Google's WiFi Slip... Wrong blame for shame
Tuesday, June 29, 2010 at 9:18AM Rather abuzz in the tech news lately, is the apparent wrong doing of Google and their efforts to map the world using WiFi networks and GPS. Why is everyone freaking out over the apparent "theft" of personal information? Did Google step over some line in the sand? or is this a good wake up call to the people with unsecured WiFi?
Let's discuss...
Recap
Ever wonder how when you use Google Maps, you can often see a very helpful "street view" of your location? Well Google uses a set of vehicles (yes even bikes) to capture some information about where they are driving in the world. Collecting images, GPS coordinates, and WiFi header packets that provide the SSID and MAC address of WiFi networks. The SSID is the identifier of your wireless network (The name you pick in your connection), and the MAC address is the unique identifier of the access point (a fingerprint). Using all this data, Google then creates their street view maps and helps map out the world's networks.
So where's the wrong?
Well your wireless network can either be secured, or unsecured. Meaning that the traffic running over the network is either sent "in the clear" (unsecured) or as psudorandom noise (secured). Most WiFi routers you buy today default to unsecured, because most average people do not know how to log into their WiFi router, change the SSID, and enable security. Something us geeks take for granted, it's really not as easy as we think!
So if you have a unsecured router (you don't enter a password when you first connect) all of the data (web addresses, passwords, emails, etc) that you send is just floating out in the clear for all to see! Kind of like how you have a radio, and if you tune it to the correct station you can hear music, same idea but with you passwords! Not a great thought isn't it? On the flip side, with a secured network, the same data is first scrambled and then all you can "see" in the sky, is junk.
Google used an open source application called Kismet which is a tool to grab wireless information for various ends. In general this tool is used to see the signal strength and determine locations of WiFi access points around you. By default this tool saves unsecured WiFi data that it sees, and does not save secured data (because it is basically impossible to read without a great deal of effort). Google mistakenly did not disable the "save data" setting, and thus captured all unsecured data when it was mapping.
So Google has my data!?
Yes and no. Yes if you were sending data over your unsecured (shame on you) WiFi network, but Google wasn't interested in this data, they just wanted to map locations to improve their mapping software. Depending what you were doing that faithful day when the Google truck drove by, Google could have a couple of web address, a password or two, or nothing. The issue is that this information was being sent in the clear to begin with, and passive collection of this data without intent to use it, is not illegal. Now it is illegal to actively collect the data with the INTENT to use it for evil purposes, remember intent is a large part of illegal activity.
Here is a rather relevant example of how unsecured WiFi works.
You hear your neighbors having an argument. They are yelling loud enough for you to hear them and all the "juicy" details. Is it illegal that you are listening in to their argument by your window? No, although it is rather nosey of you. This is the same idea as how unsecured WiFi works, it is "yelled" out for all to hear within earshot, because that is how it works. The fact that I walk by with my laptop open running a program like Kismet because I am trying to map how far my WiFi signal goes, and I happen to capture a couple of your packets of data because I have the application running, is not illegal. The same as Google driving by mapping the global network so to speak.
Google sniffed my packets and I'm MAD!
Well... It is annoying that your email password could have been picked up by Google, but look at it this way, Google has no interest in your email password or whatever you were doing at that time online, hell if you are already an avid Google user, Google probably already knows a lot more about you! If you think that you are going to sue Google like Oregon, remember that unless you can prove that Google caused damages to you, just being annoyed that your traffic got captured is not enough to win the case.
If this happened to you, I would take it as a good lesson in securing your WiFi, think of it as a "lucky break" that Google did this and will not be using this information. Imagine if a hacker was roaming your city, sniffing your traffic and saw your banking login information? Take this time to secure your WiFi, and don't be mad at Google, they made a mistake, yes they shouldn't have collected this data, they could have done a better job with the code they used (read more about the third party who verified the mistake), but think of how useful Google Maps is, and how much easier it has become to navigate the world with it!
Google's WiFi Slip... Filtered
- Google mistakenly collected some unsecured WiFi information while mapping the planet
- Multiple countries including the US are investigating
- Securing your WiFi is a necessity! This is a good example of how it could be worse!
- Google has said they mistakenly gathered this information, and that they are deleting it unless being asked by a country not to. (read about the delete)
- Countries like Germany can actually fine you for not securing your WiFi





