Feeds

back to article You know what Google needs? Another Street View data-slurp probe

A UK inquiry should be held to determine whether Google knew that its Street View cars were collecting personal data over unsecure Wi-Fi networks for use in other projects, a politician has said. Claude Moraes, an MEP who represents London, said that allegations contained in a recent US regulator's report into the matter should …

COMMENTS

This topic is closed for new posts.
Silver badge
Mushroom

Not this again

As much as I dislike Google spying on our emails, documents* etc....if you are monumentally stupid enough to blast your information unencrypted over the air, then you deserve what you get. Why broadcast in the clear unless you want man+dog to listen in? Seriously, just how thick do you have to be?

If Google turn round and do something illegal with that data, then we can talk. In the mean time, encrypt your WiFi.

Cue the downvotes - I can take it.

*I do use gmail, but hopefully not for much longer. I refuse to use Google drive, apps or docs due to privacy concerns and I block Google as much as possible.

9
13
Silver badge
Thumb Up

Re: Not this again

Exactly. I doubt Google did it to try and exploit the data, it was probably some engineer's design not being suitably vetted/reviewed. Any fool would be able to see that it's Not Okay to intercept and analyse peoples' network traffic even if they are on an unencrypted network, and Google whatever they may be are not fools.

3
7
Thumb Down

Re: Not this again

By that logic you presumably also believe that people who occasionally forget to lock their cars/houses deserve everything they get as well.

Just because something isn't secured doesn't mean it's okay for anyone who feels like it to wander in and collect whatever they fancy.

14
6
Silver badge
Meh

Re: Not this again

It's more like complaining that people are eavsdropping when shouting down a cellphone on the train.

8
4
Anonymous Coward

Re: Not this again

Hang on just a mo.

GSV were trotting around taking photos. That's fine; it's what they said they were doing.

BUT Can someone please explain WTF a WiFi connection was necessary for if the purpose o fthe exerecise was just taking photos?

In fact, why was there an active WiFi point in the vehicle in the first place? The thing is going to spend its entire active life more than 30m from base, after all.

Dataslurping begins to sound pretty bloody intentional - you don't "accidentally" design a WiFi system into a camera, do you?

10
2
Silver badge

Re: Not this again

@ed2020 - No, because that's theft (although their insurance company may argue negligence).

Nice way to conflate to completely separate issues.

4
3
Silver badge

Re: Not this again

@hplasm - Exactly.

If the other people wrote that information down and then used it to commit a fraud against you...then you'd have recourse. But just for overhearing or record "Dude on the train said this totally unbelievable thing..."? No.

3
4
Silver badge

Re: Not this again

@AC - how do you think a lot of geo-location works?

Clue: It's not all satellites in space, y'know.

0
0
Thumb Down

Re: Not this again

You'd have to wonder why someone would take all the trains in the word with a microphone and a recorder. Not to mention your presence alone does NOT make you "feel" the WiFi signal.

2
0
Boffin

Re: Not this again

They were doing it on purpose to link MAC addresses (universally unique addresses of home and business wireless routers) to GPS co-ordinated. This is so they can guess where you are in the future by looking up the MAC addresses your mobile device can see and checking these against a world wide database - not a bad idea if your GPS coverage is a bit flacky.

Of course they picked up a lot of garbage as well as the MAC addresses they wanted in the spource data, and someone thinks that there's half a chance that the source data still exists (unlikely) and that someone would be arsed to search through it for anything other than the address data (verging on the paranoid delusional).

3
0
Thumb Down

Re: Not this again

It's more like complaining that people are eavsdropping when shouting down a cellphone on the train.

No, it isn't. Shouting down a cellphone on a train means people can hardly avoid overhearing and it's reasonable to assume the person on the phone doesn't expect privacy. Slurping unencrypted network traffic requires a conscious effort and it is reasonable to assume that the owner of the network isn't expecting people to be listening in.

3
1
Silver badge

Re: Not this again

Lots of downvotes from people running unencrypted routers who think they have any expectation of privacy whatsoever?

Silly people. Oh well, carry on with your voting patterns then.

2
5
Thumb Down

Re: Not this again

No, because that's theft (although their insurance company may argue negligence).

Nice way to conflate to completely separate issues.

Okay, maybe it would be a fairer comparison if I'd referred to somebody walking in and having a nose around? Either way the lack of security is unintentional and it is not reasonable to assume the network owner (or householder, in my example) is happy for people to be snooping around.

3
1

Re: Why MAC useful

Not to mention that MAC data is useful for laptops to locate themselves, and most of them don't have GPS hardware at all. That's what that little "browser wants to share your location data with application" popup DOES once you press Yes: it sends the relevant network information off to Google, Google says "This is where we think that WIFI thing is", and the widget announces that to the application. Usually that's good enough for several tens of metres of accuracy.

0
0

Re: Not this again

That's a bit of a flawed analogy. What this is more like is standing at your bedroom window, shouting how you murdered someone while a BBC camera crew is standing next door. In this situation, you cant really then complain when your 'broadcasts' get captured by a third party.

Perhaps somebody can answer this question. Were Google merely collecting broadcast data, or were they actively attempting to connect to unsecured access points? If it was the former, then my analogy is pretty much perfect. If on the other hand they were actually making connections, then their behaviour is a little harder to justify, although I'm still hesitant to criticise too much, since there is no real reason for leaving your access point unsecured.

1
0
Thumb Down

Re: Not this again

That's a bit of a flawed analogy. What this is more like is standing at your bedroom window, shouting how you murdered someone while a BBC camera crew is standing next door. In this situation, you cant really then complain when your 'broadcasts' get captured by a third party.

In the example you give the person shouting from their bedroom window should expect somebody to overhear - even if nobody is actively trying to do so. This is not in any way the same as somebody running an unsecured wireless network - to capture and retain that information requires somebody trying to do so.

It's not my analogy that's flawed, it's yours.

I am not arguing that running an unsecured wireless network is in any way sensible, but many people do so and do not expect people to be slurping their traffic as a result.

1
1

Re: Not this again

@AC - how do you think a lot of geo-location works?

Clue: It's not all satellites in space, y'know.

Which explains the collection of BSSIDs. It doesn't explain the collection of everything else they ended up with.

1
0
Silver badge

Re: "no real reason for leaving your access point unsecured."

Exactly.

I don't even call them "secure" or "nonsecure" any more. I call them "private" and "public" respectively.

If you're running a public router, expect the public to connect to it. Oh, and for people to hear what you're transmitting.

1
1
Silver badge

Re: "...doesn't explain the collection of everything else they ended up with."

me@home ~/Documents$ sudo airodump-ng --write logfile mon0

Do you think the engineers customised everything to the hilt? Or did they just run an existing bit of software that does the job?

0
0
Silver badge
FAIL

Re: "...doesn't explain the collection of everything else they ended up with."

"The engineers" as you call them is actually Marius Milner, the author of NetStumble. So yes, I'm convinced that was the basic starting point and then he customized it.

0
0

Re: "...doesn't explain the collection of everything else they ended up with."

There's plenty of software available to collect BSSIDs and associated locational coordinates. Collecting any more than that was unnecessary and avoidable.

0
0
Silver badge
Flame

This is the new normal competition

Google's competitors now scour the world for any sort of offense they can find. And if they can't find one, they make one up. "Special friends" are encouraged to investigate - even if political campaigns must be contemporally (but completely coincidentally) greased. So many of these have been found to be baseless in the last year it's astounding.

This is what technology innovation has become: the dirty, slimy underbelly of politics - committed to the prevention of your competitor's progress by any means necessary.

3
1
Anonymous Coward

What we need

is a huge amount of money spending on this.

Just so we can be sure.

Sheesh!

3
0
Stop

No need...

It's already been determined that they *did* know. There is email, revealed by Google where one of their staff cites privacy concerns over the behaviour of the software (which was based in large part on a GPL WiFi network sniffing application).

It was all reported here on the Reg.

1
0
Silver badge
Joke

Allegations that Google may have had knowledge of their actions are extremely serious

Someone once alleged that I had knowledge of my actions, but I was quick to refute him.

2
0
Silver badge

Not guilty because... I didn't read the email! Yeah, that's it!

Right. Some "rogue engineer" wrote the software code that enabled Google's Street View cameras to capture Wi-Fi data. And here I am so backwards that I didn't even know cameras could do that. Or maybe the "rogue engineer" wrote some software that gave him the authority to install wardriving gear in the cars, eh?

Sound very plausible. Well, maybe not...

http://www.huffingtonpost.com/eric-k-clemons/google-privacy-case_b_1522874.html?ref=google :

"Whether or not the harm of Google's Wi-Spy abuses is comparable with their magnitude, I would like to suggest that Google's privacy practices can no longer be considered acceptable.

* If a rogue Chinese official collected this much information on American citizens, even without authorization within the Chinese Government, we would be outraged

* If a rogue CIA or FBI agent collected this much information on American citizens, even without authorization from appropriate authorities with the Federal Government, we would once again be outraged.

And yet we now know that Google's Wi-Spy scandal was not the work of a rogue employee, but had been cleared and was intentional." (This is a very worthwhile article, and goes far beyond this one particular scandal. The article's assertion that this was intentional links to the following:)

http://www.nytimes.com/2012/05/01/technology/engineer-in-googles-street-view-is-identified.html?_r=2&pagewanted=all :

"Engineer in Google Case Is Identified:

"Google long maintained that the engineer was solely responsible for this aspect of the project, which resulted in official investigations, some still unresolved, in more than a dozen countries. But a complete version of the F.C.C.’s report, released by Google on Saturday, has cast doubt on that explanation, saying that the engineer informed at least one superior and that seven engineers who worked on the code were all in a position to know what was going on.

The F.C.C. report also had Engineer Doe spelling out his intentions quite clearly in his initial proposal. Managers of the Street View project said they never read it. "

Never read it. And they think that, even if it were true, it absolves them of responsibility? I guess they do.

On the other hand, some people think that he was hired precisely for his experience in writing wardriving software.

3
1
Silver badge

Now here's the thing...

Google were driving round collecting packets from people's wi-fi, but the odds are that they would be one or two packets from each access point, and the primary purpose of this was for their location data - in other words using your MAC address to identify where you are. You may or may not be okay with this - personally, I'm not greatly happy about Google being able to determine my location by the MAC address of my routing hardware.

Okay, Google were naughty to be colelcting and storing more information than they strictly needed for this task, but the odds are that there isn't much else they could use this for, they deserve a slap on the wrist for it, and not much more.

What DOES concern me is that there are enough people out there using unecrypted wi-fi that Google could intercept their emails whilst driving by. These people are in serious need of some education - if someone relatively benign* as Google can intercept their wi-fi whilst driving past, ANYONE could be doing the same without detection, be it their neighbours, someone in the park opposite, or someone parked outside in that suspicious white van.

If you're using wi-fi, you are broadcasting information - in my opinion, picking up that broadcast isn't 'interception' any more than watching TV is. If you can't be arsed to figure out how to encrypt your wi-fi, use a wire.

* Relative is a relative term, as it were.

3
2
FAIL

I blame the press

For falsely hyping up the severity of this.

Firstly, you would have to be stupid enough to have your wifi unsecured.

Secondly, you would have to be transmitting data at the exact moment the Streetview car was in your area.

Thirdly, you would have to be sending data over a unsecured non-SSL connection.

Fourthly, Google would have to packet analyze that data and turn it into something useful.

The number of people affected: 0

The amount of times I have seen it reported in the press that "Google could surf your home computer's hard drive during streetview slup" is beyond belief. How stupid are the tech writers?

This news gets the Shitpeas "Storm in a teacup" award for sensationalist press reporting.

4
2

Claude Moraes, an MEP who represents London

Really? I wondered vaguely what MEPs did exactly. Shame it turns out my assumption they probably just waste our time & money would appear to be correct.

0
0
Anonymous Coward

Corrected sub-heading......

"London's man in Europe has f**k all of any importance to do"

See. Fixed.

1
0

Bluff and bluster

Sounds like what the Americans might call grandstanding - some little-known politician trying to make a name for themselves.

1
0
Anonymous Coward

White Collar Crime

A UK inquiry should be held to determine whether Google knew that its Street View cars were collecting personal data over unsecure Wi-Fi networks for use in other projects

No, what the public needs to do is decide what is acceptable, and what isn't.. We already know what problems this stuff can cause. A zillion arguments for why it isn't encrypted, the reality is some people are going to run open if they can. So what do you want to do about it? Allow it? Outlaw it? Outlaw snooping on it? Allow snooping on it? That's all that needs to be discussed. No need for "inquiry" which won't get shit done.

0
0
Bronze badge
Pirate

MAC twin towns

Could somebody please write some code so I can randomly exchange my WiFi AP MAC with other users in remote locations. I so want to see those confused Chromebook users suddenly find they are in Glasgow, Bristol, no Leeds, Romford.

0
0
Big Brother

I agree with Mr Moraes that Wifi slurping by Google's Street View

is the greatest danger to privacy in the UK and definitely requires an inquiry. Why worry about such minor facts that the UK was estimated over a year ago (http://www.guardian.co.uk/uk/2011/mar/02/cctv-cameras-watching-surveillance) to have at least 1.85 million CCTV cameras, i e, one for every 32 persons residing in the country, when attention can be distracted by pointing to Google's excesses ? The number of cameras in the London Underground alone was said to be as many 11000. But by all means, do get exercised about Google's Street View - after all. the price of liberty is said to be eternal vigilance and under just which cup is that little pea ?...

Henri

0
0
This topic is closed for new posts.