Google was capturing your wireless packets

Last month the German government decided that it needed to take a closer look into Google's data collection methods. Google's Street View cars are equipped with wireless antenna's and pick up any available wireless signal along the way. It was originally thought that the Street view cars were just collecting SSID and MAC address to provide location based services to mobile users. It turns out that they were also capturing data from any network that wasn't secured with WEP or WPA.

Google has now confessed, via their Official Blog, "But it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products." They also said that the wireless capturing device changes channels five times a second along with the car being in motion means that the amount of potential data collected was minimal. 

The problem, according to Google, is that their engineers were working on an experimental project in 2006 to collect data over publicly available wireless networks. They transferred the code to the Street View cars to collect the SSID and MAC address for their location services but forgot to take the data collection part out. "As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it."

To address the issue Google will be hiring a third party to review their software and verify the packet capturing portion of the software has been removed, they will also be reviewing internal policies to be sure they are setup to handle situations like this in the future.

"This incident highlights just how publicly accessible open, non-password-protected WiFi networks are today. Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search. For other services users can check that pages are encrypted by looking to see whether the URL begins with “https”, rather than just “http”; browsers will generally show a lock icon when the connection is secure."

Report a problem with article
Previous Story

Ubuntu to drop Firefox for Chrome?

Next Story

YouTube has surpassed two billion daily hits

33 Comments

View more comments

Aergan said,

Quite easily if you have a large code project with many different minds working on it. The focus should be on who didn't flag it up in the code reviews before it went live.

Yep, we would get hammered into the ground if that had got through code review.

They weren't capturing MY wireless packets given that I've never run my wifi without encryption.

If you run an open unprotected wifi you pretty juch deserved this so I don't see it as a biggie.

Punchy McHurt said,

I guess they're assuming people aren't using Chrome, seeing as how they dropped the whole "http" prefix

They only drop http, not https.

TCLN Ryster said,
They only drop http, not https.

yeah, I know... hence why they didn't need to specify the difference between the two... you would see one, but never the other.

They want to drop visibility of a protocol, but then ask you to look for the difference between two of them.

Doesn't matter...

Like I have said on other sites about this:

If your to stupid to not encrypt your wireless you deserve everything that is coming to you. Google is not to blame here. Stupid users are.

necrosis said,
Like I have said on other sites about this:

If your to stupid to not encrypt your wireless you deserve everything that is coming to you. Google is not to blame here. Stupid users are.

maybe, but Google did use code specifically designed for this purpose, and hid it until they were caught... so, I think Google can take some of the blame

Punchy McHurt said,

maybe, but Google did use code specifically designed for this purpose, and hid it until they were caught... so, I think Google can take some of the blame


They do way more than tapping into WiFi connections... I've been saying that since they came out with their Google Voice app...

People are just way to trustful nowadays. They'll take and use whatever Google throws at them, because they have a colorful logo and they are not MS and Apple...

I wonder if they deleted the data, probably not. Google really are suspect, they have no reason to keep everything. They must have got found out so came forward first before someone else spills the beans. It's time for Governments around the world to put their foot down and force companies like Google, Facebook etc. to do better with privacy and data retention. Google search records for example don't get fully anonymized after a certain amount of time, why is that ? Others get the full treatment, like Bing and Yahoo. Archiving the data serves no purpose but Google keep it for some reason which I find rather sneaky.

Correct me if I am wrong, but they were only collecting the SSID and MAC addresses of the wireless network/router.

They make it sound like they were running packet sniffers on incoming/outgoing data for devices connected to the routers in peoples homes. As far as I can tell this is not true.

There is no difference from this, or someone driving down the street with netstumbler running..

xendrome said,
Correct me if I am wrong, but they were only collecting the SSID and MAC addresses of the wireless network/router.

They make it sound like they were running packet sniffers on incoming/outgoing data for devices connected to the routers in peoples homes. As far as I can tell this is not true.

There is no difference from this, or someone driving down the street with netstumbler running..

From the article:

Google has now confessed, via their Official Blog, "But it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products."

It was more than SSID and MAC info.

xendrome said,
Correct me if I am wrong, but they were only collecting the SSID and MAC addresses of the wireless network/router.

They make it sound like they were running packet sniffers on incoming/outgoing data for devices connected to the routers in peoples homes. As far as I can tell this is not true.

There is no difference from this, or someone driving down the street with netstumbler running..

Here's the last sentence to the first paragraph "It turns out that they were also capturing data from any network that wasn't secured with WEP or WPA."

Which means if you were looking up child porn at the time of the Street Viewer car driving by your house and you had an open wifi connection it might have copied some of that data along side your SSID,MAC, and what ever "else" their code collected... This falls under War Driving which is illegal yet Google will get away with it by saying "We didn't realize that the experimental code was injected into the Street View Car by accident"..

If I did it or as iamwhoiam stated "If it had been a Joe user that did this, people would be up in arms over it, and that person would most likely be spending time in jail."

Edited by Morphine-X, May 17 2010, 12:03pm :

This also brings up another question... When did Google find out that the code collected all this information? Did they realize what happened when the German Government mentioned something and they took a deeper look? Or did they find out some time ago and just never let anyone know about it..

Its not simply a case of, if the network is open then accessing it is ok. Similar to leaving your home / car door. Just because they are unlocked and open doesn't mean you can nip in a take whatever you want. Is it stupid and naive to leave your wifi, car/home door open of course it is and some providers in the UK now ship their wifi routers with passwords already configured.

REM2000 said,
some providers in the UK now ship their wifi routers with passwords already configured.

Not some, all but the dumbasses put WEP as default.

alfaaqua said,
Not some, all but the dumbasses put WEP as default.
WEP, which can automatically be hacked in less than 30 seconds.

Edited by pickypg, May 17 2010, 3:35pm :

Yes, people should take responsibility for their wireless networks but guess what? You don't have to protect/encrypt your wireless network for it to be wrong and illegal for anyone else to use it without your permission. Yes, even Google that insists it does no evil. Just because Google could see open wireless networks does not mean they have the right to use them. But that certainly won't stop them for making these "mistakes".

I don't see the problem here.. if I find a non protected WiFi network and I need it to read the newspaper online, I just use that internet..
People just don't have to be that stupid not to protect their internet access!
Btw it is dangerous as well not to protect it as their are viruses especially made so they get transferred by non protected routers..!

Given how easy it is to break all the normal wireless encryption protocols, the real idiots are those that use them and think it offers them any protection.

This is why I use VPN.

Well, capturing the wireless signal is not a major issue as long as your wireless is encrypted and password protected. However, Google is collecting a lot of information. I wonder if I will find my laundry on Google earth, or maybe they capture our pants too! Drives me insane to be honest, but oh well; electromagnetic fields ftw!

Not Really Believing a word of this. sounds like some novelist (probably found from a google ad) came up with a scape goat story

Google=Big Brother

Like always, Google has no justified reason to be doing this, except for being buddies with the FBI.

I'm sure everyone here would be ticked if Russia, China or Iran was over in America capturing our wireless signals and photographing every part of the country.

you guys are trippin. you try to actively collect packets from a single network while driving 20+ MPH down a street, i guarantee you'll get maybe 2 packets at most, if even able to lock on to the station before it's out of range.

More FUD and scare mongering by the uneducated.

I am not worried about this.

SirEvan said,
you guys are trippin. you try to actively collect packets from a single network while driving 20+ MPH down a street, i guarantee you'll get maybe 2 packets at most, if even able to lock on to the station before it's out of range.

More FUD and scare mongering by the uneducated.

I am not worried about this.

I can agree partly, except for the fact that apparently the reason Google is in trouble in Germany is that they drove up some guy's private drive so they could get within range of his wifi, there's a story on Neowin about it a few pages back.

Commenting is disabled on this article.