Focusing On Google Getting Emails & Passwords Via Data Collection Misses The Point: Anyone Could Have Done It
from the total-overreaction dept
Today, Google put up a blog post detailing some of the steps it's taken to better protect privacy, and at the bottom (on a Friday post, no less) the company tries to sneak past the "admission" that in finally going through the data (highlighting, again, that it was really unaware it had this data before) that while it was mostly fragments, in a few instances it did have full emails and passwords. This should not be a surprise. If you understand the technology of what was happening, it would collect mostly useless fragments of info, but if it was passing by at the time that someone was transmitting something like that in an unencrypted format, then of course it would collect that bit of info.
Of course, the press immediately pounced on that one key point, and all the articles this afternoon are trumpeting the fact that Google collected emails and passwords and making that the lead of the story.
But here's the important point that none of them seem to be pointing out: Anyone could have gotten the same information. I could open up my network connections where I am right now, and see half a dozen or more open WiFi networks. I could connect to any of them, just sitting here, and snarf down any open data for however long I wanted, and I'm sure sooner or later, I'd pick up some emails and passwords from some users who didn't bother to encrypt and who were using websites that weren't encrypted. That's the thing: this data is out in the open for anyone to take. Google didn't "hack" anything, or do anything particularly different than what tons of people could easily do this very second.
The problem isn't that Google got an occasional bit of openly transmitted info, it's that people are still transmitting such data in the open anyway. In an age where so many people think that just having encryption on your computer is a sign of evil, the real problem is that people aren't being taught to encrypt all of their communications. If that was standard, then Google never would have been able to do what it did... and neither could anyone else.
So for everyone slamming Google for this bit of data collection, why are you not complaining about the fact that someone who actually had nefarious intent can sit at the corner store right now and do the same thing without anyone ever realizing it?