you are saying, Google treated a project with massive privacy implications with "little oversight, and less review"?
For the NYT to say it was "approved" is quite beyond the facts. Collecting wifi access point locations was approved. But Engineer Doe went off the reservation and did way more than that.
There's no proof that the plan has been approved? Who cares: there's proof that the plan has been executed, because Google did store payloads. And they lied the first time they were asked by the EU if they were doing that. Then when they were caught, they "impeded and delayed" the investigations (direct quote from the FCC report). Engineer Doe refuses to testify, why should he, if he's sure he hasn't done anything illegal?
And finally, breaking the law "by mistake" (if we want to believe them) is still illegal.
Look, I think you're missing the point.
What Google did was evil, plain and simple. Innocent people who were just using their Airports to connect together their Apple iPads were spied upon.. And they snooped on high quality businesses, the type that know that Oracle is the number one choice for high quality database management system.
Google harvested this information from innocent people, quite obviously, so that at some point in the future, Google's plan to sell human beings to advertisers as slaves could take place.
That's what we're talking about here. People with the number one tablet in the world, who are normally protected by its superior security model thanks to Apple's revolutionary App Store, being snooped on by a bunch of slave traders. Businesses, high quality businesses running high quality Oracle software, being spied upon.
There is nothing right here. In my view, Google should IMMEDIATELY be broken up. Android phone users should be rounded up and required to purchase one iPhone for every year they've possessed an Android phone. There is no lesser punishment that would be as deserving.
Thank you for reading this post. Also: iPad iPad iPad.
You are not alone. This is not normal. None of this is normal.
http://www.backgroundcheck.org/can-i-trust-google/
Perhaps we need a sense of proportion in this discussion, because the above doesn't make sense either. Google didn't "take advantage of" anyone, not even in the version where Eric Schmidt himself was evilly rubbing his hands together and saying "Do it! RECORD EVERYTHING YOU CAN! HAHAHAHAHA!"
What Google did was record a lot of data. That data was destroyed when they found it wasn't what was needed for the mapping project Google ran. There is no suggestion that Google, at any point, intended to publish the data, or use it to harass anyone, or in any other way abuse the overload of information they added.
Now, you talk about rights. What rights are we talking about? The right to have privacy, or the right not to have data you're transmitting - deliberately or otherwise - recorded temporarily by a non-sentient device?
I say this because the two are not the same. The latter is not an abuse of privacy unless that information is actually published to one or more sentient beings in a way those sentient beings can interpret and process.
When we get all hot and bothered about electronic devices recording things, it's usually because we're concerned that they are going to be actively used to violate an individual's privacy. But that's not the case here. What people are getting upset about is the electronic side without the actual betrayal of privacy at the end of the process.
I understand it. But in the great scheme of things, recording information from people who appear not to be concerned about their privacy, temporarily, in a way that will never be published and probably never even be seen internally, strikes me as pretty inconsequential.
You are not alone. This is not normal. None of this is normal.
The distinction is pretty important, and so long as it's not used as an argument to diminish rights it makes quite a bit of sense.
I agree that in a case of accidental nonsentient monitoring that isn't accessed, it's pretty inconsequential.
The natural concern is of course intentional, systematic monitoring, sentient or otherwise, that is or can be accessed effectively. And carefully evaluating who collected that data in the first place, and whether their motives for so doing were even valid and fair, is just a sensible part of data security approached from a societal, rather than a technological, means. Limiting the cases in which collecting the data in the first place is considered socially acceptable is a good place to begin in terms of limiting data loss.
This is because the difficulty occurs when personal data becomes retained by outside parties, because at that point it's pretty difficult for the original owner to establish with any certainty whether that data is accessible or not.
Case in point, when several of the CIA's laptops went missing a few years ago. They were concerned about the data when the laptops went missing, despite the fact that the information was almost certainly encrypted. It's a natural concern, when confidential data is retained by outside parties beyond the control and oversight of the initiating party. The CIA didn't stop to assess whether or not they supposed it could or would be successfully accessed before finding the incident a cause for concern; the mere possibility that it now could be, and they would have no way of knowing either way, was the problem.
There is very often a double-standard in evaluation that people make now, depending on whether the potentially damaged party is (a) a private citizen, or (2) a government agency or corporation. Somehow, there is typically a strong implied bias in the private citizen's disfavor there, and that should probably be noticed and assessed. The standard mentality seems to be that Joe Sixpack was negligent or mentally lacking for not better encrypting his data, and we're cautious to ask ourselves who it's really hurting anyway, but that if it happens to government agencies or corporations it's automatically considered a cause for concern because it represents a threat to state or trade secrets. And there is a disconcerting and counterintuitive propensity for that kind of thinking.
The Wolfpack Project: BitCoin + Crowdfunding = Political Accountability
Hi Bonch!
I think this is scary and completely unacceptable.
Why is it "completely unacceptable" to capture data that is being broadcast in the clear over public radio spectrum in a public space? If someone wants to protect their data, their router has the tools to do this, just as if you don't want people to see you standing in your house nude you close the damned curtains.
No, I'm not defending Google, I'm defending *everyone's* right to not be penalised for something that shouldn't be considered "unacceptable".
http://blog.nexusuk.org
I am using WLAN in the place I live. The same one that many other residents use. It is password protected, but once you login, everyone is still broadcasting their data to me also. Is it ok for me to sniff that data too?
Yes, why not? If you are sending data in the clear to untrusted networks you're a complete idiot. Presumably that wifi is either a LAN where all the clients are trusted (so everyone trusts you not to do bad things with their data), or it is an internet connection, which is inherently an insecure network so anything passing over it is liable to be intercepted (often legally required to be intercepted and logged by third parties in some jurisdictions).
In the same way, would it be ok for me to plug-in to your internet connection outside your house and sniff that data too?
Yes and no. The internet is an insecure public network, so I have no real expectation for privacy. *However*, in the case of my hard-wired internet connection, I am not blasting data out into the public environment, so by tapping into it you are either tresspassing on my property (to connect to my network) or you are tresspassing on the telco's property (their copper cables), both of which are crimes.
I mean, it's obviously your fault since you didn't use VPN.
I don't need to use a VPN. Protocols I use that carry sensitive data are encrypted (e.g. ssh, https, imaps, etc). And yes, if I shoved some sensitive data in the clear over an insecure network I would only have myself to blame if someone intercepted it. (Note: if someone captured my credit card details and used them fraudulently then, whilst it would've been my fault that they got the credit card details, they are still breaking the law by using them, so I would expect them to be arrested. If they captured the details and didn't use them for anything illegal then that's just tough for me isn't it?)
And, would it be OK for ISP's and VPN providers to sniff data that goes across them?
Not sure what you mean by "VPN provider" since pretty much all sensible uses of VPN is between trusted networks (so you inherently trust the other party to not do anything bad with your data).
I would have a problem with ISPs profiling my traffic (e.g. Phorm), and I do have a real problem with legislation that forces ISPs to do this (the security services shouldn't be interested in what law abiding citizens are doing). However, as mentioned above, the traffic going through my ISP isn't being blasted out over public space. Importantly: This isn't what Google was doing - they were capturing a few packets from random in-progress connections while driving past. They would've been lucky to get any kind of useful data out of a fraction of a percent of the packets they caught, let alone tie it back to an individual and profile their browsing habits.
http://blog.nexusuk.org
Well, the report confirms what was in the summary and title of this story.
How so? Read the 3rd bullet point on page 22 of the report.
"The record also shows that Google's supervision of the Wi-Fi data collection project was minimal. In October 2006, Engineer Doe shared the software code and a "design document" explaining his plans with other members of the Street View project. The design document identified "Privacy Considerations" and recommended review by counsel, but that never occurred. Indeed, it appears that no one at the Company carefully reviewed the substance of Engineer Doe's software code or the design document."
Ceci n'est pas un sig.
Full underacted text
I'll wait for the Shatner reading.
Ceci n'est pas un sig.
With google, what happens? Straight up honesty. 100% un-redacted other than the user's names.
Shouldn't/Isn't the FCC report publicly available even if Google doesn't release it? I mean, we can give props to Google if they link to it from their blog or otherwise increase the visibility of the report, but it seems to me that the FCC report should be public regardless of what the investigatee wants or does.
Ceci n'est pas un sig.
I think this is scary and completely unacceptable.
Why is it "completely unacceptable" to capture data that is being broadcast in the clear over public radio spectrum in a public space?
It's not that they captured some broadcast data, anyone can do that. It's that they systematically drove around and captured A LOT of broadcast data and correlated it to location information, with the intent that it could be mined for business purposes in the future.
It's the same reason why the health code is very strict for restaurants but not for personal kitchens. If I don't cook something correctly, I could make my family sick. But if a restaurant doesn't cook something correctly it could make hundreds of people sick.
Scale matters when it comes to the consequences of your actions.
Consider the humble wiretap: telephone conversations are unencrypted communications over semi-public networks, and yet unsophisticated callers presume them to be private. So there is a body of law designed to protect the privacy of our phone calls.
Yes, the neighborhood utility guy could tap the lines and listen in. But no company or enforcement agency could do so on a large scale without causing a huge scandal.
As tech-minded people, we all know that what happens on unecrypted wi-fi (and plain-text internet connections) is subject to interception by war-drivers, ISPs, and government-operated listening posts. And so it's hard to have any sympathy for folks who used unencrypted wi-fi and got caught by Street View's packet capture. But that doesn't mean it should be legal for organizations or governments to listen in. Just because they can, doesn't mean they should.
From the report, we know that Google started doing this in 2008, which *is* pretty late in the game for unencrypted wi-fi. Nevertheless, there was a time (say 2003ish) when it was fashionable to have unencrypted wi-fi. Not only did this ease compatibility problems, it made it easy for friends, family, and other visitors to get online quickly. It was also seen as an altruistic way to give internet to the masses. This started changing in the middle of the decade, but for whatever reasons there were clearly still quite a few unencrypted networks for gslite to sniff in 2008-2010.
I think it's interesting to draw the comparison between the Wi-Fi data harvesting to the News of the World --a Murdock owned news media outlet-- hacking controversy. The two aren't apples to apples comparisons, but at a basic level they both have the similarity of large companies accessing information for which they did not have authorization. Many have called for an outright boycott of Murdoch media, even in some cases a ban thereof. On the other hand, while we've seen a lot of criticism of Google's actions, we haven't seen the same volume of public outcry of boycotting Google or restricting the operations of Google enterprises. Most of the action discussed enters the realm of penalties and fines. I wonder if two forces are at play here. One, have too many become so dependent upon Google that they hesitate to support any action that would make Google services unavailable? Two, has intense dislike of Murchoch media reached a level where the application of a different standard is acceptable to many? Full disclosure, I'm a user of gmail and a viewer of Fox News, not exclusively thereof for either.
Did you know that Google is secretly backing CISPA? At least Microsoft and Apple do it in open. But of course that wouldn't be good for Google's image.
Did you know that CISPA also isn't at all what most people here seem to think it is? All it does is let the government tell ISPs that it's detecting potential cyber security threats from a computer/network - the ISP isn't required to actually *DO* anything with that info, nor is it granting the government more monitoring than it already has. As Google is also a massive ISP them backing the ability for the govt to inform them of unusual traffic makes a lot of sense. The bill may have some problem areas that need to be addressed, but unlike SOPA/PIPA its intended goal is completely reasonable and logical.
It's not that they captured some broadcast data, anyone can do that. It's that they systematically drove around and captured A LOT of broadcast data and correlated it to location information, with the intent that it could be mined for business purposes in the future.
"A lot" divided by the number of households they drove passed == practically nothing from each household. Given that they drive around in the middle of the day, the vast majority of wifi networks are going to be almost entirely idle, so they probably won't get anything from them other than the beacon. The beacon packet basically contains the SSIDs of the network (which they use to identify an access point for their wifi geolocation system), and contains no other useful data. Occasionally (probably every one in a few thousand networks) they might pick up something like a UPnP broadcast packet, which might tell you the brand of a device on the network. On networks where someone is surfing the web (again, middle of the day, so not that many), they might pick up a couple of packets from the middle of a session - its pretty unlikley that these packets are going to have much useful data in them, maybe a *fragment* of an email or something, more likley just a lump of javascript or part of an image from some random web page. On networks where someone is torrenting data, they will get a lump of binary data from somewhere in the middle of that torrent, again, doesn't really seem that useful to anyone.
Then we combine the above fact that they would've captured very little data from the average network (even less of any use) with the fact that the vast majority of the networks are encrypted, and you can see that they probably captured very little of value. Even if this was intentional, it was probably capturing the traffic "because we can" rather than them actually expecting to be able to use it for anything.
Scale matters when it comes to the consequences of your actions.
Yes, but I can't see any consequence here. Anyone who thinks google got a serious amount of useful data from this exercise is deluded and doesn't understand (a) how little time the Google car would've stayed in range of each network, (b) how little traffic the average network would've produced in that length of time, and (c) how tiny the proportion of personal data vs. random useless crap is in the average stream of network traffic.
http://blog.nexusuk.org
Nullifying this one example changes nothing. And how do you "prove" someone's evil, BTW? Trust Google at your own risk.
I have always been doubtful when people commented about how bonch had all these shill accounts, and then I saw the Wozniak Win7 phone article, and there pops up TechCar, with a clever pro MS and anti-google post; and right here all of your detractors have been modded down.
Its eerily like you really are a shill with a stable of accounts with modpoints. I mean, how is it you manage to turn MS supporting CISPA openly into a good thing, and Google not stating support for CISPA into a bad thing? How is it elsewhere you manage to turn Google's Android into a success into them "being sneaky", while poor ole MS struggles with their noble Win7 phone OS?
If you want to shill, be honest about it, dont sockpuppet.
I dont believe it IS broadcast at you. Unless Im mistaken, with any kind of wireless protection, the shared key is NOT the encryption key; rather each device negotiates its own key with the AP. You may have data flying at you, but its not data that you can read without cracking that key (which I believe you CAN do with the PSK..?).
In the same way, would it be ok for me to plug-in to your internet connection outside your house and sniff that data too?
No, because you have a reasonable expectation of privacy there. Its the difference between overhearing a shouted conversation with my neighbor, and setting up unidirectional microphones against the walls of my house and capturing a conversation with my family. One is legal, the other is very clearly a violation of wiretapping laws.