back to article Google's WiFi snoop - who knew and who didn't?

How do you mistakenly spend three years collecting personal data from the world's open WiFi networks? We're not quite sure. We can only hope that when Google asks an outsider to scrutinize the WiFi-snooping habits of its Street View cars, the results are released to the public. Google spent three years collecting personal data …

COMMENTS

This topic is closed for new posts.
  1. PJ H
    WTF?

    LOL WUT?

    "The engineering team at Google works hard to earn your trust - and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake"

    Are Google turning into Facebook? Their apologies for this sort of thing are starting to sound similar.

  2. Camilla Smythe
    WTF?

    Ahem

    Can someone explain to me, as a person with a 40G hard one with only 6G used and the opportunity to store a whole shedload of data on it, how 600GB of data is in some way 'not a lot'.

    "Certainly, the SSIDs and MAC addresses were eventually uploaded to the company's servers, and if the payload data was uploaded as well, this would increase the likelihood that someone knew it was there."

    FFS!!!1109876 Or maybe I am overreacting.... but the cars were GPS enabled and taking snapshots of peoples houses as they hosed up this lot of data.

    "Hi Tim, yes would love to meet you for some serious rubber sex. My place. Tuesday afternoon OK? Love James".

    GoogleCameraClick- 58 Spong Road, BlartelyVille.

    That's about 130 bytes uncompressed...

  3. amanfromMars 1 Silver badge

    New Alien World Order

    Privacy? A thing in the Past which is now long gone in the Present. Get over it and move on, please, for the Future is better in Betas with no dirty hidden secrets.

    1. jake Silver badge

      Please, do tell amfM ...

      "the Future is better in Betas with no dirty hidden secrets."

      How's the article on AI coming? Will we get full disclosure? Or are there dirty hidden secrets? ;-)

  4. Brian 62
    Stop

    Who ... cares?

    The real question is "who cares?" This is a totally over-hyped story. Even though it sounds like a lot of data, it was collected with the vehicles were moving. Even sitting at a stoplight the most it would be was a few minutes connected to each hotspot. So that means it's howevermany GBs of tiny little fragments of data, not a single stream from one source. Maybe enough to figure out 1 or 2 people's email address, but certainly nothing else. Google knows more about you from their ads showing up on every web site than they could ever get from this data.

    Oh, by the way, it was only on *public* wifi networks. Even the weak WEP encryption would have thwarted this "attack". Anyone on these networks has no right to get upset about it.

    1. Anonymous Coward
      FAIL

      Re: Who ... cares?

      Googles business is advertising and martketing.

      If a "market researcher came to your door, said that they had taken a few photos of your house and noted its location and then asked if you would mind if they snooped on any WLAN AP's they could see, would you mind?

      And even if your WLAN data is encrypted (WEP/WPA/WPAv2), unless you use an EAP-based authentication scheme, unencrypting the information based on rainbow tables would be trivial for a company with the compute resources of Google.

      Still, it's Google so everything is OK.

    2. Anonymous Coward
      Anonymous Coward

      So...

      ... in your world, not only would the insurance company fail to pay out because the burglary victim had inadvertently left his window open, but the burglar would walk free from court as well.

      The first is quite reasonable. The second is dangerously stupid.

    3. Gulfie
      FAIL

      It's principle and precedence, stupid

      Erm... whilst I would agree that the likelihood of the data collected being useful may appear to be small, it is the principle and the precedence that are important here.

      Taking a small step back, what gives Google the right to drive around my neighbourhood and record the approximate location, MAC address and other information it can extract from my router? Or my neighbour's router? Or everyone's in my town? Or indeed the whole country?

      Moving back to the data issue - I didn't give Google permission to interecept my internet traffic. Neither has anybody else who had data collected in this trawl. If nothing is done then Google might decide they have implied consent to continue collecting this type of data. How useful might it be to fit a data collection black box to every Google car, so that it automatically does this data grab as it is driven round on completely unrelated business?

      Just because my data is out there, does not mean I want it collected and analysed. To do so in this country would probably contravene 'wiretap' related laws anyway (see: PHORM). The accidental collection of the odd bit of data here and there IS no big deal. The systematic collection of data across several countries certainly is a big deal.

  5. Alastair 7

    Re: Ahem

    "Can someone explain to me, as a person with a 40G hard one with only 6G used and the opportunity to store a whole shedload of data on it, how 600GB of data is in some way 'not a lot'."

    Are you serious? Because your personal computer has 6GB of data on it, you can't possibly imagine that Google has more than that? Just think of the sheer number of miles those cars cover- it all adds up.

    I almost didn't want to read this article. Not because I'm not interested in the topic- I am- but because El Reg has developed such a tiring hatred for Google ("Chocolate Factory" stopped being funny about twelve months ago) that I knew once a story of a *legitimate* beef with Google came up, the report would be written in a deeply smug "told you so" kind of way. I was not wrong.

    1. Danny 14
      Big Brother

      you have missed the point

      600G of video or even hi res photos from 30 countries is not a lot at all.

      600G of compressed text is a monumental amount of data. It doesnt take much to capture packets, GPS location. Is it only 600G *after* uploading to googleHQ - i.e. after the chaff has been filtered out and only the juicy bits remain?

      I for one welcome our new GPS enabled, data snooping, photo grabbing overlords. Oh, wait a min, thats already here in the UK.

  6. Anonymous Coward
    Jobs Horns

    Here's the truth

    Google now have enough SSIDs with geo-location information in their database, that when you go to one of their websites in a browser that supports geo-location (which will be almost all of them soon), the list of nearby Wi-Wi networks your machine sends along to them will allow them to calculate exactly where you are, and ass YOU to the database too!

    Five minutes later, this information will be available to buy/licence/use by other companies. In case you hadn't noticed, Google are a business, which puts them primarily in the business of making money. This kind of data is worth a fortune! Imagine being able to serve someone an advert for a shop, quite literally, around their own corner rather than just in their country or city.

    It's all out of the bottle now, and even if Google are seen tp be deleting the raw data, don't think that means their databases no longer have the end result. As this article says, think about what they're actually saying, not what they expect you to infer.

    1. Daf L

      The truth?

      Err... I don't think you realise that is pretty much how it does work and is supposed to work. I'm not sure what you are getting at.

      If you go to a website, either Google or any other, that supports geolocation services and you are using one of the modern browsers then it will ask you if it can query your location. Your location will be determined by the Wi-Fi networks around you (in most cases, but could use GPS, IP address, mobile cells) from one of the geolocating service providers that have collected that information (Google, Skyhook Wireless etc).

      This could then be used for showing your location on a map, local search results, local weather forecasts or local advertising etc.

      I have noticed that my location shown on my phone on Google maps is now accurate to about 30m without GPS whereas before it was accurate to about 3Km. It is far more useful as I can get directions without GPS or, for example, when I look up cinema listings it automatically gives me results for my nearest cinemas. If you use a smartphone you probably get geolocated a lot.

      With a browser you need to give you specific permission for each site - with a phone you just need to load the application.

      As for the advertising - I don't think the information becomes available 5 minutes later, you would have left the page by then. They hold a database of adverts that want to target specific locations and they are shown immediately according to their secret algorithm. There isn't a Google monitor employee who rings up an advertiser, after you log on and give permission to access your location, who says "Eh, I've got a good one for you, this chap is in Royston Vasey, just down the road from you, do you want me to pop up an ad - cost you a fiver".

      It could also be argued that a local restaurant advertising that they are doing a two-for-one deal would be much more useful than knowing you are the 999,999th visitor to a website and have won a prize.

      If you are really that scared about your location, have you ever bought anything off the web? If so then you have probably entered you full address, telephone number, e-mail and credit card details. If you don't trust anyone then this data is far more accurate, valuable and useful to both advertisers and bad 'uns than a geolocation. That data could well be available for sale 5 minutes later.

      I care about my privacy more than most people and I don't think anybody should be blasé about it, but unfortunately you do have to give up a little to use a lot of online services. A lot depends on trust. In the great scheme of things (despite using some Google services) the only spam I received on my main account was after a club membership list accidentally got e-mailed and the only stolen identity was after using a debit card in a petrol station which created a cloned card. I haven't yet, had problems from an online company.

      1. Anonymous Coward
        Black Helicopters

        Apples vs Bananas

        I agree with the mechanics, however:

        "If you are really that scared about your location, have you ever bought anything off the web? If so then you have probably entered you full address, telephone number, e-mail and credit card details."

        Two very different things and very different risks. I spend a lot of time travelling and connect to the internet from a variety of hotspots around the country. Being able to geolocate my travels *is* something that would concern me.

        Amazon knowing my home address is not.

        Also, I notice that when I use google it frequently pops up a request asking me to allow it to geolocate me, with an option to remember my choice. I have tried to get it to remember my no, but it ignores me. I wonder if it would be so forgetful if I said yes?

        I assume that google is using some form of GEO-IP look up which doesnt worry me too much (for example, on a Virgin Train, google thinks I am in Germany....) but if they are correlating the data with their own geolocation of wifi points it is much more troublesome.

        To date, I have never needed my smartphone to tell me what restraunts or cinemas are within 30m of my location - looking around normally solves that.

        1. Daf L
          WTF?

          30m

          I didn't say you needed to find things within 30m of where you are, you must have mis-read my post. You seem to think I said that it will only tell you where things are within 30m of yourself? If you want to get directions to somewhere then you need to first have a pretty good idea of where you are. If your location is within 3Km then directions are pretty worthless.

          Similarly if you get dropped off by bus in a foreign country and need to know how to get to your hotel, or get to the local subway station. Then knowing a fairly accurate idea of your location is quite handy.

  7. drclue
    Pint

    The way coding works it would be easy to no notice.

    I've been programming since before Microsoft,Apple or Google existed.

    It totally makes sense to me how the data was errantly collected and not

    noticed for years.

    First , consider that Google was attempting to create a database of geolocation

    information that would allow one to determine their position based upon

    nearby WiFi signals.

    So what they were aiming to stick in their database was the device identifiers

    broadcast by every WiFi device in every packet they send out, along with the longitude

    and latitude where the signals were found with the street view GPS.

    In this fashion , a cellphone , iPad or other WiFi enabled device could take those same

    device id's all devices harvest and use them to ask such questions as

    "where is the nearest coffee shop, rail station, hotel etc."

    Since the device id's are in the headers of packets , and devices take packets as a whole

    those packets come along with random bits of data.

    Those of you who have experienced the frustration involved in the limited range of

    your WiFi router , know such signals do not go very far.

    The data we would be talking about Google having had collected would be limited

    to the amount that their street view cars would see while driving by at speed and

    being within range of your WiFi router.

    Most programmers try and re-use code from past projects , or leverage

    code from various pre-packaged libraries of code when creating new applications.

    None of us likes to re-invent the wheel, when we can copy-n-paste ine

    from our tool box.

    The pre-existing code for processing WiFi packets would as a matter of necessity take

    a packet as a whole. The programmer would then record the few random packets

    returned by the code libraries as a whole onto the hard drive in the street view car

    along with the GPS location where the packet was recorded.

    Later back at the office, similar packet processing code would read the whole packet

    and pluck out the device identifiers from the header and store those with the geolocation

    data into a database to be used in answering those questions of

    "where is the nearest coffee shop, rail station, hotel etc."

    The random 512 or such bytes of junk data inside the random packets would have been ignored

    by everyone.

    To here this news item told, one would have you believe that the Google car sat outside

    your house for hours siphoning off all your secrets, when in reality it would be more like

    spinning the dial on your radio and hearing random utterances as the needle sped past the

    stations.

    There are firms out there that would benefit greatly by suckering government and citizens into

    believing that there was more to this, but if you think about it , the data those cars would have errantly collected in the 1/2 second to 2 seconds they were in range as they drove by

    your WiFi router at road speeds could not have possibly amounted to anything truly interesting

    except to those who like to make something out of nothing.

    Of course one might in realizing that every WiFi enabled device coming in range of

    your home is gathering the same information as a part of it's normal operation, consider

    taking the 1-2 minutes to turn on the encryption features in your WiFi routers

    as unlike Google Street View cars , there are indeed others who would simply

    park outside your house to snoop , or attach their computer to your WiFi to get FREE internet service with you left to foot the bill.

    1. jake Silver badge

      @drclue

      "I've been programming since before Microsoft,Apple or Google existed."

      That's why you think AOL-esque icons are a good idea, and have no idea how ElReg comment formatting works. Small suggestion: Try to catch what you claim to have a doctorate in before posting further ... Ta.

      1. drclue

        Thats all you can come up with?

        So your entire rebuttal to my comments is to the damaged

        formatting that occurred during the registration process and

        my selection of an icon from the provided list?

        Well, I guess if you have no real position , then whatever

        you type in lue of same must be at least appreciated for it's

        entertainment value. That being the case , where do

        I queue up for the refund ? :)

        1. jake Silver badge

          Nah. I was a printer in a prior life.

          I absolutely HATE badly formatted documents, and generally refuse to read them (unless there is a buck in it for me). Not your fault, mind. It's a CR/CR-LF/LF thingie that (for whatever reason) ElReg can't seem to wrap it's BeakyHead around.

          "where do I queue up for the refund ? :)"

          The cheque'll be in your voicemail, as always. Don't go away ... you seem to have a sense of humo(u)r. That's rare around here.

          N.B. I don't speak for, or type(o) for, ElReg.

        2. Anonymous Coward
          FAIL

          If you're going to post something unreadable...

          ... don't bleat like a schoolgirl when the only responses to it are that it's unreadable.

          You're the internet equivalent of Billy Connolly's guy who "has 17 A-levels and a degree in brain surgery from NASA, but she'll always remember him as the guy who farted the first time he walked in the door".

    2. Danny 14
      Pint

      ohnoes

      too many newlines make baby jesus cry.

    3. shade82000
      FAIL

      OK

      I too understand how it could have been errantly collected, but that doesn't make it right.

      I don't think the point it whether they collected too much data / delete it / keep it / ask a third party to intervene etc etc. Whatever man. That bit is irrelevant.

      The important thing is that they deliberately set out to collect *any* data in the first place.

      AFAIAC even if they just collected the headers and didnt 'accidentally' collect extra bits, it's wrong.

      What would happen to me if I drove round the block sniffing packets, collecting a bit of this and a bit of that? I'd get nicked, that's what would happen.

      They shouldn't be able to get away with digital kerb crawling, just because they are a company.

    4. Anonymous Coward
      Anonymous Coward

      dude

      Leave the return key alone okay?

  8. jake Silver badge

    We're told a lot of things. Doesn't make it reality, no matter how many times it's repeated.

    "We're also told - time and again - that Google is a company run by engineers."

    Yep, we are told that ... by google marketing. But who believes it, outside of google marketing and other marketing companies world-wide which use google data to push their tat? google is a pure marketing company, not an engineering firm. Anyone who believes otherwise is deluding themselves. Including google's engineering staff.

    Bottom line: That data was collected and stored intentionally.

  9. Winkypop Silver badge
    Thumb Up

    "bafflegab"

    Love it.

  10. Alastair 7

    Re: Here's the truth

    "This kind of data is worth a fortune! Imagine being able to serve someone an advert for a shop, quite literally, around their own corner rather than just in their country or city."

    Has it never occurred to you that people might like to receive ads that are related to their current location? While, obviously, I'd prefer to receive none at all, I do live in the real world and know that web sites have to be paid for. It might as well give me links that are known to be more accurate.

    Something of benefit to Google and something of benefit to the end user aren't mutually exclusive, you know.

    1. Anonymous Coward
      Jobs Horns

      @Alistair 7

      "Has it never occurred to you that people might like to receive ads that are related to their current location?"

      Yes?

    2. Gulfie
      FAIL

      Meh

      Has it never occurred to you that if I want that information, I'll ask for it? And that if I don't want it, I also don't want people harvesting and processing information about me and my family's network configuration and browsing habits?

      No. Thought not.

      I'm quite happy to use Google for search. But they can prize my data from my cold, dead hands...

    3. VM should comply with DPA

      Then let them ask me

      for my data and my consent. If it's a useful service I'll give it to them.

  11. CharlesYFarley
    Alert

    "We never make misteaks."

    Nope... G never makes misteaks. Oar dew thay?

  12. Anonymous Coward
    Alert

    This wasn't an accident

    It's quite obvious what they would use this data for -- to pin down as many Google Account holders as possible to geographical locations. By sniffing Wi-Fi public data they could extract the public IP address associated with each network. It would then be a matter of two join operations to link physical addresses with GMail addresses. Why bother? To target local advertising and to be generally creepy.

    1. Anonymous Coward
      Anonymous Coward

      They don't need WiFi data to do that

      Maybe it's different in the UK, but in the US, IP addresses from the major ISPs can be located down to a pretty small area - a couple of blocks in a suburban area. Google doesn't need WiFi data to pin GMail addresses to physical locations, IP addresses are good enough.

  13. Anton Ivanov
    Grenade

    Viva code reuse

    Code reuse. Does ya every time, all the time.

    Knowing how software is written on this particular occasion I am inclined to believe them. Someone simply lifted a piece of code to catalogue MACs and active endpoints and ignored or did not notice the fact that it was doing so by packet sniffing.

    The question here is slightly different.

    Even if payload is discarded that still leaves Google in a posession of a very large dataset of MACs being used on wireless networks and their locations. MACs are personally identifying data. They identify my laptop as uniquely as a serial number. Further to this, Google is in possession of enough data to correlate the MAC to a person for a large number of cases.

    This well beyond 1984 and clearly in the realm of Brave New World by now. What's next?

    1. MyHeadIsSpinning
      Joke

      @ Anton Ivanov

      "This well beyond 1984 and clearly in the realm of Brave New World by now. What's next?"

      Google sponsors Paedobear?

  14. Kevin McMurtrie Silver badge
    Big Brother

    See? That didn't hurt. I'm really your friend.

    Expect more harmless accidents to come from Google. It's desensitizing public to privacy intrusions and abuses of personal data, and it has been going on for years now.

    Microsoft was called evil because they fought dirty to take control of your software. Google is all that and they want your data too.

  15. Anonymous Coward
    Pirate

    Why they did it

    Because they could. Google have grown massively without any apparent detailed strategy, and I think it is because they have a simple strategy. That is to assume that the whole world is theirs to do with as they will. With this approach they get the maximum out of their efforts because they set no bounds on themselves and are only constrained when the world pushes back. Which isn't often for some reason.

    Pirate logo because the above is true pirate philosophy.

    1. Anonymous Coward
      Black Helicopters

      The World is not Enough Oyster

      The True Pirates Konquer Better Betas and Greater Vistas, the Perl that is in the World their Oyster is what is shucked from you, yours, and Mind.

  16. Mage Silver badge
    Black Helicopters

    Really

    I don't want anyone to have a database of Macs, SSIDs and locations. Never mind the payload.

    Only a tiny fraction of WiFi airpoints are public hotspots. It's an invasion of privacy.

    I don't want people to be able to type in my car registration plate or Social Security number and get my geo lat long either.

  17. Hate2Register

    Oh FFS

    Oh ffs, who the feck cares?

  18. FntX
    FAIL

    Mistake?

    I read on the Kismet project page a few weeks ago that Google uses Kismet in their cars...

    Now that sounds strange...

  19. Kevin Johnston

    Deleted?

    So let me see if I got this right....Google have suddenly 'discovered' all this data which they 'accidentally' captured and they have moved it all to four discs for someone to delete for them.

    Anyone else see the holes in their story such as the missing audit trail to show that this is all the data and the only copy of the data? Do they really expect everyone to just say 'what nice chaps for admitting their error'? Any risk that 'learning lessons' will include managers responsible for this group getting the boot? No, thought not.

    I may not be paranoid but even I begin to get the feeling that Google (amongst others) are taking the p*** with privacy but then again if the CPS take no interest when large scale snooping is reported to them then why should companies see any risk in doing this.

  20. Dodgy Geezer Silver badge
    Thumb Down

    Google is a company run by engineers

    So was Penemunde.....

  21. amanfromMars 1 Silver badge

    What grows makes no noise.*

    "We're told a lot of things. Doesn't make it reality, no matter how many times it's repeated." .... jake Posted Tuesday 18th May 2010 05:17 GMT.

    That should be carved in stone above the every political portal and most definitely above every entrance into the Mad Houses of Parliament, jake, for in there can one find every hue of that particular delusion and its championing Prime Fool and Sub Prime Ministerial Tool.

    "We're also told - time and again - that Google is a company run by engineers." ..... Some in a world all of their own would be thinking that it is run by a wing of the Pentagon and NSA, whilst others would counter with "Don't they wish it were so".

    The Simply Complex Truth though may be just that IT is run by IntelAIgents remotely Hosting and Hosted in Cloud Layers ...... which is AI full enough present disclosure of Base Alien MetaData Ventures for any Competent Crusading Virtual Jihadi Venting a Bent for ReModeling the World with and within its NEUKlearer HyperRadioProActive IT Plumes and Strata.

    * A German Proverb and Germane ........ in Vorsprung durch AITechnik Circles/Orders/Camps/Global Communications HQ/CPUs.

  22. petur
    Boffin

    Quite understandable

    People here (mostly the paranoid idiot ones) need to realize that Google handles data through programs, meaning algorithms. There's no super-evil master looking at the data, just code extracting, filtering and matching.

    I can quite easily understand that somebody grabbed the code from somebody else in the company to quickly capture and store wifi info, not realizing the code did more. And when the combined data is 600GB, I wouldn't think much of it either, certainly not if my usual datasets are petabytes...

    So yes, they made a mistake, but a programing bug, not snooping on purpose. After all, they are well aware that snooping on data like that would end them up in jail. So the developer who is responsible needs some good kicking.

    1. Anonymous Coward
      Anonymous Coward

      You mean, like...

      ... people who drive without realising they were drunk, and kill someone, should just get a good kicking (as opposed to the others, who get jail time)?

      Oh yes, when the Dutch gathered data on the religion of its population in the 1930s, there was no super-evil master looking at the data then either. That came later, and by f**k didn't they find it handy that all that data had been collected and was available.

  23. petur
    Dead Vulture

    @jake

    If you get the chance, visit google, and you'll see. It is a hi-tech company run by engineers. If you look at what they do, you'll see that their products drive their success, not their marketing. Or how many ads do you see that are fro google itself?

    But of course, it is much easier to do some paranoid blind google-bashing from your lazy chair like most of the readers here (and El reg included)...

    1. Anonymous Coward
      Anonymous Coward

      Funny you should mention that.

      I don't see any ads from Google itself. In fact, I don't see any ads from anybody at all. Firefox and a few plugins deal with that.

    2. jake Silver badge

      @petur

      "If you get the chance, visit google, and you'll see."

      Been there, done that, seen it for what it is. Refused the job offer.

      "It is a hi-tech company run by engineers."

      No. It is not. It is a marketing company run by shortsighted gits, with no interest in anything but this calendar quarter's bottom line.

      "If you look at what they do, you'll see that their products drive their success, not their marketing."

      Their product IS marketing. They sell eyeballs. YOUR eyeballs. Do you get a cut? Or are you being used without permission and/or pay? There is a word for that.

      "Or how many ads do you see that are fro google itself?"

      I don't see (or hear) ads. From anybody.

      "But of course, it is much easier to do some paranoid blind google-bashing from your lazy chair like most of the readers here (and El reg included)..."

      The irony is almost tactile ... Please, do continue :-)

  24. Anonymous Coward
    Anonymous Coward

    Why???

    were they collecting "WiFi network data like SSID information and MAC addresses"?

  25. KrimZon
    Joke

    The Final Straw

    Right, that's it! That's the final straw.

    I'm deleting my Facebook account RIGHT NOW!

  26. Colin Guthrie
    Jobs Halo

    CoreLocation

    Didn't Apple buy a company that basically did *exactly* this when it developed it's CoreLocation technology? I though CoreLocation was able to use Triangulation, GPS, and WiFi hotspot MACs to try and work out where it was.

    I fail to see why this venture by Google is bad mmm-kay whereas the system bought by Apple is somehow OK?

    I'm not legitimising either company, but I personally do not feel that MAC+Location is something that is private. I broadcast it. I've chosen to do this. If I don't want someone looking at my TV then I have to close my curtains and the same is true of my wireless network. If I don't like it, then I'll turn it off and plug in instead.

    I can't have it both ways.

    1. Anonymous Coward
      Boffin

      Re: Can't have it both ways

      Or simply have the WiFi set to not broadcast...

  27. Connor
    Stop

    Only in Hollywood...

    "Google links to a letter from iSec that all the payload data collected was consolidated onto four hard drives by Google engineers....and over the weekend, security outfit iSec Partners confirmed that the data was disposed of."

    Why do I get an image of a Hollywood style disposal, whereby suited men stand around the machine holding the data, before a technician smashes the screen and said men move away happy and believing all the data to be destroyed?

    Are we to assume that iSec had unprecedented access to all Google's servers, network and storage and backup facilities and can confirm that the data was only on the single drive that Google handed over? I don't think so, so the data destruction was at best a token gesture.

  28. monosodium
    Flame

    Google / GLaDoS?

    The test is nearly complete. You will have a bath, and then there will be cake.

  29. Jason Bloomberg Silver badge
    Stop

    More "Google Panic" and "Blaming Google" than anything else

    Put aside Google's response as primarily PR against a manufactured backlash to best protect themselves and it's a simple matter of users sending data out which was captured.

    What it shows is how risky Wi-Fi can be and that should be the lesson learned. Boo hoo, it could have been captured by anyone so tough titties.

    Maybe there is legislation which makes it illegal to capture payload data or to use that and Google may have a case to answer for doing so, but for the users it's like throwing love letters in a dustbin and expecting no one to ever read them when there's no guarantee they won't be read.

    Sure, if Google weren't capturing payload, weren't rooting through the bins, your data would be completely safe. Not. Blaming Google is to miss the big picture.

    1. Anonymous Coward
      Anonymous Coward

      Legislation.

      Yes, there is indeed legislation (in the UK at any rate) against that. If I snoop my neighbour's wi-fi connection from next door - whether he's left it unsecured or not - I'm committing a crime.

      So what exactly in this scenario makes Google different, i.e. not criminals?

  30. Anonymous Coward
    Anonymous Coward

    How does my router MAC and network SSID help in geolocation?

    That's the one question I have not seen answered. I have seen several people state it does, but unless google are planning to build a system that enables devices to find their location by scanning for SSIDs, it will not. And I doubt that Google are doing this as it would be considerably less accurate than merely triangulating your position from Mobile masts..

    Even if they had access to your IP, not sure that would make any difference as based on my experiences with other geolocation services, that is not accurate (most services can place me to anywhere within a 6 mile radius of my house).

    1. Justin Clements

      You already got it

      You got it in one with the comment "considerably less accurate".

      It may be less accurate, but it's something for devices that don't have full gps, like the average laptop for instance.

    2. Richard Hodgson

      The wonders...

      ...of trilateration, which can be fairly accurate with large enough sets of data including known sets of coordinates during the monitoring process.

      http://en.wikipedia.org/wiki/Trilateration

    3. Anonymous Coward
      Anonymous Coward

      Planning to build? It's already built!

      Open up Google Maps in Firefox. Click on the little circle below the Compass at the top left.

      Firefox will pop up an alert-bar saying "maps.google.com wants to know your location" with two buttons "Share Location" and "Don't Share".

      If you click Share Location, Firefox (note Firefox, not Google) will call the network APIs on your computer to get a list of the Wireless SSIDs and the associated MAC addresses that your WiFi card can see, and will pass this information to a geo-location provider service, which will use it to figure out your approximate location, and then Firefox will take the response from the geo-location provider service, and pass it to Google Maps. It doesn't work on most desktops, because they don't have WiFi.

      As it happens, Firefox uses Google as it's geo-location provider service, but the collection of your current data, and the sharing of your location, is done by Firefox, not by Google. Other websites can call these services, Google maps, is just the most obvious one.

      http://www.mozilla.com/en-US/firefox/geolocation/

  31. sleepy

    Oh yes it was management that kept the data

    "Very sorry, the engineer didn't realise what he was doing" is a typical BS statement issued by management/politician. I can't imagine the engineer(s) not asking specifically if they should not perhaps strip out the content payload when permanently saving the snooped data. And management will have said no, better keep it; you never know what it may be useful for. If I had been the engineer I'd have asked in an email, and I'd have kept a copy of the reply for several years.

    I can confirm that Apple did supply location information to Skyhook Wireless from GPS enabled iPhones. With my first day iPhone 3G and an original iPhone, I went for a walk through a couple of villages with GPS off; neither knew where they were within 30 miles. Came back with GPS on, and the one without GPS soon knew where it was within a hundred yards of each house. I was actually surprised they hadn't put in a bigger delay on making the new data live.

  32. Anonymous Coward
    Anonymous Coward

    Accidental code, accidentally used

    It will be interesting if Google manage to get away with accidentally coding hacking tools, then accidentally using them and then accidentally storing the results for some time until the German auditors caught them. This would set a president for other hackers to claim their wardriving was some kind of science project on RF propagation and their use of hacking tools and storage of other people's data was completely accidental.

  33. Anonymous Coward
    Anonymous Coward

    @Colin Guthrie & @How does my router MAC and network SSID help in geolocation

    Colin,

    With the iPhone it asks before using your current location. I am sure it may not have to, but it does. Also, your location can be triangulated from mobile towers anyway as your phone registers.

    AC: How does my router MAC and network SSID help in geolocation

    They know the rough location of the router (they were driving past at the time) and so they can correlate an IP address with a location with accuracy of a street or so, which I suspect is the reason they are doing it. I get ads targetted at the nearest town (about 6 miles away) and occasionally the nearest city (about 12 miles away) but if Google can pinpoint me down to a few streets they could better target the ads I block or ignore.

    Not that there is anything worth advertising except in the nearest town or city but I don't know if it would work better in cities.

    1. Anonymous Coward
      Boffin

      @How does my router MAC and network SSID help in geolocation

      There are geolocation APIs around (for instance, in Firefox 3.5) which will gather WLAN data from your laptop or PC (the list of AP BSSIDs found when scanning for APs) and query the database that contains the data collected from the wardriving Googlemobiles, which essentially will be a map of BSSIDs to physical locations. Hence matching the APs your PC can see to the ones that the Googlemobile saw when it last drove past your location. Simples.

  34. chris-eu
    Black Helicopters

    I wonder...

    ...what code they included with Chrome OS... accidenially.

  35. Mark 65

    4 hard drives = not a lot of data

    Depends how big those hard drives are, could be 8TB in total. That's quite a bit of compressed text. That was also just Ireland as well was it not?

    1. The First Dave
      Boffin

      @Mark

      That was rather my thoughts too: 1.5TB is a reasonable estimate of disc size for right now, making it 6000GB not 600, but even that is an awful lot of information if it has been filtered already.

      Not much if it is the raw data, and maybe not much averaged over 6billion people, but when it is _your_privacy that has gone, the fact that 5.999billion people were unaffected doesn't really matter, does it?

  36. amanfromMars 1 Silver badge

    Spooky Cookies for Cooking the Books and Extraordinarily Rendering an Invisible Advantage

    All your secrets belong to ....... well, whoever can can use them, I suppose ........ http://www.eff.org/press/archives/2010/05/13

  37. TenDollarMan
    Paris Hilton

    It makes sense now.

    I have always marvelled at Google. It claims to not be evil. But it is so good at what it does that there has to be some nefarious compact with, if not Satan himself, then at least a demogorgon, or other diabolical minion.

    These fuckers can locate me using google maps. My HTC Desire automagically logs onto my home wifi, and shows my location very accurately on maps. Even without the GPS antenna turned on.

    This doesn't seem possible, given where I live, unless they know about my wifi.

    Paris, cause there's no Sergei Brin with horns icon.

  38. A. Lloyd Flanagan
    Coat

    Uh, so?

    I hate corporate misuse of data as much as anyone, but is there any evidence at all that they actually used any of this data for anything? I keep reading all these "Google Is Evil" stories and they all seem to concern something Google could do, or might do in the future. Yawn.

    1. Anonymous Coward
      Black Helicopters

      Re: Uh, so?

      Actually, several posters have noted that SSID triangulation is apparently alive in well in Google Maps on finding their way 127.0.0.1...

      So, no a question of what they might do , but simply padding the portfolio of what they are doing NOW.

  39. idasben

    Information Commissioner

    Is it just me that thinks this shows how completely useless the information commissioner's office is?

    They've looked at the Street View cars and the data they collect, apparently, then Ok'd it for UK use.

    Think after this issue, we can all realise what they did was asked Google what it did and trusted them. Sure they're a massive company, but no two parties should be treated differently and i'm pretty sure if i requested to drive around taking pictures of everyones house they would go over my kit inside and out, rather than just accepting my word for it.

    Ah well, another reason the ICO is a completely toothless organisation

    1. Anonymous Coward
      Grenade

      ICO

      "Ah well, another reason the ICO is a completely toothless organisation"

      Unless you are a Government department and you lose some personal data, then the teeth come out...

      (which is interesting as the fine is little more than a money-go-round circle jerk)

  40. morphoyle

    paranoid

    Reg has become VERY paranoid lately. If you are stupid enough to operate an open access point, you deserve what you get.

    "It delivers a certain spin on first reading, but then, when you read it again, it doesn't quite say what you thought it said."

    Perhaps the OP needs to go back to school for a while. Focus on reading comprehension please.

    1. matt 115

      recently?

      its hardly a new thing :)

  41. Justin Clements

    Google: We're Sorry

    "Sorry we got caught"

  42. Scott L. Burson
    WTF?

    Expectation of privacy?

    I'm missing something here. How is using an OPEN wifi network different from leaving your windows open so that passers-by, including Google Street View, can see what you're up to? I think people need to get that if they're using an open wifi, anyone could be recording their traffic. This incident should serve as a reminder of that.

    1. Anonymous Coward
      Boffin

      Re: OPEN wifi network

      ... and a reminder that you can set our AP to NOT broadcast the SSID et. al., eh?

  43. dredmorbius
    Big Brother

    It's fate

    Or rather, 'kismet'.

    If Google (or its now hapless engineer) used standard tools to develop his WiFi mapping system, he very likely relied on the o'en source 'kismet' program.

    When run, this automatically (and by default) creates a session log, including significant amounts of sniffed traffic.

    While there are indeed good reasons to be concerned about limitless power (just ask me about that...), this smells an awful lot to me like an honest mistake, triggering local concerns (privacy is a very significant issue in, papers, please, Germany). To which Google 'fessed up virtually immediately. The alleged data disposal may not have been the best policy though I don't see it as inadvisable itself.

    The real lesson here is that open broadcast wireless networks are in fact, open, broadcast, and wireless, available to many individuals and organizations, many of which one might suspect to be less forthright than Google.

    The real villain here to my mind are the device manufacturers who've made proper and secure configuration (and interoperability in same mode) so difficult for the hoi polloi.

This topic is closed for new posts.

Other stories you might like