Google’s WiFi data collection using Street View cars turned out to be yet another privacy blunder. Alan Eustace, Senior VP at Google, admitted that the software which collected information about open WiFi networks didn’t discard payload data. In a post from April, Google said that “networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data”.
Google will now have to find a way to destroy all this data, which might include personal information. “As soon as we became aware of this problem, we grounded our Street View cars and segregated the data on our network, which we then disconnected to make it inaccessible. We want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it,” explains Google. The software used to collect data about WiFi networks was Kismet, “an [open-source] 802.11 layer2 wireless network detector, sniffer, and intrusion detection system”.
Open WiFi networks aren’t secure, so it’s a bad idea to use them for sending confidential information, but Google should’ve discarded all the data packets. They weren’t necessary and storing unencrypted traffic data is a big privacy problem.
The good news is that, starting next week, Google Search will have a SSL-encrypted version at https://www.google.com. Google will become the first important search engine that offers this option.
Update: San Francisco Chronicle says that “about 600 gigabytes of data was taken off of the Wi-Fi networks in more than 30 countries” and that “Google has been vacuuming up fragments of people’s online activities broadcast over public Wi-Fi networks for the past four years”.