
Google staff 'knew of wi-fi snooping' - ed209
http://www.bbc.co.uk/news/technology-17892288
======
VikingCoder
The next news story:

Google KNEW it was providing internet services to everyone in Kansas City.
This gave them access to ALL of the emails, ALL of the passwords, unless
people took extraordinary measures, such as using a hypothetical "https"
access. We spoke with one researcher and he said he didn't trust https because
it ends in an 's', just like the word 'snakes.' Senior officials at Google
knew that they had spent billions of dollars to provide this service to
residents of the unsuspecting town. Congress to have hearings about this so-
called "Internet Service." Top officials at the FCC scoffed, "How can they
claim to not be evil when they provide internet service to children - some of
whom are probably watching pornography?!"

~~~
luser001
You do realize that Google promised not datamine your email when building a
Google-wide profile of you until March 1st?

I'm not sure I understand the point of your reply. The https here is a red
herring: Google can read your email even if you use https. https only prevents
_intermediaries_ from reading your email.

~~~
VikingCoder
In this article, Google was the intermediary. I was pointing out that when
they're an ISP, they're ALWAYS an intermediary. As is every other ISP.

https is absolutely not a red herring. If you use an unencrypted wifi, and use
http to access your online services, you do not care at all about security.

After the fact, blaming Google for recording open wifi data is absurd.

The point of my post was, if you're concerned about Google accessing the data
between a computer and random services on the internet, then you should be
REALLY concerned about them being an ISP. Just like you should be concerned
about every OTHER ISP. The solution to not having ISPs - or other
intermediaries - have access to all of your data is to use an https connection
to your web services.

Do you see the acronym "https" show up, at all in the linked article? No.
That's absurd. It is THE SOLUTION to people sniffing your emails and
passwords.

~~~
jimmyvanhalen
Just because my door is open doesn't mean you can just walk in my house and
steal my television.

~~~
ccaviness
What about if your door is open and you're talking loudly to your friend on
speakerphone with the volume way up? Do I have to plug my ears when I walk
past?

~~~
jimmyvanhalen
Still doesn't give you the right to steal my tv.

------
sigil
Is passive war-driving illegal? The only precedent I've found is State v.
Allen (1996) [1] where war-dialing was ruled legal so long as one didn't
actively try to gain access beyond the connection to the "public interface."

As billpg points out in [2], in passive war-driving you have to receive the
whole 802.11 frame before you even know if it's a beacon frame, which
ostensibly was Google's primary interest here. Is it odd that Google stored
all captured frames to disk? It's true, they could have just logged network
information and discarded the frames. Then again, consider that the default in
kismet is to save both a log of networks _and_ a pcap dump. So this may have
just been an engineering shortcut -- collect the data and process it
centrally.

[1] <http://en.wikipedia.org/w/index.php?title=State_v._Allen>

[2] <https://news.ycombinator.com/item?id=3908794>

~~~
7952
Of course it makes technical sense to just log everything. Especially at a
company with the culture of google.

------
eli
Ugh, I hate this whole story.

Digital privacy is a really important issue. There are debates we should be
having about this stuff, as a society. Google accidentally capturing some
stray packets from unsecured wifi is not one of them.

~~~
redwood
I've long been curious if G uses(d) the wifi data to augment its android
location triangulation resolution...

~~~
eli
They definitely use WiFi data for geolocation. I'm pretty sure that was one of
the primary reasons their streetview cars were collecting wifi in the first
palce.

------
billpg
Don't panic!

[http://blog.hackensplat.com/2010/05/google-snooping-wifi-
don...](http://blog.hackensplat.com/2010/05/google-snooping-wifi-dont-panic-
dont.html) (Shameless plug.)

~~~
Spearchucker
From your link: _"...your WiFi access point has to broadcast it’s identity to
the public in the clear..."_

It doesn't. You can hide the SSID.

~~~
tomflack
Hiding the SSID breaks 802.11 specifications and isn't actually hidden anyway.
It isn't private, it was never intended to be private.

------
tbundy
I know it's the BBC, but I am always disappointed by the technical calibre of
these reports, "The data gathered included contents of some emails and web
browsing history". Guess I should read Ars.

~~~
user24
well, technically if they got a being-requested URL then that will be web
browsing history.

~~~
tbundy
True, just wish they'd put some meat on it! Tell us a bit about how it worked,
what they captured. Then again, it is mass media and the comment is probably a
reflection of me being too lazy to read the FCC report, etc. :)

------
sparknlaunch12
Are we really surprised?

Pretty sure there is alot more they know about.

------
nl
Previous discussion: <http://news.ycombinator.com/item?id=3904903>

------
btian
Don't be evil?

