Is your Wi-Fi unprotected? Google probably stole your data.
May 16, 2010 36
Email article | Print article 
Privacy, privacy, privacy; it seems all like everyone is talking about nowadays is privacy. And why shouldn’t we be – no one likes the idea of big brother watching every move we make on the internet or having some psychopath be able to find us by simply typing our name in a search engine. One of the most notorious firms centered around privacy issues is Google. (After all, Google’s core business is derived from advertising and advertising depends on being able to quantify users’ surfing habits; advertisements may be a necessary evil to fund websites, but they are an evil nonetheless in my humble opinion.) So, why am I not surprised to learn about Google’s “recent blunder” of collecting private data from unprotected Wi-Fi connections?
Google provides a service called Street View which basically is a service that allows users to view images of places from all around the world. (Google collects these pictures for Street View via their Street View cars which go around and snap pictures and such.) Recently, after complaints of privacy issues related to Google’s Street View cars taking pictures of anything and everything, the German government audited the data that Google collects via Street View cars. Thanks to this audit it has been revealed Google’s Street View cars have “been mistakenly collecting samples of payload data from open networks”. In other words, if you have an unprotected/unencrypted Wi-Fi connection, Google’s Street View cars may have collected your private data, such as “parts of an email, text, photograph, or even the website someone may be viewing”. To add icing on the cake, this has been going on for three years.
Google claims that the problem can be attributed to experimental Wi-Fi code written by an engineer back in 2006; this experimental code was “mistakenly” included in the software that Street View cars use and “as soon as Google found out” they “grounded [the] Street View cars and segregated the data on [their] network, which [they] then disconnected to make it inaccessible”.
Personally, I don’t know about everyone else, but I am not buying the “oh it was a mistake, we didn’t know what was going on” excuse. How in the world can you “mistakenly” collect data for three years and not even know it? If it was a bug of some sort, I would understand; however, we are talking about real data – someone had to process the data being collected by the Street View cars, someone had to know what was going on.
Google, don’t make the same mistakes Facebook is doing about privacy or I may just start using Bing. (…Okay, probably not.) (Ignore the fact that the issue mentioned in this post has nothing to do with Google’s search engine services – it is the principle of the issue that matters!)
Oh, and moral of the story? Protect/encrypt your Wi-Fi! By protect/encrypt I mean set a password to it, preferably using WPA2, but even WEP is better than no protection at all. (Go to your router settings to access these features.)
[via BBC News]
Feel free to flame Google in the comments below.
@Mike: @Sandy:
A call to the manufacturer of your respective routers should be the answer to setup your wireless networks. It may take some time, but Support can either give you the info you need, or assume control of your machine (usually for a fee) and set your network parameters for you.
@sdmoore68: I think you’re on the right track here – Google did not, in probably 99.999% of addresses passed, collect any information like credit card numbers, passwords, bank account numbers, plans to overthrow a government, or any complete spreadsheets or photos… In the first article I read about this, and the German government’s findings, Google said they accidentally gathered some “extra” information, but the article seemed to say they were intentionally collecting wi-fi addresses. Since there’s no possible reason to be collecting ANY of this information while strolling through neighborhoods to collect Street View pictures, you have to wonder what they were really doing. My guess is someone, somewhere, offered to pay for the street view shots if the cars would collect wi-fi locations. Maybe that’s something useful in tracking web activity to a specific street address, that law enforcement or other govt agencies would want? Or maybe Google made the investment itself so it can sell lists of IP, street address and names to some major advertisers who can’t get this data from ISPs? Whatever the intention, it just feels like a bad thing. Privacy no longer exists.
You know Ashraf, this article, very nearly made up my mind to unsubscribe entirely from your email alerts when I first saw it. I’ve enjoyed your articles for some time, and enjoyed the impartial POV you impart on most of them. But it is clear you don’t think too favorably of Google, and having read the user commentary on google related articles, clearly there is an anti-google sentiment in many vocal dottechies. This is all fine, of course, but I really don’t need irate rant notifications in my inbox. However you may feel about google, it seems to me that this article is highly tainted and skews the facts presented with your take. And, I think that disingenuous because it only serves to feed the “Oh My GOD, Google is COLLECTING ALL OUR DATA” sensationalism without accurately portraying the facts as they are known. Simply going off merely the one BBC article you link, it seems to me that some points that should have been highlighted by you, were not. 1. Any unsecured data collected by the cars while in range of the unsecured wifi, would only be readable if they were unencrypted, and what was collected would’ve just simply been random DATA PACKETS, tiny fragments of data, and as stated in another comment the duration of the drive by would equal a short collection period… In essence? Similar to grabbing a handful of shredded papers out of a shredder. 2. If your wifi is unsecured, YOU are transmitting all this data openly in the air 24/7 out into public spaces for anyone to grab at it.. and 3. The quote at the end of the article you linked which I suspected was what the original experiment was about: “Dr Ian Brown, an expert on privacy and cyber security at the Oxford Internet Institute, told BBC News the wi-fi data collection was part of an idea to accurately map a user’s location on Google Map and Street View.
“The idea was to use to the different signals and strengths from wi-fi and phones to position a users – think of it as a sort of GPS.”
which is to say recording wifi locations and strength to use in wifi based triangulation location services. We’ve all seen this type of service pop up elsewhere as mobile phone apps(For the ones without GPS chips). You wonder how they could not notice this data collected till now, well my guess is by sheer virtie pf the fact that it probably wasn’t much data, and likely was dumped into log files rather than data files.
Pardon the formatting from the BBC copy/paste. Did I unsubscribe? No, because I enjoy the vast majority of your articles, truly, and thank you for that, but I had to say.. this one left me cold.
@Scaredwitless: In hindsight, I agree I should have talked about exactly why Google was (is) collecting data from WiFi (at the time I wrote this article I didn’t see it as relevant since I wasn’t bashing Google for collecting WiFi signals, but rather the collection of private data, which by Google’s own admission, should not have been collected).
However, I disagree with many of your points, you are completely wrong about how and why I wrote the article, and you are skewing my words to make me look anti-Google where as I am only anti-Google-collecting-private-data-from-open-WiFis.
That said, I hope you realize that many articles under Keeping Them Honest tend to be rants =O. Sorry, haha.
P.S. I dont know about you but I would get mighty angry if someone started grabbing a handful of shredded papers out of my shredder.
@Ashraf: Ashraf, I love ya man, you’re good spirited. Honestly, I tried to make my original comment as noninflammatory sounding as possible, as not my intent.. Yes, haha, wouldn’t be happy with the shred stealing (but that’s why I use a heavy duty cross-cut shredder..) but my intent was to say it is, still, not the same thing as just lifting an entire file or such. and of course anything going through https is gibberish. I mean, don’t get me wrong, I agree with you, as well Google, they shouldn’t have recorded any data. But, I guess the hinge point then is whether you believe Google’s take on it having been an unintentional byproduct of old experimental code. In your article you exposed that clearly this couldn’t have been the case. Going on no other evidence but what is presented in that article, my feeling is I can buy that story. But it really depends I think on the evidence and until the data is more thoroughly analyzed by someone, I don’t see any compelling reason to entirely doubt google on their word. Like I said, for all we know it could’ve been just an errant line of code said engineer used to dump a variable into a log for testing purposes.. Who knows.
Thanks for the reply, and laugh, and yeah now that you mention that does sound like a ranty category! Suppose I ought to go look if there are controls to get alerts per category…
@Scaredwitless: I understand your point – I was not offended, np. And I agree, yea, no “whole files” were lifted. Furthermore, I personally don’t believe Google’s take on it (or, at least, they are only giving us half truths), but you are right what they say can be true.
Thank you for being good humored about it =).
RE category controls: I took those off because many people were not using them properly then complaining to me that they wouldn’t receive e-mails. I may reinstate them in the future, in which case I will be sure to send out e-mails to everyone letting them know. Right now, as it stands, people are allowed to either subscribe to all categories, or none at all.
@OldElmerFudd: Thanks so much!
OMG! The guy above (Dave) is right! Google was gathering info about what home addresses go to what person online! That’s scary! I never thought about it before, but now that I have, I don’t like it at all! It’s bad enough the ISPs have it & info could be gathered from them. Now Google will have it too, if we had the internet on when the Street View car went by? AND they have the ability to tap what you’re doing online & save it, maybe even get into your PC? HOLY COW! Google admits it & says they know part of it’s wrong? Why do they need to know where I live? Why can’t they get all that info from ISPs anyway? Because it’s illegal & the ISPs won’t give it out??? Ya, that’s probably it alright. lol Gee, Google, I want the same info on every person you employ, executives on down. And your families too. Yes, even children. Send em on over to my email, Google. I’m sure you know the email address already, years ago. I won’t hold my breath waiting for that email. lol But if they can have my info, it’s only fair I can have theirs too, don’t ya think? lol Come on, Google, give me the info,it can’t hurt anything, anymore than your getting ours does.
@Skye-hook: Considering most of us still have dynamic IPs from our ISPs, IPs that change frequently, it would seem rather pointless to go round making such a database as most entries would become out of date shortly . When I first read this article my first thought was they might have been collecting unsecured wifi locations to use in a location pinpointing triangulation system. And the quote at the end of the BBC article linked as well indicated this assumption has merit. If you’ve never heard of the idea/principle/system, this is a decent explanation: http://arstechnica.com/old/content/2008/01/where-gps-wont-do-wifi-triangulation-might.ars
@Ashraf: They simply used it somewhere else, they aren’t telling us about. (Yet.) Right.
Google had violated Belgian law on electronic communications through its Google Street View cars that intercepted data line of the Belgians. The federal prosecutors had opened a few months ago an investigation, at the suggestion of the Commission of privacy, and has offered to Google an amicable settlement of 150,000 euros. In a statement, Google confirmed it had received “an offer of settlement agreement by the Belgian federal prosecutor.” “We are studying it carefully,” they said.
If Google does not pay within three months, the case would turn into the court record and then the fine could rise to over a quarter of a million euros. Street View cars have traveled in Belgium between 2008 and 2010, taking pictures for Google’s mapping service. The vehicle also has a device to scan for wireless Internet networks. If these networks were not protected, Google also retained the data that were sent. Google has recovered passwords and e-mails.
“As we have already stated, we are deeply sorry to have inadvertently collected information from untrusted networks,” said Google in a statement. “Once we realized what had happened, we immediately stopped collecting data via WiFi Google Street View our cars and we immediately notified the appropriate authorities.”
Google has already been convicted of such practices in some of the neighboring countries of Belgium.