Google says Street View cars got email, passwords

Google says Street View cars got email, passwords

– 36 mins ago

SAN FRANCISCO (Reuters) – Google Inc acknowledged that a fleet of cars equipped with wireless equipment inadvertently collected emails and passwords of computer users in various countries, and said it was changing its privacy practices.

Google said it wants delete the data as soon as possible. Google announced the data collection snafu in May, but said at the time the information it collected was typically limited to "fragements" of data because the cars were always moving.

Since then, regulators in several of the more than 30 countries where the cars operated have inspected the data.

"It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords," said Google Vice President of Engineering and Research Alan Eustace in a post on Google's blog on Friday.


more...
http://news.yahoo.com/s/nm/20101022/tc_nm/us_google_4


A Google street view car. Google said Friday it was strengthening its privacy and security practices after its "Street View" mapping service gathered private wireless data, including emails and passwords, in dozens of countries.(AFP/File/Daniel Mihailescu)

:shrug:

but the the tone of the articles I've seen is "OMG! Google spied! Google doesn't respect privacy!"

There doesn't seem to be a connection being made between how much data is being broadcast openly and how easy it would be for a genuinely nefarious person to scoop it all up...

unsecured in the list. I agree; people are foolish - no sense blaming Google!

I'm amazed that after this long with technology there are still so many people that have no idea what they're doing. The last time I set up a wireless router for a friend of mine it made you turn off encryption if you didn't want it and it warned me at every step that it was a stupid thing to do.

We wound up leaving it on but it was fun to see how many times the software basically called me an idiot for opening up the connection.

Unless a site was unsecured.

I just find it hard to believe people don't secure their wireless.

Neighbor downloads kiddie porn from your unsecured wifi connection I doubt the Police will be interested in your claim "I don't know how kiddie porn was sent to my house".

For pricacy, security, and legal standpoint it seems crazy to leave your wifi open.*


Note: WEP might as well be "open" you can bust a WEP connection in a few seconds. Same thing applies to mac address filtering, or hiding your SSID.

WPA2 using AES with a multiword non-dictionary passphrase like "I lov3 Democratic UnderGround!" (make sure to change your SSID too) should be the minimum considered for a secured access point.

If you encrypt at the wifi protocol level, it will keep out the casual snoopers. Older wifi protocols are fairly easily crackable. Encrypting the data itself will solve that problem for all practical purposes, but then you might draw the attention of law enforcement (i.e., "if you are encrypting, you must have something to hide").

Oh, and BTW, sites like Google and Wikipedia have https-secured servers, but the problem is that you don't know who really has access to the encryption keys.

Um I think you don't quite understand how SSL/TLS.

You do know who has the encryption key. Your computer generates a unique key pair. The public (encrypt only) key is sent to the server. Your computer keeps the private (decrypt only) key safe. The reverse is done to facilitate communication in the reverse direction. The key pairs are used to securely transfer a symmetric cipher which is used to encrypt the actual data sent back and forth.

The encryption key I use when accessing google is different than the key you use (or anyone else uses). The key is used only for the session and a new random set of key pairs and payload cipher is generated for each session.