Skip to main content

Oopsie! Google Accidentally Harvested WiFi Data

Google today admitted that, in the years that it's been photographing the streets of the world for Google Maps, it has also been unintentionally collecting payload data from open WiFi networks and public hotspots. The revelation came after the German Data Protection Authority asked to audit the WiFi data collected by the Google Street View cars.

Alan Eustace, Senior VP, Engineering & Research today said that during that review the search giant discovered that a statement it sent to data protection authorities (and in an earlier blog post) was incorrect. On April 27, Google sent out a technical note that stated that, while the Street View cars did collect publicly broadcast SSID information and MAC addresses, they did not collect payload data. However, it seems that is not actually the case.

 "… it’s now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products," said Eustace.

Eustace goes on to assure us that typically, Google would only have collected fragmented payload data because:

"Our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second."

The accidental data harvesting is attributed to a mistake made in 2006. Four years ago, an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data. Eustace says that a year later, when Google's mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, it included that code in their software—although the project leaders did not want, and had no intention of using, payload data.

Google says to maintain the users' trust, it will be asking a third-party to review the software issue, how it worked and exactly what data was gathered. Additionally, this third-party will also be checking to see that Google deleted the data appropriately. There will also be an internal review of procedures to ensure that should something like this ever happen again, Google will be able to handle the issue properly.

Eustace signs off with an apology from the engineering team at Google.

"The engineering team at Google works hard to earn your trust—and we are acutely aware that we failed badly here. We are profoundly sorry for this error and are determined to learn all the lessons we can from our mistake."

  • chickenhoagie
    yeah..finally caught and now they decide to call it a mistake. but it was only from non-secured wifi. anyone can get info off that so who cares. I guess if you don't want people carelessly taking your network info then its a good idea to use a bit of security encryption! Derrrr.
    Reply
  • socrates047
    this doesn't really bother me cause lets be realistic if google want to fuck u over u think ur wifi password is gonna stop them. I'll just let the paranoid people take this one.
    Reply
  • NeeKo
    All of them collect data about us, its how they make money!
    Reply
  • descendency
    I kan has ur deytuh?
    Reply
  • Kelavarus
    I'm still slightly confused as to how this seems so 'bad' when anyone could do it to any network if they were close enough...
    Reply
  • leafblower29
    I call BS.
    Reply
  • zybch
    Anyone one else just plain not trust Google anymore? This combined with them keeping your search (and advertising) data for 3 years is just plain creepy.
    Also, it pays to remember that EVEN IF your wifi is secured, google still recorded the MAC address of your router.
    Reply
  • eddieroolz
    Interesting. So they did collect it after all.

    Which means my Google has my network's SSID as well...
    Reply
  • proxy711
    zybchAnyone one else just plain not trust Google anymore? This combined with them keeping your search (and advertising) data for 3 years is just plain creepy.Also, it pays to remember that EVEN IF your wifi is secured, google still recorded the MAC address of your router.Doesn't bother me one bit. have fun with my router info...i mean really what can they even do with / or would want to do with that data? steal my bandwidth? they're google they don't need to do that.
    Reply
  • myrddral
    this is a good lesson for everyone to encrypt their connection and to use a password.
    i could do the same and noone could blame me bacause they are BROADCASTING and VOLUNTARILY sharing their data. there's a choice that makes a big difference.
    Reply