Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Street View Wi-Fi Data Includes Passwords, Email Content

Soulskill posted more than 4 years ago | from the top-of-the-line-pr-nightmare dept.

Google 292

snydeq writes "The French National Commission on Computing and Liberty has found passwords and email messages among the Street View Wi-Fi data Google intercepted, InfoWorld reports. The data protection authority has been investigating Google's recording of traffic carried over unencrypted Wi-Fi networks. Google has said it collected only 'fragments' of personal web traffic as it passed by because its Wi-Fi equipment automatically changes channels five times a second. With Wi-Fi networks operating at up to 54Mbps, however, those 'fragments' may have been more than that. 'We can already state that [...] Google did indeed record email access passwords [and] extracts of the content of email messages,' CNIL said."

Sorry! There are no comments related to the filter you selected.

Well.. (1, Interesting)

pak9rabid (1011935) | more than 4 years ago | (#32615722)

If you're stupid enough to access information you care about and wish to keep private via an insecure link, then you're asking for trouble.

Re:Well.. (4, Insightful)

Cimexus (1355033) | more than 4 years ago | (#32615762)

You're right of course. But it still isn't a good look for Google. A lot of countries have fairly strict laws against this kind of thing, and the "if it was private it should have been secured" argument isn't a valid excuse, legally speaking.

Re:Well.. (3, Interesting)

pak9rabid (1011935) | more than 4 years ago | (#32615860)

Perhaps not, but I don't think Google should be faulted for obtaining what is essentially information being made public. Now, if they were doing things like cracking somebody's WPA-protected (or hell, even WEP) wireless signals, then yes, they should be.

Analogy time....say somebody is in their front yard, holding up a big sign that has their "my bank password is xxx". Should someone passing by in the street get shit for looking over and noticing that?

Re:Well.. (1, Insightful)

qoncept (599709) | more than 4 years ago | (#32616134)

That's a BS analogy. If you're sending an unencrypted email to a friend, there is absolutely no question about who the intended recipient is. You're talking about people who weren't clearly addressed intercepting and reading your mail.

SO... fixed.
Say somebody stuffs an envelope addressed to their credit card company in the mailbox in their front yard. Should somebody get shit for digging it out and reading it? (Hint: Laws are very clear about this)

Re:Well.. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32616248)

It's not an envelope, it's a postcard, and the mailbox is transparent.

Re:Well.. (0, Troll)

qoncept (599709) | more than 4 years ago | (#32616340)

I understand where you're coming from, but the simple fact is that if this is your argument, you are a pathetic fucking nerd. People don't walk around with devices and software that let them do what you're saying if they're ever going to get laid.

Re:Well.. (0)

Anonymous Coward | more than 4 years ago | (#32616656)

Clever lawyering, citing the classic Douchebag Troll v Internet precedent of "that won't get you laid". Game, set, match; ready the pillory!

Re:Well.. (2, Insightful)

erroneus (253617) | more than 4 years ago | (#32616930)

You make an excellent point. The trouble is you made it in such an offensive way that it got you modded as troll.

The reality is, in fact, that people "expect" that their email and web browsing activities are not public data. It does not matter that it is technically not true. In theory, with the right equipment, it has been shown that by scanning RFI, individual key strokes can actually be picked up from people striking their keyboards and phone conversations can be tapped without the use of any physical contact with the phone network. The relative ease or difficulty of eavesdropping technology can not and should not be used as a defense of the practice of eavesdropping.

After all, if this argument were valid, then we would pretty much all have to learn to speak unique and individual languages in order to maintain our privacy when speaking since the walls have ears at extremely great ranges these days. By making the "but it's unencrypted and therefore public" argument, you are creating a slippery slope that we really don't want to go down.

Re:Well.. (1)

ottothecow (600101) | more than 4 years ago | (#32616310)

Wifi is more like they made hundreds of photocopies of the letter to their credit card company and had them dropped from a helicopter 100ft above their house.

The recipient is still obvious if it was a normal business letter with their address at the top but you would hardly punish someone for picking one of those letters up off the street outside their house and reading it (note, these letters can't be in sealed envelopes...envelopes are like WEP, sure you *could* open it with a simple tool, but you know you are actively doing something "wrong")

Re:Well.. (4, Insightful)

KevinKnSC (744603) | more than 4 years ago | (#32616328)

It's more like yelling at your neighbor across the street, and then getting upset when someone driving by overhears it. With unencrypted traffic on a wireless network you are quite literally broadcasting information to the world. The argument that someone is the intended recipient and everyone else needs to pretend they didn't hear it is bullshit.

Re:Well.. (5, Insightful)

lgw (121541) | more than 4 years ago | (#32616426)

Much, if not most, of polite human society throughout history is based on pretending you didn't overhear coversations between people. Listening in on other people's conversations, even when those conversations are in a public space, is creepy and wrong. The fact that you think your argument supports your position is the kind of thinking that gives geeks a bad name for being, well, creepy and wrong.

Re:Well.. (2, Interesting)

balbus000 (1793324) | more than 4 years ago | (#32616800)

Much, if not most, of polite human society throughout history is based on pretending you didn't overhear coversations between people.

Which is what Google did. If they had actually used that information, then in the analogy it would be someone overhearing something the shouldn't have and then going home and saying "OMG, listen to this gossip! ...". But Google didn't do anything with that information they "overheard".

Re:Well.. (1)

guruevi (827432) | more than 4 years ago | (#32616802)

It may be socially unacceptable (at this moment in history) but it's not legally wrong. Back in the day (before the Internet or mass communications) it was fairly acceptable for somebody to overhear conversations and then gossip about it to the town. Several religious organizations likewise like overheard conversations about moral wrongdoing to be reported to them and some might even encourage casual snooping or plain wiretapping (Scientology). These days the town is the world but it's no different.

Re:Well.. (1)

lgw (121541) | more than 4 years ago | (#32616896)

If you do somehting socially unacceptable to enough people, it will become legally wrong, perhaps retroactively. That how communities work - go out of you way to creep out enough of a community and you will be run out of town on a rail. Google really didn't think this through.

Re:Well.. (1)

ukyoCE (106879) | more than 4 years ago | (#32616820)

Right, but to this moment Google is still pretending they didn't hear it.

This is roughly akin to me leaving someone voicemail while you yell your password behind me. I'm not recording your password on purpose, I don't care about, and I'm not doing anything with it. But yes, if you go through my friend's voicemails you can hear some moron screaming his password in the background.

That doesn't make me "creepy and wrong", it just makes that moron a...well, moron.

Re:Well.. (1)

jbezorg (1263978) | more than 4 years ago | (#32616892)

Creepy and and socially inept...

But still not illegal.

Re:Well.. (0)

Anonymous Coward | more than 4 years ago | (#32616342)

Still wrong I'm afraid.

What about two neighbors yelling over their fences to each other about their new house alarm security passcodes, and you're walking by the back of their house dictating a memo into your dictaphone. Have you broken the law? I'm some of the "two party consent" states in the US.. maybe (and I personally believe those laws are pure nonsense) but not in the UK and most of europe.

Re:Well.. (1)

qoncept (599709) | more than 4 years ago | (#32616392)

What about two neighbors talking about their house alarm security passcodes on the phone inside their houses and you're listening from another house with an Inspector Gadget Megaear? You're not overhearing, you're fucking snooping.

Re:Well.. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32616636)

... and if that was in anyway similar to what Google has done it would be relevant.

Re:Well.. (1)

BrokenHalo (565198) | more than 4 years ago | (#32616376)

Perhaps not, but I don't think Google should be faulted for obtaining what is essentially information being made public.

Why not?

If my front door is shut, but not locked, does that entitle anyone to come in and rip off my stuff or go through my desk and copy down my banking details?

Re:Well.. (1)

russotto (537200) | more than 4 years ago | (#32616430)

If my front door is shut, but not locked, does that entitle anyone to come in and rip off my stuff or go through my desk and copy down my banking details?

No, but if you wrote your banking details on a sign in your front yard, don't be surprised if someone takes a picture.

Re:Well.. (1)

lgw (121541) | more than 4 years ago | (#32616472)

The users of these unecypted hotspots did not intend their data to be public. Intention is what matters for most laws, and for most reasonable people.

Re:Well.. (2, Insightful)

russotto (537200) | more than 4 years ago | (#32616648)

The users of these unecypted hotspots did not intend their data to be public. Intention is what matters for most laws, and for most reasonable people.

Intent of the alleged victim is not what matters for most laws; for most offenses, intent of the alleged offender is a factor, not the victim.

Re:Well.. (1)

murdocj (543661) | more than 4 years ago | (#32616774)

This and similar "shouting out the window" analogies are just plain wrong. If I walk down the street past a dozen unsecured wifi networks, I don't hear or see anything. I have to be actively looking for unsecured wifi and then snooping in order to pick up anything. Enough with the bad analogies.

Re:Well.. (1, Flamebait)

fullgandoo (1188759) | more than 4 years ago | (#32616390)

Google IS at fault. Google has to know that most people using computers and wireless routers don't have a clue what exposure they are risking. Google has to know that if the same people understood the implications and if actually presented with a choice and a means to do so, they would clamp down their network.

At the very least, Google is guilty of exploiting the ignorance of an overwhelming majority of the population.

Re:Well.. (1)

StackedCrooked (1204878) | more than 4 years ago | (#32616730)

A better analogy seems to me washing your car and this act being exposed on Google Maps.

Re:Well.. (1)

Aeros (668253) | more than 4 years ago | (#32616872)

Right plus they fessed up to having obtained this data 'accidentally'. I think it would be different if they never said anything then it was discovered they had the data all along. Personally I don't think Google did anything wrong here. If this data was just out there, unencrypted to where anyone with half a brain could get it then the users should be held accountable.

Re:Well.. (2, Insightful)

JesseL (107722) | more than 4 years ago | (#32615898)

How about the "if it was private they shouldn't have been screaming it in public to anyone who could hear" argument?

Re:Well.. (2, Insightful)

gad_zuki! (70830) | more than 4 years ago | (#32616074)

Some countries have laws that specify encryption for wifi too. I'd rather have that then bullshit privacy laws "OH NOES HE READ MY WIRELESS UNENCRYPTED TRANSMISSION!!!" How about people take some fucking responsibility for putting in some basic encryption? It takes like two clicks.

Re:Well.. (1)

commodore64_love (1445365) | more than 4 years ago | (#32616220)

It would be nice if Laws had some kind of logical consistency:

- The user leaves his "front door" wide open so anybody can intercept and see his unencrypted internet, and it's the spy (google) who gets in trouble.

- Meanwhile a user in Virginia wakes-up and wanders around his house naked, and a mom trespasses through the front yard, and then presses charges against the guy because she she him through a window. The mom is the one who should be found guilty, just like Google but instead it was the user inside his house who spent time in jail.

Re:Well.. (1)

John Hasler (414242) | more than 4 years ago | (#32616388)

> The user leaves his "front door" wide open so anybody can intercept and see
> his unencrypted internet, and it's the spy (google) who gets in trouble.

Bad analogy. Google did not "enter" anything in any way. He transmitted his secrets out onto the public street. It's more like displaying them on a billboard in the front yard in foot-high letters.

Re:Well.. (2, Insightful)

bbernard (930130) | more than 4 years ago | (#32616090)

And if we're really lucky this kind of incident will help John Q Sixpack start thinking about securing his wireless...aw, who am I kidding, we'll have unicorns, flying pigs, and world peace before that happens.

Re:Well.. (1)

John Hasler (414242) | more than 4 years ago | (#32616832)

> And if we're really lucky this kind of incident will help John Q Sixpack
> start thinking about securing his wireless...

But more likely it will start him supporting more repressive laws.

Re:Well.. (1)

fullgandoo (1188759) | more than 4 years ago | (#32616272)

Do you think 99% of the population even knows what encryption is? Or that wireless routers by default are configured for unencrypted communication? Or that someone on the street can easily tap into what they are doing?

Just because they don't understand how computers communicate doesn't mean they are stupid.

Yikes! (2, Interesting)

WrongSizeGlass (838941) | more than 4 years ago | (#32615726)

This went from "it was an accident" to "there's nothing in the data anyway" to "hey, will you look at that! How'd that get in there??"

Re:Yikes! (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32615862)

No. Google's had one consistent message from the beginning: this was an accident, and it's extremely unlikely that they collected more than fragments because they were DRIVING DOWN THE FUCKING STREET as they channel-hopped.

So out of many gigabytes of accidentally-collected data, yes, it's not particularly surprising that there are a few passwords collected from people still crazy enough to send that kind of stuff unencrypted. Tell me, what exactly do you think Google's nefarious motive in all this could possibly be? What's your plan to make money by doing this deliberately?

If you have no reasonable answer, as I'm sure you don't, then fuck off with your cutesy little insinuations.

Re:Yikes! (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32616044)

I think the question we need to be asking ourselves is.. should we be more worried about:

a) Google collecting snippets of data as they worked on building an incredibly precise geo-location database
b) Governments trying to impose 'net filters' with anonymous blacklists and saved web history*

* See: http://www.gizmodo.com.au/2010/06/the-government-now-wants-isps-to-link-your-online-history-with-your-passport/

People are all up in arms against Google for seeing data that's available to any tom dick or harry that parks nearby your house yet ignore the fact that governments (and not just the Australian one) are already doing this or are trying to get support to do it.
This world is stupid, I'm moving to mars.

Re:Yikes! (1)

blair1q (305137) | more than 4 years ago | (#32616290)

And ignoring the fact that the government of France is right now trolling through the data it strongarmed out of Google's hands.

If there's anyone who has no right to see even a single byte of that data without a warrant sworn out by name against the citizens who sent that data over the wi-fi, it's the government.

Re:Yikes! (1)

BrokenHalo (565198) | more than 4 years ago | (#32616468)

This world is stupid, I'm moving to mars.

The world has been stupid for longer than any of us (even me) have been alive. But if necessary, we can all just use offshore VPNs and make it hard for "them" to spy on us.

Re:Yikes! (1)

Timothy Brownawell (627747) | more than 4 years ago | (#32616460)

out of many gigabytes of accidentally-collected data

Doesn't that sentence fragment strike you as a bit odd? I'd almost call it "inconceivable"...

Re:Yikes! (0)

Anonymous Coward | more than 4 years ago | (#32616210)

This is an entirely political issue. There haven't been any surprises since it became known that Google did not record just SSIDs and BSSIDs. Right from the start, when it was revealed that Google captured raw unfiltered Wi-Fi traffic, every tech knew exactly what kind of data can be expected. When you sample short bursts of data from millions of wireless networks, you're bound to find complete mails and other small pieces of information. Techs also know that Google is not your biggest concern when some of your data ends up in their capture files in readable form: It means that you're not encrypting your wireless transmissions and everybody in range of your access point can record all of it.

Lessons Learned? (0, Redundant)

AltairDusk (1757788) | more than 4 years ago | (#32616224)

Yet most people will likely still fail to secure their wireless networks...

Re:Yikes! (1)

Trufagus (1803250) | more than 4 years ago | (#32616766)

Wake me up when we find that they actually did something with the data.

Yes, Google was stupid so they now have a zillion lawsuits to deal with and will watch their engineers more closely. Don't we have more serious crimes to ponder?

duh (0)

Anonymous Coward | more than 4 years ago | (#32615744)

POP3 does not, by default, encrypt passwords, and if I'm broadcasting my unencrypted passwords into the fucking street on a public radio band I'm not sure that I should expect privacy.

Re:duh (2, Insightful)

jdgeorge (18767) | more than 4 years ago | (#32615880)

Excellent point that it's hardly Google's fault that my ISP doesn't provide an encrypted connection to its email servers. I'm looking at you, Time Warner. (And NO, webmail doesn't count.)

The ISP is responsible for this problem, not Google.

Re:duh (2, Insightful)

schon (31600) | more than 4 years ago | (#32616166)

The ISP is responsible for this problem, not Google.

Since when is it an ISP's responsibilty to secure their customers' wireless LANs?

Re:duh (2, Informative)

AltairDusk (1757788) | more than 4 years ago | (#32616260)

Since many ISP's offer to come set everything up for you when you sign up.

Re:duh (2, Informative)

jdgeorge (18767) | more than 4 years ago | (#32616358)

The ISP is responsible for this problem, not Google.

Since when is it an ISP's responsibilty to secure their customers' wireless LANs?

1) Since they started selling wireless LANs [rr.com] to their customers.
2) I'm not talking about wireless, I'm talking about unencrypted access to email servers, which should concern you even if you DON'T use wireless, for the same reason you shouldn't perform financial transactions over an unencrypted connection.
3) Using wireless encryption may be a good idea, but that is NOT enough to provide safe electronic communication.

How could I have possibly (-1, Offtopic)

beschra (1424727) | more than 4 years ago | (#32615748)

gotten first post on this subject? Maybe every one else is RFTA?

Re:How could I have possibly (-1, Offtopic)

beschra (1424727) | more than 4 years ago | (#32615774)

gotten first post on this subject? Maybe every one else is RFTA?

Never mind.

Re:How could I have possibly (0, Offtopic)

linhares (1241614) | more than 4 years ago | (#32615878)

"Only those who dare to fail greatly can ever achieve greatly." --Robert Francis Kennedy

Re:How could I have possibly (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32616008)

"Only those who dare to fail greatly can ever achieve greatly." --Robert Francis Kennedy

"Only those who have nothing to say claim 'first post'." --Anonymous Coward

Encryption (2, Insightful)

nOw2 (1531357) | more than 4 years ago | (#32615768)

It's not that I think everyone should be forced to use encryption everywhere, but in this case the unencrypted data is being broadcast out into public spaces.

Re:Encryption (2, Interesting)

John Hasler (414242) | more than 4 years ago | (#32616324)

It was once the law in the USA that anyone was free to listen to any radio transmission and disclose anything they heard. It was up to those operating the transmitter to encrypt their secrets and/or control the direction of their transmissions. This should, IMHO, still be the law. Why should I not be allowed to receive radio signals you send onto my property? Why should I be obligated to protect your secrets after you've blasted them out to the universe?

Re:Encryption (1)

lgw (121541) | more than 4 years ago | (#32616558)

Basic politeness and good manners?

News? (4, Insightful)

spinkham (56603) | more than 4 years ago | (#32615782)

A crapload of small random bits of data will contain some interesting data.. This is news?

If you don't want anyone picking up your wifi traffic you encrypt it. Welcome to the year 2000.

Re:News? (4, Insightful)

Hoplite3 (671379) | more than 4 years ago | (#32616054)

This just in: If you don't want to be seen naked while changing, close the blinds.

Re:News? (0)

Anonymous Coward | more than 4 years ago | (#32616156)

This just in: If you don't want to be seen naked while changing, close the blinds.

+1 for good analogue.

OT, please feel to mod down (0, Offtopic)

maxwells_deamon (221474) | more than 4 years ago | (#32616320)

Where did you get your Sig or did you come up with it? I would like to make/have a t-shirt with that on it but I do not want to steal a quote from someone.

Thanks

Ho ho ho... Felony. (0)

bmo (77928) | more than 4 years ago | (#32615796)

Intercepting email as it's on the fly between server and recipient?

That's an ECPA violation there, Google. And it's a felony.

If you're a sysadmin get yourself a copy of Lance Rose's "Netlaw" if you're interested at all in the ECPA and it's implications.

--
BMO

Re:Ho ho ho... Felony. (4, Insightful)

XanC (644172) | more than 4 years ago | (#32615832)

It wasn't intercepted between the sender and recipient.

The sender sent it to the recipient, AND ALSO broadcast it, over the air, in the clear, to anybody who cared to listen.

Re:Ho ho ho... Felony. (1)

bmo (77928) | more than 4 years ago | (#32615856)

It doesn't matter.

The ECPA does not distinguish between wired and wireless communications.

--
BMO

Re:Ho ho ho... Felony. (1)

schon (31600) | more than 4 years ago | (#32616266)

It doesn't matter.

Why not?

The ECPA does not distinguish between wired and wireless communications.

So, if you were to see me walking down the street, I yell something to my friend and you can't help but overhear it, you're guilty of a felony?

I think I'm gonna need some proof of that. (And not just the law, but a legal opinion.)

Re:Ho ho ho... Felony. (1)

blair1q (305137) | more than 4 years ago | (#32616348)

So someone talking on a payphone can send you to jail for walking past him with your tape-recorder turned on?

Re:Ho ho ho... Felony. (2, Interesting)

lgw (121541) | more than 4 years ago | (#32616706)

In many states, yes. Many states have "wiretapping" laws that make it illegal to record a conversation unless all parties are aware that it is being recorded. This is increasingly being applied to public spaces as well. There's a high-profile felony case in Chicago about this right now.

Re:Ho ho ho... Felony. (2, Interesting)

bmo (77928) | more than 4 years ago | (#32615914)

On further thought:

The only thing I can see that might make it legal is that all wireless routers are Part 12 devices.

But then you're pitting one federal law against the other. Who wins?

--
BMO

Re:Ho ho ho... Felony. (0)

Anonymous Coward | more than 4 years ago | (#32616098)

What's a "Part 12 device"? I googled it and got nothing relevant.

Re:Ho ho ho... Felony. (1)

bmo (77928) | more than 4 years ago | (#32616206)

I was wrong, not part 12, Part 15.

FCC Part 15 rules for consumer, unlicensed radio devices.

http://en.wikipedia.org/wiki/Title_47_CFR_Part_15 [wikipedia.org]

--
BMO

Re:Ho ho ho... Felony. (1)

maxwells_deamon (221474) | more than 4 years ago | (#32616366)

But then you're pitting one federal law against the other. Who wins?

--
BMO

Conflicting laws are new?

Re:Ho ho ho... Felony. (1)

blair1q (305137) | more than 4 years ago | (#32616368)

But then you're pitting one federal law against the other. Who wins?

Your legal team's brokers.

Re:Ho ho ho... Felony. (3, Informative)

mukund (163654) | more than 4 years ago | (#32616080)

The law doesn't care.

Stop thinking about your Wifi device. You emit a lot of information without knowing about it anyway. Read about TEMPEST [wikipedia.org] .

Some people even believe that just cause they have swapped CRTs with LCDs, they are not vulnerable. They are usually wrong [cam.ac.uk] .

There are way many things that are private to you, but that anyone can collect on a mass scale and raise hairs. Like the time period during which your home's lights are on, and when they are off, the contents of your trash, what type of car you use, what colors/types of clothes you wear, etc. just by noticing you in public. Not all such information may be useful or cost-worthy to use today, but it's all information that says something about you.

Re:Ho ho ho... Felony. (1)

XanC (644172) | more than 4 years ago | (#32616386)

So if I'm in my house, and I start signaling with the blinds in Morse code, something like "Hey look at me!" or even "SOS", then anybody who interprets those signals is a felon?

Re:Ho ho ho... Felony. (1)

lgw (121541) | more than 4 years ago | (#32616756)

Bad analogy there - in general, if I do something with the reasonable expectation of privacy, and you listen in, you're probably breaking some law even if it's really easy to listen in. The technical difficulty of overhearing is not at all relevant.

Re:Ho ho ho... Felony. (1)

russotto (537200) | more than 4 years ago | (#32616818)

Bad analogy there - in general, if I do something with the reasonable expectation of privacy, and you listen in, you're probably breaking some law even if it's really easy to listen in. The technical difficulty of overhearing is not at all relevant.

Only... it turns out it is. See my cite of 18 USC 2510 earlier. This probably doesn't invalidate the first part of your statement, as it is likely that transmitting things unencrypted on a radio channel does not result in a reasonable expectation of privacy.

Re:Ho ho ho... Felony. (2, Interesting)

russotto (537200) | more than 4 years ago | (#32616526)

That's an ECPA violation there, Google. And it's a felony.

Not if it occurred in Europe, since the ECPA is US law. Doesn't apply in the US, either; by the terms of the ECPA a unencrypted wifi signal is "readily accessible to the general public", and thus not covered. (See 18 USC 2510(16), and 2511(2)(g)(i))

My hope would be (5, Insightful)

the_one_wesp (1785252) | more than 4 years ago | (#32615798)

that this would end up being less about Google getting in trouble for scraping unsecured data and more about educating the general public on how to secure their networks. Aside from the fact that Google probably shouldn't have done it in the first place, this should be wake up call to everyone with an unsecured wireless network.

Re:My hope would be (1)

AnonymousClown (1788472) | more than 4 years ago | (#32616174)

I can't believe they got much as everyone is making it out to be. Here in my neighborhood, there's over a half a dozen Wifi networks I can see. All but one, is secured - roughly 14% unsecured. Now, if you happen to be driving through the neighborhood on some random day, how likely are you to get the individual logging onto a his email or something - assuming the logon isn't encrypted?

That's the other thing, how many websites or POP3 servers that don't have encrypted communications?

Diffie-Hellman (1)

Sir_Lewk (967686) | more than 4 years ago | (#32615800)

Maybe someday people won't be stupid enough to transmit passwords in the clear and expect privacy. It's not like the technology to do it doesn't exit, people are just too resistant to chance and "inconvenience".

A man can dream though, a man can dream...

How.. (0)

Anonymous Coward | more than 4 years ago | (#32615806)

is this news? We've already heard quite a bit about the sniffing, and now they hit us with a real whopper: "Some people are careless with sensitive data."

Everyone can do this! (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32615854)

People should realize that everyone can do this, it's not some multi-million dollar decryption device Google built. So instead of pointing the finger at Google for perhaps "something bad" they did, it's more wise to start educating WiFi operators about the dangers that come with opening their networks, perhaps "something good", but it can be abused.

Well, duh. (4, Insightful)

Todd Knarr (15451) | more than 4 years ago | (#32615874)

Those people were transmitting those passwords and e-mails in the clear over a broadcast medium (ie. to everybody in range who was listening). Google was in range and listening and heard them. That's like saying "I was shouting my password at the top of my lungs on the streetcorner and someone overheard me and wrote it down!": yes there's a problem, but it's not with the person who wrote the password down. It's with you, for thinking you can shout things in public and somehow miraculously have them remain private and confidential.

Re:Well, duh. (1)

jdgeorge (18767) | more than 4 years ago | (#32616070)

In this case, I suggest it's the ISP who's at fault for leading their customers to believe that their communications over the radio bands are private and confidential.

Particularly ISPs who provide only unencrypted connections to email servers are a significant part of the problem here.

Re:Well, duh. (0)

Anonymous Coward | more than 4 years ago | (#32616534)

Would you have been happier had they been TEMPESTing everyone? That requires a warrant for the cops to do it...

Re:Well, duh. (1)

lgw (121541) | more than 4 years ago | (#32616854)

People using unencrypted wifi today have a reasonable expectation of privacy. In 20 years, maybe that won't be true, but today it is. If someone has a reasonable expectation of privacy, you're probably breaking the law if you listen in even if it's really easy to do so. The technical sophistication required isn't even relevant.

Re:Well, duh. (1)

arc86 (1815912) | more than 4 years ago | (#32616898)

It's not a perfect analogy because it's not obvious to many users that someone could be reading their data. Instead imagine they were entering their PIN on an ATM and you say, "Sucker, didn't you see that convex mirror on the ceiling reflecting your keystrokes for the whole room to see?" In this case, Google has a camera trained on the convex mirror...

BIG NEWS (0)

Anonymous Coward | more than 4 years ago | (#32615936)

Unsecured WiFi is insecure.

News at 11.

passwords?! (1, Insightful)

oddTodd123 (1806894) | more than 4 years ago | (#32615954)

Where can you even log in any more with an unencrypted connection?

Re:passwords?! (1, Informative)

Anonymous Coward | more than 4 years ago | (#32616104)

Some web email services uses unencrypted connections by default, some web space providers use unencrypted logins too, forums the same and some places, where you register, still sent you the login/password pack via email after signing up.

Re:passwords?! (0)

Anonymous Coward | more than 4 years ago | (#32616154)

Just ask google

Re:passwords?! (2, Interesting)

tibman (623933) | more than 4 years ago | (#32616218)

slashdot?

Re:passwords?! (2, Insightful)

epp_b (944299) | more than 4 years ago | (#32616246)

Where can you even log in any more with an unencrypted connection?

I don't know of any non-webmail email services that secure their pop connections. Plus, there's also session hijacking [wikipedia.org] .

Re:passwords?! (0)

Anonymous Coward | more than 4 years ago | (#32616270)

/.

--- Crap to get over the damn filter ---

Re:passwords?! (1)

maxwells_deamon (221474) | more than 4 years ago | (#32616442)

Most ISPs require plain text passwords for non webmail.

Open windows, connect to open network, open Outlook...

Everything you need is broadcast for sniffing I have been told. (I need to check this sometime)

Should not be default setup but it is and many ISPs do not support other setups.

Re:passwords?! (0)

Anonymous Coward | more than 4 years ago | (#32616778)

Facebook.

Welcome to Georgia(the State, not the Country) (0, Troll)

Montezumaa (1674080) | more than 4 years ago | (#32615994)

I will be passing this to the my associates in law enforcement and we will stop and arrest any people operating vehicles within this State for violations of our communications laws. It is one thing to take pictures from a public street(which is problematic in and of itself around here, for Google), but it is another to intercept or otherwise illegally obtain data that you do not have legal authority to possess.

We might seem like backwards people to most, in the rest of the U.S. and the World, but we do not stand back while anyone violates our laws. Google has just started a very big problem for themselves. If Google attempts to destroy the information they illegally obtained, then they will be charged for the destruction of evidence, in addition to all of the other charges.

It seriously sucks to be a driver of one of those cars right now.

Re:Welcome to Georgia(the State, not the Country) (1)

bmo (77928) | more than 4 years ago | (#32616096)

So, um, you're going to go after the drivers and not Google itself?

Coward.

--
BMO

Re:Welcome to Georgia(the State, not the Country) (1)

NiteShaed (315799) | more than 4 years ago | (#32616592)

I will be passing this to the my associates in law enforcement and we will stop and arrest any people operating vehicles within this State for violations of our communications laws.

And what communications law would that be? I'm curious about how the law manages to say that broadcasting your data, in the clear, to anyone who cares to listen results in that listening party being in violation. Maybe you're not going far enough. I hear there are devices called radios and televisions that "listen in" on transmissions promiscuously broadcast by various entities. You should start grabbing people who operate these devices as well, I mean really, who gave them permission to collect the data put out by these so-called "broadcasters", did they check first and ask permission to eavesdrop on their signals?

It is one thing to take pictures from a public street(which is problematic in and of itself around here, for Google),

Yeah, I hate it when people go around, just willy-nilly looking at things that are out in public. That just sucks.

but it is another to intercept or otherwise illegally obtain data that you do not have legal authority to possess.

See above. They're listening to publicly broadcast information. They're not breaking into your network, you're putting this stuff out there for all the world to see. The simplest way to stop them from hearing it is to stop broadcasting it, or encrypting those broadcasts.

We might seem like backwards people to most

Noooooo, I can't imagine where people might get that idea.....

Google has just started a very big problem for themselves.

Yeah, they got into a crapstorm with China, but it's you and your Georgia law-enforcement associates that're really gonna scare 'em.

It seriously sucks to be a driver of one of those cars right now.

There ya go, grab the guy getting paid by the hour to drive around. That's much easier than going after the actual company. If that's your strategy, you're lazy on top of being clueless.

for those that blame grandma for not knowing WPA (1)

HockeyPuck (141947) | more than 4 years ago | (#32616556)

For those that believe that everyone should know about wireless encryption, and that everyone should know the benefits of WPA vs WEP, I hope you don't shred your trash but burn it before putting it into your recycle bin/garbage can. Because your credit card receipts and bills, even if shredded could contain "fragments" of personal data.

What you don't burn it or dissolve it in acid? You only shred it? You should know better. Everyone should know proper sensitive documentation handling and disposal procedures.

Care to name a few other areas that Grandma should know about which are blatantly obvious to you because computers and networking is part of your job. I bet Grandma doesn't throw you under the proverbial bus because you cannot sew a button on your shirt.

Re:for those that blame grandma for not knowing WP (1)

Ash-Fox (726320) | more than 4 years ago | (#32616804)

everyone should know the benefits of WPA vs WEP

Such as only one those technologies work with my Nintendo DS, which is why I don't use the other.

Well of course they did (1)

Cyberllama (113628) | more than 4 years ago | (#32616884)

The odds of grabbing passwords in this way (changing channels 5 times per second and only being in range of a network for a few seconds at a time) is pretty slim, in general, but given that Google was apparently running this software for years it's not surprising that it happened occasionally. Still, the total packets collected only amount to like 660 gigabytes -- that's not very much, and I'm willing to bet that only a tiny, tiny, percentage of that data is this sort of data. Most of your traffic is not plaintext (even if its unencrypted). Heck, even if someone was browsing the web, you're far more likely to see a snippet of a jpeg or embedded Youtube video than HTML. With just a few packets, that's likely to be gibberish.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?