Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google's Streetview Privacy Snafu Prompts Lawsuit

timothy posted more than 4 years ago | from the bloodsucking-lawyers dept.

Google 418

shmG writes "Google's secret data collection has prompted a class-action lawsuit that could force the company to pay up to $10,000 for each time it recorded data from unprotected hotspots, court documents show. The incident, which the company claims to have been unintentional, has prompted the ire of governments and privacy groups around the world. Google collected information that could be used to identify users, including 'the user's unique or chosen Wi-Fi network name, the unique number given to the user's hardware ... [and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user,' the suit stated."

cancel ×

418 comments

Sorry! There are no comments related to the filter you selected.

I think BSD acronym needs a change (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32288942)

Due to the ever dwindling usage of the BSDs and the ever increasing rabid foaming of the mouth of its users in response to this, I suggest we remake the BSD acronym from the Berkeley Software Distribution to the Butthurt Suckers Distribution. Anyone else in agreement?

OMG (0)

Anonymous Coward | more than 4 years ago | (#32288964)

Google, is like totally the suxor!

Re:OMG (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32289108)

almost as non-PC as the word "niggers"

Re:OMG (1)

oktokie (459163) | more than 4 years ago | (#32289290)

Ha....I've got you! Your name is 08-00-27-00-D0-B8! We already have all your e-mail on our harddrive! Your e-mail address is 08-00-27-00-D0-B8@gmail.com. Oh...we also have your SSN and last 3 years of your tax return information. It's on our harddrive by docs.google.com section. Um...now you can sue us!

Google shouldn't worry (4, Funny)

ClosedSource (238333) | more than 4 years ago | (#32288966)

If they lose the class-action suit they'll just have to pay the lawyers and give out discount coupons for Google search.

Re:Google shouldn't worry (2, Insightful)

plover (150551) | more than 4 years ago | (#32288990)

If they lose the class-action suit they'll just have to pay the lawyers and give out discount coupons for Google search.

Maybe they'll have to offer free links to advertisements for people to put on their web pages.

Re:Google shouldn't worry (0, Redundant)

sopssa (1498795) | more than 4 years ago | (#32289028)

They should worry about international market.

Google is now facing criminal investigation in Germany [computerworld.com] . Collecting that kind of data is against the law there, as is

Germany's privacy laws generally restrict photographs of people and property without a person's consent, except in very public situations, such as a sporting event.

There has also been investigations in Sweden, Finland and UK about this and they will decide later if it requires criminal charges. It's good that Germany is doing that already, as it's clearly violating privacy and European laws.

Re:Google shouldn't worry (4, Insightful)

Rophuine (946411) | more than 4 years ago | (#32289056)

This is beyond ridiculous. It's no different to standing on your front lawn naked for everyone to see, and then being upset when the streetview van snaps you naked. I can't see why people have any expectation of privacy for unencrypted public-broadcast wireless traffic. The creepy guy across the road is probably logging it all anyway, right?

Everyone is yelling things like "it's clearly violating privacy and European laws", but I want to know how, and which laws. I'm just not buying it.

Re:Google shouldn't worry (0, Troll)

Anonymous Coward | more than 4 years ago | (#32289118)

this, this, this and this!

If you leave your AP unsecured like a dumbass you get EVERYTHING you deserve.

Re:Google shouldn't worry (2, Insightful)

dubdays (410710) | more than 4 years ago | (#32289210)

this, this, this and this!

If you leave your AP unsecured like a dumbass you get EVERYTHING you deserve.

This isn't about open APs...this is about SSID broadcast traffic only. You can have a rather secure wireless network and still have it broadcasting its name.

Re:Google shouldn't worry (4, Insightful)

blackraven14250 (902843) | more than 4 years ago | (#32289248)

You should turn off the damn broadcast if you really care whether it's gonna get picked up by everyone within range. Most wireless routers, if not all, have the option to turn off SSID broadcast. It's like saying "ZOMG teh Googster decided to listen to this radio broadcast I meant only for me to hear, despite me using enough power for it to be heard anywhere within a mile!"

Re:Google shouldn't worry (1)

erstazi (1304229) | more than 4 years ago | (#32289426)

The MAC address still can be picked up even if the SSID is disabled from broadcasting.

Re:Google shouldn't worry (3, Insightful)

QuantumG (50515) | more than 4 years ago | (#32289524)

We *still* don't get what your point is.. if you're broadcasting ANYTHING, even if it is just random numbers, people are FREE to collect that information. There's a little button on the side your router that lets you turn it OFF, do that if you just can't stand the idea of people receiving what you're sending.

Re:Google shouldn't worry (0)

Anonymous Coward | more than 4 years ago | (#32289574)

Do make note that the poster before you is defending your opposing view. Seems to be making a point about SSID's. Not sure where it is. But it is there...

Re:Google shouldn't worry (0)

Anonymous Coward | more than 4 years ago | (#32289266)

Nothing requires you to broadcast an SSID and even if you had to it is the contents traversing the network that are private not the fact you exist. People can drive by and see it just as well. If you are concerned about broadcasting it then don't broadcast it!

Re:Google shouldn't worry (2, Informative)

Rophuine (946411) | more than 4 years ago | (#32289268)

This is only about open APs. If you read the article, Google wasn't collecting any encrypted traffic at all.

Re:Google shouldn't worry (3, Insightful)

Striek (1811980) | more than 4 years ago | (#32289278)

Ridiculous to you, maybe... To my 80 year old grandmother, maybe not. This is not a technical debate. Google is a multibillion dollar corporation and as such, is expected to exercise a modicum of responsibility when it exercises the powers those multi billions of dollars grants them. Average Joe user may have absolutely no clue his WAP is broadcasting in the clear, nor should he be required to have that technical talent, anymore than we should all be expected to be car mechanics . The alternative is putting governmental pressure on everyone to purchase Best Buy "security services" when they purchase a router. Many of these WAPs are also provided by ISP's with an insecure configuration, and consumers are never told. This should be controlled at the point of distribution, not the point of consumption.

Re:Google shouldn't worry (2, Interesting)

Rophuine (946411) | more than 4 years ago | (#32289364)

I'm still wanting to know how Google violated your 80-year-old Grandmother's privacy, and which laws they broke.

I'm really confused by the fact that you're mad at Google, but you say the insecure configuration on WAPs should be controlled at the point of distribution. Google didn't distribute the WAP to your Grandmother.

If your Grandmother is worried about her privacy, the fact that Google is driving down the road collecting one or two out-of-context frames is not relevant to her. The fact that the people next door are connecting to her WAP, browsing through her network shares, and looking at child porn through her connection is.

The whole point here is that Google hasn't done anything wrong, but anyone whose data they collected is, by implication, leaving themselves open to untraceable crime and privacy invasion which have no correlation to any data that Google did or didn't collect, and would remain unchanged even if Google had never been near their house.

Re:Google shouldn't worry (1)

Striek (1811980) | more than 4 years ago | (#32289508)

They never violated her privacy. Yet. A single, isolated incident would not be a problem. But the wholesale collection from millions, is.

The people next door would represent a single, isolated incident, which is not the case with Google. They should be aware of the possible implications of this collection. WAPs should be secured at the point of distribution as I do not believe it should be the responsibility of end users to secure them - they should come preconfigured in that state. Google, being fully aware of the insecure default settings on millions upon millions of home routers, should not be collecting this data. Rather, they should assume that anyone broadcasting in the clear is not aware of what they are doing (as we all know this is usually the case) and therefore not take it as an invitation to collect, anymore than they should be publishing photos of me passed out and naked on my front lawn, as I may well have tripped over my shoelaces and knocked myself out on the driveway for all they know. I'm saying an open network is not an invitation to snoop it.

They should be exercising responsibility and restraint, and I do not believe they were where this issue is concerned.

Re:Google shouldn't worry (3, Insightful)

tukang (1209392) | more than 4 years ago | (#32289286)

Here's another analogy. Leaving your keys in the ignition when you go to the store. It's a stupid thing to do, it's against the law (just as leaving your wifi open is in Germany [slashdot.org] ) but that doesn't mean when someone steals your car the police shouldn't go after the thief.

Re:Google shouldn't worry (0)

Anonymous Coward | more than 4 years ago | (#32289374)

wrong. this data was being broadcast. here do some reading: http://en.wikipedia.org/wiki/Broadcasting

data is NOT a car, when its broadcast, even less so.

there is no theft here. even the strictest definitions of theft are "taking something without authorization" when a WAP is unsecure the owner of that WAP is de facto authorizing everyone.

Re:Google shouldn't worry (5, Insightful)

Rophuine (946411) | more than 4 years ago | (#32289376)

If somebody steals your car, they've committed a crime against your property. That's pretty much covered in the laws of any country.

If somebody looks at you, they've intercepted photons which you discarded by reflecting them. If someone takes a photo of you in public, they've recorded photons which you sent out into public space. Recording unencrypted wifi frames is much closer to the final analogy than the first.

Re:Google shouldn't worry (2, Funny)

Anonymous Coward | more than 4 years ago | (#32289450)

That's why I only use special tin foil made out of singularity grade compressed matter. Can't have any discarded photons flying around.

Re:Google shouldn't worry (1)

Athaulf (997864) | more than 4 years ago | (#32289490)

Here's another analogy. Leaving your keys in the ignition when you go to the store. It's a stupid thing to do, it's against the law (just as leaving your wifi open is in Germany [slashdot.org] ) but that doesn't mean when someone steals your car the police shouldn't go after the thief.

Excuse me sir, but do you realize which forum you're posting on? You just directly compared intellectual property to physical property as the basis of your argument. Slashdot users generally give the double bird to such arguments.

Re:Google shouldn't worry (4, Interesting)

erroneus (253617) | more than 4 years ago | (#32289316)

I'll agree with you and disagree with you. I'll agree that what they are being charged with doesn't hold water particularly well. I'll disagree with you in that there is a much larger consideration you aren't seeing.

As alluded to in the summary, Google is good about collecting data about faceless, location-less individuals from all over the internet. We still feel quite anonymous because we clear our cookies and browser cache and history or at least take comfort in knowing the option is there. It was all good because in this case, we all go to Google more or less voluntarily with our searches and queries and other things. But now, Google is mapping the OTHER side of the pipe as well... not just the end of the pipe they own -- the one people more or less voluntarily use -- but the end of the pipes we, as end users own. Now, with all this wifi-data collection, there is very real potential for complete identification of a great many individuals that they have been building from the very first days.

What I am saying is that it is all well and good to collect data when people bring it to you. But when you go about collecting it in this way, it can be at the very least, more disturbing.

Re:Google shouldn't worry (1)

Rophuine (946411) | more than 4 years ago | (#32289416)

You make a good point regarding the power of Google to match up the two data sets, but my point is that they're both data sets which people have provided to Google. One is private data which they voluntarily gave Google by using their service, and the other is public data which they're giving out to the whole world.

Let's try that oh-so-over-abused slashdot staple: an analogy. If I call phone sex lines and get all raunchy, but feel anonymous because they only know my phone number, I'm okay with it. Suddenly, I discover that there's this thing called a phone directory, which I didn't sign up to but it publicly links my phone number to my name! The phone sex companies now have all sorts of blackmail material over me which I didn't expect.

If I give Google my IP address, and there's all this public information around the place that I'm broadcasting linking my IP address with my real world address (roughly), it's not Google's problem: it's my problem. I can feel uncomfortable about the amount of information they might be able to dig up on me, but it doesn't mean Google did something wrong.

Respect the law of the country you do business in (4, Insightful)

aepervius (535155) | more than 4 years ago | (#32289396)

As another poster pointed out "Germany's privacy laws generally restrict photographs of people and property without a person's consent, except in very public situations, such as a sporting event." therefore your example is TYPICAL of what is *NOT* allowed to to be saved without your consent. It is not the fact that you can be looked at (or the data packet inadvertently caught) it is the systematic saving of the same data (or phtography) which is udner fire.

Re:Respect the law of the country you do business (1, Redundant)

Rophuine (946411) | more than 4 years ago | (#32289484)

If Germany's privacy laws prevent Google from taking photos of people and property, how are their StreetView vans driving down the road taking pictures of ... people and property? I still call bullshit, and I can't imagine why Google would be allowed to collect electromagnetic radiation from a public space in one wavelength but not another.

Re:Google shouldn't worry (1)

MikeFM (12491) | more than 4 years ago | (#32289562)

So are they going to sue everyone that opens their laptop and gets a list of all the SSID's around them? Or just those that happen to record the information? Does it count if I close my laptop without clearing the information? Idiots. It's about the same as bitching because someone goes down the street writing down the house numbers they pass.

Re:Google shouldn't worry (-1, Troll)

DamienNightbane (768702) | more than 4 years ago | (#32289576)

First Microsoft, now Google. As stupid as the courts are in Europe, it honestly makes me wonder why American companies even bother to do business with Europe. As far as I'm concerned they should just cut Europe off entirely. No Windows, no Bing, no Google, no Gmail. Pull the products from the stores and block European IPs.

Hell, imagine the savings if they no longer had to localize products for fifty different countries, deal with the batshit nanny-state laws of fifty batshit nanny-state countries, or have local offices with local employees in fifty countries. God knows it would hurt Europe far more than it would hurt MS or Google.

Re:Google shouldn't worry (3, Funny)

timmarhy (659436) | more than 4 years ago | (#32289180)

ironically you just know the people who are most outraged about this will totally google for more information.

Re:Google shouldn't worry (0)

Anonymous Coward | more than 4 years ago | (#32289308)

hey Alanis, havent seen you in a while.

What's the big deal (2, Funny)

microbee (682094) | more than 4 years ago | (#32288980)

So they collected some data, and then admitted it was unintentional. Then the privacy groups scream like an orgasm?

How is it compared to, say, Microsoft "unintentionally" sent data by WGA?

Re:What's the big deal (0, Offtopic)

girlintraining (1395911) | more than 4 years ago | (#32289078)

Then the privacy groups scream like an orgasm?

I'm trying really hard to make this analogy work, but it makes my brain hurt each time I try. And other things.

Re:What's the big deal (1)

ObsessiveMathsFreak (773371) | more than 4 years ago | (#32289346)

Then the privacy groups scream like an orgasm?

Perhaps you meant "scream like someone having an orgasm". Or perhaps, more fitting in the context of this story, "scream like someone who an orgasm is being had at the expense of"?

Re:What's the big deal (1, Funny)

Anonymous Coward | more than 4 years ago | (#32289544)

Then the privacy groups scream like an orgasm?

Perhaps you meant "scream like someone having an orgasm". Or perhaps, more fitting in the context of this story, "scream like someone who an orgasm is being had at the expense of"?

Quite possibly, but I suspect that if the police were to knock on some Google exec's door, they'd prefer it they came quietly. :-p

Exploitative Assholes (3, Insightful)

OrwellianLurker (1739950) | more than 4 years ago | (#32288984)

Google collected information that could be used to identify users, including "the user's unique or chosen Wi-Fi network name , the unique number given to the user's hardware...[and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being sent over the network by the user," the suit stated.

That should read:

Google collected information that could be used to identify users, including "the user's unique or chosen Wi-Fi network name , the unique number given to the user's hardware...[and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being broadcasted publicly by the user," the suit stated.

Re:Exploitative Assholes (0)

Anonymous Coward | more than 4 years ago | (#32289022)

If I hide in a tree outside your home and film you naked, is that ok too because you chose to broadcast the visible light from your home publicly by not shutting the blinds?

Re:Exploitative Assholes (2, Informative)

QuantumG (50515) | more than 4 years ago | (#32289038)

I hate to tell you this, but in many jurisdictions it is perfectly acceptable to peer in windows without curtains.

Hopefully this will go to court and Google will establish a good precedent.

Re:Exploitative Assholes (1)

palegray.net (1195047) | more than 4 years ago | (#32289080)

Unfortunately, a ton of folks are probably going to reply to your analogy with the usual "you can't walk in my front door just because I left it unlocked" crap. To all who are even thinking about going there, if your front door is flying through the air and I happen to photograph it on the way past, too freakin' bad. Hope you didn't have anything important painted all over it, and welcome to the World of Encrypt Everything.

Re:Exploitative Assholes (2, Insightful)

Shikaku (1129753) | more than 4 years ago | (#32289204)

That analogy is incorrect. The door doesn't exist. It's just a gaping hole in the wall of your house.

Re:Exploitative Assholes (1)

palegray.net (1195047) | more than 4 years ago | (#32289384)

I'll settle for that correction :).

Re:Exploitative Assholes (1)

Rophuine (946411) | more than 4 years ago | (#32289504)

"Gaping hole in the wall" would be WEP, which Google was nice enough to respect as 'encryption' and not peek. Having an open WAP is like having neither door nor walls.

Re:Exploitative Assholes (0)

Anonymous Coward | more than 4 years ago | (#32289184)

What if you don't even know the window exists?

You do understand that users may misconfigure their home networks or otherwise may not even be aware that they have an open wifi (e.g. my grandparents, your grandparents, one or two computer newbies). I guess that by the standards of slashdot and google, it means that they don't deserve privacy. God forbid, a user that doesn't know how to configure a properly secured wifi network?

not to mention the difference between someone doing this once or twice manually, then sending fleets of cars doing that and then allowing correlation with locations and street pictures.

I do agree about establishing a good precedent - I hope google get bitten so bad that no other company will dream of egregiously violating privacy and state laws for the next decades.

Re:Exploitative Assholes (1)

Shikaku (1129753) | more than 4 years ago | (#32289214)

God forbid, a user that doesn't know how to configure a properly secured wifi network?

It should be up to the ISP to secure it. If your water utility springs a leak the water utility sends someone to fix it.

Re:Exploitative Assholes (0)

Anonymous Coward | more than 4 years ago | (#32289256)

NO... fuck that. you buy it, its YOUR responsibility. people need to manage their own shit. if the ISP owns the wi-fi then i can see where you're coming from, but aside from that, no.

Re:Exploitative Assholes (1)

Shikaku (1129753) | more than 4 years ago | (#32289566)

Like you manage your car when you need to rotate the tires and get the oil changed correct? Because they are so easy to do and maintain, you should just do it yourself and not waste money with that hiring a mechanic.

A car analogy explains perfectly what's wrong with your outburst. You need to start managing your anger first and foremost.

Also thanks for putting words in my mouth saying the ISP owns the WiFi, they can't. The water utility doesn't own the water coming out of your faucet either.

Some people are not going to manage anything, and you can't change that, and they'll always try to take responsibility away from themselves, no matter how drastic you make the punishment for ignoring it. So offer it and make it option and explain what can happen if you do not do it yourself or accept their help.

Re:Exploitative Assholes (0)

Anonymous Coward | more than 4 years ago | (#32289354)

That's not a bad idea to have ISPs secure that. A whole lot of ISPs don't do that, don't offer that service or simply sell a box for you to plug (likely out of the same mentality of putting that burden on the user). that is why your analogy to water utility is flawed.

If the ISP didn't secure it or did a bad job securing it, or if the user installed it by himself and misconfigured it - does this mean these users are not entitled to privacy?

the saddest realization here is that posters here are people who are likely to be designing consumer electronics or future websites. They are giving users a hell of a lot of rope to hang themselves with and then complain when we live in a world where privacy is rapidly losing its value. I consider myself a well-capable geek, but i don't really want to be in an encryption arms race or browsing plugin arms race with noscript, noflash, noads plugins. The standard should be privacy for all, not just those with the big guns.

Hopefully when google gets bitten it will be a sad lesson for many geeks (and other fanbois) and a strong win for privacy.

Re:Exploitative Assholes (1)

Rophuine (946411) | more than 4 years ago | (#32289546)

My ISP shipped me a WAP with WPA2 turned on by default. If I do a hardware reset, it resets it to the settings my ISP shipped it with. The WPA2 key is printed on a label on the bottom of the device. This is how it should work, and the fact that it IS working this way is proof that any ISP which ISN'T doing it this way is playing fast and loose with the privacy of their less tech-savvy customers. I completely agree with the post further up the thread that it's the ISP's responsibility to be fixing this for their users, by and large.

Users who don't have encryption turned on still deserve privacy, but you know what? It isn't Google's fault that they don't have it. Google hasn't taken away their privacy. They never had it in the first place. Anyone on the street can see their traffic with basic download-it-off-the-web half-the-kids-on-the-block-can-use-it software. Their ISP has failed to protect their privacy, or the guy they bought the WAP from failed to tell them that they were surrendering their privacy if they didn't set it up right.

Re:Exploitative Assholes (1)

fluffy99 (870997) | more than 4 years ago | (#32289578)

God forbid, a user that doesn't know how to configure a properly secured wifi network?

It should be up to the ISP to secure it. If your water utility springs a leak the water utility sends someone to fix it.

Not if the leak is on your side of the water meter. Or are you saying its the water companies fault when you leave the hose on and people stop by and have a drink.

Re:Exploitative Assholes (1)

Rophuine (946411) | more than 4 years ago | (#32289272)

If you don't even know the window exists, you stand in front of it naked, and people walking down the street see in, it's not the fault of the people in the street.

Re:Exploitative Assholes (2, Insightful)

palegray.net (1195047) | more than 4 years ago | (#32289432)

I do not care about people "misconfiguring" their home networks. I'm going to make an awful car analogy: if I do not perform properly educate myself on the operation of a motor vehicle and perform the minimum routine maintenance on it, I can't bitch when something goes wrong. By the way, people deserve the rights they can defend; that's a founding principle and a basic manifestation of natural selection.

Let's try a different analogy: if you build your house out of glass, you can't blame folks for looking in. The fact that someone might not find this "obvious" just because it involves a home router bought at BestBuy does not absolve that person of responsibility for the equipment's prudent use. We do not live in a nanny state (at least not quite yet, not to the degree that some folks in Congress would like [at least for those USAians reading this post]), and I strongly object to most attempts to push things in that direction.

The bottom line is simple. For years and years and years mainstream consumer network equipment has offered point and click wizards for enabling even the most basic of security measures. If people cannot be bothered to at least try to learn about a device they have bought and installed at their home, or consult someone with a 6th grade education to do it for them, I honestly don't have a lot of sympathy for their plight.

Re:Exploitative Assholes (2, Informative)

Rophuine (946411) | more than 4 years ago | (#32289564)

No, fuck that. I am NOT going to learn how to change the brake pads on my car. I pay someone to do it. If I want to do it myself, that's fine. If I want to have a mechanic do it, that's also fine. But if I fail to do it and run over and kill somebody, I am at fault. When I bought my car off the second-hand dealer he never told me about changing the brake pads, and it didn't come with a manual. It is STILL MY FAULT.

Of course I'm agreeing with your point. I just wanted to point out that you don't need to learn a THING about your networking gear. You CAN be an 80-year-old grandmother and get this right: pay someone to do it for you.

Re:Exploitative Assholes (2, Interesting)

Rophuine (946411) | more than 4 years ago | (#32289084)

This is crap. You're obscuring the issue completely. Try this analogy instead:

If you were standing naked on your front lawn with no fence or anything, and I'm walking down the road taking a video, is that ok? And of course, it's you're fault for standing out naked where everyone can see you. Google didn't have to peer in from the top of your tree: You were broadcasting this stuff to everyone anyway.

Re:Exploitative Assholes (2, Funny)

MrLint (519792) | more than 4 years ago | (#32289320)

is 'Linksys' unique or chosen? I can't decide.

That personal traffic was encrypted anyway.Right? (4, Funny)

williamyf (227051) | more than 4 years ago | (#32289006)

I mean, all those people were using WPA, WPA-2, or at the very least WEP.

What I am really curious about is if this comment will be modded funny, or some other thing....

Re:That personal traffic was encrypted anyway.Righ (1)

Rophuine (946411) | more than 4 years ago | (#32289096)

I've been following the issue. Google didn't collect traffic if it was encrypted in any way.

I mean, I think you knew that and were being snide at the morons who think this is an invasion of privacy. I'm just clearing it up for those readers who aren't up to date.

Re:That personal traffic was encrypted anyway.Righ (1)

AHuxley (892839) | more than 4 years ago | (#32289330)

Just collecting the data packets then ?
http://googlesystem.blogspot.com/2010/05/google-collected-data-packets-from-open.html [blogspot.com]
"600 gigabytes of data was taken off of the Wi-Fi networks in more than 30 countries"...

Re:That personal traffic was encrypted anyway.Righ (0, Flamebait)

Rophuine (946411) | more than 4 years ago | (#32289420)

What else do you think they were collecting? The ... undata packets as well? Get off /. please.

So Google knows my wifi name, BFD. (1)

xandercash (1791710) | more than 4 years ago | (#32289012)

I wasn't aware that a router name of "GoogleEatMe" would give away my identity. I guess I'll be more careful in the future.

Unencrypted Wifi (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32289050)

Vicki Van Valin ... said that their homes' wireless networks were infact not password protected... In connection with her work and home life, Van Valin transmits and receives a substantial amount of data from and to her computer over her wireless network. A significant amount of the wireless data is also subject to her employer's non-disclosure and security regulations

WTF. Her security was certainly broken, but not by Google - she broke it herself. She should be fired for not using encryption. I know it's wrong to wish ill upon somebody, but in this case, the security of her employer's data is more important than her job. If she does this kind of stupid stuff, she should get a job not involved with confidential data.

The pair also claimed to have sent credit card and banking data over their networks.

If you send your credit card info and bank info over unencrypted HTTP, you have bigger problems to worry about than Google.

Re:Unencrypted Wifi (1)

tagno25 (1518033) | more than 4 years ago | (#32289296)

The pair also claimed to have sent credit card and banking data over their networks.

If you send your credit card info and bank info over unencrypted HTTP, you have bigger problems to worry about than Google.

If your credit card and bank info is not being transited using SSL then you have much bigger problems.

Re:Unencrypted Wifi (2)

pclminion (145572) | more than 4 years ago | (#32289444)

WTF. Her security was certainly broken, but not by Google - she broke it herself. She should be fired for not using encryption.

Fired? She'll be lucky if that's all that happens. She just admitted to a serious contractual breach ON RECORD. I expect the company will now take her car and her house. What a fucking idiot.

Re:Unencrypted Wifi (1)

Marnhinn (310256) | more than 4 years ago | (#32289446)

The point isn't for her to feel justice, or make money from this suit, it is for the lawyers representing her to get rich.

Remember, in most lawsuits, the lawyers come out on top. If she wasn't the one making the claims, I am sure that the law firm sponsoring this action would find someone else that would be willing to.

Unintentionally? (0)

Anonymous Coward | more than 4 years ago | (#32289088)

Three years of collecting wireless data and nobody noticing the extra gigabytes coming from the street view cars?
I don't think so.

Re:Unintentionally? (1)

Rophuine (946411) | more than 4 years ago | (#32289122)

A few TCP packets, compared to uncompressed TIFF files? I rather do think so.

That's like saying "what do you mean you didn't notice fifty kilos of material missing???!?!?!!?" when you're talking about hauling away the debris after demolishing a sky-scraper.

Unintentional, I think not (2, Insightful)

gbrandt (113294) | more than 4 years ago | (#32289114)

I am a programmer. I can honestly say that I have never saved data, via code, that I did know I was saving. There is no such thing as unintentional data.

Re:Unintentional, I think not (0, Troll)

Rophuine (946411) | more than 4 years ago | (#32289150)

Do you audit every piece of code written by someone else that you call into to make sure? Never use private APIs either, I bet.

Do you make sure your data segments are all flagged DONT_SWAP?

Re:Unintentional, I think not (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#32289168)

You are one programmer. Google is dealing with hundreds of programmers and -huge- programs. Some bit of old code they thought they deleted or disabled really wasn't, it got a bit of data, Google realized it, and is going to delete it. I don't see how this is sooooo terrible. This is less data per user than your neighbor with Wireshark running for 15 minutes would get, if you care about your privacy use encryption. Simple as that.

Re:Unintentional, I think not (1)

ADRA (37398) | more than 4 years ago | (#32289280)

You have to capture frames in order to identify the SSID's of the AP's (the whole point of the exercise), so most likely there's a sniffer that just sit there running forever in the vans grabbing all captured frames, or at least the first of every unique AP found. When the van gets to Google central the logs were probably downloaded to a bulk data loader for eventual geo-location coding. It would seem that instead of wiping out the captured raw logs, they were retained as either 'malicious and nefarious use' or an oversight.

300 feet, people! (1)

binaryspiral (784263) | more than 4 years ago | (#32289116)

Your wifi is sending everything you do 300' (more or less) in all directions. Encrypt it or STFU.
and if it bothers you that one of Google's cars drove by and snagged your wifi access point's name then stop broadcasting your SSID too.
Just because you don't understand how to configure your wireless network correctly gives you know rights to sue someone. Or at least win in court.

get rich (1)

Exter-C (310390) | more than 4 years ago | (#32289146)

It sounds to me like people just want to get some more money... however the only people who will win this lawsuit are the lawyers..

Re:get rich (1)

nomadic (141991) | more than 4 years ago | (#32289216)

It sounds to me like people just want to get some more money... however the only people who will win this lawsuit are the lawyers..

How do you figure? Let's say they succeed and get $10,000 per person affected. What percentage of that do you think the lawyers can get? I'm honestly curious, people on slashdot have a very distorted view of how class action lawsuits work.

Re:get rich (2, Informative)

Rophuine (946411) | more than 4 years ago | (#32289292)

I guess you've never seen the results of a class action. If it succeeds, Google gets to pay the plaintiffs' lawyers (anywhere from a few tens of thousands to millions of dollars), and the court orders along the lines of "Google must delete the data, put up a public apology for a week on their main page, and give every plaintiff a $50 ad-words credit."

Re:get rich (1)

nomadic (141991) | more than 4 years ago | (#32289336)

Actually I'm a class action lawyer, so yes, I've seen the results of class actions. Cases like this are generally contingency cases, where the fee is based on a percentage of the amount won. This is typically 25%-33%. So, for those cases where you have a million class members and a 10 million judgment, yep they're probably going to get a $50 coupon while the lawyer could possibly pull in 2-3 million, depending on how much work he or she put into the case. But if each class member is winning $10,000, that's a different story. The class members are going to get most of that money.

Re:get rich (3, Interesting)

Rophuine (946411) | more than 4 years ago | (#32289462)

So, uh... What you're saying is that, in a contingency case, if the judgment is for a LOT per plaintiff, the lawyer doesn't get most of it, but if it's for a LITTLE per plaintiff, then he does. Right?

Let's try 10,000 plaintiffs, $10m judgment, 25% fee. Lawyer gets $2.5m, each plaintiff gets $750. Hmm, looks like (from the point of view of an individual plaintiff), the lawyers are the big winners. Let's look at one where each plaintiff gets a bigger payout, like you say.

Ten plaintiffs, $10m judgment. The lawyer gets $2.5m, each plaintiff gets $(10-2.5)/10m, or $750,000. So the lawyer gets much more than any plaintiff. I guess we need bigger payouts per plaintiff.

Four plaintiffs, $10m judgment. The lawyer gets $2.5m, each plaintiff gets $1.875m. Still looks like the lawyer was the biggest winner.

Two plaintiffs, $10m judgment. Hang on, weren't we talking about class actions?

The fact is that it doesn't matter how big the settlement per class member is. If the fee is 25%-33%, the lawyer will ALWAYS get 25%-33%. It doesn't matter if each class member gets $250 or $250,000.

Can you expect privacy on unprotected wifi? (1)

Nakor BlueRider (1504491) | more than 4 years ago | (#32289152)

Most of the collected data was from unprotected networks; they could only get the network name of anything protected. For example, public hotspots that don't use encryption. (Our city has one.)

Given that, a good question is how private should one consider their connection on such networks? Is there a reasonable expectation of privacy when not using any form of encryption, or when using encryption whose key is publicly distributed? I'd have to say no.

Re:Can you expect privacy on unprotected wifi? (1)

AHuxley (892839) | more than 4 years ago | (#32289378)

Depends who is sniffing.
The DIA, CIA, Army intel, FBI, ect at the time of an anti war protest would have its vans out, ready to soak up everything.- Legal.
Google as a private company has as much legal cover a person with a laptop and gps/wifi software package in many parts of the world.
They had legal cover to make maps after asking.
To store gb after gb of your wifi data - without asking - I hope thats not part of a gov grant to make a map in many parts of the world.
Google: Evil in motion.

Let's all rage at Google (1)

aceofspades1217 (1267996) | more than 4 years ago | (#32289172)

Google was honest enough to actually tell everyone they got this information and that they are deleting it. They came clean and didn't use this data for anything. I'm not saying that we should just be completely "no harm no foul", but just think of how many companies collect much much more private data than that and just hide the fact that they collect it.

I mean cmon in this day and age you should have security and all websites that have personal data use HTTPS. Give me a break, a lot of other corps warrant a lot more of our anger like Sony (taking away a feature that was advertised and adding DRM to everything without telling us), Microsoft (for being Microsoft...although Apple is giving them a run for their money), Apple (for completely going off the deep end and becoming "The Man"), AIG/Goldman/B of A/etc. (for taking all our money...and than asking for more of it after they lose all of our money).

How is this different from... (1)

Gavin Scott (15916) | more than 4 years ago | (#32289194)

the WiFi-based location services (such as the iPod Touch / iPhone support)?

Those guys obviously war-drove all around collecting basically the exact same information in order to create the access-point-MAC-to-Lat/Log database that they use.

If Google collected a whole frame of (gasp) unencrypted 802.11 traffic then that doesn't sound like much of a privacy risk.

So I just don't get that Google is in trouble or frantically apologizing in this case. They're not the first nor probably the last to compile this sort of information.

G.

Re:How is this different from... (1)

AHuxley (892839) | more than 4 years ago | (#32289406)

Most parts of the world have anti wifi hacking laws.
So you can run a cafe with wifi for your coffee drinkers and not some person on a park bench using your expensive bandwidth.
Or your new 'open' by default wifi card gets used and you get a $1000+ data use fine for that month and they find who used you connection.
Most have closed the "it was open loophole" with stiff trespassing laws.

Journalism slacks again. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32289220)

Which federal statute? Which jurisdiction was the lawsuit filed in? In what way was the law violated?

But seriously, lawsuits are the way that the US has decided that facts should legally be determined. This lawsuit could be useful if it is determined that users are responsible for their own data security to some degree.

There is a legal precedent called caveat emptor (buyer beware). There should also be one called 'user beware'. The woman claims to work with 'high technology' and yet she claims that Google 'stole' her data. I find this depressing. If you don't want your credit card info sniffed, use a wired connection and HTTPS.

As far as the $_CORPORATE_ENTITY bashing goes, meh. Any company that tries to do something no one has done before WILL get sued. It takes time for people to become accustomed to the new idea and construct a legal framework for it. Your neighbor drives by your house every day, and has the opportunity to sniff your wireless traffic everyday. This could be considered long term snooping, or it could just be being your neighbor. Same with google. It could be a massive plot to construct a database of everyones personal information, or it could be an attempt to construct a new and useful service.

Re:Journalism slacks again. (0)

Anonymous Coward | more than 4 years ago | (#32289270)

There is a legal precedent called caveat emptor (buyer beware). There should also be one called 'user beware'.

Apparently there already is a phrase for that: Caveat Utilitor. (thanks wikipedia =p)

Nothing wrong with what they did (0, Redundant)

Rophuine (946411) | more than 4 years ago | (#32289252)

Look, let me put it this way. Light is just electromagnetic radiation in a particular band of the spectrum, right? The Google vans drive down the road recording it. If you've put up some sort of barrier to prevent someone on the public street from collecting your light (like walls), the Google vans don't get it. Following so far?

Wi-Fi traffic is just electromagnetic radiation in a particular band of the spectrum, right? The Google vans drive down the road recording it. If you've put up some sort of barrier to prevent someone on the public street from collecting your Wi-Fi traffic (like WPA), the Google vans don't get it. Still following?

The owner's unique street name and number, the unique number given to the owner's car licence plate, and data consisting of all or any part of any signs, swing sets, lawn furniture arrangements, and slogans printed on t-shirts of people in the yard at the time the van drove past, is recorded.

The user's unique (???) or chosen Wi-Fi network name, the unique number given to the user's hardware ... [and] data consisting of all or part of any documents, e-mails, video, audio, and VoIP information being broadcast over the public airwaves (and available to any member of the public on the street at the time) is recorded.

Really, you don't get to be both okay with the street vans in general, but mad at this particular part of the operation. Google is being all apologetic, not because they did anything wrong, but because they know that stupid people will be mad at them if they don't. It's like being calm and careful around a rabid dog: it's not that you actually think you should have to restrict your behaviour because of rabid dogs; just that you'd rather not get bitten.

More Insanity (1, Troll)

b4upoo (166390) | more than 4 years ago | (#32289254)

Anything that can be viewed from a public place such as a street is not private in any sense of the word. A person who can be photographed is in a public situation.
            These privacy nuts are just that. It is time for people to take responsibility for their appearance, their actions and their whereabouts.

Re: More Insanity (1)

DarwinSurvivor (1752106) | more than 4 years ago | (#32289398)

I don't know who modded you troll, but you are 100% correct. In Canada (I'm sure USA is exactly the same), if you are standing on public property (or property you own or have been given permission to be on) then you can take any damn photograph you want.

I don't however think that photos are a good analogy. Something along the line of sound would be much better. If you are blasting your child's birthday party homevideo loud enough for your neighbours to hear it, you have NO right to sue someone on the street with a microphone!

Legal or Not, WHY Did This Happen? (3, Interesting)

no1home (1271260) | more than 4 years ago | (#32289258)

Some are complaining that this was some kind of breach of privacy, maybe breaking several laws (very debateable). Others are asking why this is even an issue since unencrypted wifi is freely viewable. So what on any of that!

Why was the Google StreetView system collecting this data to begin with?

Really, to collect this data, the street-team had to be running wifi in the vehical, purposely vacuuming all the data it could snif out of the air, and dumping it to a rather large drive. Why did this setup exist? Why was this system actively aquiring all this data? Was this being done by some of the streat-teams, or all?

My thoughts are that this really was a simple mistake, likely from a misconfiguration. The likely intent was to gather open access points, like war-driving writ large, but a misconfiguration led to aquiring more than just the AP location/name/basic config- it grabbed whatever was being transmitted at that time. Of course, an oops like that, that was then allowed to continue (possibly), could be a firing-offense as it should have been better setup.

Re:Legal or Not, WHY Did This Happen? (0)

Anonymous Coward | more than 4 years ago | (#32289394)

mapping public wifi spots, like bookstores, etc

Re:Legal or Not, WHY Did This Happen? (1)

AHuxley (892839) | more than 4 years ago | (#32289478)

Testing wifi ads for local shops? Triangulation of wifi - poor persons gps? The cost of a drive by - get everything you can on the first pass?
or a covert open MAC hunt to find open wifi and other details for someone wanting deniability?
Misconfiguration would be a first roll out in one city -opps we sucked up gb after gb of data -tell gov, tells press, clean up - turn off in all over cities.
Get govs ok in all other cities if they wanted to do it after that first 'error'.
Google seems to have sucked up all it could around the world until exposed.
Then govs sat up and noted their wifi laws and privacy protection laws.

Re:Legal or Not, WHY Did This Happen? (0)

Anonymous Coward | more than 4 years ago | (#32289568)

They already stated in their blog that they used a library developed for another project. They reused it and forgot it's collecting too much.

Even if this might not be a privacy violation because traffic should be encrypted - it is a really bad thing that google handles information with libraries not knowing what these are doing with it. Information is the biggest asset google has, they should be very careful with it.

I am getting serious trust issues when hearing about mistakes like this.

Lawyers (1)

acid06 (917409) | more than 4 years ago | (#32289262)

This is a reminder that lawyers just can't be trusted not be complete assholes when aiming for selfish profit.

People are usually fond of class-action lawsuits because most of the times the companies are actually being evil (i.e. Sony). So it's easy to forget or ignore the fact that class-action lawsuit do nothing substantial which benefits the consumer / end-user - they just enrich lawyers.

Now we can see that they just don't care and will even try to paint as evil a company which is disclosing information purely on good will. No one asked them to do it and they could have hidden this information and no one would know. Yet, they disclosed it and now are being screwed over this. What do you think Google or other companies will do the next time around?

So society gets a little bit worse, once again, thanks to the lawyers.

Frivolous lawsuits (1)

JohnM4 (1709336) | more than 4 years ago | (#32289288)

This is seriously frivolous. These vulture lawyers are the only ones who would get anything out of this even if they do win. All of the analogies above are valid. Don't broadcast something you don't want people to pick up. It's common sense. I really hope this gets thrown out and they are made to pay Google's legal costs.

Re:Frivolous lawsuits (1)

AHuxley (892839) | more than 4 years ago | (#32289534)

Wifi laws and privacy laws around the world are now tighter.
The idea that someone in court can say 'it was open' and walk out after they degraded/stole the wifi service is over.

Why Google? (1)

Masterofpsi (1643965) | more than 4 years ago | (#32289314)

The thing that really cheeses me off about this is that all of a sudden, Google is getting charged $10,000 a pop. We all know how much bullshit corporations get away with without paying anything substantial. And suddenly Google, probably as benevolent a company as we're ever going to get, is suddenly getting slapped with what sounds like a massive fine? What is wrong with this picture?

Re:Why Google? (0)

Anonymous Coward | more than 4 years ago | (#32289438)

That Google is being fined? NO ONE would have know about it if Google did not tell eveyone.

Send Google a clear message. (5, Insightful)

pclminion (145572) | more than 4 years ago | (#32289418)

This'll send Google a clear message -- honesty doesn't pay off. If you fuck up and overstep your bounds, for crissakes do NOT let anyone know you did it.

Mistake? I call BS! (0)

Anonymous Coward | more than 4 years ago | (#32289440)

Wat i don't understand is why google is running a packet sniffer and collecting this data; You cant do this highly technical thing unintentionally!

Re:Mistake? I call BS! (2, Insightful)

pclminion (145572) | more than 4 years ago | (#32289486)

Wat i don't understand is why google is running a packet sniffer and collecting this data; You cant do this highly technical thing unintentionally!

Bullshit. Have you ever created a buggy tcpdump filter, started the logger and went home for the night, then came back in the morning to find that you'd filled up a 300 GB disk with nonsense because you made a typo? I have.

Let's see. (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32289548)

We have....

  • millions of privately installed security cameras
  • millions of government-installed security cameras
  • the ability of governments to monitor all financial transactions
  • the ability of the government to look at your banking account at any given time for any reason whatsoever
  • until a few weeks ago, the obligation for every telco to keep detailed records of all your activities, and that's probably returning in some form sooner or later
  • politicians who want blacklists for the internet that nobody except the federal police can know ('stop signs')
  • companies that collect so much data about you via bonus cards, credit cards and other means they probably know you better than your wife

And they're complaining because Google sniffs small bits of unencrypted network traffic? I'm a privacy advocate myself, but this is utterly rediculous.

This is a F-ing joke (2, Interesting)

Antisyzygy (1495469) | more than 4 years ago | (#32289572)

This is a joke. If people are stupid enough to leave their networks open its their own fault. Its like claiming you still own the items in your trash once its out in the street.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>