Hacker News new | past | comments | ask | show | jobs | submit login
Street View camera rigs do much more than just take photos (trekview.org)
189 points by panoramas4good 13 days ago | hide | past | web | favorite | 150 comments

They have been previously used to collect SSID names and other WiFi network metadata. See https://www.wired.com/2012/05/google-wifi-fcc-investigation/

But 'secrecy is not security'. This nonsense about 'hiding' the SSID is foolishness. For the reason I just gave. Plus, now, when anybody IS connecting, they're 'probing' that SSID by spamming every channel with the SSID. Like hide-n-seek where your little brother won't shut up and keeps saying "Are you still in the closet Fred? Are you? I'm under the bed! We're being secret!"

So no, masking the SSID in your router isn't doing anything.

Plus, there's an obvious security hole: Any access point can say "Yes, I'm that access point you're looking for! Please do your banking through me! I'm ever so much not a malicious system spoofing your laptop by lying to it!" precisely because the laptop has to ask for the SSID, and those questions, the probe requests, are not encrypted.

HTTPS adoption is probably why this hasn't been publicly exploited yet.

Nah, this is a widely known issue. But the real win is credential harvesting from networks still running PEAP-MSCHAPv2.

It certainly has been used to harvest credentials, but good luck discovering the dude who walks through a busy college campus with a WiFi Pineapple in his backpack.

HTTPS and HSTS can be broken. The main hurdle to this attack vector at this point is most browsers throw up scary warnings and do not give super obvious paths to waving away the warning.

As some with three little kids, that analogy was just great. A daily occurrence at our house.

Security and privacy are different things; both important. Also, lots of information that is not so dangerous on an individual or neighbor level can be exploited at scale.

Not just metadata: Wasn't the controversy that they were sniffing data packets, too?

I remember the outrage that this revelation generated and I am still stumped by it. First, the probability that a Google car happens to capture sensitive information as it drives past your residence once per year is basically zero. Even if it did, it would still require detective work to correlate it to you specifically. Second, if you are worried about people recording data broadcast by your WiFi router, it's up to you to secure your network. I would be much more concerned about a neighbor snooping on my traffic. What did people imagine that Google was doing with these random snippets of data?

I’m kind of surprised that you’re surprised by it.

Outrage over privacy violations has very little to do with the actual harm that the privacy violation causes, and much more to do with whether or not it seems to violate a prior expectation of anonymity or privacy. This concept is even enshrined in US jurisprudence; the “expectation of privacy” is a big factor in how privacy works in America.

Back to Google. The problem isn’t that they captured packets or SSIDs; the problem is that they captured it sitting outside your house. With that change it feels like Google has gone from taking photos of the city that you might be in, to sitting in the bushes taking pictures of your house.

> whether or not it seems to violate a prior expectation of anonymity or privacy

Anything sent over the air cannot be assumed to be anonymous or private. The bits are being transmitted through a shared medium.

If I'm using semaphores to communicate with my girlfriend across the road, I can't be upset if her neighbor looks at me as I wave flags around in my living room.

The law trumps your opinion.


> In 2001, the Supreme Court held in Kyllo v. United States that police officers violated the Fourth Amendment when they used a thermal imaging device to detect marijuana plants growing inside a home. "Where ... the government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a Fourth Amendment 'search' and is presumptively unreasonable without a warrant," wrote Justice Antonin Scalia.

> To make his point, Scalia added that the device can tell you things that the average person would not be able to tell standing outside the house. "[F]or example, [the device can reveal] at what hour each night the lady of the house takes her daily sauna and bath," he wrote.

But WiFi signals are usually readily available outside most homes, and in fact many people _want_ to be able to stay connected to their WiFi from just outside their home.

> Anything sent over the air cannot be assumed to be anonymous or private. The bits are being transmitted through a shared medium.

The point of the law here is exactly to prevent things which are technically possible, but socially frowned upon. A law against something that isn't possible doesn't do anything. (Should this be illegal? Maybe not! But your point seems very silly.)

If you're using your voice to communicate with your girlfriend in your own apartment, can you be upset if somebody's got their ear pressed up against your door, listening in? I mean, you knew that was technically possible to do. Why would you expect privacy?

> If you're using your voice to communicate with your girlfriend in your own apartment, can you be upset if somebody's got their ear pressed up against your door, listening in?

Yeah, but using WiFi or similar is more like shouting with wide open windows. In which case one should not expect privacy.

> the “expectation of privacy” is a big factor in how privacy works in America.

You might expect privacy in your home, but if someone looks through your window when passing by and you exchange glances, you likely aren't going to call law enforcement because they violated that expectation of privacy. Of course, if something revealing or private was observed when that happened, or if they were specifically looking someplace people don't just look (eg. upstairs window) it might warrant filing a police report, but my point is that, based on the articles linked in this thread, Google was sniffing all packets without malice or intent.

This is neither about intent nor the letter of the law, it’s about perception and outrage. It doesn’t matter if it’s legal and without malice, it feels creepy in a way that their regular internet behavior does not.

It’s also impossible to verify what Google will do with that data now or forever. They say they’re doing it in good faith, but then again everyone says that. How can you verify that, and do you trust them with it forever?

> in a way that their regular internet behavior does not.

Counterpoint: I think if most regular people understood the extent of Google's other surveillance behavior, they would also find it creepy.

> it feels creepy in a way that their regular internet behavior does not

And that is, of course, where people come to reasonable disagreement; it simply doesn't feel creepy to a lot of folk. I assume the difference in feel is whether one interprets "capturing unsecured wifi packets via wardriving" as akin to peeping-Tomming into every neighbor's house or akin to sailing along a coastline full of lighthouses broadcasting their beacons and writing down the strobe patterns.

If they look in the window and start writing observations down in a notebook, I probably would call the police.

And what could the police do for that really besides tell you close your blinds if the person was not on your property?

At some point that might count as stalking?

The could tell the note-taker to fuck off. Police often tell people to fuck off when they're not doing anything that's illegal.

That's a bad analogy for an unsecured wifi. Wifi is radiated energy in radio spectra. They're not looking through your window; you're shining a flashlight through your walls and they wrote down the pattern you're strobing into the street (and that pattern isn't even secret; you're using the common pattern everyone uses to send messages intended to be universally understood).

Legal arguments based on geometry are not particularly solid.

My phone antenna technically catches a lot of wifi traffic, the difference is that most of it is not retained/analyzed.

Overall, again, it comes to expectations, and in this case to massive indiscriminate surveillance. A lot of thing changes if in the previous analogies "one neighbor" is replace by "an army of drones/employees patrolling the streets"

Moreover passive monitoring is an attack from a cybersecurity perspective, that wifi makes it possible is a vulnerability of the protocol and it is not nice for google to exploit said vulnerability.

I'm talking about the moral / "common sense" space. If you want to get into the legal space, the FCC's finding in Google's case is that it can't be considered "wiretapping" to observe and record publicly-broadcast, unencrypted data.

Discussion on the topic:


The relevant section of law: https://www.law.cornell.edu/uscode/text/18/2511

"It shall not be unlawful under this chapter or chapter 121 of this title for any person... to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public." The FCC interpreted unencrypted broadcast wifi to be such signals.

... and at least when I was a young hacker, learning at my mentor's knee, the expectation was to assume that if one neighbor could do it, an army of drones could. After all, we didn't put firewalls on our home routers because our neighbors could access our poorly-configured Windows defaults to back-door our machines; we did it because such machines would be co-opted into a bot-net by random anonymous hackers.

Data being dumped out of your house into the street is in the commons. If one doesn't like that, one should probably take the most basic measures to stop doing that. It's naive to expect either the law or society to step in and stop people from picking it up; there's a whole radio hobby around what a person can hear with an antenna and a bit of quartz crystal, and both American law and American culture have been extremely consistent that it's not the listener's fault if they pick up something interesting.

I am also talking about my common sense. The fact that we should expect something to happen is orthogonal to whether the one who made it happen was justified.

In my common sense there are many factors in this story that play against Google: 1) the said army of drones 2) it is unreasonable for users to force exclusively encrypted communication 3) they clearly operated in a "let's collect as much as possible" rather than having a clear objective like for the SSID 4.1) they have collected potentially sensitive data from businesses connections not intended for the public space 4.2) they have collected private data from personal connection not intended for the public space.

Overall what I see is that wifi is not as secure as I expected and Google (lawfully) exploited said lack of security with complete disregard to other's privacy.

Many other points of view might be possible, but I believe this is a reasonable/valid way to interpret what happened.

> it is unreasonable for users to force exclusively encrypted communication

Hard disagree. That's like saying it's unreasonable to expect cable modem routers to come with firewalls or websites to default to HTTPS. I think it's rather unconscionable that the opposite is the case: we had too many years of wifi routers come to market that were unencrypted by default.

4.1 doesn't agree with the law or common sense. Don't broadcast cleartext data if you don't intend it for the public space. TCP/IP packets or Morse code, the principle is the same.

Expecting every radio receiver to know whether broadcast cleartext was "intended for the public space" is impractical, and both law and radio culture reflect that impracticality. Expecting the radio recipient to decide whether your data is intended for public space or not would be like replacing telephones with megaphones and then fining people for listening to conversations.

> Expecting every radio receiver to know whether broadcast cleartext was "intended for the public space" is impractical, and both law and radio culture reflect that impracticality.

I agree, but I cannot agree that this can apply to google sniffing wifi packets. Google knew they were wifi packets, they knew those packets where intended for the "internet", they knew they were not addressed to them; it was not a generic radio transmission. It is a good argument for why it should be legal anyway.

>> it is unreasonable for users to force exclusively encrypted communication

>Hard disagree. That's like saying it's unreasonable to expect cable modem routers to come with firewalls or websites to default to HTTPS. I think it's rather unconscionable that the opposite is the case: we had too many years of wifi routers come to market that were unencrypted by default.

This is no justification for the methodical exploitation of this lack of security. This is only relevant to whether also OSs and ISPs/router manufacturers should have done better.

If you're talking about capturing payloads, I think Google appears to agree with you; they went on record as full payload capture being unintentional. I have insufficient personal investiture to argue the private packet capture point further; my personal morality doesn't tend to hinge on what other people should be doing, but what I should be doing. In an ecosystem that doesn't and shouldn't protect me from capture of my packets in the commons, I should be encrypting my packets. Full stop. What other people do is up to them.

If you're talking about any radio packets, SSID name broadcast packets aren't sent with a recipient in mind.

Radiated energy in the radio spectrum is very different than radiated reflected energy in the optical spectrum?

It goes through walls and curtains, for starters. In radio, we're all living in glass houses. ;)

Privacy guidelines and analogies around what is and is not acceptable to view emitting from someone's domicile start to break down when everyone's in a glass house.

but we do not live in glass houses[1] and privacy is not defined in such specific terms.

I am told that I am no good at making analogies, but I will try my best. Assume I am cursed with the magical ability of seeing through walls. I can freely spend my time staring at my neighbors an spy all of their domestic lives. This is clearly different than if a non-magical me were to install spy-cams in their houses, but we agree that I should not _stare_. Given the hypothetical and magical nature of the situation it is impossible to say whether this would be illegal or not, but soft-anonimity is an important social concept.

[1] off topic: I caught myself pondering about how the thickness of walls/ceilings necessary to build a stable house out of glass (especially considering seismic areas) would probably make the walls quite opaque.

> but we agree that I should not _stare_

In the radio spectra, we do not. It is generally neither punishable formally in US law nor considered informally to be bad form to hook up an aerial and see what you can hear. There's a whole hobby space around amateur radio, and in the US, it's never been considered the fault of the listener if they hear something the sender would have preferred they not.

Your analogy breaks down because your neighbors aren't sitting passively in their homes while you stare at them; they're having a rave with all the wall-penetrating radiation emitters they've installed. They could cease doing that if they wanted a bit more privacy. Or, more practically, they could take the basic necessary steps to encrypt their inter-device communications.

If I pop my laptop open right now and look at the SSID list I can receive from the dozen houses on my block, am I being rude?

> In the radio spectra, we do not.

But in the neighbor analogy we do, that is it is perfectly fine for my neighbor to stare at their walls, less so if they can see through it.

> If I pop my laptop open right now and look at the SSID list I can receive from the dozen houses on my block, am I being rude?

As far as I know I would need to play with my wifi drivers to store all the unencrypted data packets that reach the wifi antenna. I know that I am broadcasting some information about my wifi (at least the name, probably more), but I expect my neighbor not to methodically try and spy on me.

The same way I expect them not to install a security camera pointed at my windows.

I am blasting "radiation" also every time I speak or press a key on my laptop and similarly I expect my neighbor not to install a matrix of super sensitive microphones to record every word I say or try and reconstruct what I am writing from the sound and rythm of my key-presses (it was possible in some research projects I saw some time ago).

In the radio spectra the only difference I see is that it is unreasonable to demand of people that are already using antennas to filter out all unencrypted wifi data. I understand why this might be legal, I still think that google exploited and is clearly on the wrong side of morality regarding storing also the unencrypted payloads.

I think we don't disagree that soft anonymity is an important social concept.

We disagree that radio broadcast fits the soft-anonymity space. It never has in the past and we probably do more harm than good adding it (for starters, we kill the hobby radio industry. We give massive power to the largest owners of radios---broadcast conglomerates---that could start claiming their broadcasts were intended for only their audience and hit people with a cudgel for tuning in. And there's a lot of ugly corner cases where the radio specturm is shared; if my neighbor's broken wifi is stomping all over my signal quality and I record packets to prove it, should I be held liable that I grabbed that data when their radio activity was harming my ability to use my radios?).

We'd be better served by teaching people "What you broadcast with a radio is broadcast. Make decisions about what you broadcast accordingly."

> google exploited and is clearly on the wrong side of morality regarding storing also the unencrypted payloads

It doesn't sound like Google intended to do that, but I think the fact they didn't highlights why it's important people understand the need to not broadcast that which you don't want public; accidental data collection is too easy.

If I flip my router into debug mode because it stops talking to my laptop, I'm going to see the packets of my neighbors. I don't want to see them, and if they don't want me to either, they really ought to stop sending them unencrypted like that.

That's infrared, not radio. Legal precedent on radio broadcast is extremely different.

Optical energy goes through glass windows, which brings us right back to "someone looking in through your window, taking notes in a notebook", which most people seem to think merits calling the cops.

Who, if we're still talking about radio, will tell you that if you don't want your packets collected and understood, don't broadcast them in the clear. The FCC guidelines and the law are real clear about this, and it is a very specific way that the analogy to glass and visual EM spectrum breaks down. Discussions and sibling threads have run to ground why it works that way. There's a reason the specific word used to describe the transmission of data via radio is "broadcast."

> if someone looks through your window when passing by and you exchange glances, you likely aren't going to call law enforcement because they violated that expectation of privacy

Sure. However if that someone snaps a picture, that changes. Especially if you knew they're being paid to collect pictures for a popular website.

The outrage is over the scale and complete lack of accountability. If Google detailed the specific information that was collected and stored, positively notified every subject, and gave us all a way to easily permanently opt out, it would be a different story. But instead, these surveillance companies insist on treating OUR personal information as "their" property based simply on their having collected it. Hopefully this is starting to slowly change with the GDPR etc, although it's going to be a long path due to how thoroughly surveillance companies have embedded themselves into society.

> if you are worried about people recording data broadcast by your WiFi router, it's up to you to secure your network

So that makes it okay for Google to Hoover up? This attitude is why a lot of people are angry at big tech right now. Elitism and arrogance bordering on hubris, but zero self awareness.

"If it is not clearly illegal, I have a god-given right to monetize it and then try to exclude you from it."

-- FB, Google, et al on the Commons

To be fair, it isn't just them. A disturbingly large number of people in the US appear to believe acknowledging any commonweal is counter to national ideology.

Nobody's excluded from doing their own wardriving and data-collection on open SSID network names, as far as I'm aware. Hell, if someone just wanted to drive around and record the radio flux sans information, perhaps to build a fun map correlating population density or income levels to broadcast emissions, that's perfectly fair.

It is clearly a general belief everywhere that if you can get some utility out of something and you can manage to do that for free then you should. HN does it with paywall bypasses, piracy, etc.

Completely unsurprising that if you take a group of people, each of whom individually believe in deriving utility from things they can get with or without permission, then that collective group also behaves in the same manner.

Not directed at you personally, just "you" generally: unless you're not using PSK or WEP, no one is snooping anything meaningful from your Wi-Fi traffic.

WPA can be cracked by collecting enough handshake info to create enough hashes you can then set some GPUs from the cloud on in a matter of days. WPA2 (and enterprise) are not crackable unless you are a government.

And even if a malicious person gets your passkey, HTTPS is pretty damn near impenetrable. Source: I've been to DefCon for the past 7 years, and with the exception of TLSv1.3 replay or trying to hijack global DNS routers or compromise CAs, which either require the stars to align, military style infiltration, or non-existant computing, you're safe.

You're far more likely to be hacked by a phone call pretending to be your bank, or by a fake AirBNB scam. Or someone stealing your mail.

Ok internet: prove me wrong. Where are your WPA2 and TLSv1.3 hacks that anyone can do?

It was effectively a Wifi Stingray and MITM peoples connections so they could form a baseline of what people in that local were doing with their internet connections at the time the street view car passed.

It most certainly broke connections. Multiple levels of unethical, how this ever got past anyone at Google stumps me.

Can you provide a citation? I haven't heard any evidence that they were actively interfering in connections, only recording what was broadcast in the clear.

Does that mean you'd be alright with me sitting outside your house taking photos of it and scanning for network signals coming from your house and running a software radio receiver to see what you've got going on inside?

If not, why are you alright with Google doing it?

You'd be doing that purposefully; Google admitted the street view car thing was a mistake[0]:

> So how did this happen? Quite simply, it was a mistake. In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software—although the project leaders did not want, and had no intention of using, payload data.

0: https://googleblog.blogspot.com/2010/05/wifi-data-collection...

If you are in the street, then yes, that is considered "public" and there's really not much I can do about it. I have zero expectation of privacy if you take pictures of the front of my house from a public area. If my WiFi signal reaches the street, then, again, that's a public area.

I may not like it, but doing it from a public area is perfectly legal (in the US at least). Now, you can't come onto my lawn to get a better signal, but there's really not much I could do if you parked on the street in front of my house.

> I have zero expectation of privacy if you take pictures of the front of my house from a public area.

That's not accurate. The expectation of privacy is a legal term related to the USA. There's quite a difference in privacy you'd expect. E.g., just because you could see someone doesn't mean it's ok to hang a camera pointing to that place and record everything that's going on. Similarly, I do expect to have privacy in public places. It's weird not to expect that. Cameras have a big privacy impact, just because you could have a security person there doesn't mean that a camera is the same thing.

> I may not like it, but doing it from a public area is perfectly legal

If enough people do not like it the law should be adjusted. Too often the argument is that something is legal. This while people are changing and introducing new laws on a daily basis.

I agree. I'm never said that if enough people don't like it that it shouldn't be changed. I was talking "now". If what somebody is doing "now" is legal, then right "now" there isn't anything you can do about it. I can call the police, they'll either not come because it's legal, or they'll come, maybe talk to the guy, then say to me that he's not doing anything wrong.

I'm didn't say I had to like it, just that sometimes there's not much you can do at the moment. There's a distinction.

It grinds my gears a little when people make claims like "there's not much I can do about it".

Seeing someone parked out the front of your house with a sensor array aimed at you isn't going to get you hot under the collar?

You don't reckon you'd suddenly find yourself motivated to work out what you can do about it?

It grinds my gears a bit when others think there's always something to do about it. Yes, I could get upset, but at the same time, if they aren't doing anything illegal, then there literally isn't anything you can do about it. You can go ask them what they're doing, but that doesn't necessarily mean they have to stop. So maybe finding out what I can do about it is trying to get things changed, but at that moment, there's not a whole lot. This is all predicated on the fact that whatever they are doing is legal as it stands now. I don't have to like it to have to accept it. If you don't like it, then you do things to mitigate or change the laws.

Similarly, last week I had a bunch of trees taken down from my back yard. They were near the property line, but distinctly on my side. My neighbor came storming over wondering what I was doing. I said I was cutting down my trees. He got upset because it changed the look of their yard (removing _my_ trees changed the look of his back yard), removed "privacy" (despite the fact their house is 30 feet higher than mine and therefore gave me no privacy), among a couple of other outlandish things. This, despite the fact that they were my trees. I told him it didn't matter, they were mine, and had them taken down. Everything I did was totally legal, but he didn't like it, but couldn't do anything about it.

Someone doing so would potentially violate wiretap laws, probably also stalking depending on the state.

No they would not. Not until you actually went to the police station, got them to open a case, got an injunction and the "culprit" would get served with a formal notice. Then if they kept doing that would they potentially be in breach.

I agree that detecting and pursuing this is unlikely to happen but it's still likely a violation of state wiretap laws and/or stalking. Anyone that wanted to do this would just lay a rpi with cellular and a battery so they don't need to be right outside your house all the time, making it both hard to detect and untraceable.

> Does that mean you'd be alright with me sitting outside your house taking photos of it and scanning for network signals coming from your house and running a software radio receiver to see what you've got going on inside?

I'd be fine with it.

People staring at my closed blinds and the outsides of my walls, recording my router's SSID and a lot of encrypted traffic, and getting rained on are not bothering me at all. There's nothing they can do with what they have.

> I'd be fine with it.

You say that now.

Thought experiment: Can I grab your address?

Remember, you don't know me and you don't know my intent.

Full disclosure: I have a violent criminal record.

Still comfortable?

Am I fine with you passing my house on the street and writing down the house number? Sure am. I'm also content with you going to the county website and finding out what I paid for it, and my name. Even if you have a violent criminal record? If you're on the street, I assume you've paid your debt to society.

There are some interfaces where private information becomes public because a private person has to interface to the public.

I refuse to participate in a hypothetical with such strongly prejudiced undertones.

I think you just did.

nah its just kind of creepy the multiple ways that Google and services assign a GPS location to your SSID

that has nothing to do with sniffing packets or network security

Yes but (if we believe they are telling the truth) this was only done accidentally and they only intended to sniff the SSIDs. https://publicpolicy.googleblog.com/2010/05/wifi-data-collec...

To add to the other responses, the reason why they were capturing sensitive data was most likely because instead of doing filtering and processing live while they were driving around they chose to just deal with that after the fact and process the WiFi data through whatever system they already had for post processing. Even with just recording the SSIDs and timestamps on the vehicle all of the data that was controversial would still be captured by the radio on the vehicle, it would just be discarded immediately instead of being discarded when the Google maps vehicle offloaded that data for processing. If Google wanted to do something nefarious, they could still turn it back on all in software. The only real privacy gain is that they can't retroactively do it but I doubt even originally that they kept the packet dumps around for too long after processing it.

Based on the reporting at the time, it sounds like it was unintentional; they were capturing the raw packets to a debug file that wasn't even routed for post-processing.

Yes, the firmware had been configured for open logging and was slurping the packets and dumping them to a debug file.

Thanks for the tip. I have update the post to include this info.

I think "accidentally" is potentially giving Google too much credit/benefit of the doubt as far as capture of packets.

They hired a famous wardriver, Marius Milner, onto Street View (then later Niantic, maker of the privacy-intrusive Pokemon Go).

That's not particularly suspicious. They've used the SSID data as part of the ground-truth map to improve positional accuracy of geolocation in Maps; "Can SSID + signal strength be used reliably for triangulation of position" is exactly the kind of wonky doman-specific knowledge you might find in the wardriving community and not many others.

I would readily buy that if they didn't also, you know, sniff network contents and then attempt to obscure that fact.

> The unredacted FCC report refers to a Google "design document" written by an engineer who crafted the Street View software to collect so-called payload data, which includes telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files sent over open Wi-Fi networks.


Reading the linked Wired article leaves me wanting to read the design doc for myself; I don't agree with (Wired's synopsis of) the FCC regulator's interpretation of the document they read. From the quoted bit of the FCC doc:

""" In a discussion of 'Privacy Considerations,' the design document states, 'A typical concern might be that we are logging user traffic along with sufficient data to precisely triangulate their position at a given time, along with information about what they were doing.' That statement plainly refers to the collection of payload data because MAC addresses, SSIDs, signal-strength measurements. and other information used to map the location of wireless access points would reveal nothing about what end users 'were doing.'" """

I disagree with that assessment. If you're a Google engineer writing the privacy section of the design doc, you're encouraged to blue sky possible abuse scenarios, even unlikely ones. That quote, to me, reads not as admission that packet capture was part of the design, but that SSID, MAC address, and signal strength measurement alone could be enough to make ballpark guesses on what a user was doing (MAC addresses, for example, are issued to specific device vendors, so knowing my MAC address is chatting to my wifi, and no other information, could be used to make an educated guess as to whether I'm watching TV if you see heavy traffic between my wifi and a device advertising a MAC address that tends to show up in a Samsung smart TV product line). I think the FCC investigator lacked imagination here. ;)

You'll note what the quote omits, which is any section of the design document that says something like "Full data packets will be captured and stored for future analysis." That's a glaring omission if full-packet data capture were part of the actual design, and the quote appears to be an FCC investigator attempting to read between the lines.

You can read the details here: https://www.wired.com/images_blogs/threatlevel/2012/05/unred...

including (on page 15) quotes from emails that state "We store the whole body of all non-encrypted frames" and discussed an analysis of HTTP URLs extracted from sniffed wifi data.

We would have a lot more clarity here if the following hadn't occurred:

1. Google sniffed the packets

2. Google stonewalled the investigation (receiving a $25k fine for doing so)

3. Google ignored the recommendation to have counsel review the design

But those things did occur, so I believe it is a leap of faith to simply accept their word that 2 years of wardriving people's wifi traffic was "an accident."

I've done too much engineering on large-scale projects with cross-office stakeholders for that leap to require any faith; it aligns with my own experience. ;) It doesn't take more than a handful of misconfigured flags to find out you've been accidentally logging every packet going through your router. The backstop against that is usually I'd run out of storage space, and Google certainly doesn't.

The product counsel oversight failure was a major error in this project. It's the specific step that's supposed to help Google avoid $25k fines, and I don't doubt someone internally got their head thunked over that.

Good find; this is much more informative. Clearly not accidental. Though still definitely an error; product council would have told them to knock it off, and it's unclear whether it was maliciousness or ignorance that nobody brought them in for consult.

You could also add this video showing the optimization of a GPS track if you want some visualization.


I wonder if all the tech in those cars requires modifications to the vehicle itself, like a larger alternator to satisfy the power requirements or reinforced pillars to support the weight of the hardware. It'd be cool to hear from somebody who knows how they equip those cars.

Those modifications seem unlikely, You can't easily reinforce pillars in a car and they are designed to support the full weight of the car in a roll-over situation so a few 10s of kgs of equipment on the roof make little difference. Similarly, a typical alternator is rated to 2kW so far above the required power of a few LIDAR, camera and computing devices. Having said that, early vehicles did have heavy duty alternators installed (although they may have confused these with heavy duty inverters which are needed) and modified suspension components [1]

[1] https://pub-tools-public-publication-data.storage.googleapis...

The linked history of street view does mention that the first instance had an alternator “from a fire truck”.

Fwiw, direct fit high-amp alternators are available for most cars. And they are in the same ballpark of ~200 amps, and high output at idle as a "fire truck alternator".

So it's a fairly cheap modification just to swap out the stock alternator. ~$500 or less.

Car choice/ÉCU programming may come into play here.

I thought cars were “intelligent” enough to not charge while idle or warming up because that’s when emissions and inefficiency are highest.

I think it should "just work". The added load would drive voltage down, so the inputs the ECU gets continue to send the right message. So long as the alternator has enough capacity to meet the demand...

Yeah if a manufacturer wanted to hold off on drawing a higher load to recharge the battery until after the car was warmed up they would just do that by lowering the setpoint. If you try and draw higher current from it it would still meet that lower setpoint.

I doubt that was the case for the depicted 1992 Chevrolet Astro Van.

A typical alternator for a small car is rated for something like 60-120 amps, which at a typical 14v output, is 0.8 to 1.7 kW.

2kW falls into more of a light truck or high-output category.

Cars are typically specced to handle 75kg (~165lb) of baggage on roof rack without breaking a sweat. Think carrying skies + personal gear on a trip across Europe. And if you are concerned about momentum, please note it's common to carry two bicycles on a roof rack; with speeds of 100km/h+ they generate substantial forces due to drag and in case of cornering.

I doubt the whole camera+lidar roof package is anywhere near close; best guess around 10kg (~22lb)

I design mobile mapping vehicles for a different company, so while I can't answer specifically about the Street View system, I might be able to provide some insight.

Our smallest portable system weighs around 25lbs and can mount to just about any vehicle using strong magnets or standard roof rack. It pulls less than 10 amps so it can be powered through a standard cigarette lighter outlet or wired directly to the vehicle's battery.

Our largest system weighs many hundreds of pounds and mounts on one specific vehicle in as many reinforced locations as possible. We utilize factory bolt holes on the roof, make custom brackets to support cantilevered weight off the back, and make modifications to the roof up front to support even more weight. The system typically pulls 40-50 amps however, the vehicle comes with a high output alternator and dual battery system from the factory so we don't need to upgrade them.

Based on the components of the current Street View system, a roof rack is sufficient to support it's weight. I'm guessing it pulls around 20 amps so it likely has a direct connection to the vehicles battery, but wouldn't require an alternator upgrade.

Thanks for the valuable insight, 50 amps look like the sort of current you would see while a car's starter motor is running. Out of curiosity, do you shut down the equipment automatically when the engine is killed? I imagine drawing so much current may interfere with the starter motor.

There are a lot of companies that do this type of vehicle modification for you. It's common for a lot of professional-use vehicles also in construction / utility network maintenance etc.

As others said, the roof is fine. The suspension is quite easy to adjust a bit for the extra weight and that helps also in stability due to the weight being high-up. For vehicles commonly used in these kinds of things there are higher rated alternators and batteries that are drop-in replacements for the standard one.

> that helps also in stability due to the weight being high-up

I don't understand that. Isn't weight high-up shifting the center of mass upwards, making the vehicle less stable?

EDIT: jstanley, olex: that makes sense, thanks!

I think that OP wanted to express that stiffer suspension is needed for extra weight, and the same stiffness also helps keep the vehicle stable despite a higher center of mass.

Thanks, yes that's what I meant. You want less body roll if your center of gravity is higher, so that requires stiffer suspension and stiffer anti-roll bars to keep the vehicle more level (at the expense of some comfort).

I think it means the suspension adjustments help in stability, which is helpful because the weight is high up.

3 times the weight of the car, 1.5x for large vehicles, is a US requirement to how much the roof can support, this is part of protecting occupants during a roll over; this was from 2010 and may have new requirements[0][1]



That's a static load; the actual amount of luggage a car is rated for carrying on the roof is much less (usually somewhere in the mid 100s for a passenger vehicle).

I don't know about the street view cars, but the waymo vehicles have cooling and power run through the pillars to the camera, because the camera has to be cooled.

This information was disseminated to fire departments so that if rescuers have to cut somebody out of one of waymo's cars, they don't accidentally cut through a pressurized coolant line.

A modern car will run into suspension wear/longevity problems long before the pillars care about how much weight you put on them. This hardware is tens, maybe a couple hundred pounds. Roofs can support thousands without deformation. The vehicle will suffer increased tire/suspension wear and "bad to the point of it being hard to justify not using a bigger vehicle" handling long before the structure is in any way affected. They stack cars on cars at many junkyards and the lower cars are just fine save some scratches and dents to the roof skin.

Usually any vehicle mods are done to meet bare minimum standards.

A lot of the mapping cars I see are hybrids, they probably get some lower benefit there.

I would assume they run these things for a fixed period and toss them to avoid opex. I’ve had exposure to lots of commercial customized vehicles, and unless it’s required by law or the use case, not an extra dime is spent.

I assume they're using them to make global HD maps for Waymo too

Hey that main website is cool! [1]

I literally just ordered a GoPro Fusion last night so that I can create 3D captures of hiking trails using photogrammetry. I will then use the 3D trail models for reinforcement learning for my off road robot. [2]

The basic pipeline is images to Meshroom (perhaps with pre-processing since Meshroom doesn't seem to support 360 cameras), then instant-meshes to reduce the poly count of the mesh, Blender to map the texture on to the new low poly mesh, save as .glb file in Blender, then open in habitat-sim for machine learning. Blender was the hardest part to learn, but tutorials on youtube walk through the whole process.

Interestingly the GoPro Fusion is pretty cheap now, as GoPro has a new model which is apparently not much of an improvement. So while the new model is $499, the Fusion is currently $179 on Amazon.

Previously I have tried photogrammetry of trails with cell phone video. It works really well but the narrow field of view of the cell phone camera compared to the whole 360 degree scene means the resulting 3D reconstruction has lots of holes, and the model is only well reconstructed immediately around the trail - wider terrain is missed.

The 360 camera captures all angles, front and back, sides and top. It should make for some fun immersive video to throw on youtube but it will also be great for photogrammetry. I found this research paper [3] which supports my thinking that 360 cameras are useful for photogrammetry.

[1] https://www.trekview.org/trek-pack/

[2] https://reboot.love/t/new-cameras-on-rover/

[3] https://www.int-arch-photogramm-remote-sens-spatial-inf-sci....


Would love to hear more about your project. Sounds very cool.

We're working on some computer vision problems (we plan to open-source soon). Perhaps there's an opportunity to collaborate? https://www.trekview.org/greenhouse/

Drop me an email dgreenwood at trekview dot org.

They that looks like something I want to do too! I like the idea of my robot being able to identify all the native plants around it. My mom is a landscape designer and she knows the latin names for almost every plant we come across, so it's something I want to support in my robot. I'd love to collaborate! I will email you. :)

It says DGPS (Digital Global Positioning System) is it the same as Differential GPS?

Author here. That was a typo. Should read Differential GPS. Now corrected. Thank you!

The article just got it wrong, their source is about Differential and they put "Digital" instead.

I wonder what the total "BOM" cost per street view vehicle is.

Interesting, though that seems to be the camera system cost only.

Correct. I would hazard a guess, after accounting for discounts (in 2012, there were 250 GSV cars on the road [1]), that the camera kit (inc. sensors) could easily cost > $50k. The list price of the the LIDAR scanner used is $8k alone (the cars use 2).

[1] https://petapixel.com/2012/10/15/a-glimpse-of-googles-fleet-...

This is genuinely creepy for that wifi names can lead to finding the person's name and thus you have found to a few minorities their location, and name. And also for local businesses you can now track and use that data forgood or bad.

The camera acronym is "SICK"? As a sales rep, that would be a tough one to pitch. Like Moland Springs water.

No, that's the name of the company making them, named after the last name of the founder.

Well now I feel like a dolt.

This should have a label of (2019) -- article is nearly 5 months old now.

Relevant xkcd (alt text): https://xkcd.com/1204/

...accidentally, in some cases collecting network data packets...

As I note above, Google hired a wardriving expert onto Street View. Assess for yourself how accidental you believe that collection to be.

"Accidentally" collected network packets (including traffic on the network, websites being visited, etc)..... whoops!

TBF to Google, that's something anyone can do. If a person really doesn't want their activities known, it's incumbent upon the person to not do those activities over an unsecured wifi network. That's the radio equivalent of shouting your browsing history in public.

(This is one of the oldest privacy arguments and extends outside the radio spectrum. Philosophically, if you stand naked at your own bay window and I walk by on the street and chance to spy your genitals, and the fact they were seen bothers you, who screwed up here?)

I'm torn on this. On the one hand, yes, it's easy to see accidentally recording when they really didn't mean to. On the other hand, have you ever heard of Google recording less data or giving people more privacy by accident? If "mistakes" always favor one party then it seems fair to start blaming them. On the third hand, would you hear about that if it happened? I mean, what would that look like? "Oh, today's ads are slightly less targeted"? "Oh, Google location services doesn't automatically place me by my wifi WAP"? Negatives aren't just hard to prove; they're hard to see in the first place.

So I'm skeptical, but I don't know how to have enough data to really be sure.

You mean has Google ever lost data? I'm sure it has.

Has Google ever "undertargeted" ads? Obviously yes. Every single outage in an ads system makes it target less well, basically.

And there was that time Ads preferences for basically everyone seemed to indicate that I (along with everyone I knew) was interested in "Raggeaton", whatever that is.

Well if I'm walking up to everyone's bay window taking nude pics of them, then saving the pics to a server that would eventually be linked up with their personal accounts....I certainly wouldn't claim it to be an "accident".

That's true! But it in no way describes what Google did with the raw packets they sniffed. A better analogy for what Google did was drive around, snap pics of everything, and realize they had some photos of nude people in the debug folder.

(It's a better analogy for a couple reasons, one of them being that's actually a problem they continue to have to deal with in the non-debug folder. ;) I know they've automated the process of blurring faces; I wonder if they also have a nude body detection ML algorithm to identify keyframes of images taken that shouldn't make it through the quality-control hoppers to end up in Streetview?)

So they say. Giving their track record, I don't see any reason to trust them about it.

A company operating at their scale, with the amount of data they have collected, has the best track record of privacy I've seen to date, TBH. I can't think of any other.

One can make the argument that the easiest way to maintain privacy is to not do anything; if you never collate data, nobody's privacy ever needs to be considered. That's the entropy answer; true and boring. If you never have an app, you don't have to care about security. If you never write software, you never have bugs.

Discarding that null set of privacy scenarios, I observe Google's mistakes are far outstripped by the features and successfully-architected products and I can't think of anyone with a similar ratio of successes to mistakes.

It's like saying given how many people the US killed, they have the best war track record.

Collecting data on us is not a feature.

> It's like saying given how many people the US killed, they have the best war track record.

Hard agree. Countries think twice before engaging the US in open military conflict. The US has a history of ending wars.

The analogy breaks down a bit because people in general don't like war, but people in general do like turn-by-turn live navigation on their phones.

> Collecting data on us is not a feature

Not by itself; it's fuel for features. It's actually the raw fuel that power most of the breakthroughs in machine learning that have brought sci-fi tech to our fingertips.

Gmail's spamblocker is built on cross-correlating spam signal from multiple inboxes. Google Ads' fraud detection is built on having enough of a sample of attempted fraud to know what fraud looks like in the abstract. Google Voice works because the company gained access to a massive library of real-world, low-quality voice samples via GOOG-411. Maps gets secondary traffic signal by having maps users ping-back the speed of the car, so it can detect where vehicles have started to crawl in what should be a high-speed area. And of course, search itself is powered by the extremely strong signal coming from people finding what they want via search.

Big data collection and interpretation is the core of Google's business model, and it's worked great. People really enjoy the products Google has crafted by collecting data on us.

> Google Voice works because the company gained access to a massive library of real-world, low-quality voice samples via GOOG-411. Sorry, what? Google voice is a VoIP service. Maybe you mean Assistant?

And people also like a lot the sugar industrials put in everything.

That doesn't make it a good things, nor a moral one.

it also doesn't make it a bad thing, or an immoral one. The story is more complicated than a simple "SUGAR BAD," or a simple "DATA COLLECTION WRONG."

Snickers bars are a standard tool in a wilderness survival first-aid kit. The same energy-density-per-unit-mass that makes them a bad choice for day-to-day snack is great when you need a bunch of glucose in a short amount of time.

If the CIA was driving down US streets photographing, scanning and sniffing everything, I think we'd have a different reaction. At least with Google we know all the data is in good hands.

Ultimately, the Constitution protects your right to photograph public places. Street View is keeping that freedom alive by exercising the right; if someone wanted to make it illegal and the law was on their side, they could make plenty of money by going after Apple and Google. That protects us ordinary folks.

A couple years ago I got yelled at for taking this picture: https://petapixel.com/2016/08/11/dont-think-port-authority-w...

I told the guy that Google has plenty of pictures of the Holland Tunnel and that if it were so illegal, the lawyers probably would be going after them. They aren't, which is pretty telling as to where they think the law actually is.

This legality deserves reconsideration in today's technology:

To an individual taking pictures, the public is no great resource and can not be significantly used as a source of asymmetric power. An individual's "public" is a small sphere around them as far as an affordable camera can see.

To nation-states and large corporations, the "public" becomes virtually all of the spheres around every individual. It can be combined into a database which is no longer accessible to the individuals in the database, making it no longer public. It can then be used asymmetrically by the organizations against individuals. For example, mass-gathered public real estate information can be pitted against individual buyers and sellers of their homes. It biases the market toward those who can collect the most information using capital an individual with a single camera could never collect. In the case of google streetview, a monopoly has been formed.

When our country was formed, such asymmetric power was scarcely imaginable. We need to reconsider whether mass gathering of information should be allowed.

Mass-gathering and privatization, I think.

If you try to outlaw mass-gathering alone, you're gonna have a bad time. "The Transparent Society" gives a good argument for why that's trying to put a genie back in a bottle (i.e. it would trade out the power asymmetry you're describing for the same power asymmetry exploited by different groups).

Better to kill the real estate data asymmetry advantage by having the government collate and publish that data on everyone's behalf than by trying to make it illegal.

I agree with that wholeheartedly. I find it interesting that governments don't see Google as direct competitor for power at this point.

It's also fairly weird that such data gathering corps are considered individuals in the same way one person with a camera is.

I think you guys are kind of overestimating how useful pictures of people's houses taken once every couple years are. I guess you can see what years I did a good job of watering my plants and what years I didn't. That's about it.

We should be wary of surveillance from tech companies, but the messages you send your friends from your phone are a lot more useful than a picture of your house.

You a Heinlein fan?

I agree it's worthwhile estimating the power having this imagery gives. it tells much more than whether you watered your plants well.

For example, it can be used to estimate wealth at a distance. This means, for example, if I'm trying to make any kind of transaction, someone can look at my house and cars and make the price vary with their perception of my wealth. This is a form of prejudice.

It can also be used to look up interviewees. It can be used to give them the lowest possible salary based on where they live and what their perceived life circumstances are like. It's already been demonstrated that resumes with ethnic names are taken less seriously.

And what's more, this power can't be checked. Since google has a monopoly, no one else can challenge it. If it's used e.g. in a court case, no one can oppose it, because their is no corroborating or countering imagery.

And what's more, the way this information is consumed has asymmetry. For example, yes, while any individual can zip around google maps and learn information, wealthy individuals and corporations can access large amounts of public information and process it, turning it again into private information. This private information can then be used to enhance wealth, e.g. by estimating areas to develop real estate, mine resources, etc., in a way that individuals simply can not.

This all means that while individuals retain the power to observe their immediate surroundings, powerful groups, including foreign nations, are able to exert a power several orders of magnitude larger. They are in effect exploiting our individual right to observe and turning it against us.

wow, I wonder what part of this is controversial or disagreeable? Anyone care to elaborate?

Sometimes downvotes mean you are right.

To me it’s a cost/benefit compromise. I really go out of my way to make sure I use exactly zero google products, but I think the utility that Street View provides to the average citizen is quite sizeable and cannot just be dismissed. However the CIA would never provide this utility to the average person, they keep everything they touch for themselves like a dragon on a pile of gold.

Did you forget that Keyhole, which became Google Earth and Maps, was acquired by Google from the CIA's venture capital firm In-Q-Tel?


Think he was being sarcastic.

Nope. Same point there.

> At least with Google we know all the data is in good hands.

... /s ? Please?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact