In 2011 I discussed how I was giving Google the benefit of the doubt regarding their harvesting of open WiFi data, and that it was consumer network hardware manufacturers that should be working to protect consumers. I was… at least partly wrong!


From my Google's non-existent whitelists… exist post I wrote on the 11th of March 2011:

Take the street view controversy. While I think Google engineers were short sighted by not closely studying the source code of the software they put on their trucks and drove around the world, I don’t believe they did it maliciously.

Unfortunately, we now know that isn't true. From Stilgherrian:

So, you know when Google’s Street View cars, the ones taking photos down every street, were also accidentally scooping up people’s unencrypted Wi-Fi traffic? Turns out the engineer who wrote the software did it deliberately, and his boss knew he did.

The European Union isn't impressed, and may reopen their case against Google. To quote John Gruber:


The infamous Linksys WRT54G

But the networks were open!

Back when this controversy started and people were blaming Google for stealing people's data, I read an equal number of posts from other bloggers blaming people for having open wireless networks in the first place. I acknowledged this:

These signals were being broadcast in the open, and while the scale of Google’s downloading may warrant further scrutiny, it skips the real issue that people are still broadcasting unencrypted data out of their homes for anyone to gain access to.

Still, I didn't go as far as to blame consumers.

Rather than blaming consumers (which is always an easy thing to do) however, I place the blame on network hardware manufacturers for selling devices that didn’t make this clearer.

Unfortunately, we now know in hardware manufacturers attempted to make security easier for consumers by implementing WPA2 standards, and in the process introduced a security vulnerability so severe it bypasses the otherwise strong encryption used by them. All of course except Apple, and I remember people chewing me out for having a Airport Extreme base station… heh ;D.

Regardless, there are a lot of issues at play here, not least the ethics of some Google engineers. Any company can/does have rogue players, but the key is transparency. Only disclosing this now rubs me the wrong way, a little.