| This 92 message thread spans 4 pages: < < 92 ( 1  3 4 ) > > || |
|Google Street View logging MAC Addresses - And Sniffing Data|
We often raise the privacy issue on this forum and we often hear some members say they are not concerned, after all, "everybody is doing it". Well, it's getting worse, not better:
|Google Street View logs WiFi networks, Mac addresses |
Google's...Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique Mac (Media Access Control) addresses, as the car trundles along.
Germany's Federal Commissioner for Data Protection Peter Schaar says he's "horrified" by the discovery.
"I am appalled… I call upon Google to delete previously unlawfully collected personal data on the wireless network immediately and stop the rides for Street View"....
Read Full Story [theregister.co.uk]
... Google is now saying, in a late-night-Friday European-time confession that is sure to infuriate regulators and privacy advocates, that its previous claims were wrong.
Mr. Eustace wrote that a review of Street View software has revealed that due to a programming error in 2006, the company has indeed been mistakenly collecting samples of payload data from non-password protected Wi-Fi networks in Europe, in the United States and other major regions around the world.
[edited by: Brett_Tabke at 1:13 pm (utc) on May 15, 2010]
[edit reason] added ny times link [/edit]
[edited by: Brett_Tabke at 12:56 am (utc) on May 16, 2010]
[edit reason] you called it - off topic [/edit]
|(from ken_b) What has recording this info got to do with taking pictures for street view? |
I don't get it. Did their cameras not work unless the sniffed out wifi signals?
Exactly. There is no way that this was a mistake and there is no way that each individual driver didn't know that this was happening. The equipment needed to take pictures and sync them with GPS info would not be sufficient to also sniff and record wi-fi mac addresses and data packets. Additional hardware and software would have been needed and the operators would have had to know about it.
|been mistakenly collecting samples |
My 4ss - with all their boffin power!
They are just sore they got busted...
Doesn't this method is used for specifically to collect wifi networks and their locations to use it for Assisted GPS? There was a company that paid a couple of bucks for every 1000 wifi location their software report to them, while you were using it for navigation.
|I can only add, if you are working over an open wifi - you deserve to be sniffed. |
I don't believe that if you forget to lock your front door, you deserve to have someone rummage through your belongings. Or if a woman leaves a crack in her blinds, she deserves to be target of a peeping tom.
I'm all for people protecting their wi-fi and property as best as they can. But if people are not as tech savvy as the rest of us, I don't think they should be blamed for someone else's potentially criminal and/or negligent behavior.
I personally think the bigger story is that if you take their word at face value, it shows a rather passive stance on privacy. If they don't even know that they are collecting data from people and storing it, that's a bad sign.
Google driving by and recording networks is the least of your problems.
If you think your wifi is secure, read up on Aircrack and see just how secure you really are.
Sitting here at my desk at the condo using my wifi analyzer I see 10 wifi networks, 8 of them WEP, so I could get access in minutes, clone a MAC address, download all sorts of good stuff and just sit back and wait for their lives to be shattered when the RIAA or the MPAA, or much worse, comes knocking about those downloads.
Good thing I'm not a bad guy or all the neighbors would be in serious trouble ;)
Don't worry so much about Google, worry about all the hackers driving around with wardriving wifi sniffing apps in their smart phones that come back later with aircrack and do all sorts of interesting things.
Short of a man-in-the-middle attack, using HTTPS on any network is secure.
Open networks are even more fun. If a hacker knows where a popular wifi hotspot exists they can just drive up in their car nearby and offer up their own open wifi for you to connect with. This makes them the man-in-the-middle, and when someone connects with the hackers wifi all bets are off.
Online privacy and security are just illusions often shattered when you least expect it.
If you must go wireless, the only real security is wireless broadband, never wifi.
Upon reflection, Google's mapping open wifi hotspots just saves hackers the trouble of wardriving looking for them.
|if you forget to lock your front door, you deserve to have someone rummage through your belongings. Or if a woman leaves a crack in her blinds, she deserves to be target of a peeping tom. |
Riiiiight - and if you left your credit card showing out of your bag then it's fine for someone to take that too? How far are you willing to push the boundaries of ethics? It's clear to me that it's either a tresspass or it isn't. And I think it is pretty clear that google have tresspassed on our good will.
|And I think it is pretty clear that google have tresspassed on our good will. |
Sniffing public airwaves for public broadcasters using a public protocol is far from trespass.
If you didn't broadcast that signal, they couldn't find it.
Every wifi enabled smart phone does exactly the same thing, are they trespassing?
Add a wardriving app to those phones and you can record those networks just like Google did.
|if you forget to lock your front door, you deserve to have someone rummage through your belongings. |
Wrong metaphor, the house is still closed even if unlocked, you can't see inside.
Wifi is a broadcast, it's not closed, everyone within range can see it without making any attempt to enter the premises.
There was an item on zdnet.com security blog yesterday about someone in Germany being fined for having a wireless network with no password. It was through a court action taken by a musician whose work had been pirated in that way.
It goes on to say that in several countries, including US, police have been scanning for open wireless connections and warning citizens of their danger since at least 2006.
Doubtless in some countries this comes under the same computer misuse act that prevents ISPs detecting virus/spam traffic on their networks and turning off or limiting offending connections. Shame, really.
Also a shame that major TV networks don't run prime-time programmes about internet hazards. At least, they don't here in the UK. Even the google story has been relegated to the tech news section of the BBC web site.
The whole thing raises questions and whatever way you look at it, Google looks bad.
1. Google did not only 'sniff' - they STORED personal, individuell data without the consent of data owners which is a crime in Germany and can be sanctioned with up to 12 month of jail or a fine - password protected network or not (note: this is the fine for doing it 'only' careless). Google admitted to have stored 'fragments' of emails and other personal data and I would expect German authorities to nail them for it.
2. Why did Google code spy software in the first place?
3. How is it possible that this code was used by Google without Google knowing about it?
4. Three years of illegal data collection - data unrelated to the job at hand (taking images) and not a single soul at Google noticed?
Right...either Google is evil or incompetent, and I don't know which is worse...either way, Google should be taken out of business!
|they STORED personal, individuell data without the consent of data owners |
Since when is an OPEN broadcast transmission personal?
Never has been since HAM radio best I can tell.
Here is a metaphor that you may be able to relate to: If I send a postcard by snake mail I take the risk that the postman will read it even though he is forbidden to do so by law. Since he has to look at it in order to find the delivery address, reading some of the text may be unavoidable and nobody will try to make a case against the postman.
However, if said postman makes a copy of the postcard, takes it home and stores it in a box THEN he is facing criminal charges. And this is exactly what Google did.
I hope you agree that if I send you an email then that is personal. Sending this email via an open wifi connection does not make it public.
Since when is connecting to the internet via an unsecured wifi considered BROADCASTING? Looking at some websites is broadcasting? Sending an email to a friend is broadcasting? You may want to look up the meaning of broadcasting. Or, at least try to put yourself into the shoes of a USER once in a while and pause looking at everything through the eyes of a web publisher.
|Or, at least try to put yourself into the shoes of a USER once in a while and pause looking at everything through the eyes of a web publisher. |
I put myself in the shoe of a user all the time and broadcasting is what you do when you use radio waves with inherently flawed protocols to transmit information. Remember, they said it happened with "non-password protected Wi-Fi" which is the same as broadcasting because it's completely unprotected binary information that ANYONE can read with any simple smart phone or laptop.
Might as well shout it from the roof top for all to hear.
A smart user doesn't use wifi, they use EVDO/3G/4G.
Otherwise your data is literally on the public airwaves accessible to anyone within range.
Using the postcard metaphor, if I wanted it to be private it wouldn't be a postcard now would it?
Instead of a postcard you would use an ENVELOPE (SSL) so nobody else could see it.
So when I drive down the street and my phone is automatically connecting to every open wifi around, am I not doing anything different than Google did?
If I run a special app it records all those networks, nothing Google didn't do.
Once I have access to an open network, there is nothing private going on unless you're using SSL.
Don't hate Google just because people are duped into feeling secure using an open connection.
It's like the old phone party-lines we had when I was a kid in rural Kansas where anyone alone the line could pick up and listen to the call. If you wanted privacy for something you drove down the road and used the dedicated pay phone.
Just like now, if you want real privacy with no obvious man-in-the-middle attacks (for now) you use EVDO/3G/4G, if you don't, you get what you pay for which is a lack of security and privacy.
Seriously, just because people are ignorant about the inherent flaws in wifi security doesn't make it any more secure and I feel no empathy with their situation except that they're ignorant about the lack of privacy.
The best you can do with wifi is VPN or SSL, and if you use neither, you should at least have ZERO expectations of privacy or security and be well aware that caca could occur.
Personally, I'd rather have Google sample the connection than a lurking hacker deliberately sniffing and storing my passwords!
Whether Google should sniff wifi signals and if users should use an unsecure wifi connection are two completely separate issues.
Just because the users may be doing something unwise doesn't make what Google has been doing right.
Just because Google can do something doesn't make it ok to do it.
What are you trying to achieve? Google broke the law. In Germany and up to 34 other countries. They already admitted doing so. Why are you trying to move the discussion into a different direction?
Google Broke The Law...Period!
Some countries actually have laws protecting clueless users.
>Sniffing public airwaves for public broadcasters using a public protocol is far from trespass.
it is different in Europe. airwaves are not by/for the public. It is much more closed system over there.
|it is different in Europe. airwaves are not by/for the public. It is much more closed system over there. |
OK, granted in Europe the laws may be different.
That means every smart phone with wifi enabled out sniffing for hot spots as you walk or drive is breaking the law, not just Google, doesn't it?
Sounds like anyone running WifiScan is heading for prison.
Not sure how anyone can twist it differently as it's either all OK or never OK.
|Some countries actually have laws protecting clueless users. |
My point was that laws don't protect your insecure connections.
It's not like the normal breaking of a law, like a burglary, the scofflaw can be on your network right now and you'll never even know it unless they do something really stupid.
OK fine, Google broke the law.
Then isn't every wifi and laptop sniffing phone also breaking the law by definition with millions of scofflaws wandering around unknowingly connecting to networks they shouldn't be accessing and not even aware that the device in their pocket is doing something illegal?
It's the ones wandering around sniffing for malicious purposes [webmasterworld.com] you should worry about and Google, who openly admitted it happened, wouldn't fall in that category IMO.
My point was, and still is, there's no point to getting upset over someone sniffing insecure networks.
It's a simple situation where innovation should prevail over legislation and insecure wifi should simply be banned.
In this event, Google claimed to be only accessing networks without passwords, so why doesn't the legislation require that every wifi device force passwords and we wouldn't be having this discussion, Google wouldn't have been able to sniff those networks.
Perhaps European legislation would best serve the public by BANNING devices that don't require passwords, that allow easily crackable WEP or WPA with shared passwords, basically anything that can be easily breached and then we wouldn't be having this conversation and many others that will surely follow over the folly of legacy junk wifi connections.
|"Google CEO Eric Schmidt recently said internet users shouldn't worry about privacy unless they have something to hide. |
What kind of low IQ answer is that"
Yeah exactly right. While I'm VERY less than enthusiastic about "street view" I'm totally feral about this story of WiFi. I don't use it, many do.
Is Google now sub-contracting to the rotten CIA for data gathering?
Not sure how anyone can twist it differently as it's either all OK or never OK.
Hardly, have some perspective.
The wife at number 6, Mountain View Drive has a habit of getting undressed in front of the open curtains. Many neighbors whisper that she does it for attention. Hey, she has a nice body...why not?
Most of the men in the street happen to take their families' dogs for walks at around the time Mrs Wiggle is strutting her stuff in front of the naked panes, but then there's this one guy...
Furtively hiding a camera under his thick overcoat, worn even on balmy July evenings, he takes photos of the nightly unveiling ceremonies and flits off home, damp hands clasping the polaroid snaps that will be used for entertainment later. Looking around his bedroom as he walks in, box of kleenex in hand, we see many other photos of many other women plastered around the four walls. This guy is dedicated. He'll be buying a better camera next month, one that will do an ever better job. Nightly, he whispers a silent prayer up towards the shadowy ceiling, hoping he never gets caught. That would cause such a scandal...
but, hey, has he really done anything wrong? I mean...those girls standing there showing girdle, stockings and flesh to the watching men of Peepsville. They were asking for it, weren't they? They were broadcasting, no?
|Since when is an OPEN broadcast transmission personal? |
Never has been since HAM radio best I can tell
Ham Radio in most countries, under licensing provisions are subject to privacy/confidentiality provisions.
Ian C. Purdie
There are a few open networks in my neighbourhood but I wouldn't know the first thing about reading the emails or data the neighbours are transmitting. Don't you have to have some special code / hacking stuff available to do so ?
Can't really accept the arguments incredibill is making. He is not a layman and is not looking at it from a 'normal user's' point of view.
Google has clearly abused the trust of citizens and has been caught with pants down.
For a good understanding of the specific situation in Germany, it may be good to go back to the original source. The press statement [hamburg.de] from the Hamburgischen Beauftragten für Datenschutz und Informationsfreiheit und des Bundesbeauftragten für den Datenschutz und die Informationsfreiheit about the issue is a good starting point. This statement is in German, but I will translate the most important point:
|Nach gegenwärtigen Erkenntnissen ist davon auszugehen, dass neben der örtlichen Erfassung, dem Verschlüsselungsstatus der Geräte, der weltweit eindeutigen MAC-Adresse auch der vom Betreiber vergebene Name (sog. SSID) gespeichert wurde. Bei letzterer verwenden Privatpersonen nicht selten ihre Klarnamen oder andere auf sie hinweisende Informationen. Sowohl mit Blick auf die Benutzung des eigenen Namens als auch auf die Möglichkeit, die WLAN-Netze aufgrund ihrer örtlichen Lage Bewohnern von Häusern zuzuordnen, handelt es sich um die Erfassung und Speicherung personenbezogener Daten und deren Übertragung in die USA. |
|After realizing this it can be assumed that apart from the collection of the location, the encryption status of the devices and the world-wide unique MAC addresses, also the name assigned by the owner (the so-called SSID) were stored. With the latter private people use pretty often their personal names or other information referring to them. Regarding the use of the personal name together with the possibility of localizing the WLAN networks, it may be possibile to localize the inhabitants of houses, which is a matter of collection and storage of personal data and their transmission to the USA. |
The problem is not about listening to open Wifi networks, which is allowed. The problem is about collecting personal information (the SSID often equal to the personal name of the Wifi access point owner) together with the geograpical location of the Wifi access point and sending this information for storage to the USA.
|There are a few open networks in my neighbourhood but I wouldn't know the first thing about reading the emails or data the neighbours are transmitting. Don't you have to have some special code / hacking stuff available to do so ? |
Can't really accept the arguments incredibill is making. He is not a layman and is not looking at it from a 'normal user's' point of view.
The apps to track networks are available in Windows, Apple and both the Android and iPhone app stores.
Also, the software and apps to hack those networks are available freely to anyone.
I may not be a layman but it doesn't take a rocket scientist to type "heck wep" or "hack wpa" into Google and get directed to Aircrack which lets the novice get in way over his head in seconds.
I've personally never hacked anyone's wifi network (but my own) and anyone with the available software could do it within minutes, it's not complicated, it's as easy as making a spreadsheet.
Like I said before, legislation should outlaw the poor protocols and leave locking out the bad guys to the technologists.
This is a prime example of Google doing something that good wifi technology and security practices wouldn't even permit them to do in the first place.
Whether you hate or love Google, or whether you hate or love what they did logging wifi, the real issue is WIFI SUCKS unless you use the max security including VPN and SSL.
The lesson that should be coming isn't to vilify Google, but fix your security, otherwise people will just keep endlessly reporting stolen passwords, credit cards and worse and continue to make them publicly available being blissfully ignorant of the situation.
I doubt George Washington would've allow his spies to use wifi, they used invisible ink, something more secure ;)
> Like I said before, legislation should outlaw the poor
> protocols and leave locking out the bad guys to the technologists.
Isn't that a discussion from 10 years ago, and would also say that email spam is okay, as long as the mail protocol is flawed?
But G did not crack any wifi, they just grabbed data transmitted openly by unprotected wifis. It may be ethically questionable (and G actually questioned it themselves) but not illegal.
There are tons of companies that collect wifi names to build GPS like location services based on the wifis around, that is nothing tragic. G was just smart enough to do the same, since they had their street view cars driving around anyways.
But its nice that this gets so much publicity, maybe it helps more people to actually take care of their wifi setup.
By the same token as all these arguements it was the US military's fault that Gary McKinnon was able to hack their systems.
I wonder if Cameron has got the guts to hold the extradition untilo we get Brin in return?
> With the latter private people use pretty often their
> personal names or other information referring to them
Yeah right. So the nail a big name sign on their front door and then complain when people are able to find them easily.
@Green_Grass, first from what lammert said Google were NOT recording emails etc., only the info you can see if you can see the open networks at all.
@cwnet, a better post card analogy would be if a post-offices OCR system was accidentally configured to read of the post card than just the address and the name of the addressee, and to then store it.
The issue is not about having access to individual personal information, but storing it. European laws are often pretty open about receiving information, because obtaining information is seen as part of the freedom of speech. You can't have freedom of speech if people aren't allowed to listen to you. But storing personal information on a larger scale is frown upon and in many cases prohibited by law.
Having a large sign on your door with your name is fine. Reading that sign when you walk in a street is also OK, but creating a database with all the names of people linked to their address isn't.
| This 92 message thread spans 4 pages: < < 92 ( 1  3 4 ) > > |