Google admits Street View WiFi sniffing
Google's Street View cars have been routinely capturing traffic from unencrypted WiFi networks.
Following concerns raised by German authorities over the privacy implications of the data gathered by Google's Street View cars, the company wrote a blog post at the end of last month which aimed to reassure people that the information gathered was publicly available and of no threat - making specific reference to the fact that although WiFi network information including location, SSID, and MAC address is gathered "Google does not collect or store payload [network traffic] data."
Sadly, it turns out that this statement is false. In an updated post made last Friday, the company admits that " it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks" in direct contravention of its previously stated privacy claims.
The company claims that the traffic capture capabilities of the Street View cars came about as a result of code added to a project back in 2006 by an over-zealous engineer which was then adapted and modified to capture SSID and MAC details - but crucially never had the code to capture payload data removed.
Although Google promises to delete all the gathered payload data as soon as possible - but not before asking a third party to fully investigate the incident - and has since removed the Street View cars from service in order to purge the relevant code, the admission is likely to damage already thorny relations with EU officials who are increasingly concerned about Google's apparent fast-and-loose approach to privacy.
There is good news on the horizon, however: as a mea culpa for its activities, Google has announced that it is to allow search users to employ an HTTPS encrypted connection - something Google Mail users have enjoyed for a while - which will keep their search traffic safe, even on an unencrypted WiFi network.
Do you believe Google's claims that the capturing of vast quantities of private WiFi traffic was accidental, or is the company merely making the admission now to save face later - and after exhausting the search for a commercial means of exploiting the data? Is Google drifting away from its original "don't be evil" roots? Share your thoughts over in the forums.
Previous Article
16 Comments
Discuss in the forums ReplyDammit! I wanted to be the one to say that :(
I say kudos to Google for owning up and taking immediate action. If anything hopefully this will serve to highlight the fact that running an unsecured WiFi network is stoopid, and more people will take basic steps to secure theirs.
Google didn't own up to it though. This was only found out after the Germans asked to the look at the data the streetcars collected.
If the Germans never asked for access, do you think they would have seriously owned up to it?
You have missed the point, in some countries (UK included) citizens have been fined or even sent to gaol for wardriving (usually as 'unauthorized access of a computer network') but Google seem to think it's OK to break the law and when they are found out they say Woops our bad! and nothing happens.
I was surprised to find these days I like Microsoft and think Google are pure evil. Ballmer and his mates have created an industry for me to work in that pays extremely well plus developed two gaming platforms I enjoy (PC and xbox). All Google ever seems to do these days is take the piss and sell my data.
lolwut?
If you give a ****, your network will have basic encryption switched on. If people are stupid enough to leave their networks unencrypted in urban areas then google sniffing packets from them are the least of what could happen.
The law needs to be changed to reflect that if you make your wi-fi traffic public, you do so at your own risk.
Technically, anyone with a laptop with wi-fi is currently breaking the law, because any wi-fi radio in any laptop is always 'receiving' the signals of any wi-fi hotspots in range. I agree it's suspicious that google would record payload data, but it sounds like it wasn't a policy decision, it sounds like it was just something the software can do and they overlooked disabling it.
+1
takes all of 30 seconds and a handful of button presses.
Yeah, but there are those ( usually on talktalk ) who are of a certain age and can only just turn on their PC and look at the grandkids images on facebook, nevermind log into a router and adjust the settings.
When I installed my wireless at home I did a quick scan and found 16 local networks, out of which 5 were unsecure. A little walk to the shop with the iphone and the wireless application I have switched on has located them to just behind mine where there are quite a few bunglelows. I'm in the process of speaking to them as I know they'll all be sat outside tonight in the sun to offer my services (not like that you sick puppies!) and secure their networks as it's only a 5 min jobby :)
No one should be pissy with Google at this.
If you're too lazy to put an encryption on your wifi,
well then tough cookies.
Routers honestly should come with WEP/WPA~2
switched on and make part of the set up, setting a password.
Save a lot of these kinds of discussions.
Wake me when they start cracking passwords to get in.
breaking wep is easy to do pretty much everybody is doing it.. remember when I setup my first wireless g network when it just came out.. was the only one around in my neighborhood and I thought I was soo secure running wep xD
Pretty sure they were unaware of the privacy issues *until* the german authorities asked them to check it out.
Since then Google THEMSELVES have since requested a third party investigation to reassure people...
Personally I don't even see the problem - they were unsecured networks, and only portions of payload were taken, it's not like they camped outside someone's house for a week sucking up every bit of data traveling on their network, they drove past and snatched up a few random packets. Now I don't know how fast your wifi is, but I wouldn't be able to transmit a life's worth of personal data in a few seconds.
tl;dr: cry me a river.