| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 110262 | 2010-06-09 21:48:00 | Web Giant Google Faces NZ Police Probe. | Trev (427) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1108600 | 2010-06-10 11:49:00 | I would like to advise the people who think they have something to worry about with regard Google driving past, Google is the least of your worries. The Privacy Commissioner should be charged with wasting Police time. :thumbs: |
Chilling_Silence (9) | ||
| 1108601 | 2010-06-10 12:01:00 | Talk about making a mountain out of a mole-hill !! Google (through Gmail) has access to millions of complete emails a day (not just snippets as here) - is anyone investigating that ?? They might be reading them all !! What about Xtra and Telstraclear ? who is silly enough to trust them with their e-mails?? let's complain about that - what is the name of that police officer ?? This relates to the data that google collected from peoples wifi connections. It caught the data from those connections. All they were supposed to do was collect the wifi IDs, not the data. Sure you could say that these people deserved to have their data downloaded as they didn't secure their wifi. However you could also say that someone deserves to be robbed if they don't lock their house. But thieves would still be charged for stealing from a house that was unlocked. Remember that the music and film industry classify copying data (eg. mp3s avis) as theft. Google is a private company, so they can't do anything they want. I think it is a good idea that it is all questioned. In the future you may see small remote controlled drones flying above your house taking photos, which will be a lot more intrusive. |
robbyp (2751) | ||
| 1108602 | 2010-06-10 19:53:00 | For those terrified of the google thing just ditch your wifi and go to a fully wired setup, it's not that hard to do and you don't have to worry about people out wardriving alternatively as others have said set up wpa2 encryption | gary67 (56) | ||
| 1108603 | 2010-06-10 20:03:00 | Talk about making a mountain out of a mole-hill !! Google (through Gmail) has access to millions of complete emails a day (not just snippets as here) - is anyone investigating that ?? They might be reading them all !! What about Xtra and Telstraclear ? who is silly enough to trust them with their e-mails?? let's complain about that - what is the name of that police officer ?? There's a difference though - you agree to Google and other ISPs keeping record of and accessing your emails and other personal data when you sign up for their services and tick "I agree" to their terms and conditions. The controversy is around Google secretly capturing WiFi payload data without making their intentions public. If you've ever phoned a large call centre, they often have an automated message saying "this call may be recorded for .... purposes" because they are legally required under the Privacy Act to announce their intentions to "capture data" - in this case your phone call. If Google had been up front before sending their StreetView cars around the country and said they would be capturing x, y and z, then they would probably be fine. |
somebody (208) | ||
| 1108604 | 2010-06-11 02:41:00 | How on earth do you "accidentally" write a program which gathers data packets on unsecured networks?Extremely easily. ANY of the following could result in such a situation: Use code from some other project, and forget to change the bit that collects payload data. Write a program to collect WiFi frames and forget to add a line to drop the payload. Accidentally drop some other part of the frame instead of the payload. Accidentally collect the payload instead of some other part of the frame. I personally think that (2) is the most likely, noting the analysis of the source code. It seems the method they were using was "collect the whole frame, and then throw out the bits we don't want", but forgot to throw out the unencrypted payload data (encrypted frames are processed differently). The first option is also quite likely. I find it extremely hard to believe that the skilled developers at Google "mistakingly" built a feature into their StreetView vehicles which not only captured...It wasn't a feature to capture payload data - it was a feature to capture and store WiFi frames minus some select bits of content. Unfortunately not every piece of data that was intended to be discarded actually was discarded. ...vast amounts of data from unencrypted networks...They didn't capture vast amounts of data, they captured a negligibly tiny amount of data. Over the *entire* global dataset, the amount of captured payload data was only some 600GB. That's nothing. It's also worth noting the following: The capture frequency was changed 5 times per second, which means that the *maximum* amount of data that could be captured is however much payload data was sent in 200ms. Assuming your network was going flat-out at the time, and it was the only network on its particular frequency, the theoretical maximum possible amount of data that could have been captured is 1.35MB * seconds in range (54MBits/sec / 5 / 8 * secs). Realistically, that number will be far lower. There can also be no contiguous data fragments larger than 1.35MB. Payload data was only stored from unencrypted networks. Payload data was only captured when data was actually being transferred oevr the network. Everything else would have been beacon or keepalive frames. ...but also stored it and sent it back to HQ.Why is this surprising? It wasn't stored distinct from everything else, it was just another part of the data dump, which contained everything else that was *supposed* to be stored and sent back to HQ. This would have been a feature which was planned, developed, and tested before being deployed.Can you back up that claim? Based on the available evidence, I'm not sure how that makes sense. ...it is not uncommon for people to have highly sensitive data stored on their PC in documents and spreadsheets, which they could be transferring from machine to machine. Google could have taken sensitive data, digital intellectual property, etc. etc.Very true. It's unlikely they have many complete files, but definitely plausible that they have a few. Consider this - if you leave your front door open, you put yourself at risk of having something stolen from your house. Does it mean burglary is ethical or legal? No. If you leave your WiFi network unencrypted, you put yourself at risk of people being able to see what you're doing on that network. This is essentially the same thing.It's not the same thing at all. With the front door open, the thief actually has to enter. With a WiFi network, it's being broadcast to the world. A more accurate analogy would be sunbathing naked on a remote beach. It's unlikely anyone will see you, but if they do then it's your own fault. It's also not possible to avoid seeing the naked sunbather - you have to first know they are there to avoid looking at them (e.g. deliberately discard payload data). The non-payload data being gathered is essentially the same as someone writing down a description of each front door they walk past. In the future you may see small remote controlled drones flying above your house taking photos, which will be a lot more intrusive.That happens now. The high-altitude drones are satellites, the lower-altitude ones are helicopters and planes, often paid for by your city council. As an example, take a look (in Google Earth) at the copyright notice on most of the close-zoom images of Wellington. Guess where they came from. If Google had been up front before sending their StreetView cars around the country and said they would be capturing x, y and z, then they would probably be fine.They were perfectly upfront when asked. They thought they were doing x and y, so when they were asked what they were doing they said "we're doing x and y". Unfortunately at the time they didn't realise they were doing z as well - it's a little hard to say you're doing something when you don't even realise you're doing it. |
Erayd (23) | ||
| 1108605 | 2010-06-11 02:47:00 | :thumbs: well put! | Chilling_Silence (9) | ||
| 1108606 | 2010-06-11 02:53:00 | That happens now. The high-altitude drones are satellites, the lower-altitude ones are helicopters and planes, often paid for by your city council. As an example, take a look (in Google Earth) at the copyright notice on most of the close-zoom images of Wellington. Guess where they came from. Christ I just zoomed into Wellington like you said and and noted 12v has an anti aircraft battery on his back lawn. |
prefect (6291) | ||
| 1108607 | 2010-06-11 07:16:00 | Extremely easily . ANY of the following could result in such a situation: Use code from some other project, and forget to change the bit that collects payload data . Write a program to collect WiFi frames and forget to add a line to drop the payload . Accidentally drop some other part of the frame instead of the payload . Accidentally collect the payload instead of some other part of the frame . I personally think that (2) is the most likely, noting the analysis of the source code . It seems the method they were using was "collect the whole frame, and then throw out the bits we don't want", but forgot to throw out the unencrypted payload data (encrypted frames are processed differently) . The first option is also quite likely . I'm not convinced . The fact that they've differentiated between encrypted and unencrypted data suggests there was intention to store the unencrypted payload . Correct me if I'm wrong, but from what I understand, if they only wanted to collect SSIDs and MAC addresses then there wouldn't really be much difference between encrypted and unencrypted networks in terms of how they get that data . It wasn't a feature to capture payload data - it was a feature to capture and store WiFi frames minus some select bits of content . Unfortunately not every piece of data that was intended to be discarded actually was discarded . Again, I find it hard to believe that bright engineers at Google would have let such a mistake slip - it's not like all of Street View's data was captured in a week or so . . . they had months if not years to discover that they'd "accidentally" collected more data than they intended to and rectify it . They didn't capture vast amounts of data, they captured a negligibly tiny amount of data . Over the *entire* global dataset, the amount of captured payload data was only some 600GB . That's nothing . It's also worth noting the following: The capture frequency was changed 5 times per second, which means that the *maximum* amount of data that could be captured is however much payload data was sent in 200ms . Assuming your network was going flat-out at the time, and it was the only network on its particular frequency, the theoretical maximum possible amount of data that could have been captured is 1 . 35MB * seconds in range (54MBits/sec / 5 / 8 * secs) . Realistically, that number will be far lower . There can also be no contiguous data fragments larger than 1 . 35MB . Payload data was only stored from unencrypted networks . Payload data was only captured when data was actually being transferred oevr the network . Everything else would have been beacon or keepalive frames . Assuming your worst case scenario, 1 . 35MB is still a lot of data . Let's say a realistic number is just one quarter of that . . . and even that is a lot of credit card numbers, social security numbers, dates of birth, etc . To say that there's a chance that they were unlucky and didn't get anything valuable, because there was no data being transferred at the time, is just a lame excuse . Can you back up that claim? Based on the available evidence, I'm not sure how that makes sense . The short answer is I don't have any physical evidence, because I don't work for Google . But . . . for a company of that size they must have very rigorous processes in place to avoid this sort of embarrassment . Any piece of software they develop which is due to be used around the world, particularly in countries with very strict privacy laws, would have undergone extensive testing before being released into production . Even if it slipped past all of these checks and balances, they spent years capturing and analysing data for Street View, during which further checks and balances should have picked this up . Very true . It's unlikely they have many complete files, but definitely plausible that they have a few . You don't need complete files . You only a fraction of a megabyte to get somebody's full name, date of birth, social security number, credit card number, etc . etc . Likewise, you only need a few lines of text to get the gist of someone's commercially sensitive algorithm or formula . It's not the same thing at all . With the front door open, the thief actually has to enter . With a WiFi network, it's being broadcast to the world . A more accurate analogy would be sunbathing naked on a remote beach . It's unlikely anyone will see you, but if they do then it's your own fault . It's also not possible to avoid seeing the naked sunbather - you have to first know they are there to avoid looking at them (e . g . deliberately discard payload data) . . If you don't make an effort to intercept that data which is being broadcast, you don't "see" it in any meaningful way . Leaving your front door open, people could walk past and do nothing - a bit like being exposed to unencrypted WiFi transmissions, or walking past someone sunbathing naked - but not capturing it . Taking the next step and actually capturing it is equivalent to a thief entering your house and taking something, or someone walking past taking a whole heap of photos and discarding ones where people are covered by a towel because they can't see what's underneath . The non-payload data being gathered is essentially the same as someone writing down a description of each front door they walk past . That happens now . The high-altitude drones are satellites, the lower-altitude ones are helicopters and planes, often paid for by your city council . As an example, take a look (in Google Earth) at the copyright notice on most of the close-zoom images of Wellington . Guess where they came from . Correct . I don't think the Privacy Commissioner is overly concerned about the capture of SSIDs etc . , rather it is the payload data which is of concern . They were perfectly upfront when asked . They thought they were doing x and y, so when they were asked what they were doing they said "we're doing x and y" . Unfortunately at the time they didn't realise they were doing z as well - it's a little hard to say you're doing something when you don't even realise you're doing it . Same comment as I made earlier - I find it hard to believe that somebody at Google didn't know what was happening, and if by some stroke of bad lucky they genuinely didn't know about it when gslite was written, that it would take so long for the "mistake" to be discovered . |
somebody (208) | ||
| 1108608 | 2010-06-11 08:22:00 | Good its about thime this was taken into account. As soon as google street view was made available there was nothing worse than someone I never met before telling me what they could see in my garage/garden and they live 5,000 miles away. Invasion of privacy yes if I wanted to have a big worldwide popular website in my back yard I would have put in a webcam myself. | coldfront (15814) | ||
| 1108609 | 2010-06-18 19:40:00 | infoworld.com | Renmoo (66) | ||
| 1 2 3 4 | |||||