Google's Street View cars have been routinely capturing traffic from unencrypted WiFi networks.
Google has found itself in the hot seat following the revelation that it captured vast quantities of private traffic from unencrypted routers during its Street View photography runs.
Following concerns raised by German authorities over the privacy implications of the data gathered by Google's Street View cars, the company wrote a blog post
at the end of last month which aimed to reassure people that the information gathered was publicly available and of no threat - making specific reference to the fact that although WiFi network information including location, SSID, and MAC address is gathered "Google does not collect or store payload [network traffic] data
Sadly, it turns out that this statement is false. In an updated post
made last Friday, the company admits that " it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks
" in direct contravention of its previously stated privacy claims.
The company claims that the traffic capture capabilities of the Street View cars came about as a result of code added to a project back in 2006 by an over-zealous engineer which was then adapted and modified to capture SSID and MAC details - but crucially never had the code to capture payload data removed.
Although Google promises to delete all the gathered payload data as soon as possible - but not before asking a third party to fully investigate the incident - and has since removed the Street View cars from service in order to purge the relevant code, the admission is likely to damage already thorny relations with EU officials who are increasingly concerned about Google's apparent fast-and-loose approach to privacy.
There is good news on the horizon, however: as a mea culpa
for its activities, Google has announced that it is to allow search users to employ an HTTPS encrypted connection - something Google Mail users have enjoyed for a while - which will keep their search traffic safe, even on an unencrypted WiFi network.
Do you believe Google's claims that the capturing of vast quantities of private WiFi traffic was accidental, or is the company merely making the admission now to save face later - and after exhausting the search for a commercial means of exploiting the data? Is Google drifting away from its original "don't be evil
" roots? Share your thoughts over in the forums