FTC Ends Probe of Google StreetView Privacy Breach 99
GovTechGuy writes "The Federal Trade Commission (FTC) wrote to Google on Wednesday to end its probe into a major privacy breach in which the company collected and stored private user information, such as passwords and entire e-mails, without even realizing it after the search giant promised to improve its privacy practices."
Whoops! (Score:4, Insightful)
Gee, we got caught; better do it differently next time. (After all, there's no penalty).
Re:I'm sure that... (Score:5, Insightful)
I know, it couldn't have anything to do that nothing transmitted in the clear over unregulated frequencies is considered secret in any way, and therefore Google arguably did nothing wrong whatsoever.
It had to be political gaming by CEOs to protect them from Federal legal action for violating... what law again?
Comment removed (Score:3, Insightful)
Re:Still being Sued by Canada (Score:5, Insightful)
Re:Still being Sued by Canada (Score:2, Insightful)
This stupid argument gets brought up every single time by Google fans. Entering someone's home, even if the front door is unlocked, is still an act of trespassing.
Why were they archiving that data in the first place? You really believe that it was just a big, dumb accident? This is Google we're talking about.
Re:I'm sure that... (Score:5, Insightful)
This is how low Slashdot has sunk. Years ago, this site was very pro-privacy. We're now at the point where a company can archive your emails and passwords, claim it was an accident, and get off the hook by promising not to do it again next time--and that's "doing nothing wrong whatsoever" according to the posters here.
No, we're just very pro personal responsibility. If you're broadcasting unencrypted data into the street, reading it shouldn't be a crime. If you don't know how to encrypt your wireless data - even with easily-cracked encryptions, that at least require some deliberate effort to crack - then you shouldn't it be broadcasting it into people's face. If Google were getting this data by cracking WEP, or performing MitM attacks, then I'm sure you'd see people up in arms.
Complaining about this is like complaining that a vehicle equipped with an audio recorder picked up your shouted argument from the street. If you weren't screaming at the top of your damn lungs, nobody would have heard anything.
Re:Whoops! (Score:5, Insightful)
No penalty because there's no outcry. People give Google a pass because Google gives them free email, a free search engine, and a free browser. It doesn't seem to occur to Google's fans that their search and advertising platforms are as closed source and proprietary as Windows, and that all the free services only exist to get people's personal data indexed.
I'm pro-privacy, but this is silly. It's no secret that you pay for Google services by allowing them to target advertising at you. That's their business model and not only do they not make any attempt whatsoever to hide it, they point it out every time they have an earnings call.
I fail to see why those shouting their secrets from a street corner have an expectation of privacy. We are responsible for our own privacy, not Google and not the government.
Re:Without realizing ? (Score:4, Insightful)
without even realizing it
Google sniffing out all this stuff by accident? ! **sneeze** bullshit !
Would it be an accident, it'd even be scarier. It'd mean that the search giant don't know what they're doing.
I don't think you've ever used a sniffer. Google drove around with a wireless sniffer that recorded traffic to a log file. The guys in the van would upload all their logs to a central location where they were parsed to build a database of access point SSIDs and MAC addresses for geolocation. The problem is a sniffer dump contains a lot of raw packet data, more than just the information they needed, because that's what a sniffer is supposed to do; capture all the traffic it finds.
Re:I'm sure that... (Score:4, Insightful)
Uh-huh, and just because someone publishes a publicly accessible webpage available over http doesn't mean you have any right to access it, right? You should be getting written permission to "hack into" their computer by accessing it via publicly-accessible protocols they have explicitly installed and made available?
There are well-documented methods for establishing whether you want somebody to be able to use your connection. Not using them, and then complaining that someone uses it is like bitching that Google indexes your site, because you didn't setup robot.txt.
Re:Without realizing ? (Score:1, Insightful)
My point exactly. You seem to know what you're talking about. So did Google. So it is reasonable to assume that they knew that
A sniffer dump contains a lot of raw packet data.
and that
[it] captures all the traffic it finds
It's a reasonable assumption, but that doesn't indicate any intention to purposefully capture the extra data. It's more likely an engineer didn't anticipate or fully consider the consequences. Maybe they thought the chances of someone using unencrypted passwords over unencrypted wifi while the Google car happened to be driving past and in range were so remote that it didn't bear further examination (clearly if this was the case, they were wrong).
This isn't directed to you personally, but Slashdot is a strange place. On the one hand, there were many here that argued against the extradition of McKinnon since the DOD had done such a piss-poor job of securing their network. They argued that the DOD deserved whatever it got. On the other hand, Google is vilified for this invasion of privacy even though those affected had made no effort at all to make their data private. I don't think we can have it both ways.
Re:I'm sure that... (Score:3, Insightful)
then I hope your car gets stolen tomorrow, because you had the wrong security system fitted and a thief just took your vehicle from right outside your home, even though you'd done everything you were supposed to to keep it secure.
Except in this case, people hadn't done everything they were supposed to do to keep it secure. If my car got stolen because I was too stupid to push the little "lock" button on my keychain, then damn straight I'd deserve it. Likewise, if I hadn't put in a tax return for 10 years, I'd expect to be hammered hard.
This isn't about people not doing absolutely everything perfectly. It's about them not even doing the minimum. WEP has been trivially crackable for ages - but even if people use WEP, I'd be offended if Google had cracked it. It would have shown intent, that they were deliberately trying to capture stuff that people were trying to protect.
Re:I'm sure that... (Score:4, Insightful)
They were using Kismet, which by default captures all unencrypted packets it hears. They forgot to change the default - which, incidentally, is something the WiFi owners are guilty of as well.
It would be different if they changed the configuration in order to capture packets, instead of simply forgot.
Re:I'm sure that... (Score:3, Insightful)
If you buy a "piece of kit", it's your responsibility to learn how to use it safely. Whether it's a chainsaw or a router.
If the kit from the ISP included a manual, than the user should have RTFM. Every wifi router manual I've seen explains how to use WPA or WEP quite clearly in the first few pages. If the manual wasn't included or was unclear, if the user should sue his ISP for leading him to expose his "private stuff".
In real life, I've noticed that even average homeowners seem to have worked this out. About 5 years ago when I turned on my laptop at home I could see 5 or so local wifi router signals, 2 or 3 were unencrypted. Now I can see 7 or 8, maybe one is unencrypted. On local TV there have been a couple of scare stories about how easy it is to snoop on wifi, that probably raised awareness. That's all it needs, not an advanced degree.