Whoopsgle!
May 14, 2010 2:52 PM   Subscribe

Google accidentally collects private data over WiFi networks. Affects US, Brazil, Hong Kong, Germany, France. Google apologizes & explains & promises to knock it off. Plus the data was kind of all just hanging out there, unencrypted. So all is well, right?

"It's now clear that we have been mistakenly collecting samples of payload data from open [i.e. non-password-protected] Wi-Fi networks, even though we never used that data in any Google products," wrote Mr. Eustace. "We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."
posted by chavenet (73 comments total) 3 users marked this as a favorite
 
Well on the bright side, Google has a nice list of scofflaws for Germany to prosecute.
posted by mullingitover at 2:56 PM on May 14, 2010


"even though we never used that data in any Google products" sounds too carefully worded.
posted by gurple at 2:56 PM on May 14, 2010 [7 favorites]


Personally, I couldn't care less. I am of the opinion that if you're broadcasting a signal that someone else can pick up, they should be free to do whatever they like with it. If you don't like it, get wires or use encryption.

Presuming they aren't lying, it is comforting to know that they didn't intend to gather data packets, as I think people who do so are rude, even as I also think they're completely within their rights to do so.
posted by wierdo at 3:02 PM on May 14, 2010 [3 favorites]


I don't think I'll ever understand the whole data privacy thing. What, so someone knows what websites I go to? My phone number and address? Where I bank and what I buy?

Okay, whatever.
posted by reductiondesign at 3:03 PM on May 14, 2010


Google Inc. said it would stop collecting Wi-Fi network data from its StreetView cars, after an internal investigation it conducted found it was accidentally collecting data about websites people were visiting over the hotspots.
What!? Why were they even writing code to do that in the first place? Did they use some off the shelf wifi sniffer?
I don't think I'll ever understand the whole data privacy thing. What, so someone knows what websites I go to? My phone number and address? Where I bank and what I buy? Okay, whatever.
Do you want a medal or something?
posted by delmoi at 3:07 PM on May 14, 2010


Dear Facebook PR team:

This is how you kill a privacy story before it eats your face.
posted by xthlc at 3:07 PM on May 14, 2010 [27 favorites]


Mistakenly, could have, would dispose of the data
Another Googlwe WTH moment.
How do you accidentally install experimental wiki sniffing software on cars roving all across the world, collect data for four years and only find out when german authorities call you out?

Google: Dont admit evil

Back to Cull for me.. so much funnier anyway!
posted by CitoyenK at 3:12 PM on May 14, 2010 [1 favorite]


it was accidentally collecting data about websites people were visiting over the hotspots.

In order to get more stable information than just the SSID, which people tend to change once in a while, they're probably using something like airsnort; they can just capture everything and filter it for MACs and so forth. From here:
The information visible to the equipment is that which is publicly broadcast over the radio network, using the 802.11 standard. This includes the 802.11 b/g/n protocols.

The equipment is able to receive data from all broadcast frames. This includes, from the header data, SSID and MAC addresses. (...) The equipment also separately records the signal strength and channel of the broadcast at the point at which it was received by our equipment, and is able to establish the protocol used (i.e. 802.11b/g/n).
There's nothing particularly wrong with this: if you're doing something over a public node and not using an encrypted protocol, that's your problem.

And no bank worth a damn will let you access your account except over SSL, so there shouldn't be a risk of exposure that way.
posted by George_Spiggott at 3:17 PM on May 14, 2010 [6 favorites]


What!? Why were they even writing code to do that in the first place? Did they use some off the shelf wifi sniffer?

It says it in the article, "Google said it has been collecting and keeping the data since around 2007. At that time, the team building the software to gather the location of Wi-Fi spots mistakenly included some experimental code that sampled all categories of publicly broadcast Wi-Fi data."

Seems like most of Google's recent problems come from shitty middle management more than any thing else.
posted by afu at 3:18 PM on May 14, 2010 [2 favorites]


What!? Why were they even writing code to do that in the first place? Did they use some off the shelf wifi sniffer?

Why wouldn't you write code to sniff packets? It's just doing the same thing the "off the shelf sniffer" would do. In fact, the dumbest off-the-shelf sniffer you'd use probably would, by default, dump all the data payloads of the packets as well as the headers. It's easy to understand this as an honest mistake and Google's disclosure and prompt ceasing of wardriving until they fix the problem sure sounds like good faith.

Still, it's a stupid mistake.
posted by Nelson at 3:24 PM on May 14, 2010


Good on them for openly disclosing this. Facebook would never do that; they'd be busy trying to use it for their evil marketing ends.
posted by Afroblanco at 3:29 PM on May 14, 2010


Let's see, they recorded data that was deliberately broadcast in the clear over an unregulated frequency.

I'm sorry, what's the offense again? This is like prosecuting me because I took a picture of a sign you posted in front of your house.
posted by George_Spiggott at 3:30 PM on May 14, 2010 [6 favorites]


BTW, this is a good thread to mention the super-cool Skyhook, the magic by which your iPhone locates you in most cities. It's a giant wardriving database, they collected the identities and locations of wireless networks all over the US (or world?). There's a simple web service your phone uses to say "I see this network, where am I?". (Last I checked, that service was unsecured, anyone could use it.)

I've been wondering if Google would build its own version of that database. Sounds like they were, but given they say "we have decided that it’s best to stop our Street View cars collecting WiFi network data entirely" maybe they've now stopped.
posted by Nelson at 3:34 PM on May 14, 2010 [3 favorites]


Yeah if you have an unencrypted wifi network, its your own damn fault and you'd be lucky if Google was the only one doing it.
posted by empath at 3:45 PM on May 14, 2010 [1 favorite]


I'm sorry, what's the offense again? This is like prosecuting me because I took a picture of a sign you posted in front of your house.

As far as I know, no one is charging them with an "offense".

As the nice Google man said, Google hasn't made any use of any of this data in their products! So, there's really not that much harm that could have come of this.

Oh, I suppose Google might have sold the data to just about anybody in the world. Who might be doing anything with it.

They might have sold it to porn sites, who now know that you surf their competitors' sites and will send you full-color mailings displaying for you and your mom and your kids exactly why you should switch.

They might have sold it to banks, who now know that you hit up gambling sites every night so they decide not to loan you any money.

They might have sold it to the cops, who might be interested in your interest in hydroponics.

But, hey, really, this is Google, right? The good guys! Right?
posted by gurple at 3:47 PM on May 14, 2010


What!? Why were they even writing code to do that in the first place? Did they use some off the shelf wifi sniffer?
Reading is hard.
posted by coolguymichael at 3:51 PM on May 14, 2010


"They might have sold it to porn sites, who now know that you surf their competitors' sites and will send you full-color mailings displaying for you and your mom and your kids exactly why you should switch.

They might have sold it to banks, who now know that you hit up gambling sites every night so they decide not to loan you any money.

They might have sold it to the cops, who might be interested in your interest in hydroponics."


Maybe they sold it to the Illuminati...shit wait maybe they ARE the Illiminati! They never said they weren't, which seems like careful wording to me.
posted by mullingitover at 3:59 PM on May 14, 2010 [11 favorites]


They might have sold it to porn sites, who now know that you surf their competitors' sites and will send you full-color mailings displaying for you and your mom and your kids exactly why you should switch.

They might have sold it to banks, who now know that you hit up gambling sites every night so they decide not to loan you any money.


Methinks you don't understand the nature of the problem here: They had some broken payload data attached to Wifi points and a rough long/lat. This is not the same as having your browsing history and mailing address. In fact, unless they happened to catch you just as you were sending your name and address to a website, they got very little useful information with really just about nothing to identify you personally anyway.

Fragmented, geo-fuzzy payload data? What market would Google actually seek out to try to sell this? I know some people think the "don't be evil" mantra is bullshit, but this isn't even about not being evil; I can't fathom Google even beginning to consider selling broken, sniffed data, any more than I expect them to start selling my Google Docs to third parties. Their users trust them with emails and docs and way more sensitive data than some whispers on a wifi network and they manage my privacy on those matters in a way I can trust. No reason to suspect anything different with this.
posted by disillusioned at 4:03 PM on May 14, 2010 [2 favorites]


gurple, I think you're mistaking what happened here to an actual invasion of privacy. If there's any suggestion they cracked WEP or WPA keys in order to intercept data, your concerns would be more valid.

Nelson, Google has been collecting data on wifi networks for at least a few years now. In my area, they're by far the most accurate, short of GPS, probably because of feedback they get from Google Maps for Mobile and related smartphone software. It's a little creepy that if I'm using Google's SUPL server my phone knows where it is to within 20 feet or so anywhere in my neighborhood without turning on the GPS. Nokia's is not nearly that accurate (it's off by about a mile)

There are reasons to capture data packets, (more accurate BER calculation) but no reason whatsoever to actually save those packets to disk!
posted by wierdo at 4:03 PM on May 14, 2010


Dear Facebook PR team:

This is how you kill a privacy story before it eats your face.


Except Facebook wants to share your data, and end users must opt out on their own.
posted by filthy light thief at 4:09 PM on May 14, 2010


gurple, I think you're mistaking what happened here to an actual invasion of privacy.

No, I'm not. You're confusing "harm" with "wrongdoing". There was no wrongdoing in the collection of these data. There's still potential harm.

I'm not suggesting that Google is likely to be doing terrible things with these data. I'm just throwing out some reasons why people might care about data privacy.

For the record, my network is secure.
posted by gurple at 4:13 PM on May 14, 2010


Except Facebook wants to share your data, and end users must opt out on their own.

Huh? I gave Facebook that data to share. What am I doing on Facebook if I don't want to share data with other people? I didn't type in my favorite TV shows so I can remember what they are; I put them on Facebook so I can share them with other people. What's so nefarious about that?
posted by zachlipton at 4:17 PM on May 14, 2010


Facebook makes people think they're talking to close friends, when they're really telling everyone on Earth about their rectal surgery.
posted by mccarty.tim at 4:20 PM on May 14, 2010 [4 favorites]


zachlipton: "Huh? I gave Facebook that data to share. What am I doing on Facebook if I don't want to share data with other people? "

Facebook keeps changing the scope of the sharing. A lot of the initial appeal of facebook was that it didn't share everything with the world. It limited sharing to people in your social group, with some granularity. Over the years that has slowly eroded as facebook has sought to monetize the trust that people have placed in it.
posted by mullingitover at 4:21 PM on May 14, 2010


Does this mean I can't use Backtrack in Germany? :(
posted by ryoshu at 4:23 PM on May 14, 2010


This isn't Google's fault, really, they're just receiving what people are freely broadcasting. The reason they're sampling as they drive around is to help with geolocation services. They're running a sniffer that grabs a few packets off the air, changes channels, grabs a few packets, changes channels, and so forth. What they're actually interested in is the existence of WiFi networks, specifically what their names and encryption states are. (Even encrypted WiFi networks transmit their network name in cleartext, which is what Google really wants.)

Pretty much by definition, as they're driving by unencrypted access points, they're going to get a little bit of data. Most of it will be completely non-sensitive, but occasionally they're probably going to get a username/password combo or something of that nature. They don't actually care about that data, and they weren't using it for anything; they were apparently just storing the packets for the main servers to chew through and extract network names compared with the location of the truck at the time.

Being a huge company, with huge storage, they simply stored the results of the sniffs after they were done processing. They didn't actually care about anything but the SSIDs, but preserving the data let them decide to ask new questions later on. Some possibilities might be trawling through their data to see how many people are using encryption, or what average network speeds are, or density of usage in particular metro areas. They don't care in the least about individual people.

However, having that data means that they could, potentially, do a broadscale search to try to find specific logins and passwords for specific sites. For instance, probably in that avalanche of data, there are a few MeFi username/password combos. And they've just now realized that the data could potentially be used in this way, and they're taking steps to make sure it can't.

I don't blame Google for this at all, period. If you're broadcasting unencrypted data, it's your own goddamn fault if it gets used in a way you don't like. There's an implicit permission in broadcasting; if you don't want to grant that permission, don't put it on the radio without encryption. WiFi is radio. If you're spewing out unencrypted, sensitive data on the radio, it's nobody's responsibility but yours. Note that Google got absolutely nothing from any encrypted WiFi connections, except what they were originally looking for.... SSIDs and geolocation. They only got useful data when no encryption was in use. (Note, however, that even with WiFi encryption turned on, anyone locally that knows the key can see anything you transmit. The Googlevan can't see it, but that creepy guy three tables over can.)

Being the slightly paranoid type I am, when I'm web-browsing on a WiFi I don't run, I use an SSH tunnel to my Squid proxy on my webserver. Anything I'm doing unencrypted shows up on the wire from the webserver onward, and can still be intercepted, but at least I'm not broadcasting to hundreds or even thousands of people nearby. And when it's actually important, as opposed to just routine websurfing and yammering on MeFi, I make sure the encryption is end-to-end.

There are paid proxy services out there that work in a similar way, so you can do this even if you don't have the expertise to run a tiny Linux box on the net somewhere, install Squid, and figure out how SSH tunneling works. Plus, the paid services will usually be a lot faster, because most people would be setting up this kind of server on their home network, and home upload speeds are quite slow. If your home connection is, say, 8Mbit down, 512K up, then remote use of a Squid proxy will be limited to 512K. This is fine for MeFi or other text sites, but you'll tend to get annoyed at Youtube videos and the like.

Paid proxy services typically have huge bandwidth, and should be able to provide a near-normal browsing experience. Just make sure the connection to them is encrypted, and if you use Firefox, be sure to set it to tunnel DNS requests. You do this in about:config, by changing network.proxy.socks_remote_dns to true. If you don't do this, your DNS requests will be given to the local server, which broadcasts information about what you're browsing, even if the actual session is encrypted.

tl;dr version: If you're putting data you care about on unencrypted radio, this is what happens. Don't do that.
posted by Malor at 4:23 PM on May 14, 2010 [24 favorites]


they'd be busy trying to use it for their evil marketing ends.

*cough*

"The project is designed to promote services like location-based advertising for mobile phones, which can sometime be pinpointed via a W.L.A.N. network even if they lack a GPS satellite receiver. Google has no plans to publish its archive or to link W.L.A.N. devices to individual users, Mr. Oberbeck said."

(New York Times)
posted by tallus at 4:43 PM on May 14, 2010 [1 favorite]


Oh, I suppose Google might have sold the data to just about anybody in the world. Who might be doing anything with it.

How could they sell it without knowing about it?

Anyway, my point is that if you were writing code to collect WiFi Ids only. It seems like it would be difficult to collect and save unrelated packets by mistakes.

It sounds like the code was written intentionally, and then used unintentionally in another project.
posted by delmoi at 5:03 PM on May 14, 2010


As soon as we became aware of this problem, we grounded our Street View cars

Wait...the Google Street View cars are hovercrafts now?

What I can't figure out is how the geolocator on Google Latitude in Firefox on my Mac knows where I am within 10 meters. It gets my building, but not my apartment. Does Cox map stuff (and give to Google that level of detail?) Most of the net based geo location by IP address put me smack dab in the middle of the geographic area of my ZIP code which is about a mile from my crib.

Are the location services in Snow Leopard and/or Firefox using my IP or my SSID. I broadcast the name in the clear so I suppose a truck could have sniffed the name and MAC address. But my Macs can't see my signal from the street so said trucks must have a stronger receiver.
posted by birdherder at 5:06 PM on May 14, 2010


I killed my facebook account permanently, and the #1 reason is that people keep tagging pictures of me that i don't want on my account and i was tired of dealing with it.
posted by empath at 5:07 PM on May 14, 2010


I don't think I'll ever understand the whole data privacy thing. What, so someone knows what websites I go to? My phone number and address? Where I bank and what I buy?

Okay, whatever.
posted by reductiondesign


YOU are an advertisers dream.
posted by Dennis Murphy at 5:15 PM on May 14, 2010 [3 favorites]


empath: "I killed my facebook account permanently, and the #1 reason is that people keep tagging pictures of me that i don't want on my account and i was tired of dealing with it."

You know you can make these invisible to everyone but you, right? I mean by all means kill your facebook account because we are cattle to them, but the tagged pictures of you is easy to hide.
posted by mullingitover at 5:22 PM on May 14, 2010 [1 favorite]


But my Macs can't see my signal from the street so said trucks must have a stronger receiver.

Directional antenna would be my guess. You need that to get a feel for where the AP is, anyway.

I just plugged an old AP in, and Chrome's geolocation API still thinks I'm in my old house. Fair enough, but I use the same SSID for all my routers - my email address. Does anyone know if there are any additional unique strings broadcast by APs beyond the SSID?
posted by Leon at 5:33 PM on May 14, 2010


Leon: "Does anyone know if there are any additional unique strings broadcast by APs beyond the SSID?"

The Linux "iwlist" command shows a raw dump of most of the interesting per access point info, here is what a few nodes in range of me right now look like:
ath0      Scan completed :
          Cell 01 - Address: 00:1A:70:40:20:79
                    ESSID:"OneSweetNetwork"
                    Mode:Master
                    Frequency:2.437 GHz (Channel 6)
                    Quality=23/70  Signal level=-72 dBm  Noise level=-95 dBm
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s
                              24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s
                              12 Mb/s; 48 Mb/s
                    Extra:bcn_int=100
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
          Cell 02 - Address: 00:17:3F:44:F7:C2
                    ESSID:"belkin54g"
                    Mode:Master
                    Frequency:2.462 GHz (Channel 11)
                    Quality=2/70  Signal level=-93 dBm  Noise level=-95 dBm
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                              9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Extra:bcn_int=100
                    IE: WPA Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK
          Cell 03 - Address: 00:1C:DF:5C:A2:41
                    ESSID:"belkin54g"
                    Mode:Master
                    Frequency:2.412 GHz (Channel 1)
                    Quality=3/70  Signal level=-92 dBm  Noise level=-95 dBm
                    Encryption key:off
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                              9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Extra:bcn_int=100
I think the "Address" field is the mac address of the wireless router. None of the other info really means much in terms of identifying an individual router.
posted by idiopath at 5:52 PM on May 14, 2010 [1 favorite]


I for one welcome our new mistakenly doing all kinds of stuff overlord.
posted by fire&wings at 5:56 PM on May 14, 2010 [1 favorite]


Accidentally? Oh sure.
posted by caddis at 6:03 PM on May 14, 2010


ESSID:"OneSweetNetwork"
...
WPA Version 1


Hahaha.
posted by Inspector.Gadget at 6:25 PM on May 14, 2010


Meh. This is, literally, nothing more than Twilightesque Team Not-Google pseudoversy.

Go check out www.wigle.net. That's one *billion* WiFi observations, there for the exploring. Google did not invent wardriving, and they're called beacons _for a reason_.

They're not even close to the first company to use this data set commercially. See SkyHook.
posted by effugas at 6:27 PM on May 14, 2010


I don't think I'll ever understand the whole data privacy thing. What, so someone knows what websites I go to? My phone number and address? Where I bank and what I buy?

What books you read, what politically unpopular causes you support, what unpersons you once associated with. Who cares?
posted by DU at 6:30 PM on May 14, 2010


You know you can make these invisible to everyone but you, right?

I don't want to be bothered. I was happy to not think about it at all, and now I don't have to
posted by empath at 6:36 PM on May 14, 2010 [1 favorite]


The whole Google street view concept just creeps me out. Yes I get that technically my street is a public place and anyone who drives along it can take pictures, but there is an enormous difference between the fact that one individual can do this vs. some company with unlimited resources systematically photographing and doing god knows what else. As a society we need to make this illegal.
The failure to recognize the industrial scale processing of data is going to be the undoing of our society. I mean what stops the street view vans from picking up all kinds of signals emitted from your house such as the voices on the baby monitors and what's on your computer screen. Those of you babbling about unencrypted radio really arn't thinking through how leaky all the electronics in your house are and what a determined bunch of engineers could gather by listening to the chatter from all your gadgets. I shouldn't have to turn my house into a Faraday cage and send take-down notices to Google for violating the copyrights on the sculptures in front of my house.
posted by humanfont at 7:30 PM on May 14, 2010 [2 favorites]


These things happen way too often. DatalossDB tracks companies and organizations that lose or expose your data.
posted by MrFish at 7:44 PM on May 14, 2010


humanfont wrote: "such as the voices on the baby monitors and what's on your computer screen."

I don't have a baby or a CRT.
posted by wierdo at 7:53 PM on May 14, 2010


I mean what stops the street view vans from picking up all kinds of signals emitted from your house such as the voices on the baby monitors and what's on your computer screen.

Nothing. Absolutely nothing stops anyone from picking those up. And while you might secure your wireless hardware, you're not going to secure your data patterns in the net, your purchasing habits, your social relationships. We are becoming a transparent society, like it or not.
posted by Nelson at 8:13 PM on May 14, 2010


I don't have a baby or a CRT.

Weirdo.
posted by geoff. at 8:14 PM on May 14, 2010


Those of you babbling about unencrypted radio really arn't thinking through how leaky all the electronics in your house are and what a determined bunch of engineers could gather by listening to the chatter from all your gadgets.

Actually, yes I do. I think about that a lot. That's why I don't use unencrypted gadgets. I have one device that doesn't do very good encryption, a wireless keyboard, so I don't type sensitive data (like passwords) on it. I just use it to control the HTPC instead.

As far as I'm concerned, if you're actively broadcasting anything without encryption, you give up your right to privacy on that data. It's really not that hard to avoid doing so. I differentiate that from passive broadcasting. Your computer, for instance, emits a little bit of radiation, and your monitor emits local light that can be snooped on. To pick up that data, people have to actively go after it, and write highly complex programs to figure out the damage that your environment did to the original signal, and then reconstruct it. You wouldn't broadcast that data if you any other choice in the matter, so I see no issue with calling that kind of interception illegal.

But baby monitors? Those are radio stations. When you put up a radio station, and you're actively trying to broadcast data, sending it onto other people's property, or onto public ground, you're giving up any right to avoid interception of that data. It's not like they're going after it, it just shows up, because you PUT it there.

If you don't want the public listening to your data, then it strikes me as more than a little hypocritical to complain after taking active steps to share it.

In essence, you're saying that putting up a radio station means people can listen, and gosh, that's terrible. Well, duh, of course they can. If you don't want them to listen, then encrypt the signal, or find a different device.

We got along fine without baby monitors twenty years ago, and if you can't find an encrypted one, you can cope just like your parents did, with old-fashioned Sneakernet.
posted by Malor at 8:31 PM on May 14, 2010


I just asked Corey Doctorow about this. He was doing a reading in a dive bar in Seattle. I described the situation and asked what he thought. I figured he would have an interesting opinion.

He had just gotten off a plane from somewhere, and he didn't know what I was talking about. But he ad libbed pretty well.

I felt the need to mention this, because, you know, Metafilter. Corey Doctorow.

He also used the word "hubris" in a non-self-aware manner not 30 seconds after comparing himself to Mary Shelley, HG Wells, and Jules Verne.
posted by gurple at 8:59 PM on May 14, 2010 [1 favorite]


humanfont: "As a society we need to make this illegal."

Speak for yourself. I like what industrial processing of data is leading to. Google Street View is incredibly useful to me, and I'm willing to give up some (trivial) amount of privacy to get that. If you're worried about a private enterprise doing this stuff, you should lobby your government to do it instead, and make the data available to all.

As long as you're aware of what privacy you're giving up, I think the privacy vs. convenience tradeoff is quite acceptable. I know how to protect my information if I don't want it to be known (although I'm the type of person who doesn't really keep that many secrets from the world).

As someone else mentioned earlier, the problem with Facebook, for instance, isn't that it's collecting and/or selling your personal data, it's that it actively creates the impression that you're sharing information with your closest friends, while you're actually sharing it with the world.

Awareness is key here. If you're informed, you can consent.
posted by Joakim Ziegler at 9:50 PM on May 14, 2010


They might have sold it to porn sites, who now know that you surf their competitors' sites and will send you full-color mailings displaying for you and your mom and your kids exactly why you should switch.

They might have sold it to banks, who now know that you hit up gambling sites every night so they decide not to loan you any money.

They might have sold it to the cops, who might be interested in your interest in hydroponics.


Hell, they might have printed it out, rolled it up, stuck it up their asses, and danced the Charleston. We may never know.
posted by dirigibleman at 10:13 PM on May 14, 2010 [1 favorite]


@Malor your argument about passive signals that are hard to capture shows the flaw in your argument. Yes it is very difficult for one person to build a device and write the software to capture the emissions from your wired keyboard at a distance of say 20 meters or so. However once we write the code and design the hardware, we simply manufacture it and low skilled workers do the war driving for us. The industrial scale reduces the marginal costs beyond the first device. We could have had this same conversation 30 years ago about the concept of street view. You might have argued that given the storage costs and technical complexity, no one would be able to do it; yet here we are.
posted by humanfont at 10:16 PM on May 14, 2010


Dear Facebook PR team: This is how you kill a privacy story before it eats your face.

Yes, I would say this did kill the Facebook story. Makes you wonder why Google would choose to release this information now.
posted by o0o0o at 10:46 PM on May 14, 2010


humanfont,

Again, you do realize www.wigle.net exists, right?
posted by effugas at 11:45 PM on May 14, 2010


I'd like everyone to know that when I drive around in my van full of WiFi equipment looking for unsecured networks, I also do not publish any private data that is accidentally recorded. I haven't actually deleted the data yet either, but I am thinking about it. I hope this mollifies any privacy concerns.
posted by cotterpin at 1:25 AM on May 15, 2010


Why is it that Microsoft and bank-related admissions of error are always full of corporate boilerplate that makes me bored and angry, and Google/Apple's apologies always make me want to hug them like a mischievous child and tell them it's OK?
posted by malusmoriendumest at 3:29 AM on May 15, 2010


Google/Apple's apologies always make me want to hug them like a mischievous child and tell them it's OK?

Whoa, whoa, whoa, wait. When has Apple *apologized* for something?

The failure to recognize the industrial scale processing of data is going to be the undoing of our society.

This is effectively an indictment against Google itself, and I'd kindly like you to remember that there are others on this earth that find the technological advancement that Google has brought to us has changed the way our world operates, on balance to most, for the better.

In fact, I think it's pretty clear that refusing to continue our technological advancement and industrial scale processing of data will nearly guarantee the undoing of our society. Much as the Population Bomb never "went off" because (primarily) of Norman Borlaug's incredible discoveries and his invention of dwarf wheat, we find ourselves at the mercy of our technological savvy to evolve at a rate that outpaces the troubles we find threatening ourselves.

I'm sorry that you'd rather us shut down the factories and the R&D arms because their particular approach of driving on public streets taking photos publicly bothers you, but in the meantime, I'm happy that my phone switches to Street View to show me exactly where the store I'm looking for is.

Kindly also recall that Google blurs faces, license plates, and other uniquely identifying information as well. Our present could be a lot more bleak, but I have confidence in technology's ability to overcome and some companies to step up as stewards of that technology in a responsible, transparent way. This is evidence of that.
posted by disillusioned at 3:53 AM on May 15, 2010


It's fortunate they didn't do this in the UK, as they would probably have committed a criminal act. Either the Computer Misuse Act, or one of the telecommunications acts. Something like this, and noting that piggybacking on wireless networks is also illegal. IANAL.

With that said, I don't think they have actually done anything that bad. They have so many other, better sources of private information (every search performed, every email on gmail, for example) that this just seems like a trivial mistake. If anything - they win some points for honesty.
posted by iso_bars at 4:10 AM on May 15, 2010


Why is it that Microsoft and bank-related admissions of error are always full of corporate boilerplate that makes me bored and angry, and Google/Apple's apologies always make me want to hug them like a mischievous child and tell them it's OK?

They have better marketing departments.
posted by knapah at 4:20 AM on May 15, 2010 [2 favorites]


As far as I'm concerned, if you're actively broadcasting anything without encryption, you give up your right to privacy on that data. It's really not that hard to avoid doing so.

How is this different than saying "if you fail to lock your front door, you give up your right to privacy over what goes on inside your house"? Most jurisdictions, for example, have "peeping tom" laws that prevent people from peering in through the windows.
posted by modernnomad at 4:37 AM on May 15, 2010


If you're informed, you can consent.

How did you consent to Google StreetView? What options did you have to not consent? If you didn't know the days on which the photographs were being taken, in what way were you informed?
posted by modernnomad at 4:38 AM on May 15, 2010 [1 favorite]


So it's a coincidence that this is coming to light after German officials asked to audit their data? The line is Google officials just now discovered this? Is that really what they're asking us to believe?
posted by mediareport at 6:30 AM on May 15, 2010


How is this different than saying "if you fail to lock your front door, you give up your right to privacy over what goes on inside your house"? Most jurisdictions, for example, have "peeping tom" laws that prevent people from peering in through the windows.

If your curtains are open and someone is standing on the sidewalk looking through the window, they're not breaking the law.

If you're broadcasting a wireless signal outside your house, you don't need to be on the property to see it.
posted by krinklyfig at 7:43 AM on May 15, 2010


I don't think Google's apologies sound sincere because they're from marketing, knapah. This apology sounds sincere because it contains details, an admission of fault, and was written and posted by a real live person. Alan Eustace, in this case, a VP of Engineering with a long and respected history. Bank "apologies" are typically written by PR and lawyers and published anonymously and are designed to say or admit to as little as possible. Google and other Internet companies are smarter than that, when it suits them.

As for why this comes out now, after a German audit, the simple answer is the audit did exactly what it was supposed to do: make sure Google verified it was complying with privacy law. All sorts of data gets squirreled away by all sorts of projects at big computer companies. If they weren't using the data, as they say they weren't management know it's even being captured and stored? It's a hugely embarrassing mistake Google made, but what else could they do at this point to fix it?
posted by Nelson at 7:46 AM on May 15, 2010


The way Google writes its apology statements is almost certainly part of a thoroughly considered public relations and brand persona strategy.

I'm not saying this is necessarily a bad thing. They're just more in tune with what their users/consumers like in a statement than the legalese-using banks.
posted by knapah at 7:59 AM on May 15, 2010 [1 favorite]


Spying on people through their windows is a crime in many places.
posted by humanfont at 10:21 AM on May 15, 2010


humanfont,

So, if you're recording your kid with a camcorder, and a jingle starts playing on the TV, are you guilty of copyright infringement?
posted by effugas at 2:38 PM on May 15, 2010


modernnomad wrote: "How is this different than saying "if you fail to lock your front door, you give up your right to privacy over what goes on inside your house"? Most jurisdictions, for example, have "peeping tom" laws that prevent people from peering in through the windows."

Your living room isn't out in the street radiating on me. Your wireless network is. If you do perchance leave your curtains open and I can see you from the street, it's perfectly legal for me to stand on public property and look through your window.

If I sneak up on your property and peer through your windows, that's another matter entirely.
posted by wierdo at 2:45 PM on May 15, 2010




Your living room isn't out in the street radiating on me. Your wireless network is. If you do perchance leave your curtains open and I can see you from the street, it's perfectly legal for me to stand on public property and look through your window.

Your living room is radiating out in the street, you just don't know it because you are ignorant or misinformed. With the right gear we can hear your conversations, pickup you key strokes and know the channel your tv is tuned to. Electromagnetic signals emanate from almost all your gadgets and they are mostly decipherable. Sound vibrates your windows and can be picked up by a laser measuring device. Also thermal imaging makes your curtains mostly useless. I suppose you are fine with the new airport scanners too because after all they are just detecting light scatter form your body. We need to set some limits on privacy of individuals or we will have none.
posted by humanfont at 4:57 PM on May 15, 2010


humanfont wrote: "Your living room is radiating out in the street, you just don't know it because you are ignorant or misinformed. With the right gear we can hear your conversations, pickup you key strokes and know the channel your tv is tuned to. Electromagnetic signals emanate from almost all your gadgets and they are mostly decipherable. Sound vibrates your windows and can be picked up by a laser measuring device. Also thermal imaging makes your curtains mostly useless. I suppose you are fine with the new airport scanners too because after all they are just detecting light scatter form your body. We need to set some limits on privacy of individuals or we will have none."

I am aware of all those things, and have no issue with any of them excluding the airport scanners which have nothing to do with light and is done by the government.

I have a much bigger problem with the government snooping on me than I do with Google or any other private party doing so, especially unintentionally. Also, to my mind there is quite a difference between merely receiving and shining a laser on my window to hear my conversations. One is a completely passive activity, the other is not.

Generally speaking, I feel like I have no right to expect someone else not to listen to something I am intentionally screaming to the world.

When you're talking about TEMPEST-style stuff, it's much more murky. Your computer is not designed with the specific purpose of sending out your keystrokes or monitor images to everyone nearby. It does not scream them to the world; it merely whispers. A WiFi access point is designed to do exactly that. It has no other purpose but to radiate EM. It is not a side effect.

Basically, I think that laws making it illegal to passively receive intentionally radiated radio waves are stupid. I haven't yet come to a conclusion about unintentional radiation, but I think there is a difference in the expectation of privacy between the two situations.
posted by wierdo at 10:26 PM on May 15, 2010


Man, why can't the US have nosy German auditors out there enforcing our stringent privacy laws?

Oh, right.
posted by ryanrs at 10:55 PM on May 16, 2010


More Google news. Paywalls! A-and Rupert Murdoch.
posted by chavenet at 3:03 PM on May 18, 2010


chavenet: "More Google news. Paywalls! A-and Rupert Murdoch."

Sweet. Now if they'd just pull all News Corp publications from Google News then I can get rid of my greasemonkey sanitizer script which is currently doing this for me.
posted by mullingitover at 12:56 PM on May 19, 2010




« Older F is for Flickr whose photos we're "stealing"   |   Public Image Ltd. Returns For A Thrilling Live... Newer »


This thread has been archived and is closed to new comments