Hacker News new | past | comments | ask | show | jobs | submit login
Google knows nearly every Wi-Fi password in the world (computerworld.com)
503 points by brennannovak on Sept 13, 2013 | hide | past | web | favorite | 299 comments



Google also knows all the secrets of General David Petraeus, or anyone else that uses Gmail. And everything you've (secretly) searched for.

Google's business model is based on aggregating that information and gaining value out of the data, mostly in the form of advertising. As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again. This is why they publish videos saying that no-one can ever walk out of a Google data centre with a hard drive.

I continue to use the services I use because I find the benefit I gain from them, more useful than the potential risk of exposure.

Should these secrets be encrypted? If they were, it would be possible for Google to steal your key if they wanted to. This is the same kind of perception problem that led to the Chrome team being hauled over the coals in public for not encrypting saved passwords. They have to be available to be useful, but people would rather perceive they weren't available.


> As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again.

Just out of curiosity, how would we know even if a secret was let out to, say, the NSA or US Govt? Because (a) Google isn't allowed to legally acknowledge it and (b) US LEOs will use "parallel construction" to obscure the fact that they obtained such secret information.

Moreover, if you're not a US citizen, even lesser chances of ever coming to know what information is being handed over/intercepted by the US Govt. If Presidents of countries can be targeted for surveillance, no reason a common person cannot.

Please note, I am not saying Google was specifically guilty of passing on info to the NSA in these cases, but just that, even if they were forced to, there's no way the affected users would come to know.

Link: http://worldnews.nbcnews.com/_news/2013/09/02/20291489-snowd...


Is this Googles failure or are goverments the issue?

You cannot prevent that some entity will have private data about you, once you start using mainstream online services whose focus is on mainstream issues like ease of use, portability of data and seamless access from multiple devices.

Ensuring that the legal frameworks we live within have strong privacy laws makes more sense to me, because what are the realistic options for any of the mayor tech players right now, when they face a data request from the US goverment other than fighting it in the courts? (which they do)

Moving all Google employees to Iceland or some asian country and closing all offices in the US/Western Europe? Closing down any service that collects private data?


Is this Googles failure or are goverments the issue?

Both, but any Google executive aware of the abuses could have anonymously tipped off Wikileaks or some other journalist. None did.

To explain Google's behavior, classic diffusion of responsibility is all that is necessary. Without any such dissent, it's no surprise that the government abused its power.

Snowden is a significant outlier... hiring policies are intended to prevent the hire of the kind of person who would do what he did. The scary thing is that Google's hiring practices achieve the same thing.


"Both, but any Google executive aware of the abuses could have anonymously tipped off Wikileaks or some other journalist. None did."

We do not know this and it would be questionable if the risk associated with such an act would be worth it considering that Google can actually use its resources to move things in a legal way. (via courts, lobbying in Washington etc.)

"To explain Google's behavior, classic diffusion of responsibility is all that is necessary. Without any such dissent, it's no surprise that the government abused its power."

I remember Google protesting (SOPA) and actively pursuing privacy initiatives multiple times in the last years and even pull out of the Chinese market.

They release detailled copyright removal reports: http://www.google.com/transparencyreport/removals/copyright/

They let you take all your data out of all Google products: http://www.dataliberation.org/takeout-products

They fight governments data requests in courts (sometimes successfully) and release strongly worded statements when they are allowed to.

Suggesting that we ended up with an abusive goverment because Google slavishly followed orders seems unrealistic to me.

"Snowden is a significant outlier... hiring policies are intended to prevent the hire of the kind of person who would do what he did. The scary thing is that Google's hiring practices achieve the same thing."

Google as a company would arguably not exist anymore, if its developers/admins constantly leaked data.

The survival of the NSA does not depend on public trust and a positive public image - Google does.


We do not know this and it would be questionable if the risk associated with such an act would be worth it considering that Google can actually use its resources to move things in a legal way. (via courts, lobbying in Washington etc.)

Google's legal initiatives are largely just naked lobbying for its own corporate interest. SOPA in particular. Nothing wrong with this but it's a lot different than using its legal team to fight government abuses. Google is reasonably scared and chastened by Microsoft's massive antitrust battle, and Eric Schmidt pragmatically ramped up lobbying and philanthropy when he took the helm.

They let you take all your data out of all Google products: http://www.dataliberation.org/takeout-products

Do you think this removes it from the system that the NSA has access to?

They fight governments data requests in courts (sometimes successfully) and release strongly worded statements when they are allowed to.

Strongly worded PR statements while being 100% cooperative. My guess is that the statements are run by the NSA for approval before they are published.

Suggesting that we ended up with an abusive goverment because Google slavishly followed orders seems unrealistic to me.

I did not argue this. But it's a very slow and gradual slide into tyranny, and Google has done nothing to prevent the obvious abuses. I again point to the Government's treatment of Microsoft as a significant driver of Google's supplication.

The survival of the NSA does not depend on public trust and a positive public image - Google does.

Only when the information is kept secret does the NSA's survival not depend on public trust. I'd argue that the NSA depends more on public trust than Google, since Google's motives are very clear, at least insofar as the shareholders are concerned. The NSA is there to protect US interests which generally are not documented and are subject to the whims of both high level and low level officials.


"Google's legal initiatives are largely just naked lobbying for its own corporate interest. SOPA in particular.'

This is where I stopped reading.

I personally know all of the people at Google involved in doing SOPA, and you have literally no idea what you are talking about.

You are talking about a group of people mostly from places like EFF, Creative Commons, and other wonderful orgs. They do it because they want to make the world better, don't want to see the internet censored, and because it's the right thing to do. Maybe you are too cynical and jaded to do something like that, but they aren't. Your opinions have zero basis in fact.

(I read the rest, and it's equally as uninformed. You no nothing of what google has tried to do, done, or anything of the sort, be it related to the NSA or anything else. If Google puts out press releases, you call them self-interested, if they do it quietly, you never notice and think they are 100% cooperative. They are fucked either way).


You are talking about a group of people mostly from places like EFF, Creative Commons, and other wonderful orgs. They do it because they want to make the world better, and because it's the right thing to do. Maybe you are too cynical and jaded to do something like that, but they aren't. Your opinions have zero basis in fact.

There is a difference between the people Google has employed to do the work and the corporate strategy behind the work. I have no doubt that the people you describe are truly passionate and dedicated.

But you don't see Google funding advocacy groups for initiatives that don't have a corresponding corporate benefit. Google's evolving stance on net neutrality is a case in point. An analogy would be a housing development firm supporting advocacy of home loans for the poor.


> But you don't see Google funding advocacy groups for initiatives that don't have a corresponding corporate benefit.

http://searchenginewatch.com/article/2190617/Googles-Legaliz...


"There is a difference between the people Google has employed to do the work and the corporate strategy behind the work. I have no doubt that the people you describe are truly passionate and dedicated."

Of course there is difference, but you haven't explained what evidence you have that this it the corporate strategy. I actually know the corporate strategy, and i'm stating for a fact it's not as self-interested as you think. You don't have to believe me of course, and I'm not crazy enough to claim google doesn't have interests, but you present it as a very cynical 100% self-interested thing and it's simply not.

"But you don't see Google funding advocacy groups for initiatives that don't have a corresponding corporate benefit."

???? I think you are confused about what google funds.

What is your source of info? Press releases? Have you considered that maybe they don't let press releases happen because they just want the org to succeed, rather than being cynical and self-interested and trying to get credit, and that's why you don't know about it?

I personally helped fund opening of of polling location data (IE getting states to let us tell us where people vote so we could help people find their polling places). https://votinginfoproject.org/ There are now other partners, but Google created it, and funded it, as a separate org.

This was done for no other reason that I felt this was data that should be open, and it was completely ridiculous that you needed to pay various providers (many many figures) in order to get data on telling people where to vote.

This project was entirely altruistic - people were often confused by the info they had, or forgot, or something else. I wanted to solve this problem. There was no money, ads, or anything involved.

My group also funds the software freedom law center, software freedom conservancy, osu labs, etc. Not just open source either.

We fund many millions of dollars to organizations because it's the right thing to do and the orgs are fighting for the right things. Policy does the same. Of course, they do some advocacy and lobbying. But not all or even most of it has any direct corporate benefit.

In DC alone, Google funds a lot of dc related homeless and other advocacy organizations. Do you think Google has designs on ads for homeless people?

So when you say "But you don't see Google funding advocacy groups for initiatives that don't have a corresponding corporate benefit.", it would be more correct to say You don't see. And by "You don't see", that's often because Google doesn't put out press about it, because that's not the point. That would be self interested on Google's part. The point is to help the org.


I am very cynical about Google these days after the revelations about its cooperation with the NSA.

Thanks for your work and I hope you don't take my remarks as any kind of criticism of the work you do.

Put more cautiously, I think indirect corporate benefit is the main impetus for Google's philanthropy and lobbying programs. There is not necessarily a specific business outcome associated with the philanthropy... it's more like "branding" and "brand awareness" campaigns. The payoff is far into the future and is extremely hard to measure.


It is likely you have even less of an idea of what you're talking about when it comes to Google's interactions with NSA than you do about how their motivations w/r/t SOPA.


Please enlighten me.


I have, at length, in the past, and it's very disingenuous of you to pretend that you don't know that. Most people who accuse Google of being a tool of NSA have the excuse that they got the idea from the Guardian, which later retract^H^H^H^H^H^H^Hcontradicted itself out of the accusation. But you know that already. You accuse Google of being a tool of NSA because you want them to be, because you believe that by repeating a lie over and over again you can somehow crowbar reality into your weird little conspiracy theory, or at least get a bunch of people on HN on board with it.


You are partially right. All of my beliefs are provisional and I'm waiting to be proven wrong. I'd very much prefer to believe that Google acted properly (not necessarily legally) with respect to its cooperation with NSA. To date I am still not convinced.

How is it possible to feel comfortable with Google's answers when you consider that companies are forbidden from disclosing some information? I'm equally skeptical of the truthfulness of both Google's and the NSA's responses to the revelations.

I'm not able to accept the whole "trust us, everything was circuitously legal so there's nothing to worry about" excuse.


"How is it possible to feel comfortable with Google's answers when you consider that companies are forbidden from disclosing some information?"

Because you are implicitly claiming that not a single VP, SVP, well known person, etc, would be ethical enough to quit over this if Google had done it wrong. Given who those people are, it seems far fetched.


I hope you're right. That is certainly what I thought before the Snowden revelations. To date I don't think Google has offered sufficient transparency into the process to adequately restore trust. If the NSA (via secret laws or dictums) is preventing this from happening, it is at the expense of Google's reputation.

Further, the recent revelations that the NSA deploys agents as employees of various tech companies (like Google) indicates that Google's internal security processes have been breached and the careful (and likely reasonable) way that cooperation with law enforcement has been crafted may be largely irrelevant.

The above may be wild speculation, and I hope it's incorrect. But considering the Snowden revelations I don't think Google has done enough to make a person or firm that explicitly didn't want the NSA to have access to data its feel comfortable using Google's network and services to store/transmit it.

And, since Google's core business is ads, Google has designed its own systems so that data from any Google service (analytics, dns, gmail, doubleclick) can be used for targeting and behavioral profiling. The scope of it is really quite impressive. Thus I think it's sobering to think about all the data being readily available to the NSA, as Snowden suggests it is.


You are unlikely to find anyone at management level who feels so strongly opposed to lawful government surveillance that he'd risk his personal freedom over it.


> You cannot prevent that some entity will have private data about you, once you start using mainstream online services whose focus is on mainstream issues like ease of use, portability of data and seamless access from multiple devices.

You could encrypt the data locally before sending it to the server. You might also question whether this model of computing is in fact sensible. There are at least partial alternatives, for instance holding all data locally on a smartphone, and then plugging that in to use as a desktop, tablet etc. We should be asking whether the advantages of the Google model outweigh its (significant) disadvantages.


We should definitely ask those questions.

In fact it would probably be a good idea for Google to proactively report/describe some of the technical tradeoffs they have made when it is related to privacy.

Because what most people do is judge based on incomplete information - and Google has more and more problems with its public perception.

Regarding the idea of encrypting all data (I believe you mean that not even Google should be able to decrypt it) before sending it to the servers I see some issues, but my views on cryptography are probably pretty naive.

1) There are laws that force them to hand over data to governments when courts order it - I do not know if they would get away with only turning over encrypted data.

2) They also have business goals - like increasing ad revenue by matching ads to the personal preferences of its users.

3) They have social interactions in most of their products - I don't know how this could work with total encryption.

4) There are certainly some usability tradeoffs to make - like how many times does a user have to enter a password to access his data.


> Just out of curiosity, how would we know even if a secret was let out to, say, the NSA

And the smartest thing to do, whether you are the NSA or some other foreign government or any entity that holds that information, is to keep quiet about it. The less others know that you know something, the more power you have.

For that reason, it is unlikely that we will see these powers used by the NSA, or other government. It is in their best interest to hold on to that data as secretly as possible and as restrictively as possible, to avoid the chance of others getting a hold of the data. Snowden if anything has only given the NSA and all others who hold the information that we do not know about reason to be careful open even mentioning that they have the data, to anyone.


> For that reason, it is unlikely that we will see these powers used by the NSA, or other government.

The "parallel construction" mentioned above is how they do use these powers while obscuring the use of these secrets.


> "As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again."

I used to think this but now I'm not so sure. With the way services like FB and others slowly change settings, Sony gets hacked and other data breaches, news about govt spying etc, I wonder whether the mass public is suffering from Learned Helplessness [1]. After all, what alternatives do most people really have?

[1] http://en.m.wikipedia.org/wiki/Learned_helplessness


From http://gawker.com/5637234/gcreep-google-engineer-stalked-tee.... >In at least four cases, Barksdale spied on minors' Google accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-year-old boy who he'd befriended, Barksdale tapped into call logs from Google Voice, Google's Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid's account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her. In other cases involving teens of both sexes, Barksdale exhibited a similar pattern of aggressively violating others' privacy, according to our source. He accessed contact lists and chat transcripts, and in one case quoted from an IM that he'd looked up behind the person's back. (He later apologized to one for retrieving the information without her knowledge.) In another incident, Barksdale unblocked himself from a Gtalk buddy list even though the teen in question had taken steps to cut communications with the Google engineer.

I guess there are similar incidents happening at almost all cloud providers, but even if detected by the company, we don't hear about them because they're really bad PR. All they come up with is, "trust us, things are secured". And no one cares anyway because Gmail, Docs and Outlook.com are slick and convenient.


In any organization of Google's size, there are bound to be a few bad apples. The organization can still see that as totally wrong and do its best to remove them, whether out of professional integrity or simple self-preservation instinct.

This happens in major, respected newspapers. It happens in an extremely disciplined and well-trained superpower's military. Small town telephone operators were sometimes known to spy on the communications of people they knew, and post office workers would sometimes gossip about postal metadata. Organizations can still have integrity (ok, well, maybe not telecoms) when there are a handful of swiftly punished incidents. I'd be concerned if there was a culture of disregard for privacy or a lack of internal controls, unrestricted access for everyone (Barksdale was a Site Reliability Engineer with a legitimate need to access production data, I believe), or no punishment, but this case doesn't invalidate Google's products.


Wish I had more upvotes.


I agree that it's unlikely Google as a whole would decide to read/use confidential data. on the other hand, the idea that someone w/in Google might abuse their position is completely plausible.

if we know that people at the NSA were passing around phone sex calls by US troops, do you really want to keep trusting that no-one at Google will ever do anything problematic w/ yr data?

edit: to be clear, I use Google services all the time & store a lot of confidential data w/ them. but there need to be institutional (whether at Google or outside it) safeguards that go beyond trusting a company as a whole to always behave in a way compatible w/ its own rational self-interest.


Given that Google has a VC arm, I am stunned every time I run into a VC who uses gmail and other google-hosted services as part of their business. They are handing their competition an enormous chunk of their business proprietary information and trusting them not to peek at it without even a contract.

To me, that level of naivety with respect to operational security is just baffling. All it takes is one unscrupulous person in the right place at Google and those convenient, "free" services could end up costing millions. It isn't like the people in the finance industry have a reputation for being upstandingly moral either.


For this to be a worry, every person up both branches of a very large hierarchical organization tree--all the way up to where a Google Ventures employee and a Gmail developer both report to the same person--would have to agree to it.

Google Ventures, no matter how spectacularly they might do as VCs, will always be several orders of magnitude less important to Google than Gmail. Google Ventures invests $300 million per year. Say they are always, every year, one of the top VCs so they--every year--deliver 3x on the money invested a few years before. They are still delivering less than $1 billion, less than 2% of Google's revenue.

In reality, it will probably be more like 1%, plus or minus 4%. And also, in reality, it won't be considered revenue, it will be Extraordinary Gains from Non-operational Events, or some such accounting gibberish, and nobody on Wall Street will give them any credit for it.


For this to be a worry, every person up both branches of a very large hierarchical organization tree--all the way up to where a Google Ventures employee and a Gmail developer both report to the same person--would have to agree to it.

That's ridiculous. The risk isn't institutionalized abuse, the threat is an unscrupulous guy in the Ventures group who has a buddy who works in the gmail (or other) groups. Calls him up one night and says, "Can you do me a big favor? Check out so-and-so and see what he's working on."

It isn't about Google's bottom line on wall street, it is about an individual abusing access to further his own career.


You make the false assumption that people in different divisions of a very large company would be more likely to help each other outside of the corporate reward structure than they would be to help someone outside the company, who they might just happen to have personal or social obligations to.

If there were an unscrupulous person in the gmail group, he would be more likely to break company policy (and, I think, the law) with someone who does not work for Google than with someone who does, unless it were motivated by someone up the chain at Google itself.

Saying that someone at Gmail is sharing your secrets may be a worry. That they would share them with Google Ventures is far less likely than that they would share them with someone else entirely. And frankly, if someone were to try to profit from stolen information, they'd be looking at hedge fund manager emails and investment banker emails. The very slight edge you might get from seeing some VC's email is worth less than a cup of coffee at Starbucks, if you risk-adjust it and discount it back to the present.


You make the false assumption that people in different divisions of a very large company

I'm assuming that people within a company are more likely to know each other and know what areas they work on versus simply "working at google." They have all kinds of opportunities to rub shoulders - previous projects they've worked on together, company social events, even just riding the google bus to work each day.

While outsiders are also a risk, working for the same company substantially increases the opportunities.


"deliver 3x on the money invested a few years before. They are still delivering less than $1 billion, less than 2% of Google's revenue."

That's virtually all profit, not revenue, and WSt would be thrilled. And all you would need a crooked employee to do that. Maybe a GV partner could approach a SRE...ala http://www.sec.gov/news/press/2011/2011-53.htm

Goldman Sachs and PG board member has been corrupted that way, imagine a lowly engineer that could triple his salary in a heartbeat.


You are correct about the "one unscrupulous person" but VCs are hardly significant when you consider other options.

Every single aspect of business and government is susceptible to NSA snooping. Had I access and the lack of scruples, I'd much rather read selections from Goldman Sachs' gmail than any VC's; similarly I'd much rather listen to Obama's telephone calls than Paul Graham's. I'd much rather make my investments in the futures market based on e-mails from high-ranking officials in the DOD than on those from any social networking VC. I could make more money (or have more influence, etc.) that way.

As you say, it takes only "one unscrupulous person". So how common is unscrupulous behavior among highly-trained and highly-screened sysadmins? My bet, no less than 5 in every 100 would be unscrupulous, at least 1 in 100 would be absolute psychopaths, and possibly 1 in 200 would be unscrupulous enough and have sufficient social/business skills to take it to the bank in a big way (I'm talking serious crime/spying/nation-selling).

There may be "Snowdens" out there that we don't know about - persons who are now selling us (corporations, person, and nations) down the river for a few million dollars.

The NSA has put the nation in a very precarious situation.


> on the other hand, the idea that someone w/in Google might abuse their position is completely plausible.

> if we know that people at the NSA were passing around phone sex calls by US troops, do you really want to keep trusting that no-one at Google will ever do anything problematic w/ yr data?

Already happened: http://gawker.com/5638874/david-barksdale-wasnt-googles-firs...


exactly. fill the most solipsistic company in the world w/ self-exalting geeks & you're bound to get more than a few creeps who don't understand social boundaries.


You should all read "the silicon jungle". It's by an ex-googler, and it's amazing.


All it takes a few, not "Google as a whole."

I am not a fan of Google, but I feel that in Larry Page's era few things are sacred when it comes to making money. Maybe a Googler decides to read some Goldman Sachs' trader emails, or Google in general can sell trend data. Who knows?

They have (IMO) ruined search and destroying any trust in its fairness, yet they are a monopoly, have a lot of goodwill and nothing is happening. So far.


All these secrets have been sent in plaintext between Google data-centres over 'dark fibre' we now suspect the NSA has been wholescale recording.

There are belated efforts by google to encrypt the traffic between its data centres, but its basically too late.


It's not 'dark fibre' if you're using it.


Dark fiber is a fairly well-accepted industry term for fiber that you operate yourself, with your own lasers, as opposed to capacity that you lease from a telco and just provide your bits via serial or whatever.

It has also been considered to be pretty secure against eavesdropping due to multiplexing and just the sheer amount of data that can be shoved down a single long-haul fiber these days (5+ Tb/sec). Unfortunately, that's no longer necessarily true when you're up against an adversary with nation-state resources.


He's just talking about the time between the bits.


Surely that would be half lit.


>Google's business model is based on aggregating that information and gaining value out of the data, mostly in the form of advertising. As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again.

Really? Because from what I've seen, the general public (including companies) would just continue using it without caring.


These are all great points but let us know for God's sake. You trust them, and I sure trust them with a lot of secrets. But they have to ask. I would have no idea if not for Hacker News.

CyanogenMod is on my list.

EDIT: Oh, and "backing up" my contacts without asking me. That made me livid, that's the height of arrogance. And yet I still use Android.


By that logic Google wouldn't encrypt the data between servers, in response to NSA revelations either. Yet, they're doing that. The point is it should at least be secure from outsiders/internal spies.


The author is worried about WiFi passwords? If you trust that your WiFi is secure in general, you're in trouble. WPS is horribly insecure, for example, and that's what most home users use. Most user-chosen passwords are incredibly easy to guess for another. The better thing to do is to assume that your network traffic is always under surveillance (since the NSA is tapping Tier1 network providers), and to encrypt everything, or use network protocols which encrypt everything.

The only thing WiFi passwords are good for is to prevent your neighbors from using your network and using up all of your bandwidth (which would slow down your network access) and preventing drive-by spammers/hackers from doing things which you might then get blamed for.


Yeah and those locks on your doors are a joke! Why are you pretending your home has an expectation of privacy? So dumb! Of COURSE anybody can just come into your house any time they want.


Most people aren't even wearing bullet-proof helmets when they sit next to a window leaving them totally vulnerable to snipers. They get what they deserve.


Not sure if you were joking, but you are right:

http://en.wikipedia.org/wiki/Lock_bumping


That, and good ol' violence.


He isn't advising you don't need to lock your house because the locks are insecure. He's just pointing out that you probably shouldn't lose sleep over if someone can break in or not, especially when windows are easily broken.


In general, home locks aren't to keep people out. They're to keep people honest. For everything else there's insurance.


Precisely. And much like burglars, people trying to access your WiFi fall broadly into two groups; those who want to access any of the WiFi in the area and those that want access to your specific WiFi. My guess is that in the vast majority of cases it's the former and as long as your 'locks' are better than your neighbours you'll be fine. However if it's the later, then just like burglary you've entered a whole new problem space.


Honestly, I use WEP encryption because I know that WiFi security is a house of cards in general. As you've said, it's enough to prevent the typical user from leeching bandwidth.

The nice thing about using WEP is that if someone does end up using my network for something nefarious and I end up holding the bag for it, I (or an expert witness) can point out that WEP is known to be vulnerable in court giving me an out.


- Until they link this post back to you, and argue that you knowingly weakened your security.

- Until they argue that the default encryption level on routers now is WPA/WPA2, so by enabling WEP you were actively lowering the security level.

- Until they argue that your technical background means that you should have known better that WEP is crackable.


That's all well and good, but I have still not given authorization for the use of my network to the malicious user. An open network invites legal dispute as to whether the lack of encryption constitutes implicit permission to use the network [1]. By having encryption, even if easily cracked, I have let the malicious user that they are not welcome on my network and have absolved myself of any responsibility for their actions.

Following your reasoning, my background means that I should know that I shouldn't have a wireless network at all. There are vulnerabilities for just about any method I would use to secure a wireless network.

My important stuff is firewalled within the network. I use WEP because it's the easiest way to give network access to folks I've authorized to use my network while still letting unauthorized users know they're not welcome.

[1]: http://en.wikipedia.org/wiki/Legality_of_piggybacking


> Following your reasoning, my background means that I should know that I shouldn't have a wireless network at all.

It would be argued that you should have taken 'reasonable' measures to prevent unauthorized access. It could then be argued that using WEP is not reasonable, especially it you know it is easily crackable.


Should we lock our doors with bank-vault locks, since we know how easily most common door locks are picked? The fact that an attacker would have to actively bypass the security should be enough for legal purposes. It is not like an attacker could accidentally crack a WEP-protected network and not know they were doing it.


No, nor should we uninstall the default deadbolt that comes with the house and replace it with a simple gate-style lock (you know, the kind you can reach over and unhook).

We should use the default standard method of locking our doors. And our Wi-Fi access points.


Except he's enabled WEP because it's "more convenient" for him. It's still a strong signal that he doesn't want outsiders on the network.

A better door analogy is replacing the deadbolt with a slightly crappier one that unlocks whenever you're in bluetooth range (for "convenience"). Just because the system is "easily broken into" doesn't mean that you're not "breaking and entering" when you break the security and enter the house.


Incidentally, most deadbolts are ridiculously easy to pick. I can get into my front door deadbolt in about a minute with a multitool and a safety pin bent into the shape of a pick with said multitool [1]. Unless you've upgraded your typical run-of-the-mill deadbolt to one with mushroom, spool, or serrated pins [2] it will take roughly the same effort. Those higher-security locks typically run over a hundred bucks and as such aren't what most house builders would put in a front door.

[1]: http://www.crypto.com/papers/notes/picking/

[2]: http://www.lockwiki.com/index.php/Security_pin


Unfortunately, I have had to enable WEP a few times for certain OS / network card / router configurations, so there are or can be compelling reasons to do this. Pretty sure it was XP though my wife's XP box is working fine with WPA2 on my current router.

However, I try to treat even my home WIFI as if it were a coffee shop. The password is there to keep leechers out, but I still vpn into a more secure location for some tasks, use SSL when connecting to sensitive services, and keep my ports locked down.


You may find sshuttle interesting [1]. It's essentially VPN implemented via SSH tunnel.

[1]: https://github.com/apenwarr/sshuttle


The one annoying thing is that you can't do selectively do DNS over the VPN, but that's really only useful when you want to separate work / personal on the same machine at the same time.


Buy a Nintendo DS Lite, some prefer the form factor to the newer models :)


That does not make much sense. You're being paranoid and actively helpless.

WPA2 is in fact quite secure if you're careful about your passkey and who you give it to.


i'd like you to come and crack my WPA2 password. its not because wifi has had various bad issues, that current wifis with a proper configuration aren't secure.

Heck, in many countries, wifi routers actually use WPA2 with a pregenerated shared key, which is a good 24 chars long and fully random. Incredibly easy to guess or crack! (its very, very hard to crack.)


Your analysis is spot on. My first assumption on reading this was, "What does it matter?" I think the starting assumption for everything online is, "This will be read by someone other than it's intended audience until proven otherwise." This is doubly true for Wifi.


Do you have a citation for that claim about WPS and home users?

While it certainly could be the crowd I hang out with (not all of which are techies, mind you), but I've never met anyone who uses WPS.


"In December 2011, researcher Stefan Viehböck reported a design and implementation flaw that makes brute-force attacks against PIN-based WPS feasible to perform on WPS-enabled Wi-Fi networks. A successful attack on WPS allows unauthorized parties to gain access to the network. The only effective workaround is to disable WPS.[4]"

- http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Security

[4] http://www.kb.cert.org/vuls/id/723755


WPS is enabled by default on practically every wifi router sold in the last 7ish years.


My buddy, who does security research, tells me that on stock firmwares of a lot of routers WPS is turned on and can not be turned off. He claimed that he encountered several routers where after turning off WPS in the settings he was still able to use WPS vulnerability to crack the key. He thinks it has to do with the setting not being fully applied, as in, the check mark changes, but nothing happens on the backend.

Mind you, I think with open source firmware like TomatoUSB and good password you should be good.


Well, not on mine, and it's a somewhat common one (Fritz!Box) in northwest Europe.


Isn't it about time we get new security standards for Wi-Fi? Is there anything in the works right now to replace WPA2?


There's nothing seriously wrong with WPA2 itself. I'd consider it as secure as pretty much anything else out there that uses 128bit AES (given that your key exchange is secure of course - read on below).

The problem is with the PSK variety, mainly that it's susceptible to offline dictionary attack: about 5% of actual WPA2-PSKs can be easily guessed [1].

There is stuff in the works to fix this though. My favorite is EAP-PWD [2]. It's resistant to offline dictionary attacks, it has perfect forward secrecy and it's already supported by Android. Basically, it's what WPA2-PSK should have been.

In the mean time, if you're security conscious just set a long random PSK or configure e.g. EAP-TLS. Both will give you strong security against pretty much any attacker.

1. http://wpa.darkircop.org/

2. http://tools.ietf.org/html/rfc5931


Is there a way to authenticate that you are connecting to your AP?


Yes, check out the many variations of the EAP and PEAP authentication protocols. Client authenticates the access point by its certificate, client gets authenticated by his/her client certificate. While some combinations have some flaws, like MSCHAPv2 may have too short keys for instance, there are others that I consider quite solid.

http://en.wikipedia.org/wiki/Extensible_Authentication_Proto...

EDIT: Sorry for having repeated some of the stuff bjornsing already said. Should read through more carefully before rushing to comment, I guess.


Yes, and even WPA-PSK (with a strong pass phrase) has trustworthy mutual authentication: your device will (or should) not connect to a rouge AP that doesn't know the PSK.


The problem isn't limited to WPA2. As far as I know, in and of itself it's actually fairly secure.

Most of the problem is that passwords are either easy for computers to crack or hard for humans to remember. The middle ground has disappeared as computational power has increased.


> passwords are either easy for computers to crack or hard for humans to remember

Obligatory xkcd comic: https://xkcd.com/936/


I loathe whenever people post that comic for one simple reason.

Although mathematically the password given in the comic has a higher entropy and would take more time to crack under normal circumstances, the problem is that it follows a very simple and easily describable pattern: smash (four) dictionary words together into a combination.

Crackers will simply start using wordlist rules to generate large lists of meshed together dictionary words and use them if they have good reason to believe you're using this pattern (pretty sure it's simple with tools like Crunch). Whether they'll guess the proper order is unknown, but as with any other case people will use certain permutations and combinations more than others.


The point is you're supposed to use truly random word combinations since those are at least memorable.

  $ wc -l /usr/share/dict/words
  119095
  $ python -c 'print(119095 ** 4)'
  201175048646341950625
  $ python -c 'print(85 ** 10)'
  19687440434072265625
So, even if your target is known to be using this scheme in pure form, this has more entropy than a completely random 10-digit password (assuming ~85 characters) -- and who would actually be using such a thing, except someone using a password management program - who could just as easily be using a 20-character random password?

So even if it becomes known, it's an improvement on what users are doing now.


Can never turn down an opportunity for a one-liner.

  $ perl -E 'open(my $fh, "<", "/usr/share/dict/words"); my @words = map {chomp; $_} <$fh>; close $fh; say join " ", map {$words[int rand @words]} 1..4'
  menu chemists administrative seeps
Might have to run it a couple of times before you get something that you can memorize.


You shouldn't use a non-cryptographically secure random number generator (perl's rand) in the context of password generation. It's too risky.


Ew.

    shuf -n 4 /usr/share/dict/words | tr -dc 'A-Za-z0-9'


You can use a dictionary of the most common 10000 words, you'd still have loads of entropy.


The whole point of the comic is that even with that known "simple pattern," you still get higher entropy than a normal password.

Obviously a random 64 character string would beat either of them, but if you're expecting a human to memorize a password, correct horse battery staple is clearly preferable.


I think you've missed the point.

There are more possible permutations of four words than permutations of 10 upper/lowercase letters, digits, and common symbols. The four random word approach is harder to crack.


I also add digits, some punctuation, a misspelling or two and the words are not in English. Oh, and I've got different passwords everywhere.


apriorixWasxTotallyxWrongxAboutxThis

is a really good password that people can remember easily.


Added to dictionary.


snap!


Fortunately, it is entirely unnecessary to remember your Wifi password (provided that you trust your devices…).

Create a near-random 63 char password, put it in a text file on a USB key and possibly print it out as a QR code and you’ll never have to worry about either entering it by hand or it getting cracked by that strange kid across the street.


until you buy an apple TV (and don't want to cable it). Fun ensues.


I use a random 63 character WPA2 password, and my solution was to cable it initially, and then set up the WiFi password using the iPhone remote app.


And if all else fails, entering 63 characters is not really that hard either (unless the Apple TV has one of these weird on-screen letter-choosing wheels you sometimes encounter in videogame consoles and the like).


Oh god, yes it is. Especially when you realize halfway through that the iPad cannot type "`".

(You can copy and paste it, though.)


Or Roku or a nest... Tons of devices use wifi but lack cameras or copy/paste.


The best human rememberable password is 4-5 words from a dictionary + a special character. Assuming that most people have roughly 20k words vocabulary and that most keyboards can type easily say 60 characters, you get 20,000^460 or 9.610^18 passwords. This means that if you were to crack at a rate of one billion (with a b) passwords per second (unrealistic) you would still take on average of 9,000 years or 18,000 years maximum.


If a person is choosing the words, they aren't going to be uniformly chosen from the list. For example, I'd be willing to bet "monkey" is much more common in passwords than "contacted" even though both words are probably known by about the same number of people.


Even so, of you assume that average person knows 20k words but would only use about 2,000 words in day to day life, and thus in his or her password. That still means that at one billion passwords per second (which is completely unrealistic, unless you are NSA) it would take 1.8 years to crack the password. Who would invest that much time and electricity into a wifi password, unless, again, you are the NSA :)


WPA2 is fine for what it's intended, provided you're using a long random key, otherwise the number of key-strengthening iterations could use some beefing up.

There are a few problems with all PSK schemes that make internal attacks problematic. Anyone who sniffs your initial handshake and knows the master PSK can read your traffic. There's a lack of mutual authentication. Having a scheme where each device registers its own password with the AP would probably be better.

Other than that, it's generally a good solution, why do you feel it needs replacing?


WPA2 is probably ok with a long passwor(d|phrase). The problem is nto WPA2 per se but another bundled technology in many rounters. WPS -- that is crack-able very easily. Many routers that even say they disable it don't really do it.

Search for it there is a list of routers that are better than others. With WPA+WPS we are mostly back to WEP days where any kid with a laptop and some googling skills can get access to many wireless networks.


Your WiFi password is only useful for someone who is within 100 feet of your house. If you have federal agents surveilling you from 100 feet away you have way bigger problems than your WiFi password.


Actually its from further away than that with a high gain directional antenna (I've hit WiFi hot spots about a mile distant using same) but the point is that they can do this from outside your property. You would probably know if someone was in your house but you'd be hard pressed to notice a Yagi antenna pointed at your window from across the street or down the block a bit.

That said, I read the article more as 'yet another reason this whole compelling third parties is an issue' sorts of reasoning as opposed to this is some new threat that we didn't know about. The author points out it has been covered in lots of places. The argument is that more for the folks who aren't thinking they are affected by this because they aren't dissidents or people of interest (yet).


For those wondering this looks like the antenna I have : http://www.ccrane.com/antennas/wifi-antennas/point-to-point-... and we use it for its "intended" purpose which is getting on to the wifi of the camp host at a camp ground :-)


And similar performance can be had from a 46oz can of soup or chili (retail value: $1.59), with a 1.25" wire sticking through about 1.25" away from the back end, as the antenna for a wifi adapter. #cantenna


People who think the cantenna is a good design need to go back to school.


Source: http://en.wikipedia.org/wiki/Cantenna

Quote: "The typical gain for this kind of antenna in the 2.4 GHz Wi-Fi band is about 10 dB."

The gain over a baseline quarter-wave ground-plane antenna obviously comes from the device's directionality.

So define "good design". If you mean an optimal design at any cost, of course not. If you mean clever use of readily available materials, it's a great design.


In OpenWrt there is a "Distance Optimization" field, described, "Distance to farthest network member in meters." I would guess this allows some assumptions about the raw timing of transmission through the air, which no antenna could overcome. However, since it's just called an optimization, not a security feature, I'm not sure of the actual effect. Do you know if this really changes your long-range scenario?

For my specific setup, it's something of a moot point. With my home office and router at the front of the house, a distance enough to include the back yard will also include a fair chuck of the street. It may be close enough that I'd notice the suspicious vehicle, though.


It's only available in madwifi. It depends on power/gain/antenna...

http://madwifi-project.org/wiki/UserDocs/LongDistance


>Actually its from further away than that with a high gain directional antenna

The idea that the parent poster was trying to point out is that at the point the feds are within 100 ft of your house in a truck or 1000 yards but targeting your house with an antenna, they'll find a way. How secure your Wifi password is irrelevant. At that point they've probably tapped your phones.


Yes, my point was that if you are being specifically targeted there's really nothing you can do to stop it.


Especially if that Yagi antenna is on the other side of an RF-transparent wall (most walls are).


Most walls are not RF transparent, though they don't offer much pan loss, there is some.


While I don't like at all the idea of government surveillance without court order, I find the idea of corporate surveillance even more horrifying.

Actually, this is what amuses me in the whole privacy affair. So a bunch of companies were using and abusing your data to target ads at you and shape your news stream so that it's more addictive, and people were cheering. A government (still mostly democratic, though not from my non-US perspective) is revealed to snoop on people illegally and people rage. I don't actually question the rage – but I see the complacent acceptance of the private companies using the same data as amusing.

A large part (not whole, though) of what NSA does is taking your stuff from the place it already shouldn't have been. We're complaining about a fireplace in a burning forest.


I dont really see your logic, Gubment can put you in prison, take your rights away, companies targeting ads can't. It makes sense that one would be outraged at the former.


It's spelt "government". Spelling it "Gubment" doesn't suddenly turn everyone who's reading your comment against the notion of an elected democracy, it just makes you look stupid.

And the reason that it's much scarier if private companies abuse privacy than if the government does it, is that you yourself decide who the government is. You don't get that right wrt a private company.


If we're getting cranky about spelling, it's "spelled". Spelt is an ancient variety of wheat.

"Gubment" is pretty silly, though.


As long as we're continuing to be cranky about spelling, "spelt" is a perfectly valid British spelling of the past participle of spell.


Yeah, but you guys went and replaced the perfectly cromulent "aluminum" with "aluminium", so already I am suspicious.


aluminum sounds illiterate


Laughing My Ass Off


Spelt is the correct spelling in British English (and most of the commonwealth). There is a vast world outside the US too.

http://books.google.com/ngrams/graph?content=SPELT%2BSpelt%2...


I was partially taught by British teachers (I still can't spell 'neighbour' without a 'u' and my 'colour' waffles fairly evenly with and without it). I just can't keep track of every variation, sorry.


I dunno, is an intentional phonetically accurate representation of dialect rather than being a mispelling, a bit like Yorkshire's t'internet.


not really. everyone involved in the NSA scandal is not elected.

from the people that authorizes budget, to the contractors in hawaii reading your info, to the agents in CIA/FBI building evidence against you, to the cops arresting you...

not a single one is your representative. Your only representatives are all in the same dark as you are.


The government charters and governs companies so if companies are out of control who do you blame?


Sure, but the government is subject to popular pressures. They can't imprison or otherwise hassle even a substantial fraction of the population in any meaningful way. Corporations are not subject to popular pressure. They can hassle millions of Americans and get away with it.

As a practical matter, you have a lot more to fear from corporations misusing your private data to deny you jobs, mess up your credit, etc, than you do from government misusing your private data to shut down your anarchist political movement.


I think the TSA and no fly list counts as rather large scale hassling. IMO the real problem is it's much harder to fight the government than corporations.


In the short run, maybe. In the long run, no, no, no.

It is hopeless to expect the gov't to not do whatever corporations commonly get away with.

Once the corporations do it, the information in question becomes private property. Now all the gov't has to do is persuade the corporation to hand over or "sell" some little nuggets of their private property. As it is private property that is not yours, it is none of your business in the eyes of the law whether these nuggets of private property are dizzyingly complete records about you.


Who funds our lawmakers and elected officials? Who bribes their way into regulatory agencies so that these agencies promote business interests over interests of the people and country at large? Who's got the revolving door between private enterprise and public office?

Large business, owned by very rich people. Without campaign contribution limitations and regulation, the voice of people is drowned out by the flow of money. We're about the least regulated in that respect in about a century.


Companies are likely "interested" in a group of people that are not traditionally commonly seen as targets by the government. I'm thinking specifically of middle-class law-abiding citizens who just happen to be tech workers at a rival company.


Compainies can do the same harm as government. Individuals can do the same harm as government. But a restriction applies to them all... they get in trouble with society if they do.


current government is irrelevant. The data captured now will exist likely forever. If at any point there's a new leader who wants to wipe out a race, he'll have much easier time than checking everyone's papers.

I don't mind getting targeted ads, I prefer them to spam ads.


If all things are equal, then I too prefer targeted ads to non-targeted ads (I'm not going along with the "spam ads" labelling because all ads are spam). However, if it's a choice between a company having all my private data and sending me targeted ads, and the opposite of each, I tend to lean towards the latter.


Interestingly, here in Germany, the "average person" was much more concerned about data collection by Facebook and Google than by governments. (We even had a heated debate about Google Streetview in the mainstream press.)

Then the NSA/GCHQ/BND scandal hit and (at least as far as I can tell) now completely overshadows that former concern.


I think most of your repliers are forgetting about Blackwater. (/tinfoil-hat)


Who is paying them and giving out assignments?


I'd like to point out that Google also has devices that they control within 100 feet of almost every WiFi hotspot in the world.


What?


He's probably talking about Android.


It's basically true, though. Google install arbitrary Android apps on nearly any Android phone without user interaction.

Source: If you log in to https://play.google.com from a desktop computer, you can install apps on your phone. You get the permissions dialog on the website (on your desktop computer), not on your phone.


Also, if you have the Google Play Store then you have Google Play Services which auto-updates without user interaction or notification and has almost unrestricted access to the device.


Well, good thing that we have Android Police and their teardowns acting as a control, that way they'll spot something when Google pushes an NSA trojan to Play Services. /s?


> Google install arbitrary Android apps on nearly any Android phone without user interaction.

How they install them?


I like that, downvotes but not a single explanation about how the hell google can install arbitrary programs without user interaction.


Some wifi routers have Internet facing management interfaces that use the same password as the wifi network.

Your curt response oversimplifies the situation to the point where an uninformed reader could mistakenly believe the situation has no impact. Your comment should be read in the light of an engineer not only completely missing the point, but an example of the danger of this type of engineering analysis.

Minor technical decisions that "make sense" sometimes have severe technical repercussions.


I used to get my wifi from over 2 kilometers away with a satellite dish and a usb dongle.


Aren't most wi-fi networks trivial to crack anyway?


Probably not, even for inexperienced users. WEP was flawed but it's been rolled out already and most ISPs configure routers with proper WPA-PSK and long passphrases.


That depends on the router and configuration. There's a flaw in WPS that makes it possible to quickly crack a router that has it enabled, even if it's using WPA/WPA2.


Wow. I was curious what flaw you were talking about... It seriously verifies the first 4 digits? That deserves a face palm.


Yeah, reporting the two halves separately is extremely bizarre. It's like they bent over backwards specifically to add a security flaw for no obvious reason. It's surprising that nobody noticed it before it was standardized and shipped.


http://www.neowin.net/news/the-wps-wifi-protected-setup-flaw...

(Quick search, seems a good explanation, if anyone else is curious.)


That's almost like in the movies, where the system always seems to verify each digit individually, thus making any code trivial to crack.


wondered this as well. I've heard numerous time that there are super simple programs out there that give you the password within minutes. No idea if there is any truth in it though.


For WEP this is true, for WPA/WPA2 without WPS it is much harder. WPA2 uses PBKDF2 with 4096 iterations of HMAC-SHA1, this is a rather slow algorithm.

On (http://hashcat.net/oclhashcat-plus/) you can find some values on how slow it is. The same computer can crack 7 billion md5 hash per seconds, but it can barely do 181 thousand WPA2 password per second.

At this speed you would need more than 200 days just to crack a 7 letter password only using a-zA-Z0-9. And more than 38 years to crack an 8 letter password. If your password is a word or derivation of a word, you can obviously get it much faster with a dictionary attack.


The WPS flaw has been patched in a bunch of routers however the program Reaver was able to exploit it rather quickly.


I wish! My wifi password at work is useful over a much larger area. It is also the login password for my email, the course management system I use when teaching, and pretty much everything else job related. I work at a university "powering silicon valley." You would think they might be a little more careful about things like that...


In general, I agree that distance is a factor. However, the range at which signals can be intercepted is substantially greater and repeating and recording equipment also comes into play.

As do actors other than Federal agents.


I always thought of this as a feature, and a good feature when your phone is reset.


House? What about in a large office building in NYC?


Funny story:

I was once visiting my friends house in the English midlands. I had been there once before, but this time I had to find the way there myself.

I managed to get the entire way to his street, but then I realized that I had forgotten his house number. He didn't pick up his phone, and I didn't want to knock on every door on the road. I was lost.

Then I realized that the previous time I had visited, I had logged on his wifi. It was from a different phone, but with Google's sync all my old wifi passwords had been synced. I didn't remember the name he had given it, but I could walk along the road until I suddenly connected.

Saved the night.


This very same point could be made against Apple, for instance, but there hasn't been a single comment to that effect in any discussion of this article.

I wonder if all of this recent Google-bashing is really just a symptom of something larger. People are suddenly waking up to the obvious-in-hindsight realization that simply giving their data to a third party involves a certain amount of trust.

The reason people don't seem to be ganging up on Facebook, Apple, etc. in a similar way is because they never really earned that faith. Take Facebook: from the very start their founder was known to consider their users "dumb fucks" for entrusting him with their privacy.

In my opinion, the fact that Google went out of their to, and generally succeeded at earning that trust is a good sign. It shows they take the matter seriously.

All American companies operate under the same rules. If you've taken the position that all American companies are not to be trusted, fine. But if you haven't, wouldn't Google's history make them one of the more trustworthy ones?


No, the same point can't be made against Apple.

Apple encrypt WiFi passwords and never store them in plain text – not on their servers and not on the device. The encryption requires your login password to decrypt which Apple also don't store in plain text on their servers (although it is accessible on the device if you don't use a PIN or password, it is not backed up to iCloud).

The reason why this allegation is levelled against Google: they don't encrypt backups and they don't encrypt WiFi passwords on the device.

A little more specifically about iOS WiFi passwords: the Keychain (which is where WiFi passwords are backed up on iOS and the Mac) is AES encrypted and requires your login password (or your Apple ID password) to decrypt. Unless Apple is also stealing plain text versions of your login passwords (there's no indication that they are) then it is not possible for Apple to read your WiFi password. Yes, theoretically, they could steal your Apple ID password too but there's no indication that they do (and they've talked about the exact security on Apple IDs following the developer.apple.com breach recently).


If you lose your Apple ID password and reset it, are all your WiFi passwords gone?


That depends on the meaning of "reset". If you create a new password for the same user ID, then no -- the stored WiFi passwords are retained. If you create a new user ID and password, then yes.


OK so in the case of a "normal" lost password then how is it that it's safe on Apple's servers? That is, if it's not encrypted with a key derived from your password, then Apple can still decrypt.


> OK so in the case of a "normal" lost password then how is it that it's safe on Apple's servers?

In a word, it isn't. The new password is no more nor less safe than the old one. Or are you asking about the data, not the password? Pretty much the same answer.


OK, so Apple is in the same boat as Google. If you can reset your password and still access your data, then it wasn't encrypted in any meaningful way.


Actually, your passwords are gone if Apple resets your Apple ID.

If Apple resets your Apple ID password and you restart your device (remember: the Apple ID is kept decrypted in RAM while the device is running), you lose the entire keychain and must re-enter all passwords.


Although both are American companies operating under the same rules, there is a fundamental difference between Apple and Google's business models.

Apple makes its money from selling you new hardware every year or two - they need to make you lust after slick, shiny things every keynote.

Google makes its money from knowing about you, mining that data and converting that into advertising clicks - they need to collect as much information about you as possible.

Which means that the same pieces of data have different value to the two companies.

(Of course, Facebook follows a similar model to Google)


> "The reason people don't seem to be ganging up on Facebook, Apple, etc. in a similar way is because they never really earned that faith. Take Facebook: from the very start their founder was known to consider their users "dumb fucks" for entrusting him with their privacy."

Not really. We only learned of FB's attitude to privacy when they started changing defaults and were being sued by the Winklevoss bros. Otherwise, we may never have known what he thought of his early users.

Apple never claimed "Don't be evil" as a motto and they do appear to care more about security. There is encryption in some of their products (even though they can likely still gain access - a point that is made in the article). Arguably, they've done more than Google to demonstrate that they care about my data.


> This very same point could be made against Apple, for instance, but there hasn't been a single comment to that effect in any discussion of this article.

See a couple of months ago (the context is iMessages but the level of implicit trust is the same): https://news.ycombinator.com/item?id=5943778


Acknowledged. I still argue that Google's getting more than its fair share of abuse, though.


Fair share? Abuse? It is a criticism made against a corporation. It deserves scrutiny and a critical eye whenever it fails, regardless of what it's competitors do.

I hate to say it because I abhor the word, but this reeks of fanboyism.


Security is about tradeoffs. How bad would it be if someone else got this information? How helpful is it to me to give it to this third party? Wireless passwords are a huge pain: visit someone's house, ask them for their password, and then feel guilty while they look through various papers to find a long string of hex digits which are so annoying to enter on the phone. This pain makes the tradeoff well worth if for me (and I suspect for nearly everyone) when balanced against the low risk of Google doing something nasty with the saved passwords.

(Disclaimer: I work for Google, but if I had an iPhone I'd want the same functionality.)


QR codes could make entering secure keys in to mobile devices easier. Variations of Wi-Fi quick set-up can also be made reasonably secure, implementations just suck.


In a world of unlimited bandwidth, I'd prefer to leave my wi-fi open (I won't live in fear of terrorists war-driving on my specific block), but I saw this framed QR code for wi-fi password idea on Pinterest: http://www.apartmenttherapy.com/share-your-wifi-password-wit...


Are wifi passwords considered a security issue? I treat it the same way as a flimsy lock on a garden shed - I'd prefer both the shed and wifi to be open, but there's a formal "lock" to keep out teenage pranksters and drunks.


Google having all the WIFI passwords is about as worrying as a government having a 3 day cache of everything - not very worrying unless they do stuff with it.

Since Google has misused access to WIFI hotspots to slurp data it's a little bit more worrying.

Since it's probably personal information it's also probably covered by data protection laws in some countries.


Why is google having my Wifi password a bad thing? I'd be happy to let EVERYONE have it, and the only thing I fear is neighbour teenagers overloading the connection with torrents so that it's not usable for me.

As long as I expect them not to overload my wifi too much, I'm perfectly happy with google or FBI or KGB or friends or random strangers to use have that wifi password.

If wifi routers were good at traffic shaping / quality of service tech, I'd put no passwords at all on wifi devices - if a neighbour wants to browse some web, then it's a good deed to make it easier.


> Why is google having my Wifi password a bad thing?

I don't think it is a bad thing. It's about as bad as them having "All the IP addresses" - (http://blort.org/~kgasso/images/how-to-catch-script-kiddies....) (http://imgur.com/04sMAxd)


I'm unsure, but doesn't WPA2 password knowledge allows to decrypt your traffic? (Possibly with an active attack to re-initiate handshake?)

I.e. someone who knows your password could drive by your home, listen to the air and see what you're doing online.


This isn't the case. The WPA2 handshake involves the computation of a session key for each client, so clients on the network can't read the plaintext of each other's traffic. The session key is established with a nonce generated by the access point as well as the MAC addresses of the access point and client.


Thanks for clarifications.

What I had in mind was the following case: if you disrupt someone's connectivity (jam the channel for some time) and force them to reconnect, having listened to nonces and knowing pre-shared secret, you can calculate PMK (and GTK), or I'm wrong?

(I haven't re-checked the specs, but believe 802.11 headers are unencrypted - only payload is - so MACs are not secret.)


My internet traffic anyways is wide open and can be probably be tapped by giving a beer to a teenage techie in my local ISP ; or going to a router in our attic (last time i was there, it was behind a tiny padlock) where the wires split out to apartments.

If I use https/ssh, then my traffic is safe even if wifi is open; if I don't, then my traffic is unsafe even if WPA2 is used.


What stuff could they do? Log into your AP to torrent Breaking Bad episodes?


Grab some confidential client documents that a not-so-clever employee dropped in their shared folder? Your example is at one end of the scale, my example is at the other end and there's lots between.


If you think your example is on one end of the scale you got too little imagination =)


Or someone else could do something that lands you in trouble... https://news.ycombinator.com/item?id=6358837


when i read the title, i though "really?! how?" then i read the article and realized any time i have restored my android phone, then entered my Google account, it automagically connects to all access points i usually use (home, work, other office, etc)...


But they didn't have to design it in such a way as to share the passwords with google. All your data could be encrypted with your google account's password (or some other secret derived from it) on the device and backed up encrypted. When you enter your account password on a new device, it then downloads the encrypted data and decrypts and restores it. Same user experience without exposing private data.


Do we know that's not happening? The article says "they can decrypt them, given only a Gmail address and password" which implies that it would be encrypted with your password.


The article states that Google has refused to comment on whether the data is encrypted on their servers. So it seems fair to assume it isn't.


No, it is fair to assume nothing without any information.


> Same user experience without exposing private data.

Google also knows your Google account password. If you can decrypt the data using any deterministic function of your Google password, then so can Google, so there's no additional security gained. They probably already store your wifi password encrypted -- it's just when the device asks for it, Google decrypts it and sends it back to you. So in all likelihood, they're already doing what you want.

They could have done it by asking the user to provide a new unique password that would have to be entered on each new device. That would provide additional security as only the device could decrypt the password. However, (a) because such a password would only be used once or twice a year at most, no one would remember it and the whole feature would be useless, and (b) you still have to trust Google to not send the password after the device decrypts it, and if you trust the OS vendor to not backdoor the OS, you might as well trust them to not backdoor their own servers to access the same data.


Google also knows your Google account password. If you can decrypt the data using any deterministic function of your Google password, then so can Google, so there's no additional security gained.

Probably, but not necessarily. All they need to know is the hash of your password. When you set up a new device, it can call out to Google to authenticate without sending a cleartext password (similar to HTTP's Digest auth). Once you've authenticated and retrieved your encrypted settings, the password can be used locally to decrypt the settings. The password never has to leave the device.

If they haven't done it this way (and unless the article's author knows something, I don't think you can tell if they're doing it this way or not from observed behavior) they're either (a) lazy or (b) nefarious. I'm guessing lazy, since that's the reason for most developers who implement poor security... they just don't spend enough time thinking about security of the features they're working on.


With your design, a user with a lost password also loses all their data. While that might be better from a security perspective, I can't remember the last time I used a system that did not keep all my data when I set a new password, without having the old one. Such a thing would annoy many users.


Not all their data, necessarily, just sensitive stuff like passwords.


True, but I was thinking more along the paranoid lines of someone who would think it was a huge scandal that Google might know your wifi password. If you distrust Google enough to be really worried about that, then I'm not sure why you'd trust an Android phone or a Chrome browser to not capture your plaintext password. There are all sorts of ways that Google might have access to your password, but those are a couple of ways in which they must. It's only trust that lets most of us not worry about it.


It's shared with Google as long as Google stores your Google account password as the actual sequence of characters and not as the result of bcrypt processing and as long as the data copied to Google aren't encrypted locally. Local encryption has the effect that as soon as you forget your password, the data stored as the backup are unusable, even you can make Google reset your Google account password.

Security is always a trade-off.


"On an HTC device, the option that gives Google your Wi-Fi password is "Back up my settings"

Evil Google, disguising the 'Can we steal your password button'


For convenience, most people won't opt out of it. Most people won't bother at all. Google employees(or even NSA if you don't do anything illegal) coming to your home/office to use your WiFi is a joke! Only the paranoid ones are perturbed by these kinds of revelations, and they are ready to face the inconvenience caused.

I didn't use last pass until recently when keeping a difficult password on every site became a major pain given that countless numbers of password enforcing rules are there on the web some requiring at least one caps, some enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave up on it. Every damn time I had to reset password on services I use less frequently. But now I don't. Although LastPass claims that they keep the passwords encrypted and they themselves can not read them. But I don't believe them. Login to lastpass.com. Click your vault on top right corner. Click the pencil against any site in the list. Click the 'show' link in front of password field. And your password is staring at you in plain text. And it has been accessed at lastpass.com. Once they start storing master passwords, or once someone cracks their hash you are done with. But there is no simple and easy alternative. To get the job done we need to make these sacrifices.


The encryption/decryption is done client side.

This is a simple version of how it works, your master password isn't sent to lastpass, just an encryption key which is created with your email address and master password. On the website this is done client side with javascript. When you click on the pencil icon, you are reading the decrypted file, which you have decrypted on your own computer, with javascript.


Client-side decoding in a web app is not secure against the host of the web app, because the decryption code can be changed at any time to contain arbitrary backdoors. Lastpass stores the encrypted secret, and they serve the Javascript that decrypts the secret, so they should be assumed to have access to the secret.


who says they need to use wifi. i expect a significant proportion of those passwords are shared with other systems, or may allow access to other corporate services - most likely VPN.


People tend to reuse passwords across multiple services and devices. Stealing their WiFi password is not something they will be comfortable with.


Or, in other words, Google remembers the things that we agree to have it remember.


In contract law, there's a concept called "meeting of the minds". A contract is formed when there has been a meeting of the minds between two parties as to what the deal is, and the parties have taken some concrete action to initiate the deal - often signing something, or shaking hands, or handing over money, or something like that.

The operative question is: when someone signs into a Google account on an Android device, and without any notification whatsoever the device sends his passwords to Google - which is what happens - has there been a meeting of the minds? Are both parties in agreement about what the deal is here?


> when someone signs into a Google account on an Android device, and without any notification whatsoever the device sends his passwords to Google - which is what happens -

Data backup is opt in and there is a pretty screen in the setup to enable it if you want


I believe that there is also the concept of "Let the Buyer Beware". If someone says, which is what the android service does, that it is going to backup your data to the cloud. Not much of a stretch to think of your wifi password as part of that.


> And, although they have never said so directly, it is obvious that Google can read the passwords.

Frustrating then that it's so hard for users to reveal the password being used by their phone to connect to a WIFI hotspot.


What does that mean? "Google knows"? That data exists in a database owned by Google, or that Google actively farms that data and makes use of it?

Are you saying Google's using this for gain, or for any reason? Is there any evidence whatsoever to suggest that this data has ever been accessed by a Google employee ever, for any purpose whatsoever?

Slight tangent, but the difference between "can" and "does" is a vast one I don't think people are getting, with all these privacy issues coming about these days. Here's a scary thought: any person who owns a gun/car/knife/taser/baseball bat can kill someone else with it. They could do it.

Unless it "does" happen, and there's evidence that it happened, they don't get in trouble.

What Google can do is almost endless. What it does do is what matters.


And in addition to that they have the audacity to not make them accessible to the user! No way to look up your own wireless password in your phone, i.e. to tell a guest, thats just ridiculous.


I you root your Android phone, there are apps to do that for you.

But I do agree that it's a form of UI-fail that there is no legitimate way for a user to recover his own passwords.


On (jailbroken) iOS there is an app which displays all saved WIFI passwords. I am sure there are something similar to Androids.


On Android(rooted) we can see all the saved WIFI passwords in /data/misc/wifi/wpa_supplicant.conf file.


Yes if you jailbreak you can do many things. That it requires a jailbreak is the insult.


That has nothing to do with this conversation. And don't you think that the fact that iOs doesn't allow you to do this without a jailbreak is a good thing?


Yes, and they too require root. Plenty of choices found by searching the Play store.


> backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.

That's not obvious. It's possible, common, and dare I say a "best practice" to store stuff like this encrypted. To be decrypted only on the device.

Also, wifi passwords, Oh my!!! Security wise you should treat your wifi network as open whether it is or not. I.e. isolate it, firewall it, do not trust it.


Google can also install anything on my phone remotely.


I do not agree with the statement that users aren't aware of if their settings are being backed up. It is one of the options that users get when setting up Google account on any Android phone.


It's completely ridiculous that Google "backs up" passwords in clear text without encrypting them. Mozilla does that properly in their Sync service. So why can't Google do that?


Maybe some men in black visited google and told them not to.


Does MAC filtering at the router level help at all? If the backup option is turned on, does Google also save your MAC addresses? If not, that seems like a good start to prevent someone from connecting to your network, even if they know the password. Obviously this won't help for public hot spots, but I always assume that public hot spots are already open to anyone. What if you are connecting to a Wi-Fi network using MSCHAP or MSCHAPv2? Does Google now know my domain login and password? That seems like a huge gaff.


MAC filtering is trivially defeated by anyone who knows something about netsec.

MSCHAP is not good enough anymore either.


IM(Paranoid)O, it puts the "inadvertent" collection of SSIDs while driving down every street taking pictures for Google View into a new context. They gave a simply implausible explanation that this data was recorded "inadvertently". (No, fitting all those vehicles with the equipment and software would cost serious money!)

Marry the Geo-location, SSID, phone owner and passwords and you've got real information for the authorities. On Everyone.


Another reason to (really) go open-source/independent.


How independent you'd have to be to be secure? Quite a whole lot.

If you use a VPS, you can (will) be owned by your VPS provider and any Internet provider your traffic goes through.

If you use colocation or self host, you will have to live without or self host/mantain/develop many alternatives for usual tools AND you can (will) be owned by all the internet providers your traffic goes through.

Not a very nice scenario.


And, anyone who does run across the setting can not hope to understand the privacy implication. I certainly did not.

Why not? I see 'back up my settings' and I assume it means everything. For a computer security reporter to clutch his pearls and say 'I certainly did not' makes me wonder why he think he's qualified to write a column on this subject. Strictly outrage bait.


[deleted]


That's not the problem - choosing to give up your own secrets is fine, but giving up the wifi password of your friend's router because they kindly let you use the network whilst visiting is not cool at all. I personally refuse to allow access by friends with Android devices, and they are shocked to learn what Google does when I explain why...


At home, and everywhere I've had a say on how the network is laid out during working hours, I treat wifi as external. They get internet access, and there's a password to prevent the neighbours kids downloading GBs of pr0n, access to internal resources require connection over the vpn.

This has the side benefit that all my devices can connect securely to home resources wherever I am in the world.


Why all the NSA crap in this thread? You don't need to add in a government agency to make this treasure trove of passwords valuable or dangerous. One day, this data will leak out, and then there will be trouble.

Just having a reliable set of millions of real world passwords is invaluable - they'd be useful for brute-forcing other hashed password files.


> And, although they have never said so directly, it is obvious that Google can read the passwords.

This is not necessarily true - they could encrypt this data so that it requires a user password to read, and transmit these settings for client-side decryption. They probably don't though, and in all likeliness can read your WiFi password.


This fails if the user forgets their password.


Good point.


Google don't need your Wi-Fi passwords, they have admin rights to a computer inside your network (your phone).


When you buy a new Android phone, during the first setup it asks you if you'd like to enable this feature. I've always click "no".

Not sure why the author assumes most Android users would enable this feature... unless he didn't realize it was an option on the initial setup.


If you're running an actual corporate network then a wifi password had better not be the sum total of the protection.

For home use - who cares? It would be a sizable mission to make use of the password...and that would get them what? A couple of lolcats and my skyrim saved games? Nice.


Google is going to have thousands of different passwords mapped to the SSID "linksys."


I think the MAC Address of the router is known too, so there's no duplicates.


I have to wonder whether the MACs are "globally" unique - what's stopping an OEM using the same MAC? Also, I've seen router firmware features that will autogenerate a MAC for a guest network.


That comment was meant to be humorous, not serious.


That's why there was federal malware that captured MAC addresses on tormail when it was shut down. Easy for them to get Google to match it up to an identity


Coupled with the rest of the backed up data, it doesn't really matter if the SSID were not unique.


Try tens of millions.


Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: