Google admits Street View cars collected e-mails, passwords

Google admits Street View cars collected e-mails, passwords

Summary: After analyzing the unencrypted WiFi payload data captured by its Street View cars, Google now admits that the system captured entire e-mails, URLs and even user passwords.

SHARE:
62

After analyzing the unencrypted WiFi payload data captured by its Street View cars, Google now admits that the system captured entire e-mails, URLs and even user passwords.

The admission came in the form of a blog post by Alan Eustace, senior vice president of engineering and research at Google:follow Ryan Naraine on twitter

It’s clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs were captured, as well as passwords. We want to delete this data as soon as possible, and I would like to apologize again for the fact that we collected it in the first place.

"We’re acutely aware that we failed badly here," Eustace added.

Eustace said the company was "mortified" by the discovery that sensitive information was collected when the Street View cars drove through neighborhoods around the world and said Google was making major changes internally to deal with user privacy, security and compliance.

Google had previously admitted to spying on users' WiFi networks and collecting MAC addresses and SSID information.  Some of the data has already been deleted and Eustace said Google will delete the rest of the data "as soon as possible."

Topics: Google, Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

62 comments
Log in or register to join the discussion
  • RE: Google admits Street View cars collected e-mails, passwords

    But these were captured from unencrypted wireless networks, if you leave your network unsecured expect to be wifi-raped.
    explodingwalrus
    • I would EXPECT no demand Google to know what it is

      @explodingwalrus
      doing and to take precautions against the possibilities.

      Pagan jim
      James Quinn
      • Precautions are simple

        @James Quinn
        Usually I read your posts, nod my head in agreement and move on. I mostly agree with this one, too. The thing id, precautions are (would have been) simple and should have been taken. Encrypt/password protect your WiFi. You and I both know that this is simple and a minimally protective step that is also quite effective.

        I agree, precautions should have been taken, but it should not have required Google to make that obvious. If you don't secure your information, you really can't be surprised that someone intercepted it, intentionally or not.
        use_what_works_4_U
    • Google = Goldman Sachs in IT world

      When they approach you with a business offer, run away fast or be raped.
      LBiege
    • RE: Google admits Street View cars collected e-mails, passwords

      @explodingwalrus

      Ahahaha very funny, Google is evil
      neeeko
    • New flash for you

      whether or not I secure my WiFi is irrelevant to the ethics of stealing from me. A thief is no less of a thief because my car was unlocked when he stole it.
      frgough
      • RE: Google admits Street View cars collected e-mails, passwords

        @frgough That analogy is disingenous. You are radiating a signal up to several hundered feet away from you on unlicenced specturm without ANY precautions. Failure of due dilligence applies here. No extrordinary measures were used to gather the traffic, ANYONE with a wifi radio would have the ability to pick that up. Had you employed SOME form of access control, that would say you cared enough about your data, except when facts are exposed - you really dont.

        Back to your car, sure the car was unlocked, but the driving mechanisim ISNT. That still requires a key (encryption for our example here) and that would have to be hacked (broke). Now had you left your keys IN an UNLOCKED car -- well stupidity has its price.
        JT82
      • So what you're saying is

        @frgough
        If I want to sit in my garden and do my banking I should just put a big sign in the window with my account numbers because my neighbors are all good people and wouldn't <i>think</i> of misappropriating that information? You understand that by not using an once of prevention, that is effectively what all these "victims" did, right?
        use_what_works_4_U
      • RE: Google admits Street View cars collected e-mails, passwords

        @frgough basically what you did was walk out side and scream your account numbers from your front porch, not leaving your car unlocked, and if you arent wise enough to secure your own system then you are at fault. In Canada, its actually legal to capture any signal from the air, which is why the satellite companies dont like canada. And its not like you purchased a range of the spectrum expecting others to not use it, you are in the unlicensed range, whatever you send is capturable by anyone who wants it, its your job to make it secure not anyone elses, just another fine citizen who doesnt want to take responsibility for his own actions.
        nickdangerthirdi@...
      • Stealing

        @JT82 Before you steal that car that someone left unlocked with the keys in the ignition and tell the judge that it was the owner's fault - you might want to check with an attorney<br><br>Owner stupidity seems like a "hey if they're dumb enough to do that..." they deserve what they got situation but it's clearly a non-starting argument - even if someone posts their credit card number and CVC code in their window, it's still theft if you choose to use it.<br><br>And Starbucks, Borders, etc. hot spot users - those WLANs are unencrypted.<br><br>What I'd like to know is what the people were doing that passwords, account numbers, emails, etc. were readable by Google - all the websites that I access that need account numbers and/or passwords are HTTPS and the traffic shouldn't be readable with a simple sniffer - you'd have to crack the SSL encryption - not necessarily a big deal if you have the hardware but it's not the innocent "we just received what you were radiating"<br><br>Even my email uses SSL encryption over the wire/air<br><br>Are there that many password (or account number oriented) websites that are not SSL? Or is Google doing more than "innocent" passive reception?
        archangel9999
      • RE: Google admits Street View cars collected e-mails, passwords

        @frgough ...it's not stealing when it's WiFi traffic. the airwaves don't actually belong to you but then you could say the same for a highway and your car theft analogy works great except data packets are a type of conversation that much like the one you lead in a coffee shop with your lover can be heard and broadcast into the world by the nearest listener. it's rude but definitely is not a crime!
        don't be a doofis, encrypt your WiFi...
        lukaslikeswindows
      • RE: Google admits Street View cars collected e-mails, passwords

        @frgough

        This is absurd! The users were blasting out their messages and passwords to the world. Google is apologizing for not better taking steps to deliberately block out the crap people were blasting. The nice thing to do, except of course that they'd probably get even more grief about it, would be to go back to those people's networks and let them know they were blasting out their personal information in plain text and are continuing to do so.
        tkejlboom
      • RE: Google admits Street View cars collected e-mails, passwords

        Bad analogy. <br>Google didn't actively try to collect passwords or private data and, as far as we know, didn't use the information it collected in any way to hurt you or anyone else.<br><br>A better analogy would be: you're with your girlfriend/wife at a public place talking outloud about private matters and expect people sitting/standing near you not to hear what you say.
        Joaquim Amado Lopes
    • RE: Google admits Street View cars collected e-mails, passwords

      And of course .. WE all know that asap means once we have all that we can use.
      rparker009
    • RE: Google admits Street View cars collected e-mails, passwords

      @explodingwalrus While I agree that the users should have taken steps to prevent this from happening it by no means releases Google from responsibility for doing something that they know they shouldn't have been doing. To simplify it to the point that the users should have expected it is like saying you deserve to have items stolen out of your car if you don't lock the doors. We all know you should lock them but that doesn't give somebody the right to take my stuff if I forget to.
      non-biased
  • Still

    Google was knowingly sniffing networks - they had to have. Sorry Google fanbois and girls, but they knew very well what they were doing. You don't "unknowingly" collect 600 Gigabytes worth of payload data and not know about it.<br><br>Also, am I the only one to find "We'll delete the rest of the data - as soon as we can" a little un-nerving?
    The one and only, Cylon Centurion
    • RE: Google admits Street View cars collected e-mails, passwords

      @Cylon Centurion 0005
      I think the "We'll delete the rest of the data - as soon as we can", is because of laws that require them to keep this data for a specific amount of time. I may be wrong, but I remember reading this somewhere. It also explains why they have not deleted the data.
      CPPCrispy
      • With several governmental agencies investigating you

        @CPav The [b]last[/b] thing you want to do is delete any possibly germane information before they [i]all[/i] say it's OK.
        matthew_maurice
      • RE: Google admits Street View cars collected e-mails, passwords

        @CPav Correct, I have read before as well that they have to wait until any and all investigate in that jurisdiction is complete and they are told they can delete the information.

        If this was simply a matter of the property owners fault for not taking steps to prevent it then we would hear about this issue coming up time and time again around the world. Without the code to grab the information the would not have done so, why was in in there if they didn't mean to grab the info whenever possible.
        non-biased
    • RE: Google admits Street View cars collected e-mails, passwords

      @Cylon Centurion 0005
      For me, the "As soon as we can" means "when we have used it for our profit".
      atari_z