| This 92 message thread spans 4 pages: < < 92 ( 1 2  4 ) > > || |
|Google Street View logging MAC Addresses - And Sniffing Data|
We often raise the privacy issue on this forum and we often hear some members say they are not concerned, after all, "everybody is doing it". Well, it's getting worse, not better:
|Google Street View logs WiFi networks, Mac addresses |
Google's...Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique Mac (Media Access Control) addresses, as the car trundles along.
Germany's Federal Commissioner for Data Protection Peter Schaar says he's "horrified" by the discovery.
"I am appalled… I call upon Google to delete previously unlawfully collected personal data on the wireless network immediately and stop the rides for Street View"....
Read Full Story [theregister.co.uk]
... Google is now saying, in a late-night-Friday European-time confession that is sure to infuriate regulators and privacy advocates, that its previous claims were wrong.
Mr. Eustace wrote that a review of Street View software has revealed that due to a programming error in 2006, the company has indeed been mistakenly collecting samples of payload data from non-password protected Wi-Fi networks in Europe, in the United States and other major regions around the world.
[edited by: Brett_Tabke at 1:13 pm (utc) on May 15, 2010]
[edit reason] added ny times link [/edit]
The issue is not about having access to individual personal information, but storing it. European laws are often pretty open about receiving information, because obtaining information is seen as part of the freedom of speech. You can't have freedom of speech if people aren't allowed to listen to you. But storing personal information on a larger scale is frown upon and in many cases prohibited by law.
Having a large sign on your door with your name is fine. Reading that sign when you walk in a street is also OK, but creating a database with all the names of people linked to their address isn't.
Does a single person in this thread believe that every single stich of data available isn't being recorded?
It makes the whole argument of privacy pointless.
So that my post isn't deleted for being vague I'll add something specific...
A camera doesn't accidentally grow a scanner and actively look for (and record) open wifi data. It's an impossible "malfunction".
> Google has clearly abused the trust of citizens
> and has been caught with pants down.
In the Buzz case - that was completely true.
Unless there is another shoe to drop, there is zero injury here to anyone in this case.
>The issue is not about having access to individual personal information, but storing it.
Recording stuff is easy. Figuring out the bits to throw out takes processing power that is not available in a mobile car.
I hope when this is done, Google publishes the data on open wifi networks and network configuration they have found. It would be a fascinating map and help city and public planers in wifi building. Gosh, if Google had aspirations of getting into the public WiFi game, they would need to know this data (oh wait, they ARE in the public WiFi game!)
In that light - they were doing a public service.
@lammert, are you sure about that? You can buy access to UK electoral data, telephone directories list addresses (last time I looked!), and there are websites that will tell you who lives at a given address, (or find an address by occupants name), a list of other occupants, how long they have been there for, how much the house was lost sold for (if has been bought in the last few years), etc.
The difference with those data and the data Google sniffed is that people have given permission in some way, or that that information must be made public based on existing laws. When you apply for a telephone number you can opt out to be listed in the phone book for example. Google didn't ask individual Wifi owners for that permission. If you read the German press statement they didn't inform the German authorities about the Wifi network sniffer in their Streetview cars. They also didn't allow the German authorities to look at equipment in a Streetview car. Only when the Germans demanded an audit they started to react.
Laws differ per country and what is prohibited in one country may be allowed in an other. This kind of privacy laws in the Netherlands forced the Dutch internet registry SIDN a few months ago for example to remove all personal information [webmasterworld.com] from the whois queries of .NL domains. What is seen as public information in one country may be private information in another.
Put the onus on the manufacturers of the devices to make sure they are secure out of the box.
Ya, I know, that's a pretty bold request but when you look at the source of the challenges, it points right back to the software/hardware used by the average consumer which is unprotected out of the box based on my own personal experiences. Not only that, the process required to setup a secure network is beyond most average consumer's understanding. :(
I just viewed all connections with range of my network. There are 15 and 8 of those are Unsecured. Maybe my neighbors are doing some online banking at the moment using their Unsecured network connections. [Shakes head...]
There needs to be quite a bit more from a prevention standpoint. Too many things out of the box are unsecure. I say they need to be locked down from the start. Let the consumer try and figure out how to unlock it instead - how to make it unsecure. ;)
Well, open Wifi connections appear to be illegal in Germany, unless you like paying fines.
|The Karlsruhe court ruled that Wi-Fi owners are liable for abuse by a third party in cases where they fail to password-protect their internet connections. |
Maybe Google should just turn over that list of open wifi connections to the court ;)
|I would really like to know if there was any usable data whatsoever. I so doubt it. A couple packets here-n-there. |
|OK fine, Google broke the law. Then isn't every wifi and laptop sniffing phone also breaking the law by definition... |
|In that light - they were doing a public service. |
I am concerned that some in here seem to be minimising this situation. What they did was illegal. I do not know enough about the technical side of this to understand all of the implications of what they have done. The fact that they had to make a groveling apology is enough for me. They know they did wrong even and they are well aware of the implications.
In other areas of business if a company did this the brown stuff would really hit the fan. Google consistently gets away with stuff actions this because (like me) many people do not full understand the implications. We should not minimise or try to defend this in any way, shape or form.
If I steal a penny from a 100 million people they will miss nothing but I will have £1,000,000. That is major theft is it not? Or if I am clever enough to come up with a workable way of doing this will it be OK? No one will be hurt by it after all. ;)
|Google Admits Street View Logged MAC Addresses and Payload Data |
...and now they admitted that they also scanned houses using laser scanners. Their justification is to enable the display of virtual 3D maps, and of course they do claim that they did not need a licence for this.
Here is an article from German broadcaster ARD (similar to the BBC), obviously in German only:
>I am concerned that some in here seem to be minimising this situation.
I'll be the first to pick up stones to throw if Google is way in the wrong (like they were with the Buzz fiasco)
> What they did was illegal
Bad laws are just that - bad laws. Ignorance of those laws is no defense. However, when laws are straight out of SciFi flicks (check [izurl.com...] ) then I think a little latitude is in order.
Now, if someone can show me that they had ill intentions with the data or what they were doing was in any way for nefarious purposes, I'll glady join the bashers. It appears to me, Google was innocent with good intentions this time. The wifi program wasn't about sniffing data and using it for evil purposes - it was for building exactly what they wanted to build - a map of wifi networks around the world.
> They know they did wrong even and
> they are well aware of the implications.
Sure after the fact. I think I speak for the other 90% of america that didn't know laws were so dracoian over there. We thought West Germany won the cold war. Our bad.
If you can't "listen" to air waves like Google - do you have to have some sort of license to own a radio? How do you watch TV? Both of which come over air waves - just like wifi. So if you own a DVR or a VCR - are you breaking the law by recording airwaves?
|how many *consumers* you believe consciously understand that their wi-fi, unless actively secured, is interceptable by others. Guys like you and me know these things. But the average consumer doesn't. |
It doesn't matter to me how many understand. I am over hand holding people who want to use technology but have no interest in taking a day or two to learn how to use it.
If you want to hook up a little box to your computer that broadcasts your info to the world and you have no idea how it works, what the implications are or even what is broadcasting then I have little sympathy for you.
To me it is like someone who buys a car and never puts oil in it, then when a cylinder goes through the engine block they get all defensive and say how no-one told them it needed oil, and how the dealer should pay for it.... Did you read the owners manual? Why not? We can't go through life hand holding people, if they want to do something they should take the time to learn how.
|Having a large sign on your door with your name is fine. Reading that sign when you walk in a street is also OK, but creating a database with all the names of people linked to their address isn't. |
You are saying information is good until such time that too many people acquire that information or until such time that the information is easily retrievable, then at that point the information becomes dangerous, or in your words... not ok.
So what is the bench mark? When 1000 people know the name of the people living in the house with their name on the front it becomes not ok? At what point does information become bad?
I just can't grasp the concept that the more available info becomes, that it somehow becomes bad.
You can listen to air waves, but you are not allowed to store personal information obtained from them. Continental Europe has faced some political systems between 1935 and 1990 where mass storage of personal information was misused. Because of that history, sentiments of people in Europe are often against storage of personal information and in a number of countries laws have been created to prevent that.
Ever try telling a client to enter a WEP 128 Bit Key into their wireless devices. Every single time I've brought this up to friends and family they were like "huh, what's a wet key?" Seriously, forget the hand holding after the fact!
Put the onus on the manufacturers of the devices to ship them preconfigured to connect to a secure network. I'm sure they can figure out a way to do this. Yes? No?
|If you can't "listen" to air waves like Google - do you have to have some sort of license to own a radio? How do you watch TV? |
Here in the UK we do need a licence to receive TV and radio. You get a heavy fine if caught without one. The fees are what funds the BBC to the benefit of the whole wide world. [en.wikipedia.org...]
|It doesn't matter to me how many understand. I am over hand holding people who want to use technology but have no interest in taking a day or two to learn how to use it. |
Oh yes a day or two will be more than enough for anyone to understand everything there is to know about the new computer they have just purchased! You are joking, right? ;)
|If you want to hook up a little box to your computer that broadcasts your info to the world and you have no idea how it works, what the implications are or even what is broadcasting then I have little sympathy for you. |
I don't know how to program the built in video recorder in my 42" all singing and dancing TV? Does that mean I should not be allowed to own it? You are being very unrealistic if you expect all people to have the ability to learn all they need to know about computers and data transmission in "a day or two".
I think this is a stunt.
Google has had interest in wifi networks for years. They know big wifi networks for cities will continue to bomb. This is a stunt to kill wifi systems. 60ghtz is opening up and will advertise how secure it is over currently used wifi. (point to point systems, etc.) ... and I bet "they" are ready to fill the demand.
anyone think Alvarion or Tranzio would die for an account with Google?
|Oh yes a day or two will be more than enough for anyone to understand everything there is to know about the new computer they have just purchased! |
Obviously not, but I never said it would take a day or two to learn how to use a computer. If you get a computer for email and web-surfing then you should take a couple days to learn the inherent dangers of using email and web-surfing.
Things like.... When is it safe to use your credit card..... When is it safe to open an email from an unknown sender. Do I need anti virus. I am not suggesting they need to learn how to set up an ODBC connection, unless they got the computer for DB purposes.
|I don't know how to program the built in video recorder in my 42" all singing and dancing TV? Does that mean I should not be allowed to own it? |
Yes you can own it but you should at least grasp the pitfalls and inherent dangers of it. For example does it store any data on your use of the TV? If you recycled it could someone pull a log of your viewing history?
|Put the onus on the manufacturers of the devices to make sure they are secure out of the box. |
I agree they should, but I can see why they don't. That is a customer service nightmare.
"What is my password" (can't be a default password otherwise not secure)
"Can I change my password?"
"Which network (ssid) is mine?" (can't be default, otherwise not secure and everyone can't have an ssid of 'default')
"You sold me this as secure and I got packet sniffed, make it right"
Every wireless router I have seen in the last 7 or so years has a disk they repeatedly prompt you to use and it has a wizard that will set up all the security needed on your router, along with many warning stickers. You have to ignore a lot of warnings and instructions to set up a wifi router that is open and insecure.
I don't suggest that people need to learn the nuances of networking or the difference between encryption types, but they need to learn the inherent risks in owning any device.
It's negligent if you just plug something in with no idea of what will happen or what the risks are.
I think a few of you are missing the point because you don't really grasp what Google was doing.
You seem to be under the impression that Google was only mapping open WiFi points.
They were also capturing data on those networks such as e-mails and details about which websites a person had visited. That goes beyond just innocently mapping WiFi hotspots.
I don't really expect many will be able to discern the difference as the Google-love is too strong here to be objective. I guarantee you that if the government was doing this, your responses would be decidedly different but they don't have an adsense like program.
If nothing else, it is a strong reminder of how different tech laws can be around the world.
|It's negligent if you just plug something in with no idea of what will happen or what the risks are. |
I think this is an unreasonable stance. You have to be made aware that there are risks and most people are simply not aware of wither the risks or the extent of these risks. The vendor is not going to stress the risks as that does not help to move product.
The only time risks are pointed out by vendors is when physical safety is concerned and even that does not always happen. The salesman won't offer you a lesson on the dangers of using a microwave oven will he? The Internet is awash with risks and we supported the systems that promoted and created them. Thats life folks.
I guarantee you that if the government was doing this, your responses would be decidedly different but they don't have an adsense like program.
Thank you Frontpage. That sums this up perfectly. Never has a truer word been spoken. ;)
Demaestro says, "It doesn't matter to me how many understand. I am over hand holding people who want to use technology but have no interest in taking a day or two to learn how to use it."
You logic is correct. There's a warning given to users that Wi-fi should be secured to ensure privacy. But there's too much cynicism and a whole lot of caveat emptor in your argument. We are still talking about the average consumer.
This is also perhaps a typical case of technology outpacing the law.
I'm sure you approve of laws such as consumer food labelling laws, truth in lending, Fair Credit Reporting Act, etc. This is all stuff people should know, right? It's all in writing when they sign the loan, get a credit card, etc.
All these laws are based upon protecting people from well, yeah, what they should know (it's all there in writing! Read it!)
|They were also capturing data on those networks such as e-mails and details about which websites a person had visited. That goes beyond just innocently mapping WiFi hotspots. |
I admittedly missed that. I only read the article linked in the OP which doesn't mention that.
I do not think that is ok. But I still hold the opinion that users need to take some responsibility for their own privacy and networks.
|I'm sure you approve of laws such as consumer food labelling laws, truth in lending, Fair Credit Reporting Act, etc. This is all stuff people should know, right? It's all in writing when they sign the loan, get a credit card, etc. |
All these laws are based upon protecting people from well, yeah, what they should know (it's all there in writing! Read it!)
Of course I support the laws requiring labels and transparency. Like food, routers have labels and warnings and my sympathy level drops if you ignore all that. It is all there in writing. All you have to do is take the time and read it.
|We are still talking about the average consumer |
If the average consumer can't bother to read then I can't feel sorry for them. Maybe I am a huge cynical jerk but don't buy it or use it if you can't be bothered to learn how, especially when the damage done can be so great. Wireless networks aren't a right, if you want one you need to know the dangers and you need to take steps to prevent them.
To expect that the government is going to protect me from everything bad while I have my head buried in the sand is a not the way I see the world.
|. Maybe I am a huge cynical jerk but don't buy it or use it if you can't be bothered to learn how, especially when the damage done can be so great. |
Do you know how to tear down and rebuild the motor in your car? No? You know how to frame and drywall a house? You know how to fly a plane every time you take a flight?
|I am over hand holding people who want to use technology |
Who's forcing you to hold their hands? It's not clear why you're expressing such an elitist attitude when *you* (and Google) don't actually have to do anything. In fact, just so it's quite clear, Google - not the consumer - is the aggressor in this case. The consumer doesn't WANT your hand holding. It'd be nice if Google just left everyone alone. See? Then everyone would be happy.
|I don't really expect many will be able to discern the difference as the Google-love is too strong here to be objective. I guarantee you that if the government was doing this, your responses would be decidedly different but they don't have an adsense like program. |
Google-love? Let's be adults here.
Government is all over this technology already:
So the government is doing all of this, we're running on military inventions.
- Google maps is based on spy satellite technology.
- The internet was created by the military,
- GPS was also created by the DOD.
I certain don't see any complaints from anyone using those technologies today.
If you used Android phones you would already know this:
|Why is Google collecting this data? |
The data which we collect is used to improve Google’s location based services, as well as services provided by the Google Geo Location API. For example, users of Google Maps for Mobile can turn on “My Location” to identify their approximate location based on cell towers and WiFi access points which are visible to their device.
It has nothing to do with AdSense or any other thing, it's all about faster navigation without waiting on sluggish GPS location.
Additionally Google phones include a magnetometer not found in iPhones for similar reasons:
|Once you have a phone with a compass ("magnetometer"), a plumbline ("accelerometer"), and you can pinpoint your position (using GPS) and your time (using a clock), that's enough to work out which direction you're pointing in the Universe. |
Therefore, if you include cell towers and known wifi hotspots into that fray you're locating your spot in the universe even faster.
Google is merely attempting a leg up on all the GPS only navigation systems using cell towers and wifi, something I find very useful on a day to day basis.
Technology is advancing at a rapid rate and the Luddites with their archaic rules and paranoia will not slow us down!
|So the government is doing all of this, we're running on military inventions. |
No - this is about Google, who have admitted they were wrong and apologised. It has nothing to do with the government (whatever govermnment you mean). ;)
|Technology is advancing at a rapid rate and the Luddites with their archaic rules and paranoia will not slow us down! |
I would not have thought that there were that many luddites in here but there are certainly a few of us who disapprove of this.
|Do you know how to tear down and rebuild the motor in your car? No? |
Actually Yes, but that isn't my point, I clarfied I meant the inhearant dangers and risks, not the nuances and all the ins and outs.
So in my point with a car it would be that you shouldn't speed, you shouldn't drink and drive, you need oil, you need gas, what are the rules of the road. If you don't know things things you shouldn't be driving.... you shouldn't get a government official riding shotgun pointing out every pitfall, preventing you from harming yourself.
|You know how to frame and drywall a house? |
Yes I do, but my point would be more about having fire insurance or flood insurance, knowing how the locks work, pilet light on the furnace, maybe even understanding the alram if there is one.
|You know how to fly a plane every time you take a flight? |
I did get to control a twin engine once for about 15 minutes but I would have been scared to land it or navigate it.... but to my point I did know all the emergency procedures and I have xp skydiving.
|Who's forcing you to hold their hands? It's not clear why you're expressing such an elitist attitude when *you* (and Google) don't actually have to do anything. |
When I say I am over the hand holding I don't mean to say that I myself have to do the hand holding, but I am over the government hand holding people who put themselves at risk out of sheer ignorance on technology, or anything. They want the conveniences of using it but want no share in the responsibly. It is a nanny state mentality and it absolves people of all responsibility, ignorance has never been a valid defense, and now it seems to be one more and more.
Are you aware of the hypocrisy of the German regulations (hand holding) rules?
They recently upheld a copyright conviction against someone with an open wifi network because someone was able to use his network to share and download files. The person convicted did no downloading, it was just done over his network. But he was still charged because he should have protected his network.
Then they turn around and charge Google for using open networks, but don't hold any of the people with the open network responsible like they did in the file sharing case.
|In fact, just so it's quite clear, Google - not the consumer - is the aggressor in this case. The consumer doesn't WANT your hand holding. It'd be nice if Google just left everyone alone. See? Then everyone would be happy. |
There is NO aggressor in this case IMO.
If someone got a walkie-talkie to talk to their neighbor and they disclosed their driver's license number over it, and I happen to be listening in am I an aggressor if I write that number down? Have I committed a crime, even if I never use it and rip it up and throw it out?
Should the government stop me from listening in to open transmissions on walkie-talkies?
Do you feel like the person disclosing personal info about themselves over a walkie-talkie deserves any privacy protection and that their government should act against me to protect them when they want to use a walkie-talkie to disclose personal details about themselves?
In in earlier post I speculated that perhaps the technology involved here may be outpacing current law. Here's a quote from EFF, Electronic Frontier Foundation, on this issue.
"Notably, Google’s potential liability under U.S. law (yes, I understand this all happened in Europe) is not clear. Penalties for wiretapping electronic communications in the federal Electronic Communications Privacy Act (ECPA) only apply to intentional acts of interception, yet Google claims it collected the content by accident. Further, the scope of legal protections for unencrypted wireless communications are uncertain. There is an exception to ECPA's general prohibition on content interception when the intercepted communications are "readily accessible to the general public." This exception was not written with Wi-Fi in mind and the courts have not yet directly grappled with the issue, but Google may assert that unencrypted Wi-Fi signals fit that exception."
And, as with so many laws, let's talk about intent. Google have gone on record saying they collected this info by mistake. Their lawyers can no doubt quote chapter and verse of the wiretapping laws, so what do you expect Google to say?
But as somebody saying earlier, if this was a street view operation, and to only identify wi-fi networks, why did they write the code that read the transmissions? And then store it?
Read the full article here: [eff.org...]
I apologize ahead of time that this may all be an affront to Demaestro. LOL.
After upgrading to Android 2.1, the new Google navigation was available, which uses cell towers and wifi to help pinpoint locations.
It was far better than any navigation system I've used before, and I've used a few.
The Luddites complaining in Europe will not win this battle, Google Navigation ROCKS!
Innovation vs. Legislation.
I'm voting for Innovation, it ROCKED!
Google Navigation excels at what it does, guilty as charged in 38 countries :)
Ah, perhaps the next move is to identify what you are searching for online then send sales people to ring your doorbell?
|Ah, perhaps the next move is to identify what you are searching for online then send sales people to ring your doorbell? |
Would love to hear that Rant.. Maybe I can read it on his blog then.. ;-)
| This 92 message thread spans 4 pages: < < 92 ( 1 2  4 ) > > |