bit-tech.net

Google admits Street View WiFi sniffing

Google admits Street View WiFi sniffing

Google's Street View cars have been routinely capturing traffic from unencrypted WiFi networks.

Google has found itself in the hot seat following the revelation that it captured vast quantities of private traffic from unencrypted routers during its Street View photography runs.

Following concerns raised by German authorities over the privacy implications of the data gathered by Google's Street View cars, the company wrote a blog post at the end of last month which aimed to reassure people that the information gathered was publicly available and of no threat - making specific reference to the fact that although WiFi network information including location, SSID, and MAC address is gathered "Google does not collect or store payload [network traffic] data."

Sadly, it turns out that this statement is false. In an updated post made last Friday, the company admits that " it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks" in direct contravention of its previously stated privacy claims.

The company claims that the traffic capture capabilities of the Street View cars came about as a result of code added to a project back in 2006 by an over-zealous engineer which was then adapted and modified to capture SSID and MAC details - but crucially never had the code to capture payload data removed.

Although Google promises to delete all the gathered payload data as soon as possible - but not before asking a third party to fully investigate the incident - and has since removed the Street View cars from service in order to purge the relevant code, the admission is likely to damage already thorny relations with EU officials who are increasingly concerned about Google's apparent fast-and-loose approach to privacy.

There is good news on the horizon, however: as a mea culpa for its activities, Google has announced that it is to allow search users to employ an HTTPS encrypted connection - something Google Mail users have enjoyed for a while - which will keep their search traffic safe, even on an unencrypted WiFi network.

Do you believe Google's claims that the capturing of vast quantities of private WiFi traffic was accidental, or is the company merely making the admission now to save face later - and after exhausting the search for a commercial means of exploiting the data? Is Google drifting away from its original "don't be evil" roots? Share your thoughts over in the forums.

16 Comments

Discuss in the forums Reply
scawp 17th May 2010, 11:51 Quote
google one step closer to skynet everyday. sack of c*nts.
Aracos 17th May 2010, 12:06 Quote
Quote:
Originally Posted by scawp
google one step closer to skynet everyday. sack of c*nts.

Dammit! I wanted to be the one to say that :(
mclean007 17th May 2010, 12:16 Quote
Surely more to the point is that if you're running an unsecured WiFi network you should assume that someone is listening to every packet transmitted. In this case it was Google, they only got fragments, and they've pledged to purge it all, so no harm done. Google hasn't published anything they snooped, and it's not like they were actively trying to break into networks - they were just trundling down public roads recording data transmitted in the clear. They weren't using specialist equipment for this either - it could equally well have been someone with sinister intentions using any old laptop with freely available WiFi packet sniffing software.

I say kudos to Google for owning up and taking immediate action. If anything hopefully this will serve to highlight the fact that running an unsecured WiFi network is stoopid, and more people will take basic steps to secure theirs.
Lee @ Scan 17th May 2010, 12:19 Quote
Quote:
Originally Posted by mclean007
I say kudos to Google for owning up and taking immediate action.

Google didn't own up to it though. This was only found out after the Germans asked to the look at the data the streetcars collected.

If the Germans never asked for access, do you think they would have seriously owned up to it?
rickysio 17th May 2010, 12:19 Quote
Like Google doesn't know enough of us already. Wifi won't matter.
Fizzl 17th May 2010, 13:42 Quote
Quote:
Originally Posted by rickysio
Like Google doesn't know enough of us already. Wifi won't matter.

You have missed the point, in some countries (UK included) citizens have been fined or even sent to gaol for wardriving (usually as 'unauthorized access of a computer network') but Google seem to think it's OK to break the law and when they are found out they say Woops our bad! and nothing happens.

I was surprised to find these days I like Microsoft and think Google are pure evil. Ballmer and his mates have created an industry for me to work in that pays extremely well plus developed two gaming platforms I enjoy (PC and xbox). All Google ever seems to do these days is take the piss and sell my data.
FelixTech 17th May 2010, 14:12 Quote
I'd still take Google over Facebook though...
Zurechial 17th May 2010, 16:27 Quote
So people are getting up on their high horses about sniffing of unencrypted wifi networks?
lolwut?

If you give a ****, your network will have basic encryption switched on. If people are stupid enough to leave their networks unencrypted in urban areas then google sniffing packets from them are the least of what could happen.
Quote:
Originally Posted by article
vast quantities of private WiFi traffic
If the traffic is private, encrypt the network - Simple as that.
Psytek 17th May 2010, 20:23 Quote
If you write your credit card details in 10ft high letters on a wall on a main high street with spraypaint... you should expect someone to find that information...

The law needs to be changed to reflect that if you make your wi-fi traffic public, you do so at your own risk.
Technically, anyone with a laptop with wi-fi is currently breaking the law, because any wi-fi radio in any laptop is always 'receiving' the signals of any wi-fi hotspots in range. I agree it's suspicious that google would record payload data, but it sounds like it wasn't a policy decision, it sounds like it was just something the software can do and they overlooked disabling it.
dark_avenger 18th May 2010, 01:36 Quote
Quote:
Originally Posted by Zurechial
So people are getting up on their high horses about sniffing of unencrypted wifi networks?
lolwut?

If you give a ****, your network will have basic encryption switched on. If people are stupid enough to leave their networks unencrypted in urban areas then google sniffing packets from them are the least of what could happen.


If the traffic is private, encrypt the network - Simple as that.

+1

takes all of 30 seconds and a handful of button presses.
Lee @ Scan 18th May 2010, 11:15 Quote
Quote:
Originally Posted by dark_avenger
+1

takes all of 30 seconds and a handful of button presses.

Yeah, but there are those ( usually on talktalk ) who are of a certain age and can only just turn on their PC and look at the grandkids images on facebook, nevermind log into a router and adjust the settings.

When I installed my wireless at home I did a quick scan and found 16 local networks, out of which 5 were unsecure. A little walk to the shop with the iphone and the wireless application I have switched on has located them to just behind mine where there are quite a few bunglelows. I'm in the process of speaking to them as I know they'll all be sat outside tonight in the sun to offer my services (not like that you sick puppies!) and secure their networks as it's only a 5 min jobby :)
Faulk_Wulf 19th May 2010, 01:20 Quote
Love your neighbors but lock your doors.
No one should be pissy with Google at this.
If you're too lazy to put an encryption on your wifi,
well then tough cookies.

Routers honestly should come with WEP/WPA~2
switched on and make part of the set up, setting a password.
Save a lot of these kinds of discussions.

Wake me when they start cracking passwords to get in.
thehippoz 19th May 2010, 02:18 Quote
we live right across from a high school.. the kids there for years after school have been running unencrypted full shares everything- it's gotten better the last couple of years though

breaking wep is easy to do pretty much everybody is doing it.. remember when I setup my first wireless g network when it just came out.. was the only one around in my neighborhood and I thought I was soo secure running wep xD
giantegg 19th May 2010, 05:17 Quote
Quote:
Originally Posted by Lee @ Scan
Quote:
Originally Posted by mclean007
I say kudos to Google for owning up and taking immediate action.

Google didn't own up to it though. This was only found out after the Germans asked to the look at the data the streetcars collected.

If the Germans never asked for access, do you think they would have seriously owned up to it?

Pretty sure they were unaware of the privacy issues *until* the german authorities asked them to check it out.
Since then Google THEMSELVES have since requested a third party investigation to reassure people...

Personally I don't even see the problem - they were unsecured networks, and only portions of payload were taken, it's not like they camped outside someone's house for a week sucking up every bit of data traveling on their network, they drove past and snatched up a few random packets. Now I don't know how fast your wifi is, but I wouldn't be able to transmit a life's worth of personal data in a few seconds.

tl;dr: cry me a river.
topgold 31st May 2010, 07:29 Quote
OK, tell me again why it's bad for my local shop, rail carriage or B&B to offer free and open wifi to those within range of the wireless access point. I'd expect free illumination to come on when I hit the switch and free water from the tap when I wash my hands. Why lock down a public service?
sb1991 1st June 2010, 13:28 Quote
Well, it's not really free and neither are water or electricity. If you're paying for the train ride/buying goods in a shop then sure, but it isn't a public service. More importantly, collecting data on unsecured wireless networks potentially allows them to be taken advantage of if the data gets into the wrong hands (imagine if unsecured home networks showed up on google earth!). It's not so much that google might be out collecting people's personal data, but that somebody else might be able to if they got hold of google's information.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums