Google Collected Passwords in Wi-Fi Sweeps

[Deadstick50]

@Jax184
"I also note that they've been quite open and cooperative about the issue."
Man, WTF planet are you living on? They have played every kind of cat and mouse game about this thing that you me or anyone else could think up!
Yes, sure, people not securing the wifi are morons, but that somehow makes it ok to capture their data?
Google was caught pants down on this when the software was checked and it was set up to DROP anything that was on a secured wifi! If that doesnt show intent to capture data, then what the hell does....
Oh some rougue software hack set this up, and the 30 other people involved in the project never looked at what he had done...till now!
BS!
I will NEVER trust Google again, my gmail can go to hell, i dont use their search anymore, and I do everything I can to block them seeing what I do online!
And no, I'm not doing a single damned illegal thing online that I want to hide from THE MAN!

 

[Shadow703793]

[citation][nom]matt314[/nom][citation]Anyways, if you have an unencrypted or an encrypted with WEP you deserve to be hacked. It's child's play to crack WEP now.[/citation]WPA is not much harder...you'd be surprised how many people think 1234567890 is a safe choice of password. Not much of a dictionary attack when it goes through on the first word![/citation]
lol true that.

 

[mihoda]

So who's the moron who not only lacks an encrypted network but also fails to use an SSL based email portal?

 

[randomizer]

[citation][nom]Clintonio[/nom]Google did not take these passwords maliciously, it claims to not even mean to be sniffing data packets anyway.[/citation]
So you assume its claims are true? That's quite naive considering this company's products are you and me. It is impossible to jump to the conclusion that Google did this on purpose or by accident because evidence does not exist to point us to this conclusion. All we can conclude is that they collected "private" information that is being publicly broadcast around the neighbourhood (about as smart as leaving your birth certificate on the sidewalk and complaining when someone steals your identity).

And nobody here should think for a second that this is a French incident. They've done it all around the world.

 

[C 64]

[citation][nom]1pp1k10k4m1[/nom]Since we're talking about the naive, NOWHERE in this article does it say google extracted passwords from packets. It doesn't even say they made attempts to. Apparently, you don't understand the process. There's a lovely post on first page that lists it basically. You should read it. Google basically was storing w[/citation]
The way I understood the article Google was recording wifi data data packets, and then recorded the email passwords (" "We can already state that Google Google did indeed record email access passwords [and] extracts of the content of email messages," CNIL said."-from the article.

 

[DjEaZy]

... and they get away with it? No fines... no jailtime... it is a invading on privacy.... WTF!!!

 

[jamoise]

In relation to the person talking about its like Google going to your unlocked mailbox and reading your mails. Its actually more akin to you opening your mailbox and throwing your mail at people on the street with WiFi devices hoping they don't read it, WiFi broadcasts information to anyone in range, and only the device it is intended for will do anything with the packet, if its unencrypted, you may as well be going out to your mailbox and reading your mail aloud, In fact people with unencrypted networks should be taken to court for broadcasting sensitive material.

 

[awood28211]

So explain to me how passwords are private data when they are being broadcast out in the open?

If I grab a CB radio and hold down the mic button and broadcast my bedroom activities out to anyone who wishes to monitor the channel, am I somehow going to have an expectation of privacy for what they can hear? Or if I use a wireless video broadcasting device for CCTV but leave the signal open and unencrypted and on a common frequency do I expect the data broadcast there to be private too?

Google did not collect passwords, they collected DATA on OPEN networks that was available to anyone within broadcast range. Passwords and the like were bound to be in there but there can be no expectation of privacy.

If one stands naked in their bay window facing the street, can they expect no one to look in?

Get over it, the issue isn't google collecting data, the issue is there are total freaking idiots out there who don't secure their networks.

Everyone should be aware that an open network makes you a potential criminal.

Imagine if someone could rob a bank and they looked exactly like you, wore your clothes, had your voice, drove your car... all things that are you...

Now transfer that to an open network. Your neighbor hacks his buddies bank account and takes all his money, then they come knock on your door because it traced back to your IP. Tada, felony.

 

[guanyu210379]

Password change!!
Hmmm...cable era revival....mwahahahahaha

 

[stromm]

[citation][nom]dmwright[/nom]A good example, would be someone coming by and reading bits and pieces of mail from your mailbox on the street[/citation]

Actually, that's a bad example and doesn't compare to what Google did. Mail has an expectation of privacy (at least in the US), mailboxes have to be intentionally looked into as they are a closed environment and mail packages are closed requiring someone to open them to view the contents.

A perfect example is: You're sitting in a sports stadium where you can hear EVERYTHING everyone else is saying.

This Google incident doesn't correlate to "peeping toms", eavesdropping, wiretapping, mailbox raiding, B&E, theft, etc. None of them.

Why? Because the "victim" is a victim of their own stupidity (not even ignorance). They didn't read the manual for their WiFi device or they chose to ignore the warning about securing it. They might as well be standing in their yard and yelling out their personal information.

It's not personal information when you broadcast it out for the public. WiFi radio waves are non-directional. There is no expectation of privacy unless you encrypt.

I just thought of a better analogy. CB-Radio. You don't hear truckers (etc.) yelling over CB what their ATM number and PIN are.

 

[tommysch]

[citation][nom]proxy711[/nom]I have no problems with google spying on the french.next time encrypt your shit.[/citation]

At least they didn't surrendered to Google...

 

[antilycus]

you have NO SECURITY RIGHTS if you use a HOT SPOT. It's OPEN TO EVERYONE, including the people you don't want seeing it. Again...if you dont like that idea, don't use the product!

 

[antilycus]

First of all Encrypted passwords should've been sent, fire the I.T. admin that set that up. 2nd ALL EMAIL IS PERFECTLY READABLE to anyone with a packet sniffer, which is a FREE DOWNLOAD. That's why it's illegal to send Social Security Numbers, back Accounts, etc via email. Its open for all to see...if you don't like it, dont use it.

 

[zaznet]

They got passwords due to many sites not using encrypted connections (https) and the Wifi user failing to employ any encryption on their Wifi router. The only usable data they got was what was actively transmitted in clear text. It also had to be transmitted while the Google car was passing your house which further reduces the likelihood they caught a specific users password who could have been vulnerable due to poor security measures.

 

[antilycus]

should've said KNOW not no, whoops.

 

[antilycus]

And yes, no the difference between SSL email, SSL websites, HTTP/HTTPS, secure passwords, encrypted passwords, etc. You know that stupid little warning you clicked when it asked if you are sure you want to send this information to that site? That's your browser telling you, anyone can see it with a packet sniffer

 

[antilycus]

[citation][nom]apocalypseap[/nom]Innocent until proven guilty, conspiracy theorists. Seriously now.[/citation]
Sorry that hear in the U.S. you are guilty until proven innocent. If you don't believe that, you simply haven't been to court and see how the system really works. I've had POLICE OFFICERS lie on the stand EVERY TIME i've taken a traffic citation to court.

 

[antilycus]

Geez im a tard today. "Sorry BUT here in the U.S. you are guilty until proven innocent."

 

[zaznet]

[citation][nom]C 64[/nom]It was not by accident that they extracted the passwords from transmitted packets, then accidentally stored them, transmitted them to back google, stored them again (for some months), to have them delivered back to the french courts.[/citation]

You need to read the article again. Google didn't send passwords, they sent hard drives that contained the packet data collected. Those in possession of the drives containing RAW PACKET DATA were able to extract email account details including passwords.

This is why I thought that this whole situation is causing MORE HARM than it is fixing. The drives and data were in the possession of one company and that didn't make them very secure. Now Google is being forced to ship drives full of potentially damaging data to many government organizations who can then do anything they want with this data.

It's a gold mine of data and it's clear that everyone wants to peek into it. So if you've been unsecured using Wifi over the last few years there is a small chance something sensitive is in those drives and will get seen by many eyes you didn't want seeing it.

If anyone was really concerned with the sensitive nature of this data they would have ordered Google to seal the drives and await destruction of the devices rather than dozens of disclosures to dozens of organizations.

 

[dmwright]

[citation][nom]stromm[/nom]Actually, that's a bad example and doesn't compare to what Google did. Mail has an expectation of privacy (at least in the US), mailboxes have to be intentionally looked into as they are a closed environment and mail packages are closed requiring someone to open them to view the contents.A perfect example is: You're sitting in a sports stadium where you can hear EVERYTHING everyone else is saying.This Google incident doesn't correlate to "peeping toms", eavesdropping, wiretapping, mailbox raiding, B&E, theft, etc. None of them.Why? Because the "victim" is a victim of their own stupidity (not even ignorance). They didn't read the manual for their WiFi device or they chose to ignore the warning about securing it. They might as well be standing in their yard and yelling out their personal information.It's not personal information when you broadcast it out for the public. WiFi radio waves are non-directional. There is no expectation of privacy unless you encrypt.I just thought of a better analogy. CB-Radio. You don't hear truckers (etc.) yelling over CB what their ATM number and PIN are.[/citation]

You do have a point. I specifically said mail, because just as you explain, each persons property also has an expectation of privacy. We could argue this point, but in the end, the question is : Where is the line drawn. If you were to go up to my house, and see a note on the door saying "I'm not home" and you entered, it would breaking and entering, and you would be "You would physically be on my property as well", now when I'm broadcasting data, how does this play. It's still my private property, and you would have to collect my data intentionally in order to take it. I do not have much experience with wifi, but from my experience you must login to a specific network in order to use that network. How using amplification to listen in on people's conversation work? Sounds close if you ask me.

On the other hand, it is clear that people should keep their property secure, just as you would your car, if it were in the street or anywhere for that matter. But, then again a Car has a lock, and you would have to "Break" into the car to make it a crime.

But, with today's society, everyone is taking on technology and for the most part, they have no clue how the technology works. (Looks like this is headed into a political debate, i'll stop right here ).