Google Street View is in the news again, as the UK’s privacy watchdog is asking fresh questions. As a security-conscious blog-reader, you’re probably aware of this long-running saga.
The bright sparks at Google decided that information about available wireless networks would be a useful additional tool for mobile devices to use when triangulating their position, so as they fulfilled their missions to boldly go where no cameras had gone before, the Google Street View vehicles sniffed the Wi-Fi ether and mapped out the networks they found.
Unfortunately, while doing this, they also captured and stored packets of data from many unprotected wireless networks they encountered. What they thought of as a database of geo-location information suddenly turned into a privacy and security nightmare, potentially full of passwords, usernames and private email data.
Whether reopening investigations – when Google has already accepted that they exercised poor judgment in capturing the data and that they intend to delete the data ASAP is a good use of public resources – is an exercise I’ll leave to the reader.
What would be really great, though, is if this high-profile incident wakes people up to the risks of unprotected wireless networking and the simple steps they can take to protect themselves. If Google could do this, so could any individual or organization with more malicious intentions: and as with so many security stories, this is something against which the ‘victims’ could have easily protected themselves.
Every wireless router on the market today is capable of effectively securing wireless internet traffic so that it is kept away from prying eyes. While my own observations when using Wi-Fi suggest that a higher proportion of home networks are being protected, this proportion is still nowhere near the 100% it should be.
If you control a wireless network at home, make sure that it is protected. If you regularly connect to a public wireless network, perhaps you should also talk to the provider of that network about implementing WPA or a similar security measure. Would requiring a key when users sign up to that network really be that difficult?
Finally, spread the word: as a reader of this blog, I’m sure this is old new to you, but have you done your best to ensure that your granny is as well protected as you are?