Following the unintended collection of payload data from open WiFi networks performed by the cars mapping streets for Google Street View, Google claims that there is no reason to worry because they have collected only fragments of payload data.
“Our cars are on the move; someone would need to be using the network as a car passed by; and our in-car WiFi equipment automatically changes channels roughly five times a second. In addition, we did not collect information traveling over secure, password-protected WiFi networks.”
They blame the situation on a piece of code that is included in the software used – code that was included by mistake. Google stopped the Street View cars as soon as they discovered the fact, has proceeded to isolate the data in question and is taking steps to delete it suitably. It even decided to stop the cars from collecting any kind of WiFi network data for good.
Google has also decided to view this occurrence as a wake-up call and announced that, starting this week, they will start providing an encrypted version of Google Search. It is still not clear if it will be the default or just an option.
Earlier this year, in the wake of the infamous Aurora attack, Google decided to make HTTPS access for Gmail a default, and the Gmail Engineering Director commented at the time that “using https helps protect data from being snooped by third parties, such as in public wifi hotspots. We initially left the choice of using it up to you because there’s a downside: HTTPS can make your mail slower since encrypted data doesn’t travel across the web as quickly as unencrypted data. Over the last few months, we’ve been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do.”
Obviously, the time has come when security is starting to be more important than cost or a small increase in waiting time.