| This 155 message thread spans 6 pages: < < 155 ( 1 2 3  5 6 ) > > || |
|Google Street View WiFi Appears To Have Collected Email and Passwords|
System: The following message was cut out of thread at: http://www.webmasterworld.com/goog/4147311.htm [webmasterworld.com] by engine - 10:26 am on Jun 19, 2010 <small>(utc +1)</small>
Google's Street View Wi-Fi data included passwords, email | Networking - InfoWorld [infoworld.com]
|At the time, Google said it only collected "fragments" of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54Mbps, it always seemed likely that those one-fifth of a second recordings would contain more than just "fragments" of personal data. |
That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.
"It's still too early to say what will happen as a result of this investigation," CNIL said Thursday.
"However, we can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages," CNIL said.
|... according to the French National Commission on Computing and Liberty (CNIL) |
[edited by: engine at 9:27 am (utc) on Jun 19, 2010]
[edit reason] extended quote [/edit]
Interesting thread. Here are my two Cents.
1) Metaphors are increasingly irrelevant. I see this in copyright discussions all the time, and because we are talking about digital goods, arguments get tangled quickly when using metaphors from the real world. But we are talking digital, and that still is not the real world. So, I'd suggest to stop using metaphors and discuss whether the actions Google have taken have been (a) intentional, (b) illegal, and (c) what we can learn from this. The second item may vary by country.
2) Those who defend Google here are already fighting a show fight, because the public perception has moved on much more quickly. Where I live, people get increasingly tired of Google grabbing data of any kind and using this to build profiles. PEOPLE DON'T WANT THIS, so they move on. Google had their climax, and have now begun the downturn. All their beautiful free products can't restore the trust they have lost with the public.
3) I'd even say that webmasters have moved on, and only the die-hard fans (who depend on Google traffic) actually do care. This thread is a good example. Where in the past there would be a heated debate, now we see a good discussion about whether WiFi should be encrypted or not (yawn!), how anyone could do what Google did (bah!), and how life in general is a risk (big yawn!). But that does not touch the very core - that Google has lifted the curtain and we could briefly peek into the dark minds at the Plex. And what we see is - quite ugly.
4) Instead of defending the rights of those who get sniffed (an action which IS ILLEGAL in some legislations), I am surprised that some here still try to defend the un-defendable. Hmmm. Actually I am not that surprised. The recent "Feedback days" showed clearly that a certain type of discussion pushes members away; if the un-defendable is defended, the crowd moves on, shrugging, wondering what a strange place this is.
Which is what I will be doing now. Back to lurking mode again.
|@kaled, was someone actually prosecuted and convicted in the situation you refer to? I'd be curious to know more about it. |
It's more than 20 years ago - I can't remember - however, in the UK, a criminal investigation is triggered only by an alleged criminal breach of the law.
More recently, however, two journalists/investigators were imprisoned for listening to voicemail recordings. In this case, they simply tried entering default pass-codes (and if the user hadn't bothered to change the pass-code, it worked). I think that is more or less an equivalent situation.
on a side note... one of the most disappointing things for me is the slowness of the law people to react. stories like this blow up in the press all the time, get discussed in places like this, but what actually happens? they make noises about looking into what's been going on, but that's the last we ever hear of it.
at the end of the day, google are only going to stop doing stuff like this when they get ordered to stop by a court. everything else is just PR -- like when they said they'd pull all the offending data out and store it away and never look at it, hoping that would sweep the issue away. a court needs to tell them that is a million miles away from being acceptable. if a burgler told you he was going to store all his loot away and never look at it, you'd laugh him out of court.
|Just remember the next time you hand your CC or a check to someone to pay a bill and don't watch them for every second you gave them much more plain, readable data than a WiFi connection does, so if something happens to it, it's definitely your fault for not taking every precaution, and I hope you don't ever misplace your wallet, because that would definitely be your fault if something got misused from your own lack of attention... |
I read this one quote, nothing from the rest of the pages, so pardon me.
So, I agree with this quote wholeheartedly. We are all ultimately responsible for our own safety and security. Some people don't care, some people get lucky and never have to deal with these kinds of things, but ultimately it's not like anyone is out there protecting us in any fashion.
If you're getting mugged, better hope a cop is in the area, because that's the only person besides yourself who's going to protect you.
If you wanna use your credit card online, better make sure that the site you're using is legitimate, because it's not like the credit card company's going to refund your money just because you weren't paying attention.
If you're not encrypting your internet connection, you'd better hope there aren't a lot of wardrivers in the area, or too many neighbors who know what they're doing, because you're broadcasting more than you even know.
So yeah, Google pulled wifi data. I'm not saying it's right, but if you're seriously expecting anyone but yourself to watch out for you these days you've got some lessons to learn. Yeah, it sucks for mom and pop, but maybe YOU should be the one looking out for them if they don't know better.
|Those who defend Google here |
Ruminating on the bad judgement of those who broadcast private information into public space does not constitute defending Google.
Neither does pointing out other situations in which malicious eavesdropping could occur.
|that's probably already being done without Google so this really is a moot thread |
One of the points made in this thread is that such eavesdropping would be undetectable.
|one of the most disappointing things for me is the slowness of the law people to react |
That's a problem with a lot of things in cyberspace. Sometimes old laws adapt well to new realities, but sometimes they don't.
Even the best written laws only provide recourse after the crime has been detected, though.
|Many computers users who set up home networks don't have the technical skill or IT background to setup up WEP/WPA. |
And yet despite all the information freely available and all the warning stickers and bold text warnings included all over every wireless router packaging I have seen they still go ahead and use even though they don't understand it and don't bother to try. You have to ignore a lot of warnings to setup an unsecure wifi router.
I still believe in personal responsibility. The notion that it isn't someone's fault because they lack the technical ability to use something they bought properly is insane.
Should Google have done what they did?... no.
Does Google not doing it anymore make those people any more secure?.... no so why go after Google, they aren't the problem in this case.
The problem is that people don't know what they are doing and yet they continue on hoping that someone else will protect them from themselves.
It isn't like leaving your door unlocked. It is broadcasting your information into public air space. That is nothing like leaving a door unlocked, we are dealing with public air space people.
Where I live, maybe not in Germany, but where I live it is only illegal to circumvent security. If there is no security there is no circumventing.
|I still believe in personal responsibility. The notion that it isn't someone's fault because they lack the technical ability to use something they bought properly is insane. |
They don't lack the ability to use it properly. They're using it just fine.
What they lack is the ability to protect their information from snoopers, like Google. The correct solution is to put limitations on the snoopers, not the users. Not all of us want to live in Granny-state california, thanks.
|The correct solution is to put limitations on the snoopers |
I'd be interested to hear your thoughts about what the limitations ought to be and how they should be enforced.
Had a conversation somewhat about this with Comcast Tech that came to replace Router a week ago. The Dude would not leave till he personaly setup the Router(Changed Passwords, Disabled SSID and even offered to USE MAC Addrs filtered, made sure that I get how important it is for them. Kudos Comcast!
I also told him there is 3 Linksys routers Open with signal strenth of 50+ right around where I live. Just Checked, 1 still open, rest are missing from Broadcast View.
I disable WiFi anyway but maybe protecting the consumer from hack-waks should start at ISP Level.
|I'd be interested to hear your thoughts about what the limitations ought to be and how they should be enforced. |
That's got nothing to do with anything. What's important is the difference between defending Google's gathering of information that most people would consider private, for commercial purposes. Unbelievable. Google is the aggressor here. They are the one taking action - not the consumer.
I haven't seen one person defending Google's actions here.
What I am seeing is a reaction to the fact that people can broadcast their personal details, without encryption, into public air space and still consider it private info.
What I am reacting to is a horrible law that causes people to feel safe about having open wifi when they shouldn't feel safe at all.
I am also reacting to the fact that in a free country like the USA and Canada the rules are simple. You can listen in to any broadcast in the public airwaves, you just can't circumvent any security or encryption to do so.
Legally, where I am from, a free country, I can listen to the airwaves without fear of hearing or recording something I shouldn't have even though it isn't encrypted or anything.
I guess in Germany and based on what some here have said other places in the UK you can't just listen to the airwaves and without prejudice record what you hear or even record to see what you captured later.
You must assume that what you are picking up isn't meant for you despite being in your airspace and despite there being no encryption or security in place.
I think a lot of people are being a little bit coy by referring to people who know how to secure a wi-fi network and those who don't as smart or stupid. What we need to remember here is we are supposed to know this kind of thing, to an average member of the public who sees his/her Internet connection as no more than a utility then are they really supposed to understand how to secure their connection and why?
Joe blogs is a low user of the Internet. He accesses his email and occasional surfs the web. He bought a router and simple plugged it in and left it. Is he an idiot?
p.s Joe Blogs is a doctor.. Is he still an idiot?
There are people who know this type of thing and there are people who don't. Secure or not, it is still wrong to gain access to someones information.
|The man arrested in a street in west London is at least the third person to be accused of breaching the law by taking internet service without permission. |
It's actually my understanding, in the US, you can listen to a transmission made openly, but what you cannot do is record, rebroadcast, reuse, or otherwise disseminate what you hear without permission of the person or people involved in the communication, except in the face of repeated threats, then you can record to your hearts content so you have proof the threats were made.
I don't think that's going too far with things at all.
To think anything left in public is inherently your property or grants you full rights to it, especially when you only have access to a portion of a conversation seems a bit wrong, because if you only received a portion of an e-mail you might not see it contains a disclaimer to the effect of 'the information contained within is only for the intended recipient... blah, blah, blah' so if there is a typo or delivery error (think about the facebook error), even if it is encrypted in some way, anyone receiving the transmission knows it is not intended for them and they should destroy the contents if they are not the right person does not seem right, because errors do happen and they're not always the fault of the transmittor.
AFAIK, here in the US, the listening in and of itself is not the issue... it's the recording, reusing, possible dissemination, and access to services. If the information is recorded, in some states where ALL parties have not consented to the transmission being recorded it is a violation of the law, which means, not only would the sender of the transmission have to consent, the intended recipients (ALL of them) would also have to consent to the recording being made in most stated. Again, the preceding is as far as I know, and to the best of my understanding.
I could be totally wrong, and you might not even be able to listen, but it's not something I really read up on, because I have way better things to do with my time than trying to keep tabs on the neighbors, so honestly, I really couldn't care much less about the technicalities of the legalities since it's not something I care at all to engage in or really have anything to do with...
[edited by: TheMadScientist at 7:47 pm (utc) on Jun 21, 2010]
I was under the impression that using a scanner in the US to monitor police activity was illegal (though I imagine it's all digital and encrypted these days).
|I am also reacting to the fact that in a free country like the USA and Canada the rules are simple. You can listen in to any broadcast in the public airwaves, you just can't circumvent any security or encryption to do so. |
I think it's worth pointing out that wireless routers could have been designed to automatically encrypt all data by choosing a key randomly when a new mac address is encountered (after approval/authentication by pressing a button on the router). This being the case, it is unreasonable to expect non-technical people be held responsible for lack of knowledge when the technical people that designed all this stuff didn't do a very good job themselves.This would not be perfect for a number of reasons, but in most cases it would be good enough.
|I think a lot of people are being a little bit coy by referring to people who know how to secure a wi-fi network and those who don't as smart or stupid |
I wouldn't call someone who doesn't know how to secure their network stupid.
I would call someone stupid who hooks up wireless Internet after ignoring all the warnings messages, knowing full well they don't know what they are doing, makes no attempt to get help or research into it, and sets it up anyway, then goes and does online banking using their open connection.
Would you call someone who doesn't know how to drive stupid? I wouldn't.
Would you call someone stupid if they don't know how to drive but despite not knowing they still get behind the wheel of a vehicle and drive anyway? I would. If I were being nice I would say they were irresponsible, but deep down I would be calling them stupid.
|It's actually my understanding, in the US, you can listen to a transmission made openly, but what you cannot do is record, rebroadcast, reuse, or otherwise disseminate.... |
You are right except the record part. You can record, you just can't rebroadcast/publish or use it for anything other than your own personal use.
Rules about rebroadcasting have to do with copyright though not anything to do with listening in on public airwaves. So if I record a radio program I can't rebroadcast it, it has a copyright. If I am listening to 2 people talk on walkie-talkies and I record Joe Smith's address then I can rebroadcast that info, since Joe Smith's address isn't something Joe can hold a copyright on.
Again not saying Google is right to do this, just saying in Canada public airwaves are public.
[edited by: Demaestro at 8:18 pm (utc) on Jun 21, 2010]
|I wouldn't call someone who doesn't know how to secure their network stupid. |
Stupid(n) : Marked by a lack of intelligence or care; foolish or careless.
I believe you can call someone stupid for not securing their router. It wouldn't mean they in general are stupid, but stupid when it comes to wireless routers.
I just mean the act of not knowing about routers doesn't make you stupid, it makes you ignorant about routers.
However IMO being ignorant on routers and setting one up anyway is stupid.
Not being able to drive, all good.
Driving when you don't know how... stupid.
|He bought a router and simple plugged it in and left it. Is he an idiot? |
p.s Joe Blogs is a doctor.. Is he still an idiot?
Yes, because Joe Blogs is now probably allowing private patient information to be broadcast in plain text. Joe may be a genius doctor but that doesn't mean he's competent with the installation and configuration of computer hardware.
The hardware needs to simply be set for WPA with a unique password per unit, right out of the box, thus forcing the new owner to RTFM before using the device.
It'll still be easy to install, but defaults to more secure, you'll have to force it to be insecure.
Problem solved for the average user and no Google sniffing allowed.
who cares if they are stupid, they are still protected by the law (in certain countries). and at the end of the day that is all that matters.
your arguments wouldn't carry any weight at all if it came up in court. all you are doing is looking down on people who don't know how the equipment works.
it sounds like you're pining after the wild west, where the big guys can just ride into town and take advantage of all the little people who don't take the time to secure their stuff.
Yeah, londrum, having lived in some really rural areas I know what you mean, and sometimes I get a chuckle out of all the door locking analogies, because I've lived places where doors are routinely left unlocked for days or weeks at a time, keys are left in vehicles, tools and sheds are only locked at night, etc. and yes, here in America AFAIK, those people still have their rights protected...
Their insurance company might not cover a loss due to the contract, but if something is missing and it's reported stolen the person doing the taking still gets in trouble and the owner gets the property back if it's recovered.
And, the people who engage in the above practice and often grow the stuff we all like to eat and drink are not 'stupid' ... most of the ones I know or know of have some fairly high-level degrees, some of them start with Ph...
|they are still protected by the law (in certain countries). and at the end of the day that is all that matters |
Yes and I am making a statement that outlawing what Google did DOES NOTHING to protect the info of people who continue to broadcast their info without encryption into the public airspace. All those people who Google sniffed are still out there joyfully broadcasting their info feeling safe because their country has a law to protect them, so they need not take steps to protect themselves.
|your arguments wouldn't carry any weight at all if it came up in court |
My right to listen to the public airwaves in a free country would carry weight in a court of a free country.
|all you are doing is looking down on people who don't know how the equipment works. |
Really? I have only repeated this a few times now....
I don't look down at people who don't know how equipment works. I look down at people who don't know how equipment works and yet insist on using it anyway. Especially when there is a large personal risk.
I don't want Google sniffing people's info... but even more than that I don't want people broadcasting their info because Google sniffing their data is the least of their worries. There are real criminals who use real data to make real money and I want those people to be safe from those criminals.
Pissing on Google for doing this doesn't make those people anymore secure. Having a law against what Google did doesn't make those people anymore secure. Just like outlawing drugs doesn't mean people stop using drugs. Drugs are illegal and they are everywhere.
We don't need laws, we need responsible use of technology.
Education and self-interest in personal responsibility will make those people more secure.
|it sounds like you're pining after the wild west, where the big guys can just ride into town and take advantage of all the little people who don't take the time to secure their stuff |
I am sorry you got me so wrong. That is the last thing I want. What I want is the people in town to not be people who can be taken advantage of.
|What I want is the people in town to not be people who can be taken advantage of. |
From What I read here and Else where, so far G is like this:
Is it still not not not illigal?
Ya MAAAN, every body is doing it, even in groups, more that 20 million of them, dayly.....go on now..., off you go....la vida gorg...
|Google is facing prosecution in France after ‘accidentally’ scooping up masses of personal information while compiling its Street View service. |
The US internet giant spent months driving around the country’s streets as it built up a map, recording wi-fi hotspots along the way so as to list local services.
But it also recorded emails, browsing histories and other highly sensitive information including bank details and medial records.
|As many as 30 states could join an investigation into Google Inc.'s collection of personal information from unprotected wireless networks, Connecticut's attorney general said today. |
|I would call someone stupid who hooks up wireless Internet after ignoring all the warnings messages, knowing full well they don't know what they are doing, makes no attempt to get help or research into it, and sets it up anyway, then goes and does online banking using their open connection. |
Bad example - very, very bad!
Can anyone figure out why?
Help us out here ....
because the bank would be https...
I agree there is a problem with people not securing their wireless connection, but at the end of the day that's their problem.
The bigger issue here is just how far Google is prepared to go into a legal grey area. First it was an error, now its to improve their navigation products. when are they lying and when are they telling the truth.
If Google honestly expected us to belive it was due to an accident then clearly they think its us that are the idiots.
even though i reckon google's done wrong, i would blame the law before i blamed google. because the fact is that google won't stop marching past the boundries until they are told to stop by a court. a bit of bad PR in the press isn't going to do it, because it's all about the money they can make on the other side.
the courts are too lily-livered when it comes to this stuff. they should find the people who wrote the software and operated the equipment and then jail them.
The whole "people are stupid" thing is getting on my nerves, I don't actually believe that is exactly what anybody in this thread really thinks, I believe what that statement actually represents is a massive lack of sympathy for anyone who has set up an unsecured wireless network. Regardless of the law, regardless of whether Google has committed a crime and regardless of whether you are a lover or hater of Google.
In that respect, I would say I agree, I don't have a single ounce of sympathy for anyone that has setup an unsecured wireless network, and then idly broadcast plain text, private information all over the place. When you buy a router, you get a manual, read it, don't read it, employ common sense or don't, ultimately you're as secure as you can be bothered to be. Intelligence does not factor in this debate.
I have set up dozens of routers for friends and family, most of whom believe it is much harder than it is and don't even bother trying to read the manual or give it much more thought other that "just get it working, I have to Facebook", which is why (at least here in the UK) the default setup for the routers that come as packages from companies such as BT, Virgin, AOL etc.. come with a secured setup by default, quite often you have to choose a password during setup. That's no bad thing (you can't trust people to learn), and perhaps all routers should come with a default password to connect, and then if you want to un-secure it you can (might RTFM, which means the general public won't have a security problem).
Google skated on a grey area, it is grey – albeit a very dark grey. I'd lean on it being illegal, and definitely not cool.
According to the BBC the Metropolitan Police are now investigating following a formal complaint.
|All those people who Google sniffed are still out there joyfully broadcasting their info feeling safe because their country has a law to protect them, so they need not take steps to protect themselves. |
Not everyone on the planet, including many countries where Google scraped this data, have the attitude 'you need guns to protect yourself'. This is a somewhat American approach. For right or wrong, other places and cultures have different attitudes about where the line is drawn between what some people can 'take' and what you're required to do to stop that 'taking'.
And as I noted previously I think, for pretty much any consumer anywhere, their attitude is that the default permission is 'NO', even if it's unencrypted. If you're going to make the argument that the default permission is 'yes' because people failed to protect themselves, what you're also suggesting is that Google's profiting from people's stupidity and ignorance (which of course they are). Which is not an enviable business model. Scraping mac addresses, passwords and email addresses doesn't meet my definition of 'do no evil'. I'm surprised it meets anyone's definition.
Essentially this case is just a symptom of Google's default stance to data which is quite simply "See it, take it". Google believes it has the right to any and all data it can find - at some point in the near future someone is going to have to convince them otherwise. Perhaps this will be the turning point, but I doubt it.
| This 155 message thread spans 6 pages: < < 155 ( 1 2 3  5 6 ) > > |