Google Admits Scooping Passwords, Emails In Street View Privacy Breach

Source: The Huffington Post

Google came under fire in May of this year after it admitted that its Street View cars had mistakenly collected users' private data sent over non-password-protected Wi-Fi networks (Read more).

In a blog post by Google's Senior VP of Engineering and Research Alan Eustace, the company offered a closer look at the information that was collected via its Street View vehicles and revealed that individuals' passwords and emails, among other information, had been captured.

Eustace wrote:

Finally, I would like to take this opportunity to update one point in my May blog post. When I wrote it, no one inside Google had analyzed in detail the data we had mistakenly collected, so we did not know for sure what the disks contained. Since then a number of external regulators have inspected the data as part of their investigations (seven of which have now been concluded). It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place. We are mortified by what happened, but confident that these changes to our processes and structure will significantly improve our internal privacy and security practices for the benefit of all our users.

Read more: http://www.huffingtonpost.com/2010/10/22/google-privacy-breach-goo_n_772610.html

---

data. Their neighbors, the kid down the street, the ex-spouse, all sorts of people who
drive around with laptops and directional antennas picking up the same stuff - and they
don't identify themselves like google...and they likely haven't deleted it.

knowing how to properly set up WPA2 or at least WEP 256-bit encryption.

You might as well just leave your Driver's License, Birth Certificate, Bank Records, and Social Security Card outside for anyone to examine.


Furthermore, they broadcast the SSID for anyone to discover and glob onto the wireless network. It's like having a big billboard outside your home, saying "Open Wireless Network Here. Please hack me." with big neon letters and blinking lights.

Google should be "mortified" that their Steetview team collected this.

laptop, plug in a wireless card with an antenna plug and slap a magnetic antenna on your car.

The data just comes streaming in. There are tens of thousands of network folks, people learning networks, people who are looking for free wifi, others, who do this on a daily basis. Some for work, some for fun. A few are malicious, but not the majority by any means.

I should add the reason for this is to see what info is going across your network, sometimes to catch malicious behavior.

These people are broadcasting the info. You set up a broadcast station, you might expect people to listen.

Momitoring and locking down your own network traffic makes sense.

Google is a corporation and they have no excuse for what they did.

learning the capabilities and new things that computers can do. One isn't often terribly interested in the traffic, more interested in using the computer to do something different. And the vast majority of the time it is totally innocuous.

There is a human thing about "listening in" - don't know why, but I noticed it when I was young and saw kids picking up party lines to hear other people's conversation. I have seen people read other people's snail mail - I have seen strangers pull things that are left under others windshield wipers, read it, and put it back. :shrug: It is just what people do.

"Google" had some guys in a car, they were mapping networks, and the easiest way was just to turn on the sniffer and hit record - it would have been much more difficult to filter out everything but the broadcast of the network ID. The folks doing it were just people, (well, as close as computer geeks can be to people), and anything beyond the technical task of just getting it done probably didn't even cross their minds.

I am not necessarily defending what they did, though I do think that people who buy a broadcast station and install it in their home don't have much room to complain when someone picks up the traffic.

Google is probably the LEAST innocuous person or group that is monitoring traffic - WAS in their case. While these people are spending a bunch of time whining about Google, someone else may well be intercepting their current traffic, along with the credit card and PIN numbers and passwords they have saved in a notepad file.

Their time would be better used learning how to operate the equipment they have.

Why? I thought Street View was just to get the pix of homes and streets, that would be photos, not local unencrypted network traffic. What reason would they have for grabbing random data off of them? How would that relate to Street View in any way?

http://www.yougetsignal.com/tools/network-location/

As to why, ask Google.

You can use WiFi to triangulate physical location *better* than GPS.

....Plus it's handy for smartphones and laptops to know where someone is giving away free, anonymous, network access.

"mistakenly collected users' private data sent over non-password-protected Wi-Fi networks"

It was a mistake! We are incompetent!

Not.

If you don't want any one to see you personal info, don't broadcast it. I don't think google did any thing wrong. there is no law against monitoring broadcasted signals.

Have a mapping site:
http://wigle.net/

...and an obligatory wiki-link.
http://en.wikipedia.org/wiki/Wardriving

I bet the street view cameras also caught you naked if you were standing in a window without any clothes on.