Google also knows all the secrets of General David Petraeus, or anyone else that uses Gmail. And everything you've (secretly) searched for.<p>Google's business model is based on aggregating that information and gaining value out of the data, mostly in the form of advertising. As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again. This is why they publish videos saying that no-one can ever walk out of a Google data centre with a hard drive.<p>I continue to use the services I use because I find the benefit I gain from them, more useful than the potential risk of exposure.<p>Should these secrets be encrypted? If they were, it would be possible for Google to steal your key if they wanted to. This is the same kind of perception problem that led to the Chrome team being hauled over the coals in public for not encrypting saved passwords. They have to be available to be useful, but people would rather perceive they weren't available.
The author is worried about WiFi passwords? If you trust that your WiFi is secure in general, you're in trouble. WPS is horribly insecure, for example, and that's what most home users use. Most user-chosen passwords are incredibly easy to guess for another. The better thing to do is to assume that your network traffic is always under surveillance (since the NSA is tapping Tier1 network providers), and to encrypt everything, or use network protocols which encrypt everything.<p>The only thing WiFi passwords are good for is to prevent your neighbors from using your network and using up all of your bandwidth (which would slow down your network access) and preventing drive-by spammers/hackers from doing things which you might then get blamed for.
Your WiFi password is only useful for someone who is within 100 feet of your house. If you have federal agents surveilling you from 100 feet away you have way bigger problems than your WiFi password.
Funny story:<p>I was once visiting my friends house in the English midlands. I had been there once before, but this time I had to find the way there myself.<p>I managed to get the entire way to his street, but then I realized that I had forgotten his house number. He didn't pick up his phone, and I didn't want to knock on every door on the road. I was lost.<p>Then I realized that the previous time I had visited, I had logged on his wifi. It was from a different phone, but with Google's sync all my old wifi passwords had been synced. I didn't remember the name he had given it, but I could walk along the road until I suddenly connected.<p>Saved the night.
This very same point could be made against Apple, for instance, but there hasn't been a single comment to that effect in any discussion of this article.<p>I wonder if all of this recent Google-bashing is really just a symptom of something larger. People are suddenly waking up to the obvious-in-hindsight realization that simply giving their data to a third party involves a certain amount of trust.<p>The reason people don't seem to be ganging up on Facebook, Apple, etc. in a similar way is because they never really earned that faith. Take Facebook: from the very start their founder was known to consider their users "dumb fucks" for entrusting him with their privacy.<p>In my opinion, the fact that Google went out of their to, and generally succeeded at earning that trust is a good sign. It shows they take the matter seriously.<p>All American companies operate under the same rules. If you've taken the position that all American companies are not to be trusted, fine. But if you haven't, wouldn't Google's history make them one of the more trustworthy ones?
Security is about tradeoffs. How bad would it be if someone else got this information? How helpful is it to me to give it to this third party? Wireless passwords are a huge pain: visit someone's house, ask them for their password, and then feel guilty while they look through various papers to find a long string of hex digits which are so annoying to enter on the phone. This pain makes the tradeoff well worth if for me (and I suspect for nearly everyone) when balanced against the low risk of Google doing something nasty with the saved passwords.<p>(Disclaimer: I work for Google, but if I had an iPhone I'd want the same functionality.)
Are wifi passwords considered a security issue? I treat it the same way as a flimsy lock on a garden shed - I'd prefer both the shed and wifi to be open, but there's a formal "lock" to keep out teenage pranksters and drunks.
when i read the title, i though "really?! how?" then i read the article and realized any time i have restored my android phone, then entered my Google account, it automagically connects to all access points i usually use (home, work, other office, etc)...
"On an HTC device, the option that gives Google your Wi-Fi password is "Back up my settings"<p>Evil Google, disguising the 'Can we steal your password button'
For convenience, most people won't opt out of it. Most people won't bother at all. Google employees(or even NSA if you don't do anything illegal) coming to your home/office to use your WiFi is a joke! Only the paranoid ones are perturbed by these kinds of revelations, and they are ready to face the inconvenience caused.<p>I didn't use last pass until recently when keeping a difficult password on every site became a major pain given that countless numbers of password enforcing rules are there on the web some requiring at least one caps, some enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave up on it. Every damn time I had to reset password on services I use less frequently. But now I don't.
Although LastPass claims that they keep the passwords encrypted and they themselves can not read them. But I don't believe them. Login to lastpass.com. Click your vault on top right corner. Click the pencil against any site in the list. Click the 'show' link in front of password field. And your password is staring at you in plain text. And it has been accessed at lastpass.com. Once they start storing master passwords, or once someone cracks their hash you are done with.
But there is no simple and easy alternative. To get the job done we need to make these sacrifices.
> And, although they have never said so directly, it is obvious that Google can read the passwords.<p>Frustrating then that it's so hard for users to reveal the password being used by their phone to connect to a WIFI hotspot.
What does that mean? "Google knows"? That data exists in a database owned by Google, or that Google actively farms that data and makes use of it?<p>Are you saying Google's using this for gain, or for <i>any</i> reason? Is there any evidence whatsoever to suggest that this data has <i>ever</i> been accessed by a Google employee ever, for any purpose whatsoever?<p>Slight tangent, but the difference between "can" and "does" is a <i>vast</i> one I don't think people are getting, with all these privacy issues coming about these days. Here's a scary thought: any person who owns a gun/car/knife/taser/baseball bat <i>can</i> kill someone else with it. They <i>could</i> do it.<p>Unless it "does" happen, and there's evidence that it happened, they don't get in trouble.<p>What Google can do is almost endless. What it does do is what matters.
And in addition to that they have the audacity to not make them accessible to the user! No way to look up your own wireless password in your phone, i.e. to tell a guest, thats just ridiculous.
> backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.<p>That's not obvious. It's possible, common, and dare I say a "best practice" to store stuff like this encrypted. To be decrypted only on the device.<p>Also, wifi passwords, Oh my!!! Security wise you should treat your wifi network as open whether it is or not. I.e. isolate it, firewall it, do not trust it.
I do not agree with the statement that users aren't aware of if their settings are being backed up. It is one of the options that users get when setting up Google account on any Android phone.
It's completely ridiculous that Google "backs up" passwords in clear text without encrypting them. Mozilla does that properly in their Sync service. So why can't Google do that?
Does MAC filtering at the router level help at all? If the backup option is turned on, does Google also save your MAC addresses? If not, that seems like a good start to prevent someone from connecting to your network, even if they know the password. Obviously this won't help for public hot spots, but I always assume that public hot spots are already open to anyone.
What if you are connecting to a Wi-Fi network using MSCHAP or MSCHAPv2? Does Google now know my domain login and password? That seems like a huge gaff.
IM(Paranoid)O, it puts the "inadvertent" collection of SSIDs while driving down every street taking pictures for Google View into a new context. They gave a simply implausible explanation that this data was recorded "inadvertently". (No, fitting all those vehicles with the equipment and software would cost serious money!)<p>Marry the Geo-location, SSID, phone owner and passwords and you've got real information for the authorities. On Everyone.
<i>And, anyone who does run across the setting can not hope to understand the privacy implication. I certainly did not.</i><p>Why not? I see 'back up my settings' and I assume it means everything. For a computer security reporter to clutch his pearls and say 'I certainly did not' makes me wonder why he think he's qualified to write a column on this subject. Strictly outrage bait.
Why all the NSA crap in this thread? You don't need to add in a government agency to make this treasure trove of passwords valuable or dangerous. One day, this data will leak out, and then there will be trouble.<p>Just having a reliable set of millions of real world passwords is invaluable - they'd be useful for brute-forcing other hashed password files.
> And, although they have never said so directly, it is obvious that Google can read the passwords.<p>This is not necessarily true - they could encrypt this data so that it requires a user password to read, and transmit these settings for client-side decryption. They probably don't though, and in all likeliness can read your WiFi password.
When you buy a new Android phone, during the first setup it asks you if you'd like to enable this feature. I've always click "no".<p>Not sure why the author assumes most Android users would enable this feature... unless he didn't realize it was an option on the initial setup.
If you're running an actual corporate network then a wifi password had better not be the sum total of the protection.<p>For home use - who cares? It would be a sizable mission to make use of the password...and that would get them what? A couple of lolcats and my skyrim saved games? Nice.
The author must not realize that Google's "customers" are advertisers, not Web searchers or Android users. Why is the government having the data more scary than just Google having it, if we're going to be upset about it ...
While the idea of Google knowing every wi-fi password is bad, they already know everything you search for and they also have a very good idea about all the websites you visit. So ...
802.11x/EAP-TLS have been around for ages and are well supported on most hardware... As long as Google aren't collecting private keys _and_ usernames/passwords.
I am not sure why is this such a problem.<p>OK, when NSA goes physically near my home, they can connect to my WiFi and secretly use my internet connection.<p>That's not really what I am concerned about.
It's troubling to see this, but I've always used MAC Filtering on my home network on top of WPA2 to limit what devices can connect to my network.
That mean, that the NSA know all passwords too?<p>google must work with the NSA and must give them access to everything, but all is secret because FISA Laws.
when did settings and data become vague terms precisely? sure people might not make the connection that their wifi password is both a setting and some data... do we really need to be alerted to this? although maybe a little info box or something with details of exactly what is sent might be appreciated by the power user...
It's only been in the last few years that home wifi routers came with passwords by default. Before that, they defaulted to open access with no password.
Not sure what the author is after here. I mean he's not breaking any news, he admits as much, he also links to some of the articles that were published weeks ago that do a better job of discussing the security/convenience trade offs. Seems like he missed the furore at the the time and decided to compensate with a woefully inaccurate and baiting headline.