UNLIMITED SHITTING ON GOOGLE THREAD :-D

[Shibboleet The Annihilator]

No Tzip. You are the Google.

...and then Tzip was a Google.

[P3nT4gR4m]

No Tzip. You are the Google.

...and then Tzip was a Google.

[Triple Zero]

NO! I MUST KILL THE GOOGLES

[P3nT4gR4m]

Black Googles are still Googles 

[Captain Utopia]

Have you ever used Protocol Buffers?  It's the architecture/platform/language independent protocol Google apparently uses to transmit and store all data on its own internal systems.  A "message" may be the fields XYZ, and the really powerful thing is that you can write another application which only cares about fields X+Z, and you don't even need to parse around the Y field - you can just ignore it as if it wasn't there.  Of course, if you use a single API call to store the message in BigTable, then Y will still be there.

So yeah, I can quite easily believe that some engineer on his 20% time wrote some code to work with wireless networks, and because everything has a hook into protobuf/bigtable, another team just used the original sniffing code without modification and wrote another program to use the legitimate fields they were interested in.

"The idea that this was a work of
a lone engineer doesn't add up"
Simon Davies, Privacy International

But all of the above is speculation.  PI are an advocacy group, and have an agenda to increase awareness of privacy issues.

My question is -- even if it was a stupid mistake like reading an extra two bytes at the end of an SSID, is it worth getting upset about?  I mean - is the issue of privacy worth making a public example out of Google, when there are are many more rampant (albeit less media-friendly) abuses out there?  How do you measure the "harm done" when deciding upon the "punishment"?

[Captain Utopia]

Oh wait, there is a detailed report.  Briefly skimmed:

• "gstumbler" is was an internal/experimental program from 2006.
• It rotates through sniffing 5 channels/sec, capturing a mix of header and payload packets.
• It parses the headers for MAC and SSID info and ignores the payload data.
• If a command-line flag is set to "false", it records unencryped payload data.
• All command-line flags (except in bizarre situations) default to "false".
• There is an internal Google API call called InitGoogle(argv[0], &argc, &argv, bool) which provides default command-line arguments based upon the application name.  This is the first call made in main().
• For streetview, another team took the code, made minor modifications, renamed it "gslite", but didn't add the required command-line option to avoid capturing unencrypted payload data, or modify the InitGoogle database to copy over the settings for "gstumbler".
• Time passes
• A Google employee discovers this, and Google (instead of just quietly deleting the data), make a public announcement.
• Hilarity ensues

[P3nT4gR4m]

Fictionpuss STFU! You're almost making it seem like you think google aren't the biblically prophesied antichrist come to kill us all and steal our immortal souls. Have you any idea how ridiculous you sound?

[Captain Utopia]

Sorry for the thread-jack, feel free to split 

[Triple Zero]

So yeah, I can quite easily believe that some engineer on his 20% time wrote some code to work with wireless networks, and because everything has a hook into protobuf/bigtable, another team just used the original sniffing code without modification and wrote another program to use the legitimate fields they were interested in.

"20% time" is a Google PR lie, btw.

All people I asked who work at Google never heard of this thing and are just supposed to do their job all the time like everybody else, no such thing as having 20% of your paid time to spend on personal projects.

But all of the above is speculation.  PI are an advocacy group, and have an agenda to increase awareness of privacy issues.

So? Do you disagree with that? Don't you think privacy is incredibly important?

My question is -- even if it was a stupid mistake like reading an extra two bytes at the end of an SSID, is it worth getting upset about?

Absolutely. And I'm dead serious. They keep nibbling on our privacy from all sides and edges and it's really about damn time we just put a stick in the sand and show it matters to us.

I mean - is the issue of privacy worth making a public example out of Google, when there are are many more rampant (albeit less media-friendly) abuses out there?

Yes. The issue of privacy is worth a whole lot more things.

Also the way you phrased that statement makes it sound like you think Google is somehow something worth protecting? Something that is somehow unique and not entirely replaceable? Something that humanity wouldn't be better off if it was burned to the ground and something new and more open and more human-friendly built in its place?

Remember, this is a truly faceless company, one that has no problem simply refusing to pay out $126,000 of honest earned money to someone using Google Checkout, without offering as much as a human on customer service to speak to. Realize that? Sometimes I wonder if Matt Cutts isn't secretly a robot or something.

And this global phantom, went into our streets, our physical personal space, on a massive scale, and not only took photographs but also sniffed our private wireless data.

No I don't care if it was a mistake. The scale on which they developed the StreetView project demanded enough sinecura that this should simply have not have happened.

You can bet they tested to death all other features of the StreetView software. What if all the GPS data happened to be misrecorded and scrambled? I'm damn sure they tested all those scenarios to make sure the StreetView software was doing what it was supposed to be doing before they massively sent them out into our neighbourhoods. But apparently they did not care enough to check and test if they might have been doing some things they were not supposed to be doing. And the simple fact that they didn't care enough, makes me angry, and makes me think it's worth making a huge stink out of. Even if it was just a few bytes.

And thanks for the link to that report, I'm going to read it. From your skimming, it seems they fucked up and neglected to check if they were doing conform to privacy regulations. I dunno about the US, but in Europe we got privacy laws, and those are just as serious as any other laws. Not something you toss aside carelessly. And if you accidentally the entire wireless into a database, you broke the law. Simple as that. A lot of other EU corporations have to bend backwards to adhere to these laws and Google is no exception just because they're shiny or something.

[Captain Utopia]

So yeah, I can quite easily believe that some engineer on his 20% time wrote some code to work with wireless networks, and because everything has a hook into protobuf/bigtable, another team just used the original sniffing code without modification and wrote another program to use the legitimate fields they were interested in.

"20% time" is a Google PR lie, btw.

All people I asked who work at Google never heard of this thing and are just supposed to do their job all the time like everybody else, no such thing as having 20% of your paid time to spend on personal projects.

Ha! It doesn't sound so appealing now:

Code Select Expand


As a motivation technique (usually called Innovation Time Off), some Google engineers are encouraged to spend 20% of their work time (one day per week, usually weekends in practice) on projects that interest them.

Here - code some shit for us, we'll still own the rights, but we'll let you code it on your weekend!  They definitely spun it as being widespread, and a perk.

But all of the above is speculation.  PI are an advocacy group, and have an agenda to increase awareness of privacy issues.

So? Do you disagree with that? Don't you think privacy is incredibly important?

Actually, not really.  Though that personal opinion does seem to be in the minority.

My question is -- even if it was a stupid mistake like reading an extra two bytes at the end of an SSID, is it worth getting upset about?

Absolutely. And I'm dead serious. They keep nibbling on our privacy from all sides and edges and it's really about damn time we just put a stick in the sand and show it matters to us.

Okay - but when the establishment tries to make "an example" out of an individual, we cry foul.  E.g. the can't-get-tutition-if-you've-been-caught-with-pot law in the US.

I mean - is the issue of privacy worth making a public example out of Google, when there are are many more rampant (albeit less media-friendly) abuses out there?

Yes. The issue of privacy is worth a whole lot more things.

Also the way you phrased that statement makes it sound like you think Google is somehow something worth protecting? Something that is somehow unique and not entirely replaceable? Something that humanity wouldn't be better off if it was burned to the ground and something new and more open and more human-friendly built in its place?

Remember, this is a truly faceless company, one that has no problem simply refusing to pay out $126,000 of honest earned money to someone using Google Checkout, without offering as much as a human on customer service to speak to. Realize that? Sometimes I wonder if Matt Cutts isn't secretly a robot or something.

I'm not going to try to excuse or explain away bad deeds, especially when I know nothing about them    I will say, though, that Google customer service seems to suck generally.

I think there's some credit to be given in that Google proactively disclosed that they had fucked up on the data collection.  I can't imagine Microsoft doing that, can you?  Perhaps that's a loaded example -- I can't imagine any other companies owning up to a mistake which they could just brush under the rug without anyone knowing any better.

You can bet they tested to death all other features of the StreetView software. What if all the GPS data happened to be misrecorded and scrambled? I'm damn sure they tested all those scenarios to make sure the StreetView software was doing what it was supposed to be doing before they massively sent them out into our neighbourhoods. But apparently they did not care enough to check and test if they might have been doing some things they were not supposed to be doing. And the simple fact that they didn't care enough, makes me angry, and makes me think it's worth making a huge stink out of. Even if it was just a few bytes.

The document shows a few dozen fields spread out over a handful of message types.  It makes sense that they'd test that the data they expected to record was there.  It makes sense that they wouldn't test for the data they didn't expect to be there.  It's bad QA, but if you've got encapsulated data going into a database, it's not going to be obvious if you've got a couple extra bytes here and there.

And thanks for the link to that report, I'm going to read it. From your skimming, it seems they fucked up and neglected to check if they were doing conform to privacy regulations. I dunno about the US, but in Europe we got privacy laws, and those are just as serious as any other laws. Not something you toss aside carelessly. And if you accidentally the entire wireless into a database, you broke the law. Simple as that. A lot of other EU corporations have to bend backwards to adhere to these laws and Google is no exception just because they're shiny or something.

I think they're trying to find wiggle room in the US, but yeah, they're fucked elsewhere.

I just have some sympathy for Google since it looks to me like an unintentional fuckup which lawyers and privacy groups are just going to roast them over for the sake of making a high-profile example of their cause.

But... it just increases the chance that the next time a smaller company does something similar, they'll just cover it up rather than face going out of business.

[Requia ☣]

Remember, this is a truly faceless company, one that has no problem simply refusing to pay out $126,000 of honest earned money to someone using Google Checkout, without offering as much as a human on customer service to speak to. Realize that? Sometimes I wonder if Matt Cutts isn't secretly a robot or something.

So when Google violates the law Google is bad, but when somebody doing business with Google violates the law (failure to ship items ordered when expected by the customer) and Google responds appropriately, Google is bad?

[Hoser McRhizzy]

Just adding 2 cents to an interesting thread.

It's been talked about here before, but one problem is that business practices are creating norms and laws on or about communications, whether of people or ideas (I'm currently trying to stop calling it data or content).  Google getting away with this would further normalize a 'it was just a few seconds – what do you have to hide' practice.  Anything that remakes the point that marketing/governmental surveillance is overthefuckingtop gets applause from me.  Hoping PI do well with this.

My question is -- even if it was a stupid mistake like reading an extra two bytes at the end of an SSID, is it worth getting upset about?

Absolutely. And I'm dead serious. They keep nibbling on our privacy from all sides and edges and it's really about damn time we just put a stick in the sand and show it matters to us.

Okay - but when the establishment tries to make "an example" out of an individual, we cry foul.  E.g. the can't-get-tutition-if-you've-been-caught-with-pot law in the US.

Here's where it all falls down for me.  I think there's a massive difference between corporations/governments and a person.  And denying any person the right to an education based on their criminal record?  Egregious.  Creating laws that people can appeal to when they're censored and surveilled by otherwise faceless and unaccountable corps?  Totally worth doing.  It sounds pedantic at this point, but context still matters.

That said,

No Tzip. You are the Google.

...and then Tzip was a Google.

^this^ is brilliant. 

[Hoser McRhizzy]

More background (from a few days before PI released its statement).  I didn't know they'd banned the cars.

Austrian Data Protection Authority (DSK) placed a temporary ban on Google's Street View cars, The DSK intends to sanction the collection of private data from unencrypted wifi networks and therefore wants to see changes to the EU data protection directive in this regard.

"If there is no EU legislation, we are planning a national law," stated State secretary for media Josef Ostermayer.

This reaction comes after Google failed to observe the deadline of 27 May imposed by Germany's Hamburg data protection authority to hand over such data that the company admitted to have gathered accidentally by its Street View system.

Google missed the deadline imposed by the German regulator arguing it needed more time to consider the possible legal fall-out for sharing such private data with the government.

DSK said that all collection of data or use of previously gathered information by Google Street View in Austria would be banned until it received from Google "a precise technical description of its data-collection activities by 7 June 2010," as well as an answer to a detailed questionnaire.

More from EDRI: Austria puts more pressure on Google Street View.

[Captain Utopia]

Just adding 2 cents to an interesting thread.

It's been talked about here before, but one problem is that business practices are creating norms and laws on or about communications, whether of people or ideas (I'm currently trying to stop calling it data or content).  Google getting away with this would further normalize a 'it was just a few seconds – what do you have to hide' practice.  Anything that remakes the point that marketing/governmental surveillance is overthefuckingtop gets applause from me.  Hoping PI do well with this.

From a technical perspective, this is more like your toddler swiping a chocolate bar in the checkout line, returning it when you find out, and the store then prosecutes you for it.

Yes - laws were broken, and Google are legally responsible for everything they do - but if context is unimportant, and it's the principle-of-privacy which must be worshiped, then that seems like a step backwards to me.

My question is -- even if it was a stupid mistake like reading an extra two bytes at the end of an SSID, is it worth getting upset about?

Absolutely. And I'm dead serious. They keep nibbling on our privacy from all sides and edges and it's really about damn time we just put a stick in the sand and show it matters to us.

Okay - but when the establishment tries to make "an example" out of an individual, we cry foul.  E.g. the can't-get-tutition-if-you've-been-caught-with-pot law in the US.

Here's where it all falls down for me.  I think there's a massive difference between corporations/governments and a person.  And denying any person the right to an education based on their criminal record?  Egregious.  Creating laws that people can appeal to when they're censored and surveilled by otherwise faceless and unaccountable corps?  Totally worth doing.  It sounds pedantic at this point, but context still matters.

If I thought it was intentional rather than a fuck-up, or if Google had used the data for profit (or even accessed it in storage), or if they had tried to cover it up instead of voluntarily disclosing their error... then I'd have a completely different stance on this issue.  But I can't agree with persecuting anything just because it makes a convenient poster boy for a cause.

[Placid Dingo]

If 20% time = 20% of the time you're getting paid to work, it should be on projects of personal interest, then problem = ???.