[LINK] google misdeeds and Australia's Privacy Commissioner

Richard Chirgwin rchirgwin at ozemail.com.au
Tue Jun 22 15:59:26 AEST 2010 

Craig Sanders wrote:
> On Tue, Jun 22, 2010 at 11:53:44AM +1000, Jan Whitaker wrote:
>   
>> "Australian banks use secure internet connections and my Office is not
>> aware of any instances where banking information has been collected,"
>> she said.
>>
>> [so what? What about other passwords to other services? Again, she is
>> being very limited in her perspective. Is this ignorance or continued
>> siding with corporations instead of the general public's interests?
>>     
>
> or maybe she just takes her job seriously enough that she doesn't want
> to get forced into a witch-hunt by hysterical and ignorant mobs.
>
>
>
>
> BTW, for those who haven't seen it yet:
>
> http://erratasec.blogspot.com/2010/05/technical-details-of-street-view-wifi.html
>
>     Wednesday, May 19, 2010
>
>     Technical details of the Street View WiFi payload controversy
>     Posted by Robert Graham at 12:38 PM
>
>     The latest privacy controversy with Google is that while scanning
>     for WiFi access-points in their Street View cars, they may have
>     inadvertently captured data payloads containing private information
>     (URLs, fragments of e-mails, and so on).
>
>     Although some people are suspicious of their explanation, Google
>     is almost certainly telling the truth when it claims it was an
>     accident. The technology for WiFi scanning means it's easy to
>     inadvertently capture too much information, and be unaware of it.
>
>     This article discusses technically how such scanning works.  
>
>     [...]
>
>     Some people have accused Google of lying, and for having some
>     nefarious purpose for gathering these packets. However, anybody who has
>                                                    ^^^^^^^^^^^^^^^^^^^^^^^^
>     experience in WiFi mapping would believe Google.
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
> pretty much what i've been saying all along.  their explanation is credible.
> you have to ignore how the technology actually works and indulge in some
> conspiracy theory thinking (against the advice of occam's razor) to find
> any reason to disbelieve them.
>   
Craig,

There is one supposition in the Errata Security document which needs 
discussion.

Two statements are key here:
> The technology for WiFi scanning means it's easy to inadvertently 
> capture too much information, and be unaware of it.
...and...
> The way a packet-sniffer works is to turn off the MAC address check. 
> All packets received by the WiFi radio are kept in the system, then 
> saved to disk.
Ignoring whether or not there was a "corporate intent" on Google's part 
to do the wrong thing, Errata Security is assuming that it's okay to use 
a sniffer on somebody else's network, without their permission. I agree 
with its assessment of the behaviour of the technology, but would 
maintain that sniffers need permission from network owners, and probably 
always have done.

RC
>
> and read the rest of the article...it's well worth reading.
>
> craig
>
>

More information about the Link mailing list