| This 155 message thread spans 6 pages: 155 (  2 3 4 5 6 ) > > || |
|Google Street View WiFi Appears To Have Collected Email and Passwords|
System: The following message was cut out of thread at: http://www.webmasterworld.com/goog/4147311.htm [webmasterworld.com] by engine - 10:26 am on Jun 19, 2010 <small>(utc +1)</small>
Google's Street View Wi-Fi data included passwords, email | Networking - InfoWorld [infoworld.com]
|At the time, Google said it only collected "fragments" of personal Web traffic as it passed by, because its Wi-Fi equipment automatically changes channels five times a second. However, with Wi-Fi networks operating at up to 54Mbps, it always seemed likely that those one-fifth of a second recordings would contain more than just "fragments" of personal data. |
That has now been confirmed by CNIL, which since June 4 has been examining Wi-Fi traffic and other data provided by Google on two hard disks and over a secure data connection to its servers.
"It's still too early to say what will happen as a result of this investigation," CNIL said Thursday.
"However, we can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages," CNIL said.
|... according to the French National Commission on Computing and Liberty (CNIL) |
[edited by: engine at 9:27 am (utc) on Jun 19, 2010]
[edit reason] extended quote [/edit]
And now people are reading the private data to see exactly what Google collected.
I can see the 'Google Apology' going something like this: "Sorry people, not only did we violate your privacy (it was an accident, really, please believe us, we filed a patent for the technology we used, but it was really an accident...), now we have to share the private information we collected with others so they can read through all of it (yes, this includes your e-mails) but don't worry, your private, personal information is safe with us."
Wow, talk about ridiculous.
I think the article linked in this thread: Interview With Google's Amit Singhal and Udi Manber [webmasterworld.com] has a very telling quote about how Google feels about your privacy and your rights.
|“I want to build products that are so high in value to the users that this debate about privacy is important but not critical,” says Singhal. “I don’t want the best minds in the world to only think about privacy, I want them to think about the products the world needs.” |
I hope people let them know that's not exactly how everyone feels about the issue and exploiting privacy for corporate gain, regardless of how great the products are, is going too far with the tech side of things. I would rather 'the best minds in the world' think about how valuable privacy is and find a way to build great products without violating or encroaching on it, than have them put Google's products first.
|how Google feels about your privacy and your rights. |
If someone is using an open wifi without any security, plain text passwords, no VPN or SSL, then they don't give two red cents about privacy or security and have no room to complain.
Yeah, the same argument could be used for why it should be legal to listen in on, record, use a mobile phone conversation, because AFAIK it's unencrypted too, but somehow I think you'd take offense at someone doing that, and the reality is most people probably don't know about the WiFi issue, but what Google did is 'essentially the same' thing as listening in on and recording your phone calls, IMO.
Just because something is easy to access doesn't mean it's cool, right, okay, or even legal to access it, record it, use it for your gain.
Your mobile phone is not encrypted either I would guess, so is it a fair argument for me to say you wouldn't mind if someone was listening in on your calls or 'you deserve it' since it's not encrypted, then also recording them, and using them later because it's relatively easy and you obviously don't care too much about your privacy since it's not encrypted?
How about only the e-mails you send and receive with a mobile phone?
Just because data may be available doesn't mean it's right to access it, especially if it's being recorded so it can be used later and be much more easily accessed by others...
|If someone is using an open wifi without any security, plain text passwords, no VPN or SSL, then they don't give two red cents about privacy or security and have no room to complain. |
If you don't lock your front door I get to rob you and you have no room to complain? Hooray!
This just isn't something I'd expect from a large company, this is kiddie hacker stuff. What was Google thinking?
I have to agree with IncrediBILL. If you don't secure your network, you deserve what you get/lose.
These days, there are a zillion companies that come in and set up your internet connection at home, and as far as I know, these routers/modems all come with cds that basically ask you questions about your connection during setup, and allow for the option to enable wireless and set up a key.
I hope Google does a study with the data they have, such as "with all the open networks we found, we saw users were using simple to guess passwords to access email and banking, such as "password" or "god" or "letmein"."
I don't know how many of you heard about the identity theft company where the ceo gave out his SSN, and had his identity stolen 13 times. If you did, what was your initial response to that? Mine was, well he's an idiot, he brought it on himself. Those criminals purposely targeted him based on what he gave out.
Google "unfortunately" collected data that wasn't secured. Just like when they crawl pages that aren't blocked by robots.txt. Does that excuse Google, no-not completely, but are they completely at fault in this? No. The individuals that were exposed need to take responsibility.
|Those criminals purposely targeted him based on what he gave out. |
They collected and used data that wasn't secured and you called them what?
They're crimi.... what's in your mind?
They collected and used data that was much more freely available than the data Google developed software to mine, and in doing so they're criminals in your mind, but what Google did is what people deserve... Where's the logic, ration and reason in the preceding, because I for one can't find it.
The double standards of the 'got what they deserved' argument are astounding!
It's the victim's fault a criminal did something? Really? WOW!
Do you think it would be a good idea to have laws against being a victim too since the victims are to blame in the minds of so many people here?
Here are a few questions for the 'they got what they deserved' crowd...
Where does it end?
Have you ever given your credit card to pay the waiter instead of paying at the register? Do you deserve to have your CC info stolen because you gave them access to everything they need to do it?
Have you ever used your ATM card in an ATM that doesn't break up and/or slow the insertion of the card, which makes it so it can be read by a secondary reader? Do you deserve to have your ATM Card info stolen because you didn't take every precaution?
Have you ever made an online transaction where the information could be stolen by a programmer who stored off site the info without your knowledge or the knowledge of the site? Is that getting what you deserve if they do?
Have you ever paid with a check that contains your signature, address, probably phone number, routing information, etc? Do you get what you deserve if someone records, copies and misuses that information?
How about the convenience store that gets robbed? Is that what the ownership deserves because they didn't require all employees to attend combat training before employment and have an arsenal available for them to use in case of an emergency? Or maybe you would think it's the person's fault for applying for a job they probably need and not taking a combat course prior to employment and carrying a weapon or two with them to work.
Seriously, where does your argument end?
So when Google and Yahoo crawled Facebook and found the email addresses, whose fault was that?
When you are typing in your account number or pin number, do you expect people to avert their eyes?
If a company calls you out of the blue and asks for your social security number, do you give it to them?
Do you respond to the emails saying that your account has been disabled, and to click on the link to re-activate it using your own username and password?
If the answer to any of the questions is yes, then you deserve whatever you get. There are enough news reports ad infinitum about being secure in a digital world. At this point, ignorance is not am excuse.
I applaud Google and Yahoo for removing the pages that were crawled displaying Facebook member emails, and for Google being transparent about the data collection.
For what it's worth, some insurance companies will not cover your car for theft if you didn't lock it.
I talk about people being responsible for their own actions, not the actions of others. I can control how I protect myself, I can't control how others protect me.
Yeah, buckworks, but it's still a crime to do it, and it's somewhere in the agreement people make with the insurance company... It does not mean it's right or okay for someone to open a car and take something without permission.
youfoundjake, true enough, but does that fact someone likes MMA and can fight so they don't get picked on make it the fault of the programmer who can't for getting beat up on the street or something by someone who can and wants their wallet? They had the same 'choices' in how they spent their time WRT personal security, but rely on the laws and rules and basic decency to protect them.
How is it any different for what we're talking about?
People here keep saying they didn't take every precaution, but if you personally run into someone on the street and they kick your ass and take your wallet do you think people should be saying, 'Well it only happened because you're a programmer and not a fighter, and you should have gone to the gym and learned how to fight better, because if you had it wouldn't have happened, so it's really your own fault, because you didn't take every precaution...'?
People have different skills, different jobs and different ways to spend their time, not all of us have the same talents or abilities, or even make the same choices in how we spend our time, so to say someone deserves something because you take more precautions in one area than they do does not fly with me, because there could be other ways they take more precautions than you and you could be more vulnerable than they are but don't regard that aspect of your life as important to protect as they do, which doesn't make a wrong against you any more your fault than a wrong against them.
|Yeah, the same argument could be used for why it should be legal to listen in on, record, use a mobile phone conversation, because AFAIK it's unencrypted too |
Sorry, but mobile phones are encrypted.
However, GSM has been hacked [darkreading.com], which is another reason I only use CDMA networks such as Sprint and Verizon.
|If you don't lock your front door I get to rob you and you have no room to complain? Hooray! |
Broadcasting insecure plain text has no locks.
With your methapor, not only isn't the door locked, but all the furniture was tossed out on the lawn with a sign "TAKE ME - I'M FREE"
|The double standards of the 'got what they deserved' argument are astounding |
Open wifi has always been a bad idea and this issue is just waking people up to the fact that their passwords are floating around in plain text.
You certainly wouldn't walk around with a t-shirt that says "MY ATM CODE IS 6432" so why would you broadcast your passwords in plain text?
Think about this, instead of "sniffing" data from those open networks someone drives by and downloads ripped MP3s, movies and worse.
What excuse would the owner of the open wifi have then?
IMO, Germany got it right when the German count ruled open wifi effectively illegal [techdirt.com].
There are ways to mitigate getting mugged. As I found with a quick search:
|Dress to discourage unwanted attention from muggers. Some things that might make you a more likely target are: |
Dressing like a tourist. If you're obviously not a local, you're more likely to be targeted, as tourists tend to be less aware and carry cash on them.
Wearing obvious, flashy jewelery or watches.
Carrying a large purse, briefcase or backpack. Anything that might contain valuables makes you a potentially more lucrative target.
2Stick to well-lighted and well populated areas. Muggers are far less likely to target people where there are others around or they are likely to be seen.
3Know where you are going. Muggers often prey on tourists or people who are lost. If you are in an unfamiliar place, learn the route you wish to take.
4Avoid dangerous parts of town. If possible, try not to walk through dangerous parts of town, especially at times of day when there are few others out. Bad neighborhoods with little foot traffic are especially risky. If you aren't sure, talk to locals to learn what places aren't safe.
5Walk with a sense of purpose. If you are wandering aimlessly or look lost you are more likely to become a target.
6Travel in groups. Muggers are much more likely to go after individuals than groups.
7Stay alert for possible dangers. You can minimize the likelihood of being surprised by doing the following:
Pay attention to your surroundings and avoid distractions. You become an easier target when do things like listen to music on headphones, talk on the phone, read a map or anything else that takes your attention away from your surroundings.
Walk near the curb, facing traffic. This gives you a better angle to see in doorways or alleys and a better path to escape if attacked.
8Take action if you sense danger or are attacked.
If you believe you are being followed, head directly toward a populated area, cafe, bar or other populated place.
Make noise or call for help. Don't be afraid to draw attention to yourself.
Consider defending yourself if you have the skills or a weapon. Pepper spray can be a very effective deterrent and is easily carried on your person. Fighting back does come with an increased risk of harm to your person, however.
See, there are steps that can be done to help prevent against being mugged. I've never been mugged. I've never had my identity stolen. I've lived in the ghetto, and I have an online identity, but yet I've never been a victim. Why is that? Am I lucky? Do I know something that everyone else doesn't know? Or do I do something that some people won't do?
Do you believe that Google willingly and knowingly scanned the wireless spectrum looking for email data and passwords? Or did that data get scanned as part of a greater project? I guess it comes down to intent for me. Google did not intend on gathering email or password data, the mugger however, intends on kicking my arse to get my money.
I see you've totally skipped over the 'where does it end' questions...
I didn't think anyone would bother to answer them.
|You certainly wouldn't walk around with a t-shirt that says "MY ATM CODE IS 6432" so why would you broadcast your passwords in plain text? |
One takes eyes to read, and the other takes quite a bit of sophistication. One takes time, skill, talent, or money to find someone to develop, the other takes eyes and the ability to read English, or access to someone who does, but it's totally justified in your mind, so whatever.
Just remember the next time you hand your CC or a check to someone to pay a bill and don't watch them for every second you gave them much more plain, readable data than a WiFi connection does, so if something happens to it, it's definitely your fault for not taking every precaution, and I hope you don't ever misplace your wallet, because that would definitely be your fault if something got misused from your own lack of attention...
Can you imagine if it fell out of your pocket somewhere, like at a sporting event when you weren't paying attention? Don't even think about pressing charges if something like that happens and someone misuses the information, because we all know it's your fault for letting it out of your site in the first place, because you're the one who didn't take every precaution by paying attention to it every single second of the day.
|See, there are steps that can be done to help prevent against being mugged. |
Yeah, there are, but it still happens, so who's fault is it the person who didn't take all the precautions, or the person doing the wrong?
I'm done with this one, because it's pointless...
It's been fun.
Where does it end?
In this case, according to your arguement, is when we stop using google to gather information from the internet. Maybe we should just go straight to the source, instead of looking for where the source is. I guess omnipotence is the only real answer. the alternative is to live in a bubble. I guess that's the ultimate solution for personal responsibility. Since I can't control what the world does to me, or how it interacts with me, I should isolate myself to best protect my self.
|One takes eyes to read, and the other takes quite a bit of sophistication. One takes time, skill, talent, or money to find someone to develop, the other takes eyes and the ability to read English, or access to someone who does, but it's totally justified in your mind, so whatever. |
Time? skill? money?
Sorry, very little of any of that.
All you need is a wifi card, a computer and some specialized software.
You simply download some wifi password sniffing software, there's a bunch, and if the network is secure get good old Aircrack-NG to hack it.
Now download a war driving program, they have them for laptops or smart phones, then just start driving around like Google did and record all the networks you pass.
Once you have those networks logged, go back and sniff and hack to your hearts content.
It's easy, freely available, and criminals do it all the time [webmasterworld.com].
Google did far less, the whole thing is idiotic.
I'm not sure why people are arguing in favor of flawed insecure wifi technology because no matter how many arguments you make or laws you pass because...
WIFI WON'T GET ANY MORE SECURE UNTIL YOU TOSS IT AND START OVER!
|If someone is using an open wifi without any security, plain text passwords, no VPN or SSL, then they don't give two red cents about privacy or security and have no room to complain. |
That's not a really honest or fair assessment of the situation. Many computers users who set up home networks don't have the technical skill or IT background to setup up WEP/WPA. I am pretty sure if you asked most users they would prefer that their internet connection is secure. But, I am afraid many did not know it was an issue or how to actually set it up.
Just because I leave my window shades open, it does not give you permission to be a peeping tom. "You did not put up blinds, so you have no room to complain that photographed your children."
It is scary that violation of privacy is accepted as long as those Adsense checks keep coming. Where does one draw the line?
|Just because I leave my window shades open, it does not give you permission to be a peeping tom. |
When I'm driving down the street delivering a pizza, and looking for an address, don't yell at me for glancing through your window right next to your house number. If your light is on, your house may be the one I'm delivering to. If its off, then chances are, I'm not delivering there.
Again I mention, routers or modems come with cds to configure the equipement, and it asks if you want to enable wireless, and what to set for security.
[edited by: youfoundjake at 12:07 am (utc) on Jun 20, 2010]
Here is the link to the analysis of the source code.
If the frame was encrypted, it was immediately dropped. If it was not, it was noted basically for the possible delivery of services in the future, a hot-spot or access point.
Begs the question why. This is all a moot subject since it's all collected by your IP but still...
Why would Google want to link your email address to your house?
Why would Google want to extract email (and other) content?
Why would Google intentionally GROSSLY violate privacy like this?
Who is benefiting from this data? Government? Military? Wall street?
What exactly is IN Google's vast databases that would hurt countless people if the plex was ever taken control of by terrorists.
Google did the deed, the questions need to be investigated and answered. For all we know this is the tip of an iceberg and regular people would not be shielded from the full probe of the law, neither should Google.
Who SHOULD be responsible for starting an inquiry? Will they? If not, Why not?
What a mess.
I'm not rocking the boat, I don't really want to know, it's my own fault for having wi-fi. Now THAT is a problem I can easily fix.
[edited by: Sgt_Kickaxe at 12:21 am (utc) on Jun 20, 2010]
|Sorry, very little of any of that. |
Simple = My Mom could do it. (Read English, Yes.)
There's no way she could do what you're talking about.
|criminals do it all the time |
Couldn't have said it better myself.
|Google did far less, the whole thing is idiotic. |
You're right, they shouldn't have gone there.
|I'm not sure why people are arguing in favor of flawed insecure wifi technology because no matter how many arguments you make or laws you pass because... |
Uh, just arguing it's not right to exploit it, even for 'Good Ol' Don't Be Evil Google'.
|IMO, Germany got it right when the German count ruled open wifi effectively illegal. |
But not when they went after Google for doing it?
|Data protection authorities in Spain and Germany have also asked Google for access to Wi-Fi traffic data intercepted in their countries... |
Like I said before, pointless.
Anyone here ever had your CC Info stolen when your card has been in your possession the entire time and woken up one day to find your bank account cleaned out? I have... Wait until you get to the store someday and have your card declined when there was a good 4 figures in your account yesterday and start wondering what happened only to go to the bank and see a transaction for $973 at a grocery store you've never been in before.
Yeah, I'm sure there are those here who think it's my fault someone installed a scanner somewhere and duplicated my card without my knowledge, because I didn't take every single precaution when using it, but the bank didn't seem to think so when they credited my account with every dime that was taken...
Criminals do what happened to me all the time too incrediBILL, does that mean it would be okay for Google to do, just to build a better application or do something else with the information? Credit Card security won't get any better until they require some type of personal verification for use, but I'm sure it's tough to figure out how to send a fingerprint online, so we should probably scrap those and start over too, right?
You mean, in short, someone is spying on us electronically? I would never have thought that possible in this country. Obama has our back.
I found this from Danny Sullivan, and I think it helps put alot of this into perspective..one of the more soundness of mind responses to what has come to light out of all this.
|Imagine that the transmissions you make on a wifi network to the sites you visit are like having a real-life conversation with someone on the porch of your house or the front yard. |
As Google’s StreetView cars were like someone driving slowly down the street, recording all the front yard conversations that they could hear, as they went past.
Because the car is constantly moving, only a tiny bit of each conversation was being recorded. That’s the first thing that should be reassuring in all this — it’s not as if Google heard minutes or hours worth of what you were “saying” on the web.
Second, Google couldn’t understand all the conversations it was hearing. That’s because while the data was going out on an open wireless network, the conversation itself was encrypted. This is typically what happens if you go to a bank web site — a secure connection is established. It’s also what happens if you go to Google itself to read Gmail or use some other services.
In the metaphor, it’s as if some people were talking on the street were having a conversation in a language that only they and the other person could understand.
Third, there were some conversations that Google couldn’t understand at all, on wifi networks that had security running. In these cases, it’s as if Google could see that people were talking on their front lawn, but all they could hear was a mumble, nothing intelligible.
There’s no doubt Google has harvested a huge amount of data. Wifi “conversations” have been recorded since 2007, according to today’s blog post. But only snippets of those conversations have been stored, making the information fairly useless if it were to be mined — something Google doesn’t appear to have ever done nor plans to do, as it seeks to destroy the data.
And on that note, I'm going wardriving and uploading a virus that may later infect your machine while downloading the latest Lady Gaga album from a bit-torrent. I sure hope the RIAA stopped logging your IP Address. (tongue-in-cheek)
|Anyone here ever had your CC Info stolen when your card has been in your possession the entire time and woken up one day to find your bank account cleaned out? |
That's a non sequitur example because credit cards are separate from bank accounts.
Perhaps debit card was what you meant, which is why I don't use debit cards either, only ATM cards for debit and then only at banks or the grocery store.
All these other arguments are silly, and off topic, because open wifi protocol without a password is by definition insecure.
Anyone listening to an open wifi network that was setup insecure by default truly isn't doing anything wrong because that network was obviously designed to be shared.
You can't have it both ways on one hand saying open wifi is a good thing (not ever) and people should be allowed to use them freely yet cry foul that Google did just that.
If it was so innocent, then why are 30 US attorney generals around the USA plus numerous EU countries exploring criminal wiretapping charges? If this was any other company but Google, the 'pfft-no big deal' factor hear would be decidedly different IMHO.
|Google did indeed record email access passwords |
No problem - we trust Google.
|That's a non sequitur example because credit cards are separate from bank accounts. |
Good hair splitting...
It was a debit card with a major CC logo on it.
|saying open wifi is a good thing |
No one has said that anywhere in the thread.
You're right, Google can listen in on anything not secured and use the data any way they feel like. It's okay... You win. Google is in the right, that's why three countries are asking for information from them, Google's wanting to destroy information (evidence) they've been gathering for 3 years (now that people see their hand in the cookie jar) and other countries are looking into their actions... They're so right on the Governments want to have a look at what they have so they give them an award for a job well done!
They can also crawl whatever website they want to. Unless the robots.txt says not to. And I fully hope that all those up in arms about Google scanning unsecured data will stand by their principles and block them from their sites and no longer use any Google product on principle alone.
Oh, and by the way, don't read what I just wrote. I didn't mean to post that here, so just move along.
| This 155 message thread spans 6 pages: 155 (  2 3 4 5 6 ) > > |