Google admits wi-fi data collection blunder
- Thread starter movingtables
- Start date
Wireless networks are kind of like the old hubs you used to get on wired networks. Everything on the network can see all the data packets going accross the network at any given moment. Even if your PC is secure, when you visit your goat porn website the data packets going over the wireless can be read by anyone else on that network, assuming the website in question doesn't use SSL. Normally your WiFi network would be encrypted, and only machines with the WiFi key could read these packets, so it's generally not an issue.
If your wireless network is unsecured, these data packets aren't encrypted at all, and Joe Blogs on the corner can sit there reading any data going accross the network that's not subsequently encrypted by SSL or the like. Such as web pages you visit, pictures you download, emails you might read or just about anything else.
The technology to do this isn't Google specific, either. Any standard WiFi card in promiscuous mode is able to intercept this data, and there are plenty of programs out there to help collect it.
What surprises me about this whole thing is that the German government asked Google for this data within days of signing a law that requires private WiFi networks to be secured or face a fine. it's almost like they knew Google had data that they shouldn't. Good PR for the new law.
Hmm Im a bit confused.
Ok so lets say I got a WiFi router and 2 laptop connected to it via WiFi (using WPA or whatever encryption).
Are you saying that any PC or laptop that is able to access that network can
read the information being transmitted/received by other laptops/PCs on that network? Like what you are downloading? Emails? Web pages browsed? (this sounds like a Trojan!)
If so how do they do this? Surely that would involve setting up specific software or something?
Im totally confoooozed!
Hmm Im a bit confused.
Ok so lets say I got a WiFi router and 2 laptop connected to it via WiFi (using WPA or whatever encryption).
Are you saying that any PC or laptop that is able to access that network can
read the information being transmitted/received by other laptops/PCs on that network? Like what you are downloading? Emails? Web pages browsed? (this sounds like a Trojan!)
If so how do they do this? Surely that would involve setting up specific software or something?
Im totally confoooozed!
Any device connected to the network that has the key can view all the traffic. Any non-authorized devices, will just see garbled encrypted useless data. So if you have 3 wireless laptops with the WPA key, then they can all view each other's traffic. If however someone walks by your house without they key, they can't do anything assuming your security is good enough.
Ok I got that...
but the data that is transmitted. how is it read exactly? Some kind of snooping software?
Kind of, basically the wireless card is put into "Promiscuous mode", which simply means it receives all packets whether or not they are destined for that computer. So if you connect to an unsecured wireless network, packets are everywhere in the air and your wireless card fishes them out and some software can process them, i.e extract passwords or visited websites. If you have or break a WPA key, then the same applies.
Woah I see.
Ok then why did Google put their "wireless cards" into promiscuous mode?
(where is the option for this anyway int he windows wireless networking software?)
And also, if the information is received, what do they use to view it?
(or are they saying they just collected the info by mistake as opposed to view it?)
the Regulation of Investigatory Powers Act covers the investigative authority granted to official Govt Bodies, of which Google is not (yet)
as far as i'm aware, the acts governing this legal infraction is Section 1 of the Computer misuse Act and MAYBE the Data Protection Act, depending on what google might have unintentionally sniffed.
either way, there's still the matter that it is the owner of the wireless networks legal obligation to see that it is appropriately secured.
while, as someone else said earlier, no, leaving your front door open does not constitute an invitation for people to enter your home without your express permission and take your things, it does mean that when it does happen, the insurance company won't pay out, to extend the metaphor.
what google said is that an engineer wrote a piece of software for the purpose of gathering detailed network data, and this code made it's way into the final software by accident.
you won't find an option for "Promiscuous mode" in your windows wireless config - it's an option that must be deliberately enabled by communicating with the hardware-driver directly.
Last edited:
of course they will, but you don't have any right to complain about it afterwards.
if you jump off a ledge and break your leg, you'll still be taken to hospital but you don't have the right to complain that your leg got broken when it was solely your fault.
Twaddle - you're saying that leaving your door open absolves the burglar of any responsibility or being characterised as having done something wrong. Whilst leaving my door open might not be the best thing to do it dosn't detratc from the crime committed in any way.
What's next, women who dress in a provocative manner are "asking for it"?
What is it with Goggle apologists round here of late...
i don't know - you'd have to ask the engineer. he probably hadn't considered the ramifications of his actions, simply considering the code he'd written to be pretty neat.(Still n00b mode here!)
So why did this engineer write this piece of software? What were they hoping to accomplish by collecting unencrypted data from open wireless networks?
(Spite?)
wow, that's almost exactly what i didn't say. amazing.
at no point did i say that by not securing their wireless points, people absolved google of all responsibility, but it's hardly like said people aren't responsible for it either - especially considering that the Govt. officially considers it to be peoples express responsibility for the security of their wireless access points.
It's more like leaving your curtains open and complaining about people walking past and looking in than leaving the door unlocked and being robbed.
exactly.
i have another comparison that's strongly related:
you leave your wireless AP unsecured and someone uses it to hack a website - you're equally as responsible for the crime as the hacker it.
if afotmentioned hacker first has to bypass your network security, the responsibility for the crime now rests entirely on the hacker and not you.
And of course being a peeping tom is legal isn't it.
Edit
Edit
Yep, the law is there to protect the ordinary public who aren't tech savvy.RE: WiFi encryption and 'they deserve it' sentiment
Classic internet stuff. People involved with domain X scoffing about people who don't know/care about X
at no point have i or most other people stated that Google are in no way in the wrong, but they are at a significantly diminished responsibility.
Yep, the law is there to protect the ordinary public who aren't tech savvy.RE: WiFi encryption and 'they deserve it' sentiment
Classic internet stuff. People involved with domain X scoffing about people who don't know/care about X
thats no excuse these days - it takes but a moments reading for event the most technologically impaired people to activate WiFi encryption these days, and that's ignoring the fact that all consumer-grade network equipment comes with WPA2 already activated.
Last edited:
only if you go out of your way to do it iirc (ie cracking the encryption/sneaking into their back yard)
If you're just naked in front of you're living room window you'll get done for indecency if someone complains .
and what if the law required you to wear a bullet proof vest just like the German law requires you to secure your network?