Is your Wi-Fi unprotected? Google probably stole your data.

Privacy, privacy, privacy; it seems all like everyone is talking about nowadays is privacy. And why shouldn’t we be – no one likes the idea of big brother watching every move we make on the internet or having some psychopath be able to find us by simply typing our name in a search engine. One of the most notorious firms centered around privacy issues is Google. (After all, Google’s core business is derived from advertising and advertising depends on being able to quantify users’ surfing habits; advertisements may be a necessary evil to fund websites, but they are an evil nonetheless in my humble opinion.) So, why am I not surprised to learn about Google’s “recent blunder” of collecting private data from unprotected Wi-Fi connections?

Google provides a service called Street View which basically is a service that allows users to view images of places from all around the world. (Google collects these pictures for Street View via their Street View cars which go around and snap pictures and such.) Recently, after complaints of privacy issues related to Google’s Street View cars taking pictures of anything and everything, the German government audited the data that Google collects via Street View cars. Thanks to this audit it has been revealed Google’s Street View cars have “been mistakenly collecting samples of payload data from open networks”. In other words, if you have an unprotected/unencrypted Wi-Fi connection, Google’s Street View cars may have collected your private data, such as “parts of an email, text, photograph, or even the website someone may be viewing”. To add icing on the cake, this has been going on for three years.

Google claims that the problem can be attributed to experimental Wi-Fi code written by an engineer back in 2006; this experimental code was “mistakenly” included in the software that Street View cars use and “as soon as Google found out” they “grounded [the] Street View cars and segregated the data on [their] network, which [they] then disconnected to make it inaccessible”.

Personally, I don’t know about everyone else, but I am not buying the “oh it was a mistake, we didn’t know what was going on” excuse. How in the world can you “mistakenly” collect data for three years and not even know it? If it was a bug of some sort, I would understand; however, we are talking about real data – someone had to process the data being collected by the Street View cars, someone had to know what was going on.

Google, don’t make the same mistakes Facebook is doing about privacy or I may just start using Bing. (…Okay, probably not.) (Ignore the fact that the issue mentioned in this post has nothing to do with Google’s search engine services – it is the principle of the issue that matters!)

Oh, and moral of the story? Protect/encrypt your Wi-Fi! By protect/encrypt I mean set a password to it, preferably using WPA2, but even WEP is better than no protection at all. (Go to your router settings to access these features.)

[via BBC News]

Feel free to flame Google in the comments below.

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

36 comments

  1. stockel1949

    Google had violated Belgian law on electronic communications through its Google Street View cars that intercepted data line of the Belgians. The federal prosecutors had opened a few months ago an investigation, at the suggestion of the Commission of privacy, and has offered to Google an amicable settlement of 150,000 euros. In a statement, Google confirmed it had received “an offer of settlement agreement by the Belgian federal prosecutor.” “We are studying it carefully,” they said.

    If Google does not pay within three months, the case would turn into the court record and then the fine could rise to over a quarter of a million euros. Street View cars have traveled in Belgium between 2008 and 2010, taking pictures for Google’s mapping service. The vehicle also has a device to scan for wireless Internet networks. If these networks were not protected, Google also retained the data that were sent. Google has recovered passwords and e-mails.

    “As we have already stated, we are deeply sorry to have inadvertently collected information from untrusted networks,” said Google in a statement. “Once we realized what had happened, we immediately stopped collecting data via WiFi Google Street View our cars and we immediately notified the appropriate authorities.”

    Google has already been convicted of such practices in some of the neighboring countries of Belgium.

  2. scaredwitless

    @Skye-hook: Considering most of us still have dynamic IPs from our ISPs, IPs that change frequently, it would seem rather pointless to go round making such a database as most entries would become out of date shortly .  When I first read this article my first thought was they might have been collecting unsecured wifi locations to use in a location pinpointing triangulation system.  And the quote at the end of the BBC article linked as well indicated this assumption has merit.  If you’ve never heard of the idea/principle/system, this is a decent explanation: http://arstechnica.com/old/content/2008/01/where-gps-wont-do-wifi-triangulation-might.ars

  3. Skye-hook

    OMG! The guy above (Dave) is right! Google was gathering info about what home addresses go to what person online! That’s scary! I never thought about it before, but now that I have, I don’t like it at all! It’s bad enough the ISPs have it & info could be gathered from them. Now Google will have it too, if we had the internet on when the Street View car went by? AND they have the ability to tap what you’re doing online & save it, maybe even get into your PC? HOLY COW! Google admits it & says they know part of it’s wrong? Why do they need to know where I live? Why can’t they get all that info from ISPs anyway? Because it’s illegal & the ISPs won’t give it out??? Ya, that’s probably it alright. lol Gee, Google, I want the same info on every person you employ, executives on down. And your families too. Yes, even children. Send em on over to my email, Google. I’m sure you know the email address already, years ago. I won’t hold my breath waiting for that email. lol  But if they can have my info, it’s only fair I can have theirs too, don’t ya think? lol Come on, Google, give me the info,it can’t hurt anything, anymore than your getting ours does.

  4. Ashraf
    Author/Mr. Boss

    @Scaredwitless: I understand your point – I was not offended, np. And I agree, yea, no “whole files” were lifted. Furthermore, I personally don’t believe Google’s take on it (or, at least, they are only giving us half truths), but you are right what they say can be true.

    Thank you for being good humored about it =).

    RE category controls: I took those off because many people were not using them properly then complaining to me that they wouldn’t receive e-mails. I may reinstate them in the future, in which case I will be sure to send out e-mails to everyone letting them know. Right now, as it stands, people are allowed to either subscribe to all categories, or none at all.

  5. Scaredwitless

    @Ashraf: Ashraf, I love ya man, you’re good spirited.  Honestly, I tried to make my original comment as noninflammatory sounding as possible, as not my intent.. Yes, haha, wouldn’t be happy with the shred stealing (but that’s why I use a heavy duty cross-cut shredder..) but my intent was to say it is, still, not the same thing as just lifting an entire file or such.  and of course anything going through https is gibberish.  I mean, don’t get me wrong, I agree with you, as well Google, they shouldn’t have recorded any data.  But, I guess the hinge point then is whether you believe Google’s take on it having been an unintentional byproduct of old experimental code.  In your article you exposed that clearly this couldn’t have been the case.  Going on no other evidence but what is presented in that article, my feeling is I can buy that story.  But it really depends I think on the evidence and until the data is more thoroughly analyzed by someone, I don’t see any compelling reason to entirely doubt google on their word.  Like I said, for all we know it could’ve been just an errant line of code said engineer used to dump a variable into a log for testing purposes.. Who knows.

    Thanks for the reply, and laugh, and yeah now that you mention that does sound like a ranty category!  Suppose I ought to go look if there are controls to get alerts per category…

  6. Ashraf
    Author/Mr. Boss

    @Scaredwitless: In hindsight, I agree I should have talked about exactly why Google was (is) collecting data from WiFi (at the time I wrote this article I didn’t see it as relevant since I wasn’t bashing Google for collecting WiFi signals, but rather the collection of private data, which by Google’s own admission, should not have been collected).

    However, I disagree with many of your points, you are completely wrong about how and why I wrote the article, and you are skewing my words to make me look anti-Google where as I am only anti-Google-collecting-private-data-from-open-WiFis.

    That said, I hope you realize that many articles under Keeping Them Honest tend to be rants =O. Sorry, haha.

    P.S. I dont know about you but I would get mighty angry if someone started grabbing a handful of shredded papers out of my shredder.

  7. Scaredwitless

    You know Ashraf, this article, very nearly made up my mind to unsubscribe entirely from your email alerts when I first saw it.  I’ve enjoyed your articles for some time, and enjoyed the impartial POV you impart on most of them.  But it is clear you don’t think too favorably of Google, and having read the user commentary on google related articles, clearly there is an anti-google sentiment in many vocal dottechies.  This is all fine, of course, but I really don’t need irate rant notifications in my inbox.  However you may feel about google, it seems to me that this article is highly tainted and skews the facts presented with your take.  And, I think that disingenuous because it only serves to feed the “Oh My GOD, Google is COLLECTING ALL OUR DATA” sensationalism without accurately portraying the facts as they are known.  Simply going off merely the one BBC article you link, it seems to me that some points that should have been highlighted by you, were not.  1. Any unsecured data collected by the cars while in range of the unsecured wifi, would only be readable if they were unencrypted, and what was collected would’ve just simply been random DATA PACKETS, tiny fragments of data, and as stated in another comment the duration of the drive by would equal a short collection period… In essence?  Similar to grabbing a handful of shredded papers out of a shredder.  2. If your wifi is unsecured, YOU are transmitting all this data openly in the air 24/7 out into public spaces for anyone to grab at it.. and 3.  The quote at the end of the article you linked which I suspected was what the original experiment was about: “Dr Ian Brown, an expert on privacy and cyber security at the Oxford Internet Institute, told BBC News the wi-fi data collection was part of an idea to accurately map a user’s location on Google Map and Street View.

    “The idea was to use to the different signals and strengths from wi-fi and phones to position a users – think of it as a sort of GPS.”
    which is to say recording wifi locations and strength to use in wifi based triangulation location services.  We’ve all seen this type of service pop up elsewhere as mobile phone apps(For the ones without GPS chips).  You wonder how they could not notice this data collected till now, well my guess is by sheer virtie pf the fact that it probably wasn’t much data, and likely was dumped into log files rather than data files.
     
    Pardon the formatting from the BBC copy/paste.  Did I unsubscribe?  No, because I enjoy the vast majority of your articles, truly, and thank you for that, but I had to say.. this one left me cold.

  8. Mr.Dave

    @sdmoore68: I think you’re on the right track here – Google did not, in probably 99.999% of addresses passed, collect any information like credit card numbers, passwords, bank account numbers, plans to overthrow a government, or any complete spreadsheets or photos…  In the first article I read about this, and the German government’s findings, Google said they accidentally gathered some “extra” information, but the article seemed to say they were intentionally collecting wi-fi addresses.  Since there’s no possible reason to be collecting ANY of this information while strolling through neighborhoods to collect Street View pictures, you have to wonder what they were really doing.  My guess is someone, somewhere, offered to pay for the street view shots if the cars would collect wi-fi locations.  Maybe that’s something useful in tracking web activity to a specific street address, that law enforcement or other govt agencies would want?  Or maybe Google made the investment itself so it can sell lists of IP, street address and names to some major advertisers who can’t get this data from ISPs?  Whatever the intention, it just feels like a bad thing.  Privacy no longer exists.
     
     

  9. OldElmerFudd

    @Mike: @Sandy:
    A call to the manufacturer of your respective routers should be the answer to setup your wireless networks. It may take some time, but Support can either give you the info you need, or assume control of your machine (usually for a fee) and set your network parameters for you.

  10. sdmoore68

    The Google mobile could only capture a few seconds worth of data on its drive-by mission.  Theoretical, the wi-fi range should start and terminate in about 10 seconds at 10 mph.  Even if an active connection was transferring data and this camera contraption Google car did a slow drive-by, that still doesn’t seem to be enough time to grab a sufficient amount of data.  On the other hand, I imagine they could mark the address and then sell it to a three letter government agencies to come back and finish the job.

  11. Sandy

    @Mike:  I am totally with you on this one.  I can’t even figure out how to set up my network with the wireless gadget I bought and stuck into the USB port of the computer not attached to the ethernet cable.  I got the router working (because it works if I take another ethernet cable and attach it to the router and the main computer to the one far away - but I didn’t want the cable dragging around the house), but have no idea what my WEP is and so I can’t set up the internet network.  I used to be able to write software (before the brain injury) - but I have ALWAYS been stumped by hardware – and the coma didn’t help – still – if I can figure it out this far, and no further, I KNOW there are people who couldn’t do it.
    I can’t understand TV anymore either – HDTV, LED, Plasma, HDMI, etc… it makes no sense….yet the kid with acne rattled them all off as if I should know it!  While our generation tries to keep up with technology, some of it is simply “too much”.  My mom won’t even update her computer and I know a RN (and she’s even also a lawyer- very intelligent) who never figured it out and she ends up having to get a new one every 2-3 yrs – unless I defrag, update (I now have it set to automatice, since she couldn’t understand if she needed certain “optionals”), & run a free adware (she hasn’t purchased anything to do this), etc… 
    Heck – I even read this blog to get a better idea of what’s going on in this area!! 
    So, Locutus, PLEASE, have some compassion on us!  lol  Afterall, as a RN, I didn’t knock a patient for not being able to figure out how to start their own IV or ask an intelligent question!  I didn’t even knock patients who didn’t know you don’t deliver a baby out of the same place you use the restroom with!  This area has become incredibly complicated.
    And, for Secret2008 – you are simply displaying characteristics of a predator, nothing to be proud of.  How would you feel if I, as a RN, took advantage of your ignorance and had you go through a procedure you didn’t have to?  Or, make fun of you for not knowing everything I do?  We all have gifts that we are given – whether it is intellect or compassion, etc…and if we all did what you are doing (taking advantage of people who are ignorant – not the same thing as stupid ), then it would be a mighty sad thing.

  12. Orchid

    @susan zelenevitz: It’s only wired from your end.   The wires you have connected don’t wrap around the world connecting to every single place you visit online or connect to.

    At some point the information is sent and received via towers and satellites around the world….which are all wireless.

  13. Caleb

    Well, theoretically, I hold rights to my personal documents and pictures.  Now, I have a protected WiFi (WPA2), but I don’t authorize Google to collect my documents.  Someone should prosecute Google over this.
    BTW, I use Bing because I hate Google’s privacy policy.

  14. susan zelenevitz

    This is EXACTLY why I would never take wi-fi (or satellite).  It has always seemed to me that data sent over internet connections that used open air instead of cables (telephone lines) were even less secure than dial-up or dsl. 

  15. Greg

    @Skye-hook: You asked..”Ya know..I sure wonder why they admitted to it now. Maybe someone “squeeled”?  …
    The German government discovered the data conducting an audit of the data collected by the cars. The German government allows its citizens to “opt out” having their property displayed on Street View. Unlike the USA, Europe believes that individuals can decide what to do with their personal info, not the corporation that collects it.

  16. meldasue

    Does ‘your private data’ include information transmitted through secure sites (such as bank account numbers, credit card numbers, etc)?  If not, then I don’t see that Google was getting anything they wouldn’t normally have.  If you’re using their search engines, they know what websites you visit (that is, after all, the basis of the new, more personalised search).  If you use g-mail, they’ve got text, photographs, and anything else you’ve sent, and they already have enough data to sell your e-mail address and the websites you visit to spammers, if they wanted to.

    *If* they were collecting secure information, and *if* they were getting it in a form that would allow them to put together name, address, phone number, and websites visited, then they would have something they could sell to advertisers, and that would definitely be a bad, bad thing.

    When you think about it, there are plenty of sites that have far more personal data – Paypal and Amazon come to mind.  I worry a lot more about the possibility of these sites getting hacked than what they are selling to advertisers.  The difference between them (and Google) and Facebook is that Facebook makes very personal information information available to *everyone*, including the hackers, stalkers and spammers.

  17. Skye-hook

    Is just having a password good enough? Any advice on what more to do & how to do it???  Doesn’t sound like it would be enough, now that I read the above.
    I tried telling my sister I thought Google probably saves all your Gmail for less than honest reasons, but she shined me on, totally trusting Google. That’s the biggest problem in the USA today- people just totally trusting the government & places like Google. Gees, even fairy-tales aren’t that trusting.
    *
    In case they happen to check comments about them: Shame on you, Google! You recorded personal things from people’s WiFi connection, by using your wonderful Street View cars? Of course we don’t believe you did it by accident. It baffles me why you’d think we would believe that silly story. A 1st grader wouldn’t believe that. OK, maybe my sister would believe you. But most won’t. And I’m sad you used the Street Views cars like that, as that could ruin a great thing! I love Street View! PLEASE let us trust Street View again!
    Ya know..I sure wonder why they admitted to it now. Maybe someone “squeeled”?   Is Google as big as oil companies & all the others who get by with so much bad stuff anymore? We built them up, so I suppose we could boycott them if it gets any worse.

  18. Adrian

    I also find unencrypted Wifi to use when I can’t find free public ones. Seriously, I think you should encrypt your Wifi, but Google would probably have much more data about you already via your Mail, Chat, etc.

  19. Gioneo

    @Mike: I agree with your statement. Furthermore there’s a lack of awareness when it comes to network security ( home user end ). I do on-site repairs and you won’t believe how many of these folks have their networks wide open. It’s all about hooking up and go.

  20. Mike

    @Locutus: Ya’ know, I understand your comments as to people who don’t have network security set, but:
     
    I’m a moderately intelligent person and I tinker around with software.  But I just feel stymied by networks.  Numerous settings, much of which is not really explained (heck, my router didn’t even come with a manual explaining its operation and settings), significant complexity, multiple standards, conflicting (and often inadequate) advice including from ISPs/DSL providers, and continual issues and complications.
     
    And this is from someone who likes technology.  Could my parents (also intelligent people, but from a pre-computer generation) deal with a network?  No way.  And if, by any chance, they had one, I could understand why no security was set.
     
    I understand that some few routers nowadays truly are plug-and-play.  Exactly what is needed, in the face of this complexity. People just can’t keep pace with the complications of the technology, and should not be expected to do so, realistically. My landline telephone doesn’t ask or require me to figure out how it works …

  21. Giovanni (smart King of Freebie...LOL!)

    Well, as you should know very well, hackers can easily crack any Wi-Fi connection no matter if  (WPA) protected or unprotected….so it’s not just GOOGLE that can steal your sensitive data online and having a protected Wi-Fi connection can only minimize your damages…treble sigh!!
    And anyway, if I were you I would be much worried for these irrefutable facts:
     
    http://www.criminaljusticeusa.com/blog/2009/25-surprising-things-that-google-knows-about-you/

    http://mashable.com/2007/07/07/google-vs-everyone/

    http://www.prisonplanet.com/articles/december2006/061206seedmoney.htm
     
     
    As for Wi-Fi unprotected connnections there is actually an easy (FREE) solution to avoid being “tapped” by GOOGLE or bloody hackers out there…LOL!!
    In fact, if you are worried to keep your privacy and sensitive data from hackers or from GOOGLE when accessing free public Wi-Fi hotspots,  well I recommend you use HOTSPOT SHIELD 1.37 :

    . Secure your web session with HTTPS encryption.
    · Hide your IP address for your privacy online.
    · Access all content privately without censorship; bypass firewalls.
    · Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports, corporate offices and ISP hubs.
    · Works on wireless and wired connections alike.
    · Secure your data & personal information online.

    http://www.softsea.com/review/Hotspot-Shield.html
    http://www.softpedia.com/get/Security/Security-Related/Hotspot-Shield.shtml
     
    Enjoy yourself and say goodbye to GOOGLE’s fu@kin online spying activity.

  22. OldElmerFudd

    I live in a large metropolitan area – it endlessly surprises me how many times I’ve encountered unprotected networks. I occasionally update my best friend’s netbook at her house, thanks to an unknown neighbor’s wifi. (I prefer to do it for her here, however, the signal’s much better!) I sometimes wonder if users in smaller towns and remote locations even think of securing their networks.
     
    As to Google, it’s still not clear to me exactly what form the collected data took. Discrete information streams or random data packets? We’ll probably never know. Unless, of course, we ask the friendly neighborhood hackers! 8-)