Sadly, in the real world there are quite a few pages that do transmit the password itself.
Other than that I agree with you 100%, especially as many seem to think that Google actually needed to connect to each AP. These people don't understand the technology, and I would guess probably don't understand the law either. Even if they do, it's useless if they don't understand the technology (just ask Stephen Conroy!)
It's all a lot of fuss about nothing, and screaming that something is 'illegal' does not mean it is necessarily so. I'm also finding it very hard to believe that some of the Reg's readership are so stone dead stupid as to still believe it must have been deliberate. I've posted the maths, as have others, we're talking about an absolute maximum of 1MB of data for each network (getting stuck in traffic aside).
Of course passwords were collected, if they were being transmitted at the time it's hardly surprising. I'd be surprised, though, if they actually also got the other things they'd need to use most of the passwords (usernames for example.)
Some people choose to run an open network for a variety of reasons. To them I say STOP WHINING. You took a calculated risk - you left your network open in the knowledge that anyone could connect - and lost. It may not be right, but it's a result of the risk that YOU took.
Yes ISP's and Manufacturers do sometimes ship with open as the default. But you know what, it aint too much to ask to RTFM. If you're planning on transmitting anything sensitive, then you should - as a responsible adult - take appropriate steps to secure the data. Not everyone understands IT it's true, but consumer router manuals are not complex. Most have a web interface.
For a long time, I had my wireless disabled because it wasn't secure enough for what I wanted. Nowadays the AP is on but secured. If I want to do anything I consider sensitive, I tie the terminal to the wall with a CAT5. I take full responsibility for the security of what flies over my network, and anyone who has their own should do the same.
I'm sick of the shitty analogies, so lets take a real scenario. Would you entrust commercially sensitive documents to Google Docs? I wouldn't, and if you wouldn't then you're taking personal responsibility for the security of the documents. Why is it so much to ask that you do the same for your network?
The issue of encrypted packets being discarded is completely irrelevant. Google have said that the script used was written by an engineer for a private project. It makes complete sense that he'd discard the garbage. It aint like they'd adjusted the script to do it afterwards!
The individuals duty of care to themselves is a concept that is sadly dying a death, much like common sense!
I've no problem with people having an opinion, but do try to make sure it's actually an EDUCATED opinion
Go ahead and downvote me, makes no difference to me.
I'm going to go and calm down now, and I'm well aware how arrogant and obnoxious that post sounded, but it's stuff that I think needed to be said!