

Technical details of the Google Street View WiFi controversy [May 2010]  - Scott_MacGregor
http://erratasec.blogspot.com/2010/05/technical-details-of-street-view-wifi.html

======
extension
Surely Google knew they were saving the packet payloads, even if they didn't
have any intended use for them. That is not the kind of detail a programmer
can simply overlook. Calling it an "accident" is certainly disingenuous. The
only accident was not realizing that people would care so much.

~~~
DjDarkman
Consider it a favor from Google to point out how insecure wifis are if you
don't use any encryption.

~~~
loewenskind
Consider it a favor when criminals break into your improperly secured house
and steal all your stuff.

~~~
DjDarkman
Except that Google did not steal, they only warned people and shown that it's
possible.

~~~
loewenskind
If someone got a key logger and logged your bank account name and code would
that be considered stealing or "warning you what's possible"?

~~~
DjDarkman
It depends on what he would use it for.

------
bobf
There are several comments below the article which noted that Google had
turned over data to external French auditors, who reported finding passwords,
emails, and other sensitive information in the WiFi data captured by Google.
Personally, I would be more worried by external auditors having access to the
data than Google.

~~~
loewenskind
Google having it is the same thing as external auditors having it. They've
said as much on several occasions (e.g. "If you don't have anything to
hide...").

~~~
bobf
Wrong. Google has a vested interest in protecting the information (whether or
not they internally exploit it for contextual advertising is another issue).
External auditors have more incentive to leak the information to increase
public outrage at Google.

~~~
loewenskind
Google's vested interests are irrelevant. The government can take any or all
of their information any time they want to.

------
DjDarkman
An interesting thought: should we blame Google or should we blame the
unencrypted wifi hot spots?

The fact that it's so easy to sniff unencrypted wifis should be more worrying.
I mean Google turned over the raw data, I may do the same and intentionally
sniff even more data, steal everybody's password and not admit it.

Like the author said, you can punish Google, but that won't make those
hotspots more secure. And you never know when will a real evil guy come to the
neighborhood.

~~~
DjDarkman
Looks like some trolls decided to go on a downvote spree.

------
chii
"If you don't encrypt your traffic, then by implication, you don't care if
people eavesdrop on it."

~~~
bobf
Isn't that like saying "if you don't lock your mailbox, then by implication
you don't care if people read your mail"? Or, "if you don't lock your
telephone junction box, then by implication you don't care if people tap your
phone"?

Although I don't agree with your quoted statement, I don't think Google's
capturing of data should be considered criminal, either.

~~~
chowmeined
The difference is wifi broadcasts that information.

~~~
bobf
Of course. I agree that it shouldn't be illegal to access it; however, simply
being trivially accessible doesn't necessarily mean people don't care.

