
Google knows nearly every Wi-Fi password in the world - brennannovak
http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world
======
crb
Google also knows all the secrets of General David Petraeus, or anyone else
that uses Gmail. And everything you've (secretly) searched for.

Google's business model is based on aggregating that information and gaining
value out of the data, mostly in the form of advertising. As soon as it lets a
major secret out, even just once, it's game over, and no-one will ever trust a
secret to Google again. This is why they publish videos saying that no-one can
ever walk out of a Google data centre with a hard drive.

I continue to use the services I use because I find the benefit I gain from
them, more useful than the potential risk of exposure.

Should these secrets be encrypted? If they were, it would be possible for
Google to steal your key if they wanted to. This is the same kind of
perception problem that led to the Chrome team being hauled over the coals in
public for not encrypting saved passwords. They have to be available to be
useful, but people would rather perceive they weren't available.

~~~
batemanesque
I agree that it's unlikely Google as a whole would decide to read/use
confidential data. on the other hand, the idea that someone w/in Google might
abuse their position is completely plausible.

if we know that people at the NSA were passing around phone sex calls by US
troops, do you really want to keep trusting that no-one at Google will ever do
anything problematic w/ yr data?

edit: to be clear, I use Google services all the time & store a lot of
confidential data w/ them. but there need to be institutional (whether at
Google or outside it) safeguards that go beyond trusting a company as a whole
to always behave in a way compatible w/ its own rational self-interest.

~~~
Amadou
Given that Google has a VC arm, I am stunned every time I run into a VC who
uses gmail and other google-hosted services as part of their business. They
are handing their competition an enormous chunk of their business proprietary
information and trusting them not to peek at it without even a contract.

To me, that level of naivety with respect to operational security is just
baffling. All it takes is one unscrupulous person in the right place at Google
and those convenient, "free" services could end up costing millions. It isn't
like the people in the finance industry have a reputation for being
upstandingly moral either.

~~~
ganeumann
For this to be a worry, every person up both branches of a very large
hierarchical organization tree--all the way up to where a Google Ventures
employee and a Gmail developer both report to the same person--would have to
agree to it.

Google Ventures, no matter how spectacularly they might do as VCs, will always
be several orders of magnitude less important to Google than Gmail. Google
Ventures invests $300 million per year. Say they are always, every year, one
of the top VCs so they--every year--deliver 3x on the money invested a few
years before. They are still delivering less than $1 billion, less than 2% of
Google's revenue.

In reality, it will probably be more like 1%, plus or minus 4%. And also, in
reality, it won't be considered revenue, it will be Extraordinary Gains from
Non-operational Events, or some such accounting gibberish, and nobody on Wall
Street will give them any credit for it.

~~~
Amadou
_For this to be a worry, every person up both branches of a very large
hierarchical organization tree--all the way up to where a Google Ventures
employee and a Gmail developer both report to the same person--would have to
agree to it._

That's ridiculous. The risk isn't institutionalized abuse, the threat is an
unscrupulous guy in the Ventures group who has a buddy who works in the gmail
(or other) groups. Calls him up one night and says, "Can you do me a big
favor? Check out so-and-so and see what he's working on."

It isn't about Google's bottom line on wall street, it is about an individual
abusing access to further his own career.

~~~
ganeumann
You make the false assumption that people in different divisions of a very
large company would be more likely to help each other outside of the corporate
reward structure than they would be to help someone outside the company, who
they might just happen to have personal or social obligations to.

If there were an unscrupulous person in the gmail group, he would be more
likely to break company policy (and, I think, the law) with someone who does
not work for Google than with someone who does, unless it were motivated by
someone up the chain at Google itself.

Saying that someone at Gmail is sharing your secrets may be a worry. That they
would share them with Google Ventures is far less likely than that they would
share them with someone else entirely. And frankly, if someone were to try to
profit from stolen information, they'd be looking at hedge fund manager emails
and investment banker emails. The very slight edge you might get from seeing
some VC's email is worth less than a cup of coffee at Starbucks, if you risk-
adjust it and discount it back to the present.

~~~
Amadou
_You make the false assumption that people in different divisions of a very
large company_

I'm assuming that people within a company are more likely to know each other
and know what areas they work on versus simply "working at google." They have
all kinds of opportunities to rub shoulders - previous projects they've worked
on together, company social events, even just riding the google bus to work
each day.

While outsiders are also a risk, working for the same company substantially
increases the opportunities.

------
tytso
The author is worried about WiFi passwords? If you trust that your WiFi is
secure in general, you're in trouble. WPS is horribly insecure, for example,
and that's what most home users use. Most user-chosen passwords are incredibly
easy to guess for another. The better thing to do is to assume that your
network traffic is always under surveillance (since the NSA is tapping Tier1
network providers), and to encrypt everything, or use network protocols which
encrypt everything.

The only thing WiFi passwords are good for is to prevent your neighbors from
using your network and using up all of your bandwidth (which would slow down
your network access) and preventing drive-by spammers/hackers from doing
things which you might then get blamed for.

~~~
ebbv
Yeah and those locks on your doors are a joke! Why are you pretending your
home has an expectation of privacy? So dumb! Of COURSE anybody can just come
into your house any time they want.

~~~
grandalf
Not sure if you were joking, but you are right:

[http://en.wikipedia.org/wiki/Lock_bumping](http://en.wikipedia.org/wiki/Lock_bumping)

~~~
gpvos
That, and good ol' violence.

------
guelo
Your WiFi password is only useful for someone who is within 100 feet of your
house. If you have federal agents surveilling you from 100 feet away you have
way bigger problems than your WiFi password.

~~~
ChuckMcM
Actually its from further away than that with a high gain directional antenna
(I've hit WiFi hot spots about a mile distant using same) but the point is
that they can do this from outside your property. You would probably know if
someone was in your house but you'd be hard pressed to notice a Yagi antenna
pointed at your window from across the street or down the block a bit.

That said, I read the article more as 'yet another reason this whole
compelling third parties is an issue' sorts of reasoning as opposed to this is
some new threat that we didn't know about. The author points out it has been
covered in lots of places. The argument is that more for the folks who aren't
thinking they are affected by this because they aren't dissidents or people of
interest (yet).

~~~
ChuckMcM
For those wondering this looks like the antenna I have :
[http://www.ccrane.com/antennas/wifi-antennas/point-to-
point-...](http://www.ccrane.com/antennas/wifi-antennas/point-to-point-wifi-
antenna.aspx#.UjNHZtdj3mE) and we use it for its "intended" purpose which is
getting on to the wifi of the camp host at a camp ground :-)

~~~
stephengillie
And similar performance can be had from a 46oz can of soup or chili (retail
value: $1.59), with a 1.25" wire sticking through about 1.25" away from the
back end, as the antenna for a wifi adapter. #cantenna

~~~
gonzo
People who think the cantenna is a good design need to go back to school.

~~~
lutusp
Source:
[http://en.wikipedia.org/wiki/Cantenna](http://en.wikipedia.org/wiki/Cantenna)

Quote: "The typical gain for this kind of antenna in the 2.4 GHz Wi-Fi band is
about 10 dB."

The gain over a baseline quarter-wave ground-plane antenna obviously comes
from the device's directionality.

So define "good design". If you mean an optimal design at any cost, of course
not. If you mean clever use of readily available materials, it's a great
design.

------
thomasahle
Funny story:

I was once visiting my friends house in the English midlands. I had been there
once before, but this time I had to find the way there myself.

I managed to get the entire way to his street, but then I realized that I had
forgotten his house number. He didn't pick up his phone, and I didn't want to
knock on every door on the road. I was lost.

Then I realized that the previous time I had visited, I had logged on his
wifi. It was from a different phone, but with Google's sync all my old wifi
passwords had been synced. I didn't remember the name he had given it, but I
could walk along the road until I suddenly connected.

Saved the night.

------
jfasi
This very same point could be made against Apple, for instance, but there
hasn't been a single comment to that effect in any discussion of this article.

I wonder if all of this recent Google-bashing is really just a symptom of
something larger. People are suddenly waking up to the obvious-in-hindsight
realization that simply giving their data to a third party involves a certain
amount of trust.

The reason people don't seem to be ganging up on Facebook, Apple, etc. in a
similar way is because they never really earned that faith. Take Facebook:
from the very start their founder was known to consider their users "dumb
fucks" for entrusting him with their privacy.

In my opinion, the fact that Google went out of their to, and generally
succeeded at earning that trust is a good sign. It shows they take the matter
seriously.

All American companies operate under the same rules. If you've taken the
position that all American companies are not to be trusted, fine. But if you
haven't, wouldn't Google's history make them one of the more trustworthy ones?

~~~
gilgoomesh
No, the same point can't be made against Apple.

Apple encrypt WiFi passwords and never store them in plain text – not on their
servers and not on the device. The encryption requires your login password to
decrypt which Apple also don't store in plain text on their servers (although
it is accessible on the device if you don't use a PIN or password, it is not
backed up to iCloud).

The reason why this allegation is levelled against Google: they don't encrypt
backups and they don't encrypt WiFi passwords on the device.

A little more specifically about iOS WiFi passwords: the Keychain (which is
where WiFi passwords are backed up on iOS and the Mac) is AES encrypted and
requires your login password (or your Apple ID password) to decrypt. Unless
Apple is also stealing plain text versions of your login passwords (there's no
indication that they are) then it is _not_ possible for Apple to read your
WiFi password. Yes, theoretically, they could steal your Apple ID password too
but there's no indication that they do (and they've talked about the exact
security on Apple IDs following the developer.apple.com breach recently).

~~~
MichaelGG
If you lose your Apple ID password and reset it, are all your WiFi passwords
gone?

~~~
lutusp
That depends on the meaning of "reset". If you create a new password for the
same user ID, then no -- the stored WiFi passwords are retained. If you create
a new user ID and password, then yes.

~~~
MichaelGG
OK so in the case of a "normal" lost password then how is it that it's safe on
Apple's servers? That is, if it's not encrypted with a key derived from your
password, then Apple can still decrypt.

~~~
lutusp
> OK so in the case of a "normal" lost password then how is it that it's safe
> on Apple's servers?

In a word, it isn't. The new password is no more nor less safe than the old
one. Or are you asking about the data, not the password? Pretty much the same
answer.

~~~
MichaelGG
OK, so Apple is in the same boat as Google. If you can reset your password and
still access your data, then it wasn't encrypted in any meaningful way.

~~~
gilgoomesh
Actually, your passwords _are_ gone if Apple resets your Apple ID.

If Apple resets your Apple ID password and you restart your device (remember:
the Apple ID is kept decrypted in RAM while the device is running), you lose
the entire keychain and must re-enter all passwords.

------
cbr
Security is about tradeoffs. How bad would it be if someone else got this
information? How helpful is it to me to give it to this third party? Wireless
passwords are a huge pain: visit someone's house, ask them for their password,
and then feel guilty while they look through various papers to find a long
string of hex digits which are so annoying to enter on the phone. This pain
makes the tradeoff well worth if for me (and I suspect for nearly everyone)
when balanced against the low risk of Google doing something nasty with the
saved passwords.

(Disclaimer: I work for Google, but if I had an iPhone I'd want the same
functionality.)

~~~
nly
QR codes could make entering secure keys in to mobile devices easier.
Variations of Wi-Fi quick set-up can also be made reasonably secure,
implementations just suck.

~~~
jami
In a world of unlimited bandwidth, I'd prefer to leave my wi-fi open (I won't
live in fear of terrorists war-driving on my specific block), but I saw this
framed QR code for wi-fi password idea on Pinterest:
[http://www.apartmenttherapy.com/share-your-wifi-password-
wit...](http://www.apartmenttherapy.com/share-your-wifi-password-with-
guests-192845)

------
PeterisP
Are wifi passwords considered a security issue? I treat it the same way as a
flimsy lock on a garden shed - I'd prefer both the shed and wifi to be open,
but there's a formal "lock" to keep out teenage pranksters and drunks.

~~~
DanBC
Google having all the WIFI passwords is about as worrying as a government
having a 3 day cache of everything - not very worrying unless they do stuff
with it.

Since Google has misused access to WIFI hotspots to slurp data it's a little
bit more worrying.

Since it's probably personal information it's also probably covered by data
protection laws in some countries.

~~~
VMG
What stuff _could_ they do? Log into your AP to torrent Breaking Bad episodes?

~~~
sudomal
Grab some confidential client documents that a not-so-clever employee dropped
in their shared folder? Your example is at one end of the scale, my example is
at the other end and there's lots between.

~~~
gizzlon
If you think your example is on one end of the scale you got too little
imagination =)

------
tiernano
when i read the title, i though "really?! how?" then i read the article and
realized any time i have restored my android phone, then entered my Google
account, it automagically connects to all access points i usually use (home,
work, other office, etc)...

~~~
rcthompson
But they didn't have to design it in such a way as to share the passwords with
google. All your data could be encrypted with your google account's password
(or some other secret derived from it) on the device and backed up encrypted.
When you enter your account password on a new device, it then downloads the
encrypted data and decrypts and restores it. Same user experience without
exposing private data.

~~~
codeka
Do we know that's _not_ happening? The article says "they can decrypt them,
given only a Gmail address and password" which implies that it would be
encrypted with your password.

~~~
mhaymo
The article states that Google has refused to comment on whether the data is
encrypted on their servers. So it seems fair to assume it isn't.

~~~
DominikR
No, it is fair to assume nothing without any information.

------
cowls
"On an HTC device, the option that gives Google your Wi-Fi password is "Back
up my settings"

Evil Google, disguising the 'Can we steal your password button'

------
prab97
For convenience, most people won't opt out of it. Most people won't bother at
all. Google employees(or even NSA if you don't do anything illegal) coming to
your home/office to use your WiFi is a joke! Only the paranoid ones are
perturbed by these kinds of revelations, and they are ready to face the
inconvenience caused.

I didn't use last pass until recently when keeping a difficult password on
every site became a major pain given that countless numbers of password
enforcing rules are there on the web some requiring at least one caps, some
enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave
up on it. Every damn time I had to reset password on services I use less
frequently. But now I don't. Although LastPass claims that they keep the
passwords encrypted and they themselves can not read them. But I don't believe
them. Login to lastpass.com. Click your vault on top right corner. Click the
pencil against any site in the list. Click the 'show' link in front of
password field. And your password is staring at you in plain text. And it has
been accessed at lastpass.com. Once they start storing master passwords, or
once someone cracks their hash you are done with. But there is no simple and
easy alternative. To get the job done we need to make these sacrifices.

~~~
aestra
The encryption/decryption is done client side.

This is a simple version of how it works, your master password isn't sent to
lastpass, just an encryption key which is created with your email address and
master password. On the website this is done client side with javascript. When
you click on the pencil icon, you are reading the decrypted file, which you
have decrypted on your own computer, with javascript.

~~~
jmillikin
Client-side decoding in a web app is not secure against the host of the web
app, because the decryption code can be changed at any time to contain
arbitrary backdoors. Lastpass stores the encrypted secret, and they serve the
Javascript that decrypts the secret, so they should be assumed to have access
to the secret.

------
wglb
Or, in other words, Google remembers the things that we agree to have it
remember.

~~~
jellicle
In contract law, there's a concept called "meeting of the minds". A contract
is formed when there has been a meeting of the minds between two parties as to
what the deal is, and the parties have taken some concrete action to initiate
the deal - often signing something, or shaking hands, or handing over money,
or something like that.

The operative question is: when someone signs into a Google account on an
Android device, and without any notification whatsoever the device sends his
passwords to Google - which is what happens - has there been a meeting of the
minds? Are both parties in agreement about what the deal is here?

~~~
Oletros
> when someone signs into a Google account on an Android device, and without
> any notification whatsoever the device sends his passwords to Google - which
> is what happens -

Data backup is opt in and there is a pretty screen in the setup to enable it
if you want

------
DanBC
> And, although they have never said so directly, it is obvious that Google
> can read the passwords.

Frustrating then that it's so hard for users to reveal the password being used
by their phone to connect to a WIFI hotspot.

------
diminoten
What does that mean? "Google knows"? That data exists in a database owned by
Google, or that Google actively farms that data and makes use of it?

Are you saying Google's using this for gain, or for _any_ reason? Is there any
evidence whatsoever to suggest that this data has _ever_ been accessed by a
Google employee ever, for any purpose whatsoever?

Slight tangent, but the difference between "can" and "does" is a _vast_ one I
don't think people are getting, with all these privacy issues coming about
these days. Here's a scary thought: any person who owns a
gun/car/knife/taser/baseball bat _can_ kill someone else with it. They _could_
do it.

Unless it "does" happen, and there's evidence that it happened, they don't get
in trouble.

What Google can do is almost endless. What it does do is what matters.

------
0x006A
And in addition to that they have the audacity to not make them accessible to
the user! No way to look up your own wireless password in your phone, i.e. to
tell a guest, thats just ridiculous.

~~~
wingerlang
On (jailbroken) iOS there is an app which displays all saved WIFI passwords. I
am sure there are something similar to Androids.

~~~
0x006A
Yes if you jailbreak you can do many things. That it requires a jailbreak is
the insult.

~~~
iwasakabukiman
That has nothing to do with this conversation. And don't you think that the
fact that iOs doesn't allow you to do this without a jailbreak is a good
thing?

------
njharman
> backing up Wi-Fi passwords along with other assorted settings. And, although
> they have never said so directly, it is obvious that Google can read the
> passwords.

That's not obvious. It's possible, common, and dare I say a "best practice" to
store stuff like this encrypted. To be decrypted only on the device.

Also, wifi passwords, Oh my!!! Security wise you should treat your wifi
network as open whether it is or not. I.e. isolate it, firewall it, do not
trust it.

------
nly
Google can also install anything on my phone remotely.

------
donniezazen
I do not agree with the statement that users aren't aware of if their settings
are being backed up. It is one of the options that users get when setting up
Google account on any Android phone.

------
shmerl
It's completely ridiculous that Google "backs up" passwords in clear text
without encrypting them. Mozilla does that properly in their Sync service. So
why can't Google do that?

~~~
noselasd
Maybe some men in black visited google and told them not to.

------
chinpokomon
Does MAC filtering at the router level help at all? If the backup option is
turned on, does Google also save your MAC addresses? If not, that seems like a
good start to prevent someone from connecting to your network, even if they
know the password. Obviously this won't help for public hot spots, but I
always assume that public hot spots are already open to anyone. What if you
are connecting to a Wi-Fi network using MSCHAP or MSCHAPv2? Does Google now
know my domain login and password? That seems like a huge gaff.

~~~
consider_this
MAC filtering is trivially defeated by anyone who knows something about
netsec.

MSCHAP is not good enough anymore either.

------
bobzibub
IM(Paranoid)O, it puts the "inadvertent" collection of SSIDs while driving
down every street taking pictures for Google View into a new context. They
gave a simply implausible explanation that this data was recorded
"inadvertently". (No, fitting all those vehicles with the equipment and
software would cost serious money!)

Marry the Geo-location, SSID, phone owner and passwords and you've got real
information for the authorities. On Everyone.

------
frank_boyd
Another reason to (really) go open-source/independent.

~~~
koide
How independent you'd have to be to be secure? Quite a whole lot.

If you use a VPS, you can (will) be owned by your VPS provider and any
Internet provider your traffic goes through.

If you use colocation or self host, you will have to live without or self
host/mantain/develop many alternatives for usual tools AND you can (will) be
owned by all the internet providers your traffic goes through.

Not a very nice scenario.

------
anigbrowl
_And, anyone who does run across the setting can not hope to understand the
privacy implication. I certainly did not._

Why not? I see 'back up my settings' and I assume it means everything. For a
computer security reporter to clutch his pearls and say 'I certainly did not'
makes me wonder why he think he's qualified to write a column on this subject.
Strictly outrage bait.

------
joosters
Why all the NSA crap in this thread? You don't need to add in a government
agency to make this treasure trove of passwords valuable or dangerous. One
day, this data will leak out, and then there will be trouble.

Just having a reliable set of millions of real world passwords is invaluable -
they'd be useful for brute-forcing other hashed password files.

------
sspiff
> And, although they have never said so directly, it is obvious that Google
> can read the passwords.

This is not necessarily true - they could encrypt this data so that it
requires a user password to read, and transmit these settings for client-side
decryption. They probably don't though, and in all likeliness can read your
WiFi password.

~~~
cbr
This fails if the user forgets their password.

~~~
sspiff
Good point.

------
Zoomla
Google don't need your Wi-Fi passwords, they have admin rights to a computer
inside your network (your phone).

------
ChrisAntaki
When you buy a new Android phone, during the first setup it asks you if you'd
like to enable this feature. I've always click "no".

Not sure why the author assumes most Android users would enable this
feature... unless he didn't realize it was an option on the initial setup.

------
Havoc
If you're running an actual corporate network then a wifi password had better
not be the sum total of the protection.

For home use - who cares? It would be a sizable mission to make use of the
password...and that would get them what? A couple of lolcats and my skyrim
saved games? Nice.

------
aestra
Google is going to have thousands of different passwords mapped to the SSID
"linksys."

~~~
slig
I think the MAC Address of the router is known too, so there's no duplicates.

~~~
voltagex_
I have to wonder whether the MACs are "globally" unique - what's stopping an
OEM using the same MAC? Also, I've seen router firmware features that will
autogenerate a MAC for a guest network.

------
dinkumthinkum
The author must not realize that Google's "customers" are advertisers, not Web
searchers or Android users. Why is the government having the data more scary
than just Google having it, if we're going to be upset about it ...

------
Fando
Just forget about any internet privacy altogether. A new era has arrived.

------
ovoxo
While the idea of Google knowing every wi-fi password is bad, they already
know everything you search for and they also have a very good idea about all
the websites you visit. So ...

------
darkr
802.11x/EAP-TLS have been around for ages and are well supported on most
hardware... As long as Google aren't collecting private keys _and_
usernames/passwords.

------
runn1ng
I am not sure why is this such a problem.

OK, when NSA goes physically near my home, they can connect to my WiFi and
secretly use my internet connection.

That's not really what I am concerned about.

~~~
sudomal
People secure their Wi-Fi for more than just their connection. There is likely
to be file servers, media centres, printers, scanners, radios, TVs, tablets,
phones, computers with shared folders, security cameras etc all connected to
the local network.

~~~
VMG
They should be protected by additional means anyway.

~~~
outworlder
Disregarding the fact that this would completely bypass the border routers.

Devices in an internal network maybe protected, but they are never as
protected as they are from requests coming from the internet.

------
d0m
That's how they can give internet for free, now I get it.

------
thrillgore
It's troubling to see this, but I've always used MAC Filtering on my home
network on top of WPA2 to limit what devices can connect to my network.

~~~
nly
MAC filtering is useless, even in combination with WPA2. An attacker only has
to sniff for a MAC your AP is happy to talk to and then changes theirs.

~~~
qbproger
Is there a way to lock down a router in a way that can't be so easily spoofed?

~~~
nly
The best thing you can do is make sure your WPA2 password is totally random
and _long_. Everything else is icing or next to negligible importance.

------
gdamjan1
I hope the owncloud android app will one day have 'backup service' support, so
that I can backup my android to a service I own/manage.

------
NanoWar
Ehem, and later this year Apple gets your finger print!

~~~
drp4929
... and you think Android phone makers are not in mad rush to get a finger
print sensor as early as possible ?

~~~
chinpokomon
It didn't do much to boost sales of the Atrix. The fingerprint reader doesn't
do much to boost security when passwords are ultimately still being used. You
don't need someone's finger when the account you are signing into still has
inadequate security measures to begin with.

------
progx
That mean, that the NSA know all passwords too?

google must work with the NSA and must give them access to everything, but all
is secret because FISA Laws.

------
ffrryuu
So does the NSA, and not just your Wi-Fi passwords either. With the new
iPhone, soon your fingerprint and movement data too.

------
jheriko
when did settings and data become vague terms precisely? sure people might not
make the connection that their wifi password is both a setting and some
data... do we really need to be alerted to this? although maybe a little info
box or something with details of exactly what is sent might be appreciated by
the power user...

------
creatrixcordis
Great! Now the NSA knows every Wi-Fi password in the world!

Which i am sure they are willing to share if just pushed a little.

------
gjbondgaurav322
Absolutely, man Chrome is the best browser in the world and through that he
can know everybody password...

------
holri
This means that I will never allow a phone with a proprietary system into my
WIFI.

~~~
rimantas
How does non-proprietary system help you in this case? How do you know what I
have on that system?

------
nodata
Oh god not this again.

------
16s
It's only been in the last few years that home wifi routers came with
passwords by default. Before that, they defaulted to open access with no
password.

------
ddalex
Don't worry, Google already knows EVERYTHING.

------
anxiousest
Not sure what the author is after here. I mean he's not breaking any news, he
admits as much, he also links to some of the articles that were published
weeks ago that do a better job of discussing the security/convenience trade
offs. Seems like he missed the furore at the the time and decided to
compensate with a woefully inaccurate and baiting headline.

~~~
zobzu
yes, but to be fair, this issue deserves to be more well known. it wont be
fixed if google isn't blamed and shamed for it repeatedly.

~~~
anxiousest
'Blamed and shamed'?! I don't even think it's an issue, your wifi password
isn't that of your bank account. They store your emails unencrypted for crying
out loud, wifi passwords pale in comparison. It's a non issue.

~~~
tripzilch
You are in no position to decide whether it's okay for _your_ phone to share
_my_ WiFi password with a third party. It's not your choice to make.

------
niix
So

------
Kiro
I don't mind.

------
Qantourisc
Scarry

------
kedar5
What's wrong in it.It's not a bank account rite.

~~~
siddhartpai
It could be like leaving your bank account password in the open. Your bank
account password could be sniffed probably very easily by someone who is
connected to your network. Now imagine somebody exposes some way to get the
password of your home network from the google servers.

~~~
siddhartpai
With all these NSA revelations and Richard Stallman being right all along.
there is no such thing as being secure or encrypted unless you have encrypted
it yourself.

~~~
rimantas
And built your own hardware and installed your own cell towers. And control
all the servers, because even if they are made with 100% open-source code,
someone could just modify it. Also you must be sure nobody else has read
access to it, because being 100% open source does not mean "no-one can read
it".

I don't see how trusted networking can be possible in stallmanic world.

