Google Collected Wi-Fi Data For Years In Street View Missions: Oops

rated by 0 users
This post has 8 Replies | 1 Follower

Top 10 Contributor
Posts 25,805
Points 1,164,560
Joined: Sep 2007
ForumsAdministrator
News Posted: Fri, May 14 2010 6:41 PM
Oh boy, this won't go over well. Just as the weekend was getting set to kick into high gear, Google dropped one more bombshell for the news crowd to hop on. The company, which has seen lots of criticism lately over botched privacy efforts (most recently involving Google Buzz's auto-add friend feature), is about to be blasted once more after admitting that they actually cataloged Wi-Fi data while collecting information via Google Street View cars.


All of this started nine days ago, when the data protection authority (DPA) in Hamburg, Germany asked to audit the Wi-Fi data that the company's Street View vehicles were collecting; Street View is an awesome feature of Google Maps where you can actually see what the street looks like around a given address, and while driving cars around collecting images, Google was also tapping into Wi-Fi. Nothing wrong there, but here's where it gets sticky. Back in April, the company stated that they didn't "collect publicly broadcast SSID information (the WiFi network name) and MAC addresses (the unique number given to a device like a WiFi router) using Street View cars," and they did not collect payload data (information sent over the network). That has now been proven untrue.

In a post today from the company, they confessed to mistakenly collecting samples of payload data from open (non-password protection) Wi-Fi networks, though that information was never used in any Google product. Still, when a company is this large, these kind of mistakes raise red flags, and Google is coming clean in order to hopefully make the bleeding less intense. They state that this was all "quite simply, a mistake," and as soon as they became aware of the issue they grounded the Street View cars and segregated the data on our network. This seems like a sensible way of handling it, but the company is going to far as to stop collecting Wi-Fi data entirely. Hopefully consumer use won't suffer because of this, but here's the company's final bullet points on the matter:

Maintaining people’s trust is crucial to everything we do, and in thiscase we fell short. So we will be:
  • Asking a third party to review the software at issue, how it worked and what data it gathered, as well as to confirm that we deleted the data appropriately; and
  • Internally reviewing our procedures to ensure that our controls are sufficiently robust to address these kinds of problems in the future.
In addition, given the concerns raised, we have decided that it’sbest to stop our Street View cars collecting WiFi network data entirely.

This incident highlights just how publicly accessible open,non-password-protected WiFi networks are today. Earlier this year, weencrypted Gmail for all our users, and next week we will start offeringan encrypted version of Google Search. For other services users cancheck that pages are encrypted by looking to see whether the URL beginswith “https”, rather than just “http”; browsers will generally show alock icon when the connection is secure. For more information about howto password-protect your network, read this.

The engineering team at Google works hard to earn your trust—and we areacutely aware that we failed badly here. We are profoundly sorry forthis error and are determined to learn all the lessons we can from ourmistake.
  • | Post Points: 140
Top 25 Contributor
Posts 3,772
Points 40,510
Joined: Jan 2010
Location: New York
Inspector replied on Fri, May 14 2010 6:56 PM

YA if only it was a MISTAKE... :D

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,700
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Fri, May 14 2010 7:07 PM

If you run open wifi, how concerned can you really be about security and privacy of data?

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 10 Contributor
Posts 4,817
Points 45,650
Joined: Feb 2008
Location: Kennesaw
rapid1 replied on Fri, May 14 2010 7:18 PM

That would be true if almost (probably 75% or more) consumers did not run unprotected networks setup as defaults. Of course there so smart they don't know anyone with rudimentary WIFI knowledge could hack into there router in 5 minutes if that, and into there computer in probably 15.

OS:Win 7 Ultimate 64-bit
MB:ASUS Z87C
CPU:Intel(R) Core(TM) i7 4770 ***
GPU:Geforce GTX 770 4GB
Mem:***ingston 16384MB RAM
  • | Post Points: 5
Top 25 Contributor
Posts 3,466
Points 46,975
Joined: Nov 2005
Location: Metropolis
ForumsAdministrator
Moderator

News:
they confessed to mistakenly collecting samples of payload data from open (non-password protection) Wi-Fi networks

I'm not exactly sure what this means, but did they actually have to connect to the non-secured network to collect their payload data? Was this 'mistake' confined to Germany, or did Google pull the same stunt here in the US?

 SPAM-posters beware! ®

  • | Post Points: 5
Top 150 Contributor
Posts 498
Points 6,040
Joined: Feb 2010
Location: South Carolina

I don't understand what kind of effect this has. Unless people are afraid that google was secretly trying to take over the world without anyone noticing.

  • | Post Points: 5
Not Ranked
Posts 4
Points 20
Joined: May 2010
Location: New Jersey
jm0069 replied on Sat, May 15 2010 11:22 AM

Doubtful it was an accident heh.. people don't "catalog" broadcasted ssid's/wap information by accident. It may have been seen by accident, but I'm a bit confused as to how this was databased by "accident".

  • | Post Points: 5
Top 10 Contributor
Posts 8,571
Points 103,110
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Sat, May 15 2010 3:51 PM

People who don't secure their network deserve what they get.

I have a little gizmo that tells me when a signal is present and if it is locked or not. So I "could" drive around in neighborhoods and surf the web anytime I wanted to.

I have really nice 10Mbps access at home though.

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Top 150 Contributor
Posts 639
Points 7,630
Joined: Jul 2009
ClemSnide replied on Sun, May 16 2010 8:54 PM

The thing is, (1) not everyone knows how to enable security features. I know, the default technogeek answer is that they deserve what they get, but that's as wrong as saying that someone who doesn't lock their door deserves to be robbed. Or that someone who works a night shift and walks to the workplace deserves to be mugged.

And (2), sometimes it's impossible. If all of our devices were of the latest vintage, we'd be OK. But most of us drive a mixture of old and new devices. My old Linksys router doesn't allow the encryption that comes on my iPod Touch. (I've tried, kids. It just doesn't.) The closest I could come is MAC address filtering, which it does in a tremendously flaky manner that I'm not sure actually works.

Slot A, meet tab B. I really wish you two could be friends.


"I didn't cry when Bambi's mother was shot... but I cried when HAL was turned off."

  • | Post Points: 5
Page 1 of 1 (9 items) | RSS