Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Grabbed Locations of Phones, PCs

Soulskill posted about 3 years ago | from the gift-that-keeps-on-giving dept.

Google 230

1800maxim writes "As it turns out, Google didn't only grab the hotspot SSIDs and MAC addresses with its Street View cars. As this article at CNET notes, Google also recorded location data of computers using wireless cards, as well as cell phones and other Wi-Fi devices. Google's explanation is that the data collection was accidental, and they declined to answer further questions from CNET."

cancel ×

230 comments

Sorry! There are no comments related to the filter you selected.

TEH GOOGLE IS DA BOSS !! (-1)

Anonymous Coward | about 3 years ago | (#36892416)

And Teh Google OWNZ You !!

Outrage (-1, Redundant)

DarkDust (239124) | about 3 years ago | (#36892426)

Somehow, I don't expect this to create the same outrage as back when Apple did something similar...

Re:Outrage (0)

GuldKalle (1065310) | about 3 years ago | (#36892454)

When did Apple do something similar? Did the iView-cars drive over my hole in the ground without me noticing?

Re:Outrage (0)

lurch_mojoff (867210) | about 3 years ago | (#36892500)

Yeah, yeah DarkDust means the Location Services database "-gate", which you are right is not even remotely similar. In fact the two issues are as dissimilar as they can be. And here lies the most depressing thing — this will garner very little attention, especially outside of geek circles. I'd be surprised if this revelation, as egregious violation of privacy as it describes, will cause mainstream media excitement and force a congressional hearing and grilling like the Location Services thing did.

Re:Outrage (1)

alex67500 (1609333) | about 3 years ago | (#36892668)

yeah but guys, if you had the right equipment available, this is publicly available information. you could gather it too.

it's not like they're sniffing around our phones. or we haven't caught them doing so yet anyway...

Re:Outrage (2, Interesting)

Anonymous Coward | about 3 years ago | (#36892968)

You (and most news articles I have read on this) fail to miss the point: this is locally public information. Publishing it worldwide may not be in violation of any laws in print (debatable), but that does not make it morally defensible.

To invoke a car analogy: this would be similar to having a worldwide database tying each license plate to its physical location on the planet. Sure, it's public information, since anyone nearby can do the same. But since each license plate can be uniquely tied to its owner, it is still a breach of privacy, whether the owner is near the car or not.

Re:Outrage (0)

Anonymous Coward | about 3 years ago | (#36893216)

Unlike license plates, MAC addresses can't be tied to the owner, unless the manufacturer records the MAC addresses of sold devices linked to customers.

It also depends on MAC addresses being unique, which is only true in theory. Several manufacturers have reused MAC addresses, something which only causes problems if two devices with the same MAC address are connected to the same network.

Re:Outrage (1)

hairyfeet (841228) | about 3 years ago | (#36893080)

Not to mention probably more than half the posts on every site that runs this story will be "ZOMG! Google does NO evil!" with rushes to explain away everything they did while ignoring if it wasn't for the Germans demanded to see what data was collected in the first place nobody would have even found out how much Google was snatching.

I just hope that whomever at Google came up with that stupid slogan got a free car and a hell of a bonus check, because that thing seems to work like a magic shield that makes old Jobs RDF look like a lite brite. Hell I bet if it came out tomorrow that Google was shipping everyone's data straight to the NSA there would be a thousand posts saying "But but...they do NO evil!". Gotta give whomever came up with it credit, it is a fucking brilliant piece of marketing.

Re:Outrage (3, Insightful)

Cyberllama (113628) | about 3 years ago | (#36892608)

Apple's issues were fairly similar to be honest, in both instances it was bad coding/poor-judgment by engineers creating bad privacy practices that were, in both cases, largely overblown in the media. Google, to its credit, at least had the decency to step up and say "Yeah, our mistake. We're sorry." while Steve Jobs COMPLETELY DENIED that the iPhone tracked users. In my book, that makes him a big liar. Apple's weasely response, no doubt, would be that if the data doesn't get uploaded to them its not really "tracking". But, practically speaking, that argument doesn't hold any water since the record is created, sometimes (but not always) finds it way to Apple, and its existence creates a liability for its users even if it isn't in Apple's hands. Neither company was being malicious or trying to invade their user's privacy, but at least Google showed a lot more forthrightness and honesty while Apple tried to hide the issue.

Re:Outrage (1, Troll)

macs4all (973270) | about 3 years ago | (#36892464)

Somehow, I don't expect this to create the same outrage as back when Apple did something similar...

I agree. Even though in Apple's case, they DIDN'T do what Google did.

I think it's pretty clear that Google is in bed with the DHS, NSA, FBI, CIA, et fucking CETERA.

Perhaps they need to change their motto to "Don't Get Caught At Doing Evil" (not as catchy, I agree; but infinitely more accurate).

Re:Outrage (1, Funny)

mekkab (133181) | about 3 years ago | (#36892612)

Peter Cetera is involved with google? CARNALLY?!

Re:Outrage (1)

Anonymous Coward | about 3 years ago | (#36892736)

No, can't you read? Carnally with ET.

Re:Outrage (1)

Opportunist (166417) | about 3 years ago | (#36893142)

I knew it! They're in with the aliens!

Re:Outrage (5, Insightful)

ArAgost (853804) | about 3 years ago | (#36892502)

Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.

Re:Outrage (0)

Anonymous Coward | about 3 years ago | (#36892650)

Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.

Not only that, Google equipped vehicles with special equipment specifically to go out and actively collect the data. They weren't caching data already there on already-existing devices - they were literally using spy gear to actively collect it, and even paying employees to drive around and do it.

But listen to the fanbois:

B-B-B-BUT IT'S GOOGLE!!!! THEY DON'T DO EVIL.

Bullshit. They most certainly do.

Re:Outrage (2)

somersault (912633) | about 3 years ago | (#36892796)

Yeah, it's so evil to create a system that allows geo-location without GPS *rolleyes* I'm sure they did this only to make the lives of stalkers easier. Certainly they would never try to do anything as helpful as allow people with crappy phones to get better location info.

Sweet, so we all have "spy gear" built into our laptops and phones now! Scanning for local wifi devices/data now qualifies you to be a spy - cool! I'm off to apply to MI5.

Even if one of their main reasons for doing all of this is to make advertising more relevant, I don't see what the problem is there. If you even let your browser display ads at all, it's better to have useful ones. Targeted advertising is hardly "evil", and if the system also benefits the public then I think it's worth it.

Re:Outrage (2)

icebraining (1313345) | about 3 years ago | (#36892674)

How so? They ran Kismet, which if paired with a GPS captures the location of everything (both APs and devices). If you want to filter out devices, you probably need to change the code, since I've never seen an 'ignore clients' option in Kismet.

Personally, I found the capture of actual data from unencrypted networks (well, from any networks, but others are irrelevant) is pretty bad, but this? Who cares if they know that MAC address X was at location Y? It's not like there's a database linking MAC address to people.

Re:Outrage (1)

clemdoc (624639) | about 3 years ago | (#36892848)

Who cares if they know that MAC address X was at location Y?

If it's the MAC address of my smartphone, which I'm likely to carry around with me more or less all the time, I care a lot about who knows where that MAC address has been. While Googles rather idiotic behaviour just (may have) recorded, where said MAC address was at one point in time, the statement above is, in its broadness, quite a bit more than I would like to have to stomach.

It's not like there's a database linking MAC address to people.

yet. It's not like nobody could ever come up with that smart idea.

Re:Outrage (1)

maeka (518272) | about 3 years ago | (#36892960)

Who cares if they know that MAC address X was at location Y?

If it's the MAC address of my smartphone, which I'm likely to carry around with me more or less all the time, I care a lot about who knows where that MAC address has been.

So it is ok for the phone company (and thus any law-enforcement agency who chooses to ask) to know where your smartphone has been but not Google (or John Doe driving the neighborhood in his '96 Civic while running Kismet)?

This, IMHO, is a beautiful opportunity to educate end-users, not to bash Google. If one doesn't want to be tracked across the modern globe turn off the fucking broadcasting radio in your pocket.

Re:Outrage (1)

icebraining (1313345) | about 3 years ago | (#36893066)

Well, it's nobody's business if I don't mind being tracked by my phone company and law enforcement but mind being tracked by Google. Let's remember that I explicitly gave my phone company permission to do that (by contracting their services), but never gave Google that permission.

The reason why I don't see this as a real problem is because firstly it wasn't tracking, just a one time recording, and unlike the phone company Google has no real way of knowing who that address belongs to.

Re:Outrage (1)

Anonymous Coward | about 3 years ago | (#36893100)

This, IMHO, is a beautiful opportunity to educate end-users, not to bash Google. If one doesn't want to be tracked across the modern globe turn off the fucking broadcasting radio in your pocket.

You can't just ask people to be logical like that. They will demand that Google "stop spying" on them, while completely ignoring the real possibility that their neighbor is simultaneously doing it also, this time nefariously, as well as local agencies and far-less-restrained data mining companies. These are probably the same people who think that the war on drugs is either effective or winnable.

Re:Outrage (1)

icebraining (1313345) | about 3 years ago | (#36893046)

If it's the MAC address of my smartphone, which I'm likely to carry around with me more or less all the time, I care a lot about who knows where that MAC address has been. While Googles rather idiotic behaviour just (may have) recorded, where said MAC address was at one point in time, the statement above is, in its broadness, quite a bit more than I would like to have to stomach.

Sure, if it was a MAC tracking, that would've been a very different situation. But it wasn't, so let's not cloud the issue.

yet. It's not like nobody could ever come up with that smart idea.

Then the true problematic privacy violation would be perpetrated by that person/entity, not Google.

Re:Outrage (1)

MinistryOfTruthiness (1396923) | about 3 years ago | (#36893134)

yet. It's not like nobody could ever come up with that smart idea.

I'm thinking any popular social networking site that has a smartphone app. Fortunately, I don't know any like that.

Well, later guys. Time to fire up Google+ and Facebook apps on my way to work so I can see what my friends are having for breakfast!

Re:Outrage (1)

Anonymous Coward | about 3 years ago | (#36893150)

Make sure to Check In and turn on Latitude so we can meet you later for lunch!

-Goog.. .er.. your friends.

Re:Outrage (1)

Anonymous Coward | about 3 years ago | (#36892874)

Actually it's not similar, it's way worse. Apple cached information about the user location on the user's terminal, for performance purposes (although it wasn't stored in the safest way possible). Google grabbed this info from the street, without asking permission, and used that information for business purpose (and not a very fair one, see the Skyhook vs. Google lawsuit). Plus, the notion that a company can collect data “accidentally” is laughable, especially considering the process in which it was acquired.

How is capturing a signal sent over a public frequency considered priveledged? If I had an fm transmitter that I used to broadcast my darkest secrets and someone I didn't want listening to it did could I sue them for violating my right to privacy? It isnt as if they hackedat into a network, they grabbed the same stuff anyone else with the right equipment has access to, things that are being transferred through the air, which everyone owns

Re:Outrage (1)

gbjbaanb (229885) | about 3 years ago | (#36892898)

Google attempted to deliberately record the location of all open wifi hotspots. What the 'accidental' part was, is that they recorded all the open wifi hotspots that shouldn't have been open - ie home users who hadn't protected their devices.

From a technical viewpoint, there's no difference between Starbuck's open wifi, and the one at my home. The point of all this is that Google's access wasn't malicious, they did accidentally collect data they didn't intend to - which is very obvious after the fact, I guess no-one thought about it enough beforehand.

Re:Outrage (0)

Anonymous Coward | about 3 years ago | (#36892978)

No, Google did not deliberately record just the location of all open wireless wifis. Google deliberately recorded all wifis, encrypted or not, public or not. There were two accidental aspects: They only needed the metadata of infrastructure devices, but they also recorded transmitted data on unencrypted wifis (public and private), possibly on encrypted wifis too, but that doesn't matter. The second aspect is that they also recorded data about client devices (phones, laptops, etc.), not just infrastructure devices (access points).

Re:Outrage (0)

Anonymous Coward | about 3 years ago | (#36892518)

You're a cunt but I'm not outraged

Re:Outrage (0)

Anonymous Coward | about 3 years ago | (#36892558)

That's because Apple users are douchebags.

Re:Outrage (3, Informative)

Cyberllama (113628) | about 3 years ago | (#36892584)

It already has. This is the same story for eons ago rehashed in yet another way with absolutely no new information whatsoever. Obviously, if we had payload data it wasn't from routers, so obviously there had to be MAC Addresses that weren't from routers either. We already knew all of this months and months and months ago and it caused at least as big of an uproar back then as the Apple location thing. In fact, it was bigger--since we still have governments investigating Google over this while Apple largely skated by unnoticed (other than some congressional testimony).

Re:Outrage (1)

somersault (912633) | about 3 years ago | (#36892804)

Yeah, I was also confused as to where the actual story is here.

Re:Outrage (0)

Anonymous Coward | about 3 years ago | (#36892624)

What have Apple done similar?

If you're talking about when a file was discovered which appeared to be tracking iPhone users, that's is not similar even if you squint. That's like the difference between stalking someone (following them everywhere), and passing someone on the street.

Apple collected positions of people they already knew who was (they can say it was anonymized, but that only helps if you already trust them). Google collected a list of MAC addresses at the time the Streetview car passed. Here's some even scarier news for you: They also took pictures. Legally even. Now, if you are in one of the pictures, people will be able to recognize you. If your MAC address was recorded, they will be able to recognize that an Apple device was there. They may even be able to figure out which model. However, to find out whose device, they'd have to ask Apple to look up the MAC address in their database, find the bill, and tell them the name on the bill. Which may not even be the current owner anyway. And that's assuming that Apple make their MAC addresses truly unique. Some manufacturers have been known to reuse them, which - though technically against the rules - only causes problems if two devices with the same MAC address get connected to the same network (i.e. the same Access Point).

The scary point is not that they collected MAC addresses. They still do. The scary point was that they logged more data than just the MAC address, which could contain personal data. IF the wireless network was not encrypted, AND the personal data was not sent over SSL or other secure connections. Which is why the reaction on Slashdot - when the news broke months ago - was more of a "meh". The view here is that if you run an open wireless network, it's your own damn fault, and Google is the least of your worries. Your neighbor (you know, the one who is always thinking of the children) using your network to download illegal stuff is a much bigger worry.

But, as I said, that was months ago. The only news here is that a reporter somehow found out that PCs have MAC addresses just like access points do.

Re:Outrage (5, Interesting)

Cyberllama (113628) | about 3 years ago | (#36892660)

Google wants to collect MAC addresses. They do that on purpose. But they don't want mobile MAC addresses. They want FIXED ones, because that's what helps them Geolocate. Again, this all traces back to the same lazy coder who just copy and pasted some packet sniffing code into his project without bothering to change it to be smart enough to only record open wifi routers broadcast packets or to properly truncate the packet down to the MAC address. Instead he just had it take EVERY packet, keep the first 64 bytes, and dump the rest. This resulted in useless mobile MAC addresses also being recorded along with all the payload data that got Google into so much trouble.

Re:Outrage (0)

Anonymous Coward | about 3 years ago | (#36893164)

Recording everything would be the safest bet if data privacy wasn't a concern. It would remove any possibility of filter errors during the capturing. Do you really want 50,000 vans doing independent analysis?

Re:Outrage (1)

man_of_mr_e (217855) | about 3 years ago | (#36893104)

It's actually not that mysterious as to why they did this. Android has a "nifty" feature that uses WIFI access point triangulation to improve location accuracy of the handsets, and it works even when GPS is turned off.

No way this was "accidental", as they're using the fruits of it quite readily.

They aren't just doing it with street view cars (1)

digitalchinky (650880) | about 3 years ago | (#36892430)

I don't think this activity is limited to 'street view' cars - I don't live in a country where there are any roaming the city at all, yet every mac address for all the access points I own can be located by entering them in to sites like: http://samy.pl/androidmap/index.php [samy.pl]

I would assume Android is the culprit here. I expect Google buried some lawyer speak deep in an EULA making this activity perfectly legal. I'm not okay with it though.

Re:They aren't just doing it with street view cars (2)

siddesu (698447) | about 3 years ago | (#36892538)

Not really. My home (static, used for a long-long time) ip address was paired with coordinates roughly three years ago, long before I used an android phone at home. It locates me with a scary precision ~10 meters. I live 10 meters away from the street.

Re:They aren't just doing it with street view cars (1)

Cyberllama (113628) | about 3 years ago | (#36892564)

Then change the MAC addresses. It's public information that you broadcast. If you're not OK with it, don't do it. Put your network on silent mode, or set up some encryption. Skyhook has been doing this for years before Google was doing it. This is how it's possible to Geolocate a person when their on Wifi with a Wifi-only device. iPad's, for instance, depend on it.

But the fact is, your MAC address is not tied to you in the same way your IP address is. I can't go to your ISP and demand they tell me which customer has which MAC address, they don't know. I can't go to Apple and ask which iPhone owner's phone uses a specific address. Unless someone gets ahold of your phone and looks up the MAC address in the settings, there's no way for anyone to correlate this information back to you.

Re:They aren't just doing it with street view cars (1)

wgoodman (1109297) | about 3 years ago | (#36892590)

Actually, considering cable operators require the mac of the modem to provide service, and others can simply check via ARP if they don't have it on file, An ISP can pass out your external MAC with ease. Your internal less so, but that's not the issue here is it?

Re:They aren't just doing it with street view cars (1)

icebraining (1313345) | about 3 years ago | (#36892690)

Yes, it is. Google captured internal addresses, which are those 'floating around' through Wifi.

Re:They aren't just doing it with street view cars (1)

somersault (912633) | about 3 years ago | (#36892844)

And how is someone going to sniff your cable modem's wired MAC address over WiFi? Each connection has a separate MAC address.

Re:They aren't just doing it with street view cars (0)

Anonymous Coward | about 3 years ago | (#36892998)

The issue is the MAC address on the wireless interface of the router. If you're using cable, your ISP isn't connected to the wireless interface.

The MAC of the wireless interface is only useful when you want to communicate on the wireless network. And for (this is why Google collected the MAC addresses in the first place) recognizing where you are. If you are near a MAC address with a know location, you're probably near that location. Unless the router was moved. Or the MAC was reused in another router (it happens).

Re:They aren't just doing it with street view cars (1)

xyourfacekillerx (939258) | about 3 years ago | (#36893398)

No it's not. It's private information the router vendor or ISP is broadcasting on your behalf. The burden of tying down a SSID broadcast/MAC address one is not by default aware is on the "public" air space, is not the same thing at all as the burden of closing one's windows blinds. Most people don't WANT this information to be public and aren't aware that it IS public. They aren't even aware the degree of information that can be obtained from that data. You're just plain wrong.

Re:They aren't just doing it with street view cars (1)

mcgrew (92797) | about 3 years ago | (#36892632)

If it's illegal, putting it in a contract doesn't make it legal.

Re:They aren't just doing it with street view cars (1)

icebraining (1313345) | about 3 years ago | (#36892712)

Unless it's illegal to do it "...without permission," which a contract can do.

Re:They aren't just doing it with street view cars (1)

lindoran (1190189) | about 3 years ago | (#36893268)

IANAL ---- but, legal or not you can not sign a contract that eliminates / mitigates the law or your rights; this nullifies the contract (at least in the US) this is why binding arbitration agreements are becoming more and more ineffective.

Re:They aren't just doing it with street view cars (1)

somersault (912633) | about 3 years ago | (#36892884)

I expect Google buried some lawyer speak deep in an EULA making this activity perfectly legal. I'm not okay with it though.

It's hardly buried deep. There's a whole section in Android settings panel to control it - "Location and Security Settings". You can just turn off certain location service types if you want. If there even was anything evil and unwanted going on, people will bring out some ROMs with all that crap disabled for those that don't want to help improve the location databases. I think when you first connect up your account it asks you if you want to enable your location in Latitude and allow the phone to connect location info too. It's quite possible that all Android location info is from people who have opted into Latitude.

Re:They aren't just doing it with street view cars (1)

digitalchinky (650880) | about 3 years ago | (#36893180)

...which would be handy if I actually owned an android device at all.

Re:They aren't just doing it with street view cars (1)

somersault (912633) | about 3 years ago | (#36893456)

Okay, so you're bothered about them recording public information rather than them secretly tracking your phone no matter what settings you choose.

If you don't want your internal MAC addresses being publicly broadcast, use cables instead of WiFi. Pretty obvious and simple. If you were singing loudly with your window open, you couldn't complain about people recording the noise from the street. Likewise you can't complain about people recording radio transmissions and identifiers that you're knowingly spewing over your property lines.

It's up to you to decide the trade-offs between convenience, security and cost.

Did Google forget...? (1)

Parsiuk (2002994) | about 3 years ago | (#36892434)

Did Google forget about the "don't be evil" thing?

Re:Did Google forget...? (2)

DarkDust (239124) | about 3 years ago | (#36892436)

You didn't get the memo ? That's out a loooong time ago already.

Re:Did Google forget...? (0)

Anonymous Coward | about 3 years ago | (#36892480)

No, they didn't. They just redefined the meaning of 'evil'.

Re:Did Google forget...? (5, Funny)

Noughmad (1044096) | about 3 years ago | (#36892636)

No, they didn't. They just redefined the meaning of 'evil'.

Pray they don't redefine it any further

Re:Did Google forget...? (1)

Cyberllama (113628) | about 3 years ago | (#36892574)

Well, we already know how this happened and Google's explanation was pretty reasonable and simple--but it all boiled down to sloppy coding, which I suppose is a sort of 'evil'. But at least then it's just one persons' own evilness, and not an entire companies. Oh, sure, some conspiracy theorists still think Google did this all on purpose, but those theories really don't fit the facts very well.

Re:Did Google forget...? (1)

murdocj (543661) | about 3 years ago | (#36892928)

"Sloppy coding" explains that they captured they data. The fact that they saved it for years, and presumably processed that data, indicates it goes beyond just being "sloppy". If you think about the steps, there's capturing the packet data, which certainly might capture more than you want to look at. Could be an accident. Then there's logging the data. Seems unlikely that you would log more than you need, after all, we are talking about a LOT of data. And then there's processing the data, where you certainly know what data you are picking through.

I don't think it's an evil Google / KGB conspiracy, but I don't think Google is innocent either. They just vacuumed up as much data as they could snarf w/o worrying about whether it was legal or not, because that's the way they roll, and now they are paying the price. Maybe they'll be a bit more careful in the future.

Re:Did Google forget...? (3, Insightful)

epine (68316) | about 3 years ago | (#36893132)

They just vacuumed up as much data as they could snarf w/o worrying about whether it was legal or not, because that's the way they roll, and now they are paying the price. Maybe they'll be a bit more careful in the future.

Many data analysts adhere to the motto, capture first, prune later. It's not like the data costs them a lot of money sitting there waiting for script to happen.

And BTW, the future is already here. The sloppy code in question probably dates back to 2006 if the data collection began in 2007. Internal policies could have changed three times over since then.

And a big round of -1 for all the people out there running unsecured Wi-Fi for the convenience of having no drapes.

Re:Did Google forget...? (0)

Anonymous Coward | about 3 years ago | (#36892600)

You got that wrong - it's:

Don't! Be Evil!

Re:Did Google forget...? (0)

Anonymous Coward | about 3 years ago | (#36892872)

That sounds like something a dim yahoo would say.

Re:Did Google forget...? (1)

mcgrew (92797) | about 3 years ago | (#36892658)

You believe any corporation's motto? Here's a good corporate motto: "Ethics? We've heard of 'em." Works for any corporation.

I think my favorite motto is Kellogg's "two scoops or raisins". How big is the scoop?

Worse than that (1)

srussia (884021) | about 3 years ago | (#36893176)

They actually meant:

I think my favorite motto is Kellogg's "two scoops XOR raisins"

Re:Did Google forget...? (1)

Opportunist (166417) | about 3 years ago | (#36893162)

They're still following the creed. They just added a question and a comma.

"Are we going to do the right thing?"
"Don't, be evil"

Google defense (0)

Anonymous Coward | about 3 years ago | (#36892442)

Yes, your honour. I swear the collection of those purses was purely accidental.

Put 2 and 2 together (4, Insightful)

Anonymous Coward | about 3 years ago | (#36892470)

Google's business is built on having data about people. Google drives around and collects even more data about people from personal WiFi hotspots, PC WiFi cards, and phones. Only the truly naive can possibly believe this is accidental. The whole "big clumsy cuddly bear stumbling around doing silly things" excuse is getting very old, Google. Stop playing us for stupid.

Re:Put 2 and 2 together (1)

somersault (912633) | about 3 years ago | (#36892932)

Of course it wasn't accidental. But it was for only for geolocation purposes. You think they don't have enough personal data from people's email etc anyway if they really wanted it? They could do keylogging from Chrome on specific targets if they wanted to. They could hire private investigators to place cameras. They could use people's Gmail usernames and passwords to log into paypal accounts, etc, etc, etc, blah blah blah.

They are making money hand over fist from ads and Android already. It's moronic to seriously believe that they are going to sift through tiny fragments from billions of public wi-fi devices to somehow try to find usernames/passwords or anything other than the generic geolocation stuff when they already have so much information and money available.

of course they did like good government spys (0)

FudRucker (866063) | about 3 years ago | (#36892498)

they work for the NSA

Yet another non-new wrinkle (5, Insightful)

Cyberllama (113628) | about 3 years ago | (#36892504)

We've already heard the method they were using for capturing MAC addresses and how sloppy it was. We already knew they were collecting random packets, then truncating them to include the MAC Address and a small portion of the payload and then saving them. We know some of those payloads include packets sent by people GASP on their phones or laptops, therefore it stands to reason some of the MAC addresses must also be from those phones and laptops. We knew this months and months and months ago, but apparently CNET didn't make the connection so easily.

It's like we just keep rehashing the same old story over and over and over because nobody understood it the first time, and someone comes and puts a new spin on old data and suddenly it lives again. The thing is, you can change a registry key and change your MAC address. There's no big table of data somewhere that connects your MAC address to specific person. It's not even remotely the same as an IP address. Oh sure, you can say "Hey the MAC address of this device on my network matches the one on my network yesterday" but not "Hey, that's my neighbors MAC address" unless you've got some sort of access to the device in question.

So Google may know that a certain device was one place and also another place, but that's about the extent of the correlations they can really make with this data. Again, just as before, there's no reason to assume malice when sloppy coding is much more logical explanation. Google has nothing to gain and much to lose (PR-wise) by doing something like this on purpose, and a very reasonable and believable explanation was offered. Conspiracy theorists can continue to beat this dead horse if they like, but I'm an Occam's razor fan.

Re:Yet another non-new wrinkle (1)

borjam (227564) | about 3 years ago | (#36892598)

"There's no big table of data somewhere that connects your MAC address to specific person. It's not even remotely the same as an IP address".

Correction: it's not even remotely the same as an IPv4 address.

Now, check the addressing schemes for IPv6. You'll find out that one of the mechanisms to create an IPv6 address, extender EUI-64, is _precisely_ building it from a MAC address, which indeed is fully readable in the reslting IPv6 address.

Of course there's a better scheme that uses temporary addresses, but let's see which one gets a more widespread usage.

Re:Yet another non-new wrinkle (1)

dotgain (630123) | about 3 years ago | (#36892768)

Now, check the addressing schemes for IPv6. You'll find out that one of the mechanisms to create an IPv6 address, extender EUI-64, is _precisely_ building it from a MAC address, which indeed is fully readable in the reslting IPv6 address.

The scope for these addresses is local, so they won't be routed off-net. Imagine a routing table with an IPv6 route for every single MAC address.

Re:Yet another non-new wrinkle (0)

Anonymous Coward | about 3 years ago | (#36892614)

Try to change your mac address in your router. Both the Wan port or the Wifi port mac address. Go ahead, try it. Last time I checked the wifi card in your computer does not broadcast an ssid. Unless you configure it to do so, but those people that do are a huge minority.

Re:Yet another non-new wrinkle (1)

borjam (227564) | about 3 years ago | (#36892864)

Local? Check again. Your ISP will assign you a whole prefix (/64 or even a /48). Each node in your network will have a *valid* *routable* IPv6 address. And those addresses can be assigned manually (this won't be common), or automatically. And automatically assigned addressed can be derived from the MAC address, or will be generated randomly as temporary addresses.

At the end, the publicly visible IPv6 address will indeed contain your MAC address unless the random generated temporary addresses are used.

Re:Yet another non-new wrinkle (1)

somersault (912633) | about 3 years ago | (#36892954)

Uh oh - so you're saying that Google now are tracking all 17 people who have IPv6 enabled at home?

Re:Yet another non-new wrinkle (0)

Anonymous Coward | about 3 years ago | (#36893030)

Just a minor point. WiFi networks by default broadcast the SSID. You must turn them off on pretty much every brand of router I've worked on. Your computers WiFi card must also broadcast the SSID as part of the handshake, which is why sniffers eventually get it regardless of that setting.

Re:Yet another non-new wrinkle (0)

Anonymous Coward | about 3 years ago | (#36892654)

Situation would be totally different if and ONLY IF:

a) The collected MAC addresses would be searchable from google (you know, point a map other side of world in google maps and see all Mac Addresses)
b) The collected MAC address would include owner name, address and other sensitive information

Now Google has Mac addresses and location data for them in accuracy of WiFi network range.
No one can access to that data without going to that location physically and scanning the network. So even then, people who are there would see those informations and actually could find out even more accurate way where the network is by walking around the range and pinpointing it that way.

The community just gained but Google did not (directly) by getting good coverage of WiFi locations so people does not need to use GPS to locate themselfs. And Google gains indirectly now the information to serve a user better ads and services (search of local area etc).

So it is just good situation for users, not just Android users but everyone who use Google services and there is a lot!
But as you said, dead horse is racing again and again and again...

Re:Yet another non-new wrinkle (2)

moonbender (547943) | about 3 years ago | (#36892764)

There's no big table of data somewhere that connects your MAC address to specific person.

I'm sure that's true for most MAC addresses, but I have to wonder if it isn't for a large minority. It's technically easy enough to do it for hardware supplied by the network provider (some routers, cell phones). And I'd assume in many cases companies like Appie also would have an easy time making the connection between a unique serial no and the devices MAC, if a piece of hardware is registered with them either explicitly or e.g. through an update application which sends out the devices serial no.

Of course, easiest of all would be to register the relationship between customer and MAC when they buy the device. We're not there yet for MAC addresses for general NICs, but we're getting there -- or depending on where you live, we are already there -- for mobile phone networking hardware, ie. the IMEI/IMSI being tied to the (initial) customer.

Re:Yet another non-new wrinkle (1)

djdanlib (732853) | about 3 years ago | (#36893592)

The news keeps rehashing this story because it's sexy as heck, and gets lots of attention. Got a new angle on it? Republish as if it were a brand new news item and profit from the new attention and uproar. Advertisers love it, too.

That being said, I'd be a lot more okay with this if there was actually a stated reason for it, because then I could know whether I should do something about my wifi's visibility...

Isn't it obvious? (4, Insightful)

ThunderBird89 (1293256) | about 3 years ago | (#36892522)

Why is this new? The StreetView cards were set to promiscuous mode, since they sniffed data packets not intended for them. It stands to reason they recorded responses from the end devices too, not just the AP->device traffic.

Not this crap yet again! (1)

Cyberllama (113628) | about 3 years ago | (#36892540)

So we have had Google's explanation for what happened, and how a coder got lazy and just modified some existing packet capture software (which captured all packets, instead of just the ones used by networks to announce themselves). Rather than actually writing some simple routines to select which packets to record and properly remove all the payload data, he simply let it record every packet with *most* of it truncated. This left the MAC address and sometimes a portion of the payload data behind.

We all knew all this months and months ago. We knew that some of the payload data came from people using their computers/laptops/phones on WiFi networks. Does it take a super genius to realize that if they packets came from phones/laptops, and the payloads came from phones/laptops, that some of the MAC addresses might also come from those same phones/laptops? This is the same story once again rehashed and repackaged. There's absolutely 0 new information here. CNET might not have realized this was eminently obvious with the details of the original story, but most technically oriented people did.

And honestly, it's not that big of a deal. Your MAC address can't be traced back to you. It's more or less anonymous. Unless somebody has had access to your device, there's no way to tie the MAC address to you--and if that prospect concerns you, just change it. In Windows it's just a simple registry tweak to make your MAC address anything you want.

Re:Not this crap yet again! (0)

Anonymous Coward | about 3 years ago | (#36892748)

they don't need access to your device, they just need to hang around your house, like the sv cars. sure, you could argue afterwards that it's not a good identification, just like you could argue that your clothing isn't a good identification.

Re:Not this crap yet again! (1)

icebraining (1313345) | about 3 years ago | (#36892762)

Well, if it was just a data dump, they couldn't know _where_ the client was.

But apparently they used Kismet, which creates an XML file (.gpsxml) with a list of networks (and their clients) and the coordinates at which they were seen.

Re:Not this crap yet again! (1)

AHuxley (892839) | about 3 years ago | (#36892904)

1. It it was with so "*most* of it truncated" they still got details like- username and password.
http://www.macworld.com/article/158671/2011/03/google_streetview.html [macworld.com]
"There's absolutely 0 new information here" - they got fined in court 100,000 euros, about $143,000 i.e. the nothing wrong line repeated so so many times is now 'old'

Not sloppy coding, surely? (1)

Anonymous Coward | about 3 years ago | (#36892554)

People keep saying that it was lazy coding, but how can that be right?
If you want to get the locations of access points, do you
a) write (or use) a program that records the SSID broadcasts and their location
-or-
b) write (or use) a program that captures all the traffic, truncates the frames, processes them to extract the access point broadcasts and then stores them with the location?

Hint : option 'a' is the easy one.
I do not see how option 'b' is something that can be done accidentally without a lot of extra effort.

Re:Not sloppy coding, surely? (1)

uid7306m (830787) | about 3 years ago | (#36893088)

Well, find out for us instead of just talking. Write the code both ways and show it.

Anyone with *any* experience of software knows that you cannot tell if something is "easy" or not until you've done it (or done something that's very similar).

Not defending Google here... (1)

neokushan (932374) | about 3 years ago | (#36892560)

...but shouldn't the real story be about how much information your gadgets are just leaking all over the place? Google didn't break into people's homes and write down the MAC addresses of every piece of tech they could find, they just recorded what was already being blasted through the airwaves. Now, I'm not saying this makes it all ok, but at least we KNOW Google is doing it - what's to stop other companies/groups/individuals from doing the same? The real issue is that the information is out there, not that someone decided to collect it.

If your Bank decided to put a list of all bank accounts that have recently been accessed on its home page, would you blame the identity thieves for stealing all your money, or would you blame the bank for broadcasting your information?

Re:Not defending Google here... (1)

inglorion_on_the_net (1965514) | about 3 years ago | (#36892710)

If your Bank decided to put a list of all bank accounts that have recently been accessed on its home page, would you blame the identity thieves for stealing all your money, or would you blame the bank for broadcasting your information?

I would do both. The thieves for stealing my money, and the bank for not taking sensible precautions to prevent this from happening.

How does this map to what actually happened?

Re:Not defending Google here... (1)

neokushan (932374) | about 3 years ago | (#36892798)

Because people are outraged at Google and nobody seems to be asking why their devices were generating all this data in the first place.

Wake me up when there is real news. (0)

Anonymous Coward | about 3 years ago | (#36892628)

Another apple fanboi without a clue as to what technology does behind the scene while he's jerking off to porn on his apple product that his lord and master Steve Jobs forbade him to have.

Im all for privacy, but c'mon (1)

metalmaster (1005171) | about 3 years ago | (#36892638)

afaik, your street address is NOT private information. Barring the boonies and any illegal housing projects youre on a map somewhere. I havent seen a dead tree copy of yellowpages in a few years, but in some places residential addresses are listed in the book along with name and landline #

Re:Im all for privacy, but c'mon (2)

Neptunes_Trident (1452997) | about 3 years ago | (#36892746)

A street address does not reveal what your online activities may be. But between you and your hardware mac addresses and your isp with their assigned ip address, one can most certainly sniff out passing packet information. A I am sure you know there are federal laws that prevent others from accessing your mail and reading it. IMHO any packet passing through your router via modem via your isp should have the same outright protection as a letter in your mailbox. Regardless if your wifi is password protected. How many mail boxes have locks on them? What Google did was the equivalent of going through your street mail box, reading parts of a letter, except in digital, wireless form by way of capturing packets. Think about it.

Re:Im all for privacy, but c'mon (1)

metalmaster (1005171) | about 3 years ago | (#36892808)

Sure, but this article complains to what is essentially taking mail from the postman, recording the address block, and putting the mail in the box untouched.

Re:Im all for privacy, but c'mon (1)

maeka (518272) | about 3 years ago | (#36892936)

Sure, but this article complains to what is essentially taking mail from the postman, recording the address block, and putting the mail in the box untouched.

Which, at least in the USA, is illegal. ;)

Google Grabbed Locations of Phones, PCs (-1)

Anonymous Coward | about 3 years ago | (#36892726)

i absolutely liked reading everything that is posted on your blog keep the posts coming. I enjoyed it.
Term Papers [essayprovider.com]

So many accidents... (4, Insightful)

pedantic bore (740196) | about 3 years ago | (#36892950)

They sure seem to be collecting a lot of data by accident...

My friends at Google swear up and down that every line of code in the Google codebase is reviewed several times before it is signed off and released for any purpose. Some would have caught this; it's obvious from the data what is happening. So, either my friends are liars, or Google is. I trust my friends more.

Re:So many accidents... (2)

AHuxley (892839) | about 3 years ago | (#36893094)

Yes cars all over the world getting all that data and nobody 'found' it during local beta testing ... or during a review. They just signed off on it, stage after stage ...
Its all just that "one" person using net code that one time ... just once and it got past all the smart people all over the world looking after data collection in all the cities ... all the trials, testing, reviews - they all missed it.
How strange was that.

News for nerds? (1)

Whuffo (1043790) | about 3 years ago | (#36892974)

It might be good if some of the smart people commenting here would become familiar with MAC addresses and what they're used for.

You seem to understand that DNS maps domain names to IP addresses - but what maps that IP address to your specific hardware?

Those who say you can change the MAC address to anything you want - maybe they understand that they're assigned in such a way that duplication is rare to impossible. For extra credit, describe what would happen if two devices shared the same MAC address.

Re:News for nerds? (1)

AHuxley (892839) | about 3 years ago | (#36893064)

Interesting http://news.cnet.com/8301-10784_3-9920665-7.html [cnet.com] was about the P2P illegal file hunt.
They hinted at "software captures "unique serial numbers" from the person's computer".

Re:News for nerds? (1)

Lehk228 (705449) | about 3 years ago | (#36893106)

Unless the two devices are on the same network segment, nothing happens at all, if they are on the same segment (I heard there was a chinese NIC manufacturer that was shipping cards with all the same MAC addresses) then your network becomes a netdoesn'twork

because ... (0)

Anonymous Coward | about 3 years ago | (#36893038)

google is a front for the nsa

Don't know what the big deal is... (0)

Anonymous Coward | about 3 years ago | (#36893086)

I still struggle to understand the point of view where this is so morbidly bad. It seems as childish as "MOM! Tommy is almost touching me!" on a long car trip. Unless the google street view cars are sitting in front of your house for a few hours collecting packets in the hopes of breaking your *hopefully* encrypted wireless traffic (just to read you G-mail message from aunt Jen or see what kind of demented animal porn you view), I don't see any reason for your panic. They are recording the location of APs for positional data, they have no use for anything else.

Google is in the CIA's pocket (0)

Anonymous Coward | about 3 years ago | (#36893504)

Never forget this.

Wow, Android FTW! (1)

intheshelter (906917) | about 3 years ago | (#36893590)

With this kind of record or respecting people's privacy I seriously have to question fandroids who rip on Apple. I had high hopes for Google but I don't trust them one bit. "Accident"? I don't think that accidentally happens, it was planned and they just got busted.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>