Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Admits To Collecting Emails and Passwords

kdawson posted more than 3 years ago | from the but-we-didn't-inhale dept.

Google 157

wiredmikey writes "Alan Eustace, Google's Senior VP of Engineering & Research, just put up an interesting blog post on how Google will be creating stronger privacy controls. Right at the end is an interesting admission: that after Streetview WiFi Payload data was analyzed by regulators, their investigations revealed that some incredibly private information was harvested in some cases. Eustace noted that 'It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords.'"

cancel ×

157 comments

Sorry! There are no comments related to the filter you selected.

Also (-1, Redundant)

Anonymous Coward | more than 3 years ago | (#33990074)

They've been designing a system to unmask pesky first posters!

Re:Also (1)

smi.james.th (1706780) | more than 3 years ago | (#33990086)

Clearly it hasn't been working... Oh well...

Google, Facebook - CIA/NSA/DARPA Honeypots (0, Offtopic)

Jeremiah Cornelius (137) | more than 3 years ago | (#33990674)

Facebook conspiracy: Data mining for the CIA [examiner.com]

My loyal readers may recall that DARPA (Defense Advanced Research Projects Agency) has some grotesque tentacles: the Information Awareness Office (IAO); TIA (Total Information Awareness, renamed Terrorism Information Program); and TIPS (Terrorism Information and Prevention System).

It is commonly believed that in 2003 an irate American people forced the government to stop these Orwellian command-and-control police state operations--or did they?

Congress stopped the IAO from gathering as much information as possible about everyone in a centralized nexus for easy spying by the United States government, including internet activity, credit card purchase histories, airline ticket purchases, car rentals, medical records, educational transcripts, driver's licenses, utility bills, tax returns, and all other available data. The government's plan was to emulate Communist East Germany's STASI police state by getting mailmen, boy scouts, teachers, students and others to spy on everyone else. Children would be urged to spy on parents.

These layers of the mind control infrastructure were seemingly dead and buried. But was the stake actually driven through its evil heart? History leads us to believe that it was not.

Then shazam here comes the privacy killing juggernaut called Facebook.

Facebook, however, does what Chairman Mao, Joseph Stalin, or Adolf Hitler could not have dreamt of - it has a half billion people willingly doing a form of spy work on all their friends, family, neighbors, etc.--while enthusiastically revealing information on themselves. The huge database on these half a billion members (and non-members who are written about) is too much power for any private entity--but what if it is part of, or is accessed by, the military-industrial-national security-police state complex?

We all know that "he who pays the check, calls the shots," therefore; whoever controls the purse strings controls the whole project. When it had less than a million or so participants, Facebook demonstrated the potential to do even more than IAO, TIA and TIPS combined. Facebook really exploded after its second round of funding--$12.7 million from the venture capital firm Accel Partners. Its manager, James Breyer, was formerly chairman of the National Venture Capital Association and served on the board with Gilman Louie, CEO of In-Q-Tel, a venture capital front established by the CIA in 1999. In-Q-Tel is the same outfit that funds Google and other technological powerhouses. One of its specialties is "data mining technologies."

Dr. Anita Jones, who joined the firm, also came from Gilman Louie and served on In-Q-Tel's board. She had been director of Defense Research and Engineering for the U.S. Department of Defense. This link goes full circle because she was also an adviser to the secretary of defense, overseeing DARPA, which is responsible for high-tech, high-end development.

But as bad as the beginning of Facebook is, the parallels between the CIA's backing of Google's dream of becoming "the mind of God," and the CIA's funding of Facebook's goal of knowing everything about everybody is anything but benign.

Furthermore, the CIA uses a Facebook group to recruit staff for its National Clandestine Service. Check it out if you dare.

Do not become a victim of this full frontal assault on your personal information. Think twice about putting your entire life on Facebook or by that matter on any social media site. None of it is ever private. Everything you put online stays online forever in a server farm somewhere for anyone to analyze you and the people you love. They do not care about your privacy at all and put great value on uncovering all they can about you. They have an agenda that will become more and more apparent to people as time goes by. Believe it or not there is a great change coming in our culture that many choose to be blind too. The mass loss of liberty and freedom we are experiencing is just a signal to the direction this is all going.

Re:Also (5, Insightful)

DIplomatic (1759914) | more than 3 years ago | (#33990552)

Ok hang on a second. Let's slow down with the inflammatory headlines here, okay? The Google Street View cars picked up partial hashes of data from unsecured routers. And as far as Google "admitting" to collecting the data, that was something they announced last May. So put down your rape whistle, kdawson, there's nothing sinister going on here.

Re:Also (0)

Anonymous Coward | more than 3 years ago | (#33990786)

I don't think so. I'm Anonymous.Coward@gmail.com, and they haven't so much as Buzzed me.

Don't wait for Google policy. (5, Informative)

FooAtWFU (699187) | more than 3 years ago | (#33990116)

Google policy is inadequate to protect your data. Encrypt your wifi. That is all.

Re:Don't wait for Google policy. (5, Insightful)

rtfa-troll (1340807) | more than 3 years ago | (#33990182)

If you care, you have to encrypt a lot more than just your wifi. The guys at your ISP can see the stuff just the same as Google.

Re:Don't wait for Google policy. (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990200)

they however are regulated under national data protection acts not to release said information unless requested to do so by a court.

where as in this case, Google just collected the info: and was technically/almost legally able to do as it pleased.

Re:Don't wait for Google policy. (1)

HomelessInLaJolla (1026842) | more than 3 years ago | (#33990470)

Meanwhile, in the real world...

Re:Don't wait for Google policy. (3, Funny)

icebike (68054) | more than 3 years ago | (#33990218)

Not with SSL.

If you are using their mail servers, they might be able to read your mail.

That's why I use gmail, I might as well go directly to the place where its all going to end up anyway.

Re:Don't wait for Google policy. (5, Funny)

FooAtWFU (699187) | more than 3 years ago | (#33990276)

Oh no! Google has my Gmail password?!?!!? :)

Re:Don't wait for Google policy. (3, Insightful)

hedwards (940851) | more than 3 years ago | (#33990382)

Unlikely, usually what they have is a hash of the password which can't readily be turned into the password. It's not considered secure to store a password in it's unencrypted form.

Re:Don't wait for Google policy. (0)

Anonymous Coward | more than 3 years ago | (#33990564)

You don't think Google has enough power in their massive network of servers (100,000+ or something is it?) to crack a hashed password in an acceptable amount of time (however long that is) if they actually wanted to do that?

I suppose it really depends on their hashing algorithm. I hope they used a good one ;-)

Re:Don't wait for Google policy. (2, Informative)

c-reus (852386) | more than 3 years ago | (#33991048)

Why do you think the password needs to be cracked at all?

1. Make a copy of the hash
2. Replace the hash with a hash of a known password
3. Log in with the known password and do whatever you wanted to do with the account
4. Replace the hash with the copy created in step 1
5. Delete the traces of the login so that the original user would not see the login information.

Re:Don't wait for Google policy. (2, Funny)

rwa2 (4391) | more than 3 years ago | (#33990540)

< googles his root password >

Nope, they don't seem to have my password.

Well, at least they didn't until now... But I feel safer knowing ;-P

Re:Don't wait for Google policy. (1)

mysidia (191772) | more than 3 years ago | (#33990688)

https://encrypted.google.com/ [google.com] , Gmail over SSL, AND Google Cache, FTW.

Re:Don't wait for Google policy. (0)

Anonymous Coward | more than 3 years ago | (#33990756)

Don't have to bother with encryption..just use your AP's MAC filter ability

Re:Don't wait for Google policy. (1)

louzerr (97449) | more than 3 years ago | (#33991064)

Agreed! Don't encrypt your radio broadcasts, don't expect any privacy.

boycott google (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33990122)

this is the final straw.

Re:boycott google (3, Insightful)

icebike (68054) | more than 3 years ago | (#33990258)

How is this any different than what was revealed when this story first broke.

Google reported this from DAY ONE, and rather than sweeping it under the rug they tattled on themselves, and asked world governments what they should do with the data rather than simply destroying it.

THERE IS ABSOLUTE NOTHING NEW IN THIS STORY.

Just because you are late to the party don't assume nothing happened prior to your arrival.

Re:boycott google (1)

countSudoku() (1047544) | more than 3 years ago | (#33990412)

Also, what's the same is that the idiots who are broadcasting their person info are still doing it at local wifi hotspots and their own wide-open home nets. They're lucky that it was Google who captured that data. If it was anyone else, no one would ever have known until something bad happened, or at all. Google can adapt and improve. Dumb users? Not so much.

Reason (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33990132)

They did it because Demint started the recession.

No, google admits to collecting wifi packet data (5, Informative)

A beautiful mind (821714) | more than 3 years ago | (#33990134)

This is entirely different what the summary and the title implies, which is deliberately seeking out email or password data.

While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.

Re:No, google admits to collecting wifi packet dat (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990186)

Exactly. they meant no harm by this: they just wanted to know where you ARE so the local ads server to your connection in the future would be more relevant.

Honestly, I applaud them for getting so much free advertising out of this. even people that have never used a computer/don't have internet at home now know who they are.

Re:No, google admits to collecting wifi packet dat (2, Insightful)

Abcd1234 (188840) | more than 3 years ago | (#33990438)

Exactly. they meant no harm by this: they just wanted to know where you ARE

Correct.

so the local ads server to your connection in the future would be more relevant.

Yes. That's the only reason. I'm sure no one finds location-aware applications useful for any other reason. I mean, why would I want to be able to look up businesses in my area? Or geotag photos? Or god knows what else? Yup, the only reason Google would be doing this is to target you with ads, and no one wants it but Google. Yup, makes sense to me!

Meanwhile, Google is absolutely forcing software developers to send SSID information to Google without your permission, so that they can figure out where you are without your knowing it. Devices *definitely* don't ask you first before sending that information on. It's just forced on everyone without them ever knowing. And it's all Google's fault!

Right?

Re:No, google admits to collecting wifi packet dat (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990512)

You seem to think advertising is limited to popups and banners.

any location aware application IS advertising. that's almost ALL it is. knowing what local businesses are nearby through the use of a tool: is almost the definition of advertising.

advertising is a WIDE array of topics and applications. when you geotag a photo, and want people to see your photo with your name before anyone else's photos of the same subject: that's advertising.

Re:No, google admits to collecting wifi packet dat (0, Flamebait)

WrongSizeGlass (838941) | more than 3 years ago | (#33990232)

While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.

Google is a big company full of a lot of really smart people. How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data? Their intentions may not have been 'evil' but negligence is no excuse. Not acting to prevent this type of data being gathered in the first place is 'evil' enough.

Re:No, google admits to collecting wifi packet dat (1)

satch89450 (186046) | more than 3 years ago | (#33990318)

How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data?

Quality Assurance testing is three parts sweat and one part luck. If the testing was done in a neighborhood with no open wifi, they wouldn't see anything that would requiring fixing. Remember where Google lives: I would expect most wifi links to be either closed, or wide open (as in public access points in cafes).

Re:No, google admits to collecting wifi packet dat (1)

Coren22 (1625475) | more than 3 years ago | (#33990424)

They were running Kismet, by default it stores the information captured in a file. Google noticed this later and reported on themselves to give the governments involved the chance to tell them how to destroy the data. This was not intentional capturing, and it only captured what these people were willfully transmitting in the clear over the air.

Re:No, google admits to collecting wifi packet dat (0)

Anonymous Coward | more than 3 years ago | (#33990894)

They were running Kismet, by default it stores the information captured in a file. Google noticed this later and reported on themselves to give the governments involved the chance to tell them how to destroy the data. This was not intentional capturing, and it only captured what these people were willfully transmitting in the clear over the air.

You don't accidentally capture information because you left the default settings on when you were gathering data around the world.

Re:No, google admits to collecting wifi packet dat (1)

icebike (68054) | more than 3 years ago | (#33990428)

Google is a big company full of a lot of really smart people. How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data? Their intentions may not have been 'evil' but negligence is no excuse. Not acting to prevent this type of data being gathered in the first place is 'evil' enough.

Must we really rehash that here just for you?

Howbout using something to search the intewebs and find out how this happened. You could maybe use something like Google?

It was a very low level beacon capture that stored too much data by accident. But because it did capture the beacon packets (and because that is all google was interested in) the fact that more than beacons were picked up in clear text from people too stupid to secure their routers wasn't even noticed.

Re:No, google admits to collecting wifi packet dat (1)

Abcd1234 (188840) | more than 3 years ago | (#33990492)

Google is a big company full of a lot of really smart people.

And every single one of them was working on this problem? Really?

How is it that none of them analyzed the process or the results during the 'testing phase' to determine they might just get this type of data?

Because they screwed up?

Their intentions may not have been 'evil' but negligence is no excuse.

Of course it's an excuse. Negligence happens. Are you saying Google must be perfect, and if not, they're not allowed to ever do anything?

Besides which, if anyone was negligent, it was people running unsecured WAPs and then sending passwords in cleartext. But no, we must blame Google for capturing unencrypted wireless traffic... hell, if you ask me, we should be thanking Google for bringing to light a real problem with home wireless installations.

Not acting to prevent this type of data being gathered in the first place is 'evil' enough.

Wait, so now "evil" is simply defined as "fucking up sufficiently to piss you off"? Interesting.

Re:No, google admits to collecting wifi packet dat (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990644)

Well analyzed. I don't get peoples explosions at Google for doing exactly what they advertise they do: collect data, and sell targeted ads to companies, while trying to anonomise the data that other companies see.

as far as it goes: they do a pretty damn good job of it too.

Re:No, google admits to collecting wifi packet dat (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#33990526)

This is kind of akin to saying that if I were to drive around my city to create a map of coffee shops and it's my fault that I saw people enjoying their coffee outside due to negligence.

Re:No, google admits to collecting wifi packet dat (2, Insightful)

clarkkent09 (1104833) | more than 3 years ago | (#33990388)

And why did Privacy International place Google dead last out of 23 companies examined and described its actions as "comprehensive consumer surveillance and entrenched hostility to privacy"? Please stop this automatic defense of Google. As far as I'm concerned, the company that has the most information about me is the one that presents the greatest threat to my privacy. Saying that you trust Google not to abuse it is like saying you trust gravity not to cause you to fall because it is not evil.This is a small exaggeration but what I'm getting at is that corporations of that size acquire a life of their own and there is only so much that mission statements written by their founders decades ago matter. Google will be as evil or not evil as the collective decisions of its shareholders, employees and customers are over the years and those are not any different special google kind of people. They are the same people and same market forces that that direct actions of any other corporation.

Re:No, google admits to collecting wifi packet dat (4, Insightful)

Archangel Michael (180766) | more than 3 years ago | (#33990472)

This is a problem of privacy

No. This is a case of lack of security on WIFI access points.

THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.

This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures. You want privacy, then close the shades and encrypt your data transmissions.

Re:No, google admits to collecting wifi packet dat (0)

Anonymous Coward | more than 3 years ago | (#33990562)

THERE is no reason why Google should be held accountable for DATA that is essentially floating in the middle of the street. NONE. The problem isn't GOOGLE doing anything wrong.

Nope. Is an unlocked door an invitation to break in? Of course not. Google's vans acted just like burglars scoping out a neighborhood, going door to door to check which ones are unlocked. Not only that, they actually broke in to some of these analogous homes, and took souvenirs with them (emails, passwords).

This is like the lady who dances naked in front of an open window and gets mad when people see her naked and start taking pictures.

Taking pictures like that is illegal too.

Re:No, google admits to collecting wifi packet dat (1)

icebike (68054) | more than 3 years ago | (#33990842)

Door?
Locked?

Are you daft?

Tell you what, Mr Bad Analogy Guy, you move all your valuables out onto the middle of the street tonight and leave them there for a week for all passers by to peruse and see how much is still there next friday.

There is no expectation of privacy for things you broadcast to the world at large.

They did not Break into anything. They drove down the street, with their windows rolled down listening, and idiots like you were busy shouting your credit card numbers and sexual orientation from the curb side.

Re:No, google admits to collecting wifi packet dat (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#33991024)

I agree, his analogy is wrong.

But, I would be truly peeved to learn that anyone was sitting out in the street and recording traffic for any significant period of time. You want to "glance" at my traffic the same way a regular person would "glance" into my house windows while walking down the sidewalk, that's reasonable. But you want to camp out on the sidewalk and point a camera into my windows 24x7 and save it all to a database for later use and I do have a problem with that - same as I would with a long-term packet dump. If nothing else, because it is essentially stalking.

And that's the case even for encrypted traffic - even when the encryption is not cracked - as some amount of information can be gleaned from traffic analysis.

Re:No, google admits to collecting wifi packet dat (0)

Anonymous Coward | more than 3 years ago | (#33990840)

This is entirely different what the summary and the title implies, which is deliberately seeking out email or password data.

While it might not be ethical to capture full packet dumps, they probably did it to triangulate wifi access points better. This is a problem of privacy, but not of outright evil.

Sorry but I consider purposely violating my privacy pretty evil. Thanks

Re:No, google admits to collecting wifi packet dat (1)

louzerr (97449) | more than 3 years ago | (#33991076)

If you're broadcasting unencrypted data, YOU'RE the one tossing your privacy away. Sorry.

No, Google is perfect (-1, Troll)

Toe, The (545098) | more than 3 years ago | (#33990160)

This is silly. Everyone understands that Google is the holy grail of geek perfection, and they can do no wrong. Go ahead, entrust all your e-mail, all your web searches, all your documents, all your photos, all your click behaviors, all everything you do online to Google. They will always be on your side and never, ever, ever violate your trust.

Though... hm. Even if Google is absolute do-no-evil perfection... If you think about it, the more of that data you give to them, the more attractive it becomes to people who might be just a little bit evil. Right now, Google is way too big to be a target for those people (completely assuming that those people aren't already there), but it is conceivable that some day they might not be so entirely rich. Someday someone may be able to snap up that nice enormous chunk of data.

And here's the interesting bit. Once someone who is not trustworthy gets the reigns of Google (and in a corporation, don't forget that this is possible at any moment), they have all the history of all of your activities, nicely archived, cataloged, indexed, and searchable. Everything you give to Google today is available to that unknown future entity. At any time in the future.

But I'm sure that's just ridiculous paranoia. Do go ahead and give Google every detail of your life. Trust them implicitly, because after all they say they're not evil. What more do you really need?

Re:No, Google is perfect (1)

Dunbal (464142) | more than 3 years ago | (#33990334)

A limiter to your theory, however, is that all data has a "half life". Password and emails change. People move. People die. Over time the data in the database (sorry for the redundant redundancy) becomes more stale and inaccurate until, at some point in the future, using said database results in more "misses" than hits.

Perhaps there is a silver lining behind that cloud after all.

and who is going to get pinned at fault? (3, Insightful)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990162)

and who is going to get pinned at fault for all this? Google? the Consumer?

Personally: I think it should be equipment manufacturers. honestly: 99% of people want basic wep/wpa/wpa2 encryption. just build all consumer routers to REQUIRE it during setup, and provide a flash/an option to disable it.

for the 1% of people that want an unencrypted wireless router out of the box: they can stand to pay more, or learn enough about the cheap ones to know how to turn it off.

Re:and who is going to get pinned at fault? (0)

hedwards (940851) | more than 3 years ago | (#33990246)

The reason they don't do that is that while nearly everybody wants the encryption actually setting it up is challenging for geeks. And that's sort of the challenge.

Things like WPS [wikipedia.org] help quite a bit, there's still a lot of devices like the Wii which aren't completely compatible with the standards making it a challenge to create something that's going to work reliably and easily.

Re:and who is going to get pinned at fault? (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990394)

uhhh.. maybe I'm out of the loop here: but it takes all of -zero- effort to setup encryption on a router.

I've likely been through twenty wireless routers in the last year, at least six major brands. never have I even had to think about the setup.

if manufacturers enabled it by default, throw a basic: "the key is [random string of characters] sticker on it" and match it in the firmware. hell, even if it's just basic WEP, it would still have prevented this whole fiasco.

Re:and who is going to get pinned at fault? (0)

Anonymous Coward | more than 3 years ago | (#33990722)

uhhh.. maybe I'm out of the loop here: but it takes all of -zero- effort to setup encryption on a router.

The troublesome part isn't setting up the router, but making sure that every single device in your home is able to properly connect to the thing after encryption is enabled. What makes this especially annoying is that many devices have a tendency to not really give you a good error message, they just give you a generic "doesn't work". I certainly wasted quite some hours trying to debug WLAN related issues.

It is still not exactly a really hard thing to do, but certainly not a zero effort one either.

Re:and who is going to get pinned at fault? (1)

cynyr (703126) | more than 3 years ago | (#33990464)

challenging? hardly, pick "wpa2 personal AES/TKIP" and type in the password. my hostap 2.5 based laptop from 2003 does it in linux...

Re:and who is going to get pinned at fault? (1)

icebike (68054) | more than 3 years ago | (#33990522)

Setting up encryption is a challenge?

If the routers came out of the box with Encryption LOCKED ON and the password set to the serial number it would be a Challenge to turn it OFF.

Setting it up would be "No Geek Required".

Why in hell should the world default to vulnerable to support one allegedly incompatible device?

Re:and who is going to get pinned at fault? (1)

Khyber (864651) | more than 3 years ago | (#33991050)

"The reason they don't do that is that while nearly everybody wants the encryption actually setting it up is challenging for geeks."

WTF am I reading, here? Are you completely new to setting up encryption on a router and computers for a network connection?

Log into router
Go to Wireless settings
Pick your encryption and input a key if required
Save settings
Go to other computer, try connecting to the network.
Provide key (if required.)
You're online.

Oh, and we literally have push-button connection, now. you simply try connecting to the secure network and walk over to the router and press the connect button - auto-configured and ready to go.

Seriously, if it's any harder than that, you need to give up technology as a career choice.

Re:and who is going to get pinned at fault? (1)

Coren22 (1625475) | more than 3 years ago | (#33990458)

Current wifi routers I have bought automatically make you setup encryption as part of the setup procedures before the AP works. My sample includes: 3com, Linksys (after Cisco), Netgear, D-link

Re:and who is going to get pinned at fault? (1)

DeadboltX (751907) | more than 3 years ago | (#33990586)

While I agree that everyone should keep their private network secure, I also think that requiring a password out of the box would be a tech support nightmare.

Not very private. (5, Insightful)

BitterOak (537666) | more than 3 years ago | (#33990176)

Google did not drive around for the purpose of harvesting passwords from unsecured WiFi connections. It inadvertently recorded some data that was broadcast and somewhere buried in it were some e-mail addresses and passwords.

If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.

Re:Not very private. (2, Informative)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990230)

in Canada however, it is the responsibilities of the people that expect to profit from that information, or any corporations not to -retain- that data without a waver.

Re:Not very private. (2, Informative)

WillAffleckUW (858324) | more than 3 years ago | (#33990304)

in Canada however, it is the responsibilities of the people that expect to profit from that information, or any corporations not to -retain- that data without a waver.

In Canada, corporations are not people, and do not have fake rights like our activist Supreme Court has given them here in the USA.

Privacy is a Right in Canada. Period.

Re:Not very private. (1)

imthesponge (621107) | more than 3 years ago | (#33990344)

This data was broadcast publicly. Privacy is not an issue here.

Re:Not very private. (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990444)

This data was broadcast publicly. Privacy is not an issue here.

No, data collection by corporations has to accede to Laws.

Laws in Canada and in the EU are very strict about what information - whether gained legally or from public data - may be kept, transmitted, sold, or used by corporations.

Perhaps you seem to think the weak privacy "laws" in the USA apply around the world?

Re:Not very private. (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990558)

Thank you. it surprising how many Americans think that their "privacy laws" (if one can even call them that) apply to the rest of the world.

Re:Not very private. (1)

imthesponge (621107) | more than 3 years ago | (#33990612)

I guess they better arrest those WiFi users for broadcasting that information. And the router manufacturers for permitting an insecure configuration.

Re:Not very private. (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990748)

I guess they better arrest those WiFi users for broadcasting that information. And the router manufacturers for permitting an insecure configuration.

The Wi-Fi users are people.

People have actual Rights. Including the right to privacy - just as I have the right not to have you use binoculars to watch me shower even if there is an alleyway behind my house and if you stand at a specific spot you can see me.

Re:Not very private. (1)

imthesponge (621107) | more than 3 years ago | (#33990852)

It's more like arresting someone if they hear you shouting from your porch. When you choose to run an unencrypted access point, you are deliberately broadcasting that information to the public. One does not have to "spy" into your house; one only has to drive by while in possession of a laptop. I guess we should ban laptops.

Re:Not very private. (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990902)

I'm sorry that you seem to believe that corporations have rights to do things that people have.

This belief of yours only applies to the US - it does not apply to data collection by the legal fictions called corporations which do not have the same rights as people in most of the world, and specifically in both Canada and the EU.

It's illegal to record someone in my state in the US without a warrant. We have laws against peeping toms, upskirt videos, recording people inside their homes even if visible from the street. The photons and sound waves hit your recording device, but you'll still serve time in jail here.

Re:Not very private. (1)

mdielmann (514750) | more than 3 years ago | (#33990918)

I stand impressed at how hard you avoid the point. Hearing is not the issue. Retaining for commercial purposes is. To complete your analogy.
Hearing me chatting on my porch is fine. Listening in on the conversation is unethical, but not illegal. Recording may not even be illegal, given you aren't using it for commercial purposes. But using that personal information for commercial purposes, without going through the proper channels (of which listening through the fence is not one) is definitely illegal.

Re:Not very private. (1)

icebike (68054) | more than 3 years ago | (#33990886)

Google didn't USE any of the private data.

They asked the government what to do with it.

Canada, bastion of privacy, ordered google to turn over all that data, email addresses, passwords, credit cards, chat log snippits and all to the Canadian Government.

So tell me again about how privacy is protected in Canada? Oh, by entrusting it all to the government.

Well played sir.

Re:Not very private. (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990972)

Unlike Americans, Canadians actually (with the exception of a few sociopaths) trust their government.

Please be advised that your version of reality may not apply in other countries.

Specifically, try to do this action in China at Tianamin Square and you may find yourself in jail for a decade or two.

Re:Not very private. (1, Insightful)

neumayr (819083) | more than 3 years ago | (#33990500)

No, sorry, this analogy doesn't work. The primary use of a bullhorn is to convey information to a large audience, the primary use of a wireless accesspoint is to allow computers to talk to each other wirelessly.
The unintended sideeffect that allows everyone to listen those computers talk should have been advertised, its implications made clear. But that did not happen. It's the vendors that are to blame.

Re:Not very private. (2, Interesting)

poopdeville (841677) | more than 3 years ago | (#33990634)

If someone stands at their front door with bullhorn shouting out their social security numbers, salaries, sexual orientation and other private details, it isn't the responsibility of passers-by to cover their ears.

This is more like Google was going door to door, knocking on doors, turning knobs to see if they're unlocked, and sometimes going in and swiping souvenirs.

You see, an unlocked door is not an invitation to break in. The victim has some share of the blame, but the burglar gets most of it.

Re:Not very private. (0)

Anonymous Coward | more than 3 years ago | (#33990926)

No, another failed analogy. Google didn't break into anything. It's like a radio DJ inadvertently not shutting off his microphone (or not knowing how to do so in the first place) and broadcasting his SSN and other personal information over the air while on a phone call. If you happen to be listening or recording on that frequency, how are you to accept any blame for that content?

And whose fault is it, really? (2, Interesting)

bradley13 (1118935) | more than 3 years ago | (#33990184)

Google screwed up here, accidentally capturing all of this data. Why they didn't just delete it, rather than doing this whole "hair shirt" thing is more than a bit weird.

But: whose fault is it, actually? If you transmit a radio signal into the public domain, do you have any expectation of privacy? Seems to me that the people using unsecured networks share a large portion of the blame here.

For the obligatory car analogy: leaving your router unlocked is like leaving your car unlocked. Transmitting unencrypted login credentials using your unlocked router is like - what? Maybe parking your car in the Bronx and leaving the keys in the ignition?

Re:And whose fault is it, really? (1)

Hatta (162192) | more than 3 years ago | (#33990226)

Chances are Google didn't even know what was in the packets until the States started getting nosy. Just because they dumped broadcasted packets to disk doesn't mean anyone looked at it.

Re:And whose fault is it, really? (1)

cynyr (703126) | more than 3 years ago | (#33990538)

Maybe parking your car in the Bronx and leaving the keys in the ignition with a sign saying you left, aren't watching and will be back in no less the 2 hours, please don't touch

FTFY

Re:And whose fault is it, really? (1)

TheClarkster (1130495) | more than 3 years ago | (#33990578)

They knew exactly what was in it, and when they found out they immediately released a statement and told everyone. They said they already fixed the problem and wouldn't capture that data anymore, and that they were deleting everything already collected. Then suddenly governments everywhere were saying, don't you dare delete it, we need that as evidence to sue you and further our political careers!

Re:And whose fault is it, really? (1)

icebike (68054) | more than 3 years ago | (#33990640)

Google screwed up here, accidentally capturing all of this data. Why they didn't just delete it, rather than doing this whole "hair shirt" thing is more than a bit weird.
 

The hand wringers and tin foil hat crowd would be up in arms when it was found out that some data was captured, and then the evidence destroyed.

I'm sure the temptation was there to dump it and move on. But "Don't Be Evil" won the day and they did the right thing.

Unfortunately, The governments involved (looking at you Canada) demanded the data, instead of telling Google to simply purge all Canadian data. Now all those passwords and email snippets are owned by the Canadian Government. And there are no clear limits to what they can do with them.

Who's evil now?

Re:And whose fault is it, really? (1)

Nethemas the Great (909900) | more than 3 years ago | (#33990772)

I think the car analogy doesn't fit well. You can't "unintentionally" find yourself behind the wheels of an unlocked car.

I think it'd be a bit more like walking around your house naked with all the curtains pulled wide open. Anyone that happens to be walking by outside has a good chance of unintentionally seeing your goods. If you don't want to give a peep show draw the curtains.

Won't change anything around here (0, Troll)

bonch (38532) | more than 3 years ago | (#33990192)

Eric Schmidt flat-out said that the only people who care about privacy have something to hide [slashdot.org] , and they were caught archiving neighborhood WiFi data "accidentally." I don't know why people still treat Google as some benevolent open source company--their search and advertising platform is as closed source and proprietary as Windows.

Every free service they offer is to get you onto their indexing and advertising platforms. They use the moniker of "open" to attract people and trick them into think Google is ethical and is "one of them." And yet, no matter how many times it's proven what a sham their do-no-evil mantra is, they continue to have defenders who want everything they use to be Google-branded.

Eventually, the tide is going to turn, and they're going to be as derided as Microsoft. The transition is happening. Until then, you'll still get people who actually believe Google is an open company that's all about the engineering.

Re:Won't change anything around here (2, Interesting)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990302)

Google is a very simple company in the grand scheme of things. All they want is to advertise to you.

All the free services they provide, allow them to get to know what you want, so their advertisements are better targeted: HOPEFULLY allowing you to find what you want.

I'm sorry: I fail to see the "evil" part of that. they don't sell customer information, they sell anonymous -group- information, and allow advertisers to target ads at those groups. I'm sorry, but I fail to see the evil in somebody knowing that the people interested in "fuzzy kittens" went up by one after you happened to search for it.

Re:Won't change anything around here (0)

Anonymous Coward | more than 3 years ago | (#33990400)

They weren’t caught. They announced that they had inadvertently collected information such as passwords and emails when cataloging wifi hot spots.

Google isn't an open source company. They do however use open source and give back to the community.

Re:Won't change anything around here (1)

_Sprocket_ (42527) | more than 3 years ago | (#33990792)

Actually, what he said is:

If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

Which isn't exactly what you paraphrased. Granted - I don't agree in either case. I believe we have a right to privacy. And it seems Schmidt recognizes that:

http://www.youtube.com/watch?v=Rpfa4sH4Dpk [youtube.com]

Granted - that doesn't read as well. The headlines aren't as flashy. Which is a shame because in that same interview, what Schmidt says that's really telling is:

"If you really need that kind of privacy, the reality is that search engines - including Google - do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."

so what? (1)

gsgleason (1241794) | more than 3 years ago | (#33990262)

If someone is broadcasting their 'sensitive data' by shouting through a bullhorn for the whole world to hear, they shouldn't be surprised if someone wrote down what they heard, nor should they complain.

Re:so what? (1)

poopdeville (841677) | more than 3 years ago | (#33990676)

But they're not shouting through a bullhorn. They're "silently" and "invisibly" transmitting over the air, using a protocol they probably assume is secure. It is not obvious to anyone if a stream is encrypted until you try to read from it. It is like a burglar turning the knob on your front door, checking to see if you left it unlocked.

Admits? Being SUED by Canada! (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990278)

The Privacy minister in Canada is suing them for violating the RIGHTS of Canadian citizens worldwide as well as those EU citizens - both of whom have stronger privacy RIGHTS than we peons do here in America.

I hope they break them up - serves them right.

Re:Admits? Being SUED by Canada! (1)

hedwards (940851) | more than 3 years ago | (#33990494)

Except the Canadian Privacy minister lacks the jurisdiction to sue for things allegedly done on foreign soil. Sure sue about violations of Canadian law in Canada, but Canadian law does not extend to places beyond Canada. Trying to enforce Canadian laws overseas is a really, really bad thing for everybody.

It's hard enough at times just dealing with international law, if all of a sudden you're having to worry about some foreign entity suing you for something which is perfectly legal in the local jurisdiction it could very easily cause gridlock.

Re:Admits? Being SUED by Canada! (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990610)

I'm a Canadian citizen. There are Canadian consulates within the US affected by this. And an embassy (which technically is Canadian soil).

Re:Admits? Being SUED by Canada! (0)

Anonymous Coward | more than 3 years ago | (#33990506)

You have a right to interfere with other people's radios in such a way as to make your own password appear in their files? That's a weird right.

Re:Admits? Being SUED by Canada! (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990598)

Corporations have fewer rights than people in Canada and in the EU.

Corporations are NOT people. Except by a legal created fiction by the US Supreme Court recognized by no other nation on Earth.

Re:Admits? Being SUED by Canada! (1)

cynyr (703126) | more than 3 years ago | (#33990596)

so encrypt your connections, problem solved.

This is like shouting your SSN, birth date, middle inital, credit card number and ATM pin in times square, and being upset that someone stole your identity.

Now if google was cracking connections you would have a point.

Re:Admits? Being SUED by Canada! (1)

WillAffleckUW (858324) | more than 3 years ago | (#33990730)

In Canada and the EU Google is being sued for such data collection. Corporations do not have the right to collect, store, sell, or distribute certain types of information about people, since they are legally NOT people themselves but legally created fictions.

A person can write it down.

A corporation can not.

Please be advised - oh, and you need a license to MOVE a weapon in Canada. Different countries have different laws, and US corporations routinely violate the Rights of citizens of both the EU and Canada, for which they are subject to legal Action.

Corporations are not people. They are subject to people and have none of the rights of people.

They just now figured this out!? (0)

Anonymous Coward | more than 3 years ago | (#33990286)

it took regulators this long to figure it out!? I haven't even seen the data yet I could have told you that they would have found emails and passwords -- if you snoop traffic from thousands of unencrypted Wifi nodes you're going to come up with all sorts of things, including email addresses and passwords. I bet they even captured some credit card numbers and social security numbers too.

I just don't see why this is a crusade against Google when anyone driving down the street can do the same thing. If regulators want to bust someone, they should bust Wifi equipment manufacturers that allow the devices to broadcast unencrypted traffic by default. (though to be fair, the most recent access point I purchased did use WPA by default).

Instead of the uproar against someone picking up cleartext broadcasts, why isn't there an uproar about so many people broadcasting their private communications in cleartext!?

Another brilliant title (1)

Jim Efaw (3484) | more than 3 years ago | (#33990306)

"Google Admits To Collecting Emails and Passwords." Yeah, it's called Gmail. At least the article summary was closer to reality than usual. Since we're on the subject: has anyone else been getting the suspicion that article summaries from other Slashdot editors lately are really kdawson also?

Do no evil? (1)

RapmasterT (787426) | more than 3 years ago | (#33990364)

While clearly not OUTRIGHT evil, Google certainly defines "no evil" down into a far grayer area than we might have hoped.

Anyone else struck by the correlations between tech companies and politics? While there may be differing degrees, nobody but NOBODY is anywhere close to what I'd consider clean and ethical.

I have a great idea (1)

Cyberllama (113628) | more than 3 years ago | (#33990410)

Let's post the same story every month, but change the headline with new and obvious information to suggest a new story. I mean seriously, did anyone doubt that somewhere in 6 gigabytes of random data snippets there wouldn't be a password or two? Of course there were. We already knew this. There's no news here except that Canada confirmed what Google already told us. Wow, thanks Canada.

Confirming the expected. (1)

_Sprocket_ (42527) | more than 3 years ago | (#33990430)

This is simple confirmation of what was expected. Anyone who has spent some time sniffing unencrypted wifi traffic (i.e. wardriving) has likely seen the exact types of data that's being described. That Google's tools (and I suspect they were re-purposing the same OSS tools we all have access to) during extensive amounts of wardriving is no surprise. The real question is what Google had planned to do with this data.

There are plenty of people who haven't spent any time watching Kismet and ARE surprised at this. It seems to me that this surprise has over-ridden the real question. It's as if Google were the only entities out there doing these things. That their here-unto-unmolested privacy has been pierced by Google's roving gaze. In reality, they've always been exposed and likely exposed to far more than Google's Streetmap vans. But they are keen to lash out at Google.

But again - all this thrashing about is a red herring. The issue really is what Google was doing with this data. It does look like Google was picking up additional information that they weren't interested in. It doesn't look like they were trying to record full sessions and capture sensitive data per se. And if this is so, Google's proper handling and purging of extra data would be a Good Idea. Just as it would be a Good Idea for people to understand the nature of the public networks they put sensitive information on.

Surprise? (1)

froggymana (1896008) | more than 3 years ago | (#33990466)

Does this really surprise anyone? I know that it doesn't surprise me. Another great reason why all of your passwords should not be the same thing.

Before the accusations start... (1)

mathimus1863 (1120437) | more than 3 years ago | (#33990488)

Before people start freaking out about how evil Google is, I wanted to temper the rage by pointing out that Google's involvement is purely passive. Their collection techniques were solely collecting wifi payloads that were visible from the street, and never actually attempted communication with any routers. It would be a completely different story if Google had actively logged into routers and collected data, as that would be a major criminal violation. But they didn't.

I'm not suggesting that saving the data was entirely ethical, but they weren't out there to collect it. If anything, this demonstrates just how ridiculously insecure an unencrypted wifi network is. If you do nothing else, at least use WEP, despite all it's vulnerabilities. It will keep 99% of people out of your network (i.e. the casual neighbor looking for a free connection when their own service is not working).

Re:Before the accusations start... (1)

phyrexianshaw.ca (1265320) | more than 3 years ago | (#33990530)

and will make it illegal for them to crack. just an attempt to secure your connection, as bad as the attempt may be, still justifies your intention to protect it.

Re:Before the accusations start... (0)

Anonymous Coward | more than 3 years ago | (#33990706)

Before people start freaking out about how evil Google is, I wanted to temper the rage by pointing out that Google's involvement is purely passive

There you go bringing "facts" into the debate. MS pays good money to get these stories run every month, and you're screwing it up!

We're still on this? (1)

spottedkangaroo (451692) | more than 3 years ago | (#33990746)

How the hell is this google's fault anyway? If you don't want your "incredibly private" information in other's hands, then don't fucking broadcast it into the air unencrypted for anyone in a 500' radius to pick up and record. How is this different than reading your email into a radio broadcast and then being shocked (shocked) that someone recorded it by accident. This is stupid.

Re:We're still on this? (1)

blair1q (305137) | more than 3 years ago | (#33990820)

Well, it's Google's fault to the extent that they didn't understand the capabilities of their electronic eavesdropping system, nor the extent of their legal rights to eavesdrop electronically.

It's the public's fault as well, for electing people who make laws without understanding the extent to which they are criminalizing non-criminal behavior.

But mostly, it's the media's fault for never understanding that when the law and rights abut, the courts sort it out, and pretending that someone is evil just because the system is in play is not impartial journalism, it's selfish hucksterism.

Passwords (1)

1000101 (584896) | more than 3 years ago | (#33990864)

...in some instances entire emails and URLs were captured, as well as passwords

What passwords were recorded? Surely not email login passwords right? What email systems aren't using encryption to send that type of data?

Re:Passwords (1)

iammani (1392285) | more than 3 years ago | (#33990942)

What passwords were recorded?

Slashdot?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>