That said, I read the article more as 'yet another reason this whole compelling third parties is an issue' sorts of reasoning as opposed to this is some new threat that we didn't know about. The author points out it has been covered in lots of places. The argument is that more for the folks who aren't thinking they are affected by this because they aren't dissidents or people of interest (yet).
For my specific setup, it's something of a moot point. With my home office and router at the front of the house, a distance enough to include the back yard will also include a fair chuck of the street. It may be close enough that I'd notice the suspicious vehicle, though.
The idea that the parent poster was trying to point out is that at the point the feds are within 100 ft of your house in a truck or 1000 yards but targeting your house with an antenna, they'll find a way. How secure your Wifi password is irrelevant. At that point they've probably tapped your phones.
Actually, this is what amuses me in the whole privacy affair. So a bunch of companies were using and abusing your data to target ads at you and shape your news stream so that it's more addictive, and people were cheering. A government (still mostly democratic, though not from my non-US perspective) is revealed to snoop on people illegally and people rage. I don't actually question the rage – but I see the complacent acceptance of the private companies using the same data as amusing.
A large part (not whole, though) of what NSA does is taking your stuff from the place it already shouldn't have been. We're complaining about a fireplace in a burning forest.
I don't mind getting targeted ads, I prefer them to spam ads.
Then the NSA/GCHQ/BND scandal hit and (at least as far as I can tell) now completely overshadows that former concern.
Your curt response oversimplifies the situation to the point where an uninformed reader could mistakenly believe the situation has no impact. Your comment should be read in the light of an engineer not only completely missing the point, but an example of the danger of this type of engineering analysis.
Minor technical decisions that "make sense" sometimes have severe technical repercussions.
As do actors other than Federal agents.
The only thing WiFi passwords are good for is to prevent your neighbors from using your network and using up all of your bandwidth (which would slow down your network access) and preventing drive-by spammers/hackers from doing things which you might then get blamed for.
The nice thing about using WEP is that if someone does end up using my network for something nefarious and I end up holding the bag for it, I (or an expert witness) can point out that WEP is known to be vulnerable in court giving me an out.
- Until they argue that the default encryption level on routers now is WPA/WPA2, so by enabling WEP you were actively lowering the security level.
- Until they argue that your technical background means that you should have known better that WEP is crackable.
WPA2 is in fact quite secure if you're careful about your passkey and who you give it to.
Heck, in many countries, wifi routers actually use WPA2 with a pregenerated shared key, which is a good 24 chars long and fully random. Incredibly easy to guess or crack! (its very, very hard to crack.)
While it certainly could be the crowd I hang out with (not all of which are techies, mind you), but I've never met anyone who uses WPS.
- http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup#Security
The problem is with the PSK variety, mainly that it's susceptible to offline dictionary attack: about 5% of actual WPA2-PSKs can be easily guessed [1].
There is stuff in the works to fix this though. My favorite is EAP-PWD [2]. It's resistant to offline dictionary attacks, it has perfect forward secrecy and it's already supported by Android. Basically, it's what WPA2-PSK should have been.
In the mean time, if you're security conscious just set a long random PSK or configure e.g. EAP-TLS. Both will give you strong security against pretty much any attacker.
Most of the problem is that passwords are either easy for computers to crack or hard for humans to remember. The middle ground has disappeared as computational power has increased.
There are a few problems with all PSK schemes that make internal attacks problematic. Anyone who sniffs your initial handshake and knows the master PSK can read your traffic. There's a lack of mutual authentication. Having a scheme where each device registers its own password with the AP would probably be better.
Other than that, it's generally a good solution, why do you feel it needs replacing?
Search for it there is a list of routers that are better than others. With WPA+WPS we are mostly back to WEP days where any kid with a laptop and some googling skills can get access to many wireless networks.
Google's business model is based on aggregating that information and gaining value out of the data, mostly in the form of advertising. As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again. This is why they publish videos saying that no-one can ever walk out of a Google data centre with a hard drive.
I continue to use the services I use because I find the benefit I gain from them, more useful than the potential risk of exposure.
Should these secrets be encrypted? If they were, it would be possible for Google to steal your key if they wanted to. This is the same kind of perception problem that led to the Chrome team being hauled over the coals in public for not encrypting saved passwords. They have to be available to be useful, but people would rather perceive they weren't available.
Just out of curiosity, how would we know even if a secret was let out to, say, the NSA or US Govt? Because (a) Google isn't allowed to legally acknowledge it and (b) US LEOs will use "parallel construction" to obscure the fact that they obtained such secret information.
Moreover, if you're not a US citizen, even lesser chances of ever coming to know what information is being handed over/intercepted by the US Govt. If Presidents of countries can be targeted for surveillance, no reason a common person cannot.
Please note, I am not saying Google was specifically guilty of passing on info to the NSA in these cases, but just that, even if they were forced to, there's no way the affected users would come to know.
Link: http://worldnews.nbcnews.com/_news/2013/09/02/20291489-snowd...
You cannot prevent that some entity will have private data about you, once you start using mainstream online services whose focus is on mainstream issues like ease of use, portability of data and seamless access from multiple devices.
Ensuring that the legal frameworks we live within have strong privacy laws makes more sense to me, because what are the realistic options for any of the mayor tech players right now, when they face a data request from the US goverment other than fighting it in the courts? (which they do)
Moving all Google employees to Iceland or some asian country and closing all offices in the US/Western Europe? Closing down any service that collects private data?
And the smartest thing to do, whether you are the NSA or some other foreign government or any entity that holds that information, is to keep quiet about it. The less others know that you know something, the more power you have.
For that reason, it is unlikely that we will see these powers used by the NSA, or other government. It is in their best interest to hold on to that data as secretly as possible and as restrictively as possible, to avoid the chance of others getting a hold of the data. Snowden if anything has only given the NSA and all others who hold the information that we do not know about reason to be careful open even mentioning that they have the data, to anyone.
I used to think this but now I'm not so sure. With the way services like FB and others slowly change settings, Sony gets hacked and other data breaches, news about govt spying etc, I wonder whether the mass public is suffering from Learned Helplessness [1]. After all, what alternatives do most people really have?
I guess there are similar incidents happening at almost all cloud providers, but even if detected by the company, we don't hear about them because they're really bad PR. All they come up with is, "trust us, things are secured". And no one cares anyway because Gmail, Docs and Outlook.com are slick and convenient.
if we know that people at the NSA were passing around phone sex calls by US troops, do you really want to keep trusting that no-one at Google will ever do anything problematic w/ yr data?
edit: to be clear, I use Google services all the time & store a lot of confidential data w/ them. but there need to be institutional (whether at Google or outside it) safeguards that go beyond trusting a company as a whole to always behave in a way compatible w/ its own rational self-interest.
To me, that level of naivety with respect to operational security is just baffling. All it takes is one unscrupulous person in the right place at Google and those convenient, "free" services could end up costing millions. It isn't like the people in the finance industry have a reputation for being upstandingly moral either.
> if we know that people at the NSA were passing around phone sex calls by US troops, do you really want to keep trusting that no-one at Google will ever do anything problematic w/ yr data?
Already happened: http://gawker.com/5638874/david-barksdale-wasnt-googles-firs...
I am not a fan of Google, but I feel that in Larry Page's era few things are sacred when it comes to making money. Maybe a Googler decides to read some Goldman Sachs' trader emails, or Google in general can sell trend data. Who knows?
They have (IMO) ruined search and destroying any trust in its fairness, yet they are a monopoly, have a lot of goodwill and nothing is happening. So far.
There are belated efforts by google to encrypt the traffic between its data centres, but its basically too late.
Really? Because from what I've seen, the general public (including companies) would just continue using it without caring.
CyanogenMod is on my list.
EDIT: Oh, and "backing up" my contacts without asking me. That made me livid, that's the height of arrogance. And yet I still use Android.
I wonder if all of this recent Google-bashing is really just a symptom of something larger. People are suddenly waking up to the obvious-in-hindsight realization that simply giving their data to a third party involves a certain amount of trust.
The reason people don't seem to be ganging up on Facebook, Apple, etc. in a similar way is because they never really earned that faith. Take Facebook: from the very start their founder was known to consider their users "dumb fucks" for entrusting him with their privacy.
In my opinion, the fact that Google went out of their to, and generally succeeded at earning that trust is a good sign. It shows they take the matter seriously.
All American companies operate under the same rules. If you've taken the position that all American companies are not to be trusted, fine. But if you haven't, wouldn't Google's history make them one of the more trustworthy ones?
Apple encrypt WiFi passwords and never store them in plain text – not on their servers and not on the device. The encryption requires your login password to decrypt which Apple also don't store in plain text on their servers (although it is accessible on the device if you don't use a PIN or password, it is not backed up to iCloud).
The reason why this allegation is levelled against Google: they don't encrypt backups and they don't encrypt WiFi passwords on the device.
A little more specifically about iOS WiFi passwords: the Keychain (which is where WiFi passwords are backed up on iOS and the Mac) is AES encrypted and requires your login password (or your Apple ID password) to decrypt. Unless Apple is also stealing plain text versions of your login passwords (there's no indication that they are) then it is not possible for Apple to read your WiFi password. Yes, theoretically, they could steal your Apple ID password too but there's no indication that they do (and they've talked about the exact security on Apple IDs following the developer.apple.com breach recently).
Apple makes its money from selling you new hardware every year or two - they need to make you lust after slick, shiny things every keynote.
Google makes its money from knowing about you, mining that data and converting that into advertising clicks - they need to collect as much information about you as possible.
Which means that the same pieces of data have different value to the two companies.
(Of course, Facebook follows a similar model to Google)
Not really. We only learned of FB's attitude to privacy when they started changing defaults and were being sued by the Winklevoss bros. Otherwise, we may never have known what he thought of his early users.
Apple never claimed "Don't be evil" as a motto and they do appear to care more about security. There is encryption in some of their products (even though they can likely still gain access - a point that is made in the article). Arguably, they've done more than Google to demonstrate that they care about my data.
See a couple of months ago (the context is iMessages but the level of implicit trust is the same): https://news.ycombinator.com/item?id=5943778
But I do agree that it's a form of UI-fail that there is no legitimate way for a user to recover his own passwords.
Google also knows your Google account password. If you can decrypt the data using any deterministic function of your Google password, then so can Google, so there's no additional security gained. They probably already store your wifi password encrypted -- it's just when the device asks for it, Google decrypts it and sends it back to you. So in all likelihood, they're already doing what you want.
They could have done it by asking the user to provide a new unique password that would have to be entered on each new device. That would provide additional security as only the device could decrypt the password. However, (a) because such a password would only be used once or twice a year at most, no one would remember it and the whole feature would be useless, and (b) you still have to trust Google to not send the password after the device decrypts it, and if you trust the OS vendor to not backdoor the OS, you might as well trust them to not backdoor their own servers to access the same data.
Security is always a trade-off.
I didn't use last pass until recently when keeping a difficult password on every site became a major pain given that countless numbers of password enforcing rules are there on the web some requiring at least one caps, some enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave up on it. Every damn time I had to reset password on services I use less frequently. But now I don't. Although LastPass claims that they keep the passwords encrypted and they themselves can not read them. But I don't believe them. Login to lastpass.com. Click your vault on top right corner. Click the pencil against any site in the list. Click the 'show' link in front of password field. And your password is staring at you in plain text. And it has been accessed at lastpass.com. Once they start storing master passwords, or once someone cracks their hash you are done with. But there is no simple and easy alternative. To get the job done we need to make these sacrifices.
This is a simple version of how it works, your master password isn't sent to lastpass, just an encryption key which is created with your email address and master password. On the website this is done client side with javascript. When you click on the pencil icon, you are reading the decrypted file, which you have decrypted on your own computer, with javascript.
Since Google has misused access to WIFI hotspots to slurp data it's a little bit more worrying.
Since it's probably personal information it's also probably covered by data protection laws in some countries.
As long as I expect them not to overload my wifi too much, I'm perfectly happy with google or FBI or KGB or friends or random strangers to use have that wifi password.
If wifi routers were good at traffic shaping / quality of service tech, I'd put no passwords at all on wifi devices - if a neighbour wants to browse some web, then it's a good deed to make it easier.
The operative question is: when someone signs into a Google account on an Android device, and without any notification whatsoever the device sends his passwords to Google - which is what happens - has there been a meeting of the minds? Are both parties in agreement about what the deal is here?
Data backup is opt in and there is a pretty screen in the setup to enable it if you want
OK, when NSA goes physically near my home, they can connect to my WiFi and secretly use my internet connection.
That's not really what I am concerned about.
SSL should be assumed as broken for defence against government surveillance but it still keeps the most common attackers out.
(Disclaimer: I work for Google, but if I had an iPhone I'd want the same functionality.)
This is not necessarily true - they could encrypt this data so that it requires a user password to read, and transmit these settings for client-side decryption. They probably don't though, and in all likeliness can read your WiFi password.
MSCHAP is not good enough anymore either.
If you use a VPS, you can (will) be owned by your VPS provider and any Internet provider your traffic goes through.
If you use colocation or self host, you will have to live without or self host/mantain/develop many alternatives for usual tools AND you can (will) be owned by all the internet providers your traffic goes through.
Not a very nice scenario.
I was once visiting my friends house in the English midlands. I had been there once before, but this time I had to find the way there myself.
I managed to get the entire way to his street, but then I realized that I had forgotten his house number. He didn't pick up his phone, and I didn't want to knock on every door on the road. I was lost.
Then I realized that the previous time I had visited, I had logged on his wifi. It was from a different phone, but with Google's sync all my old wifi passwords had been synced. I didn't remember the name he had given it, but I could walk along the road until I suddenly connected.
Saved the night.
Evil Google, disguising the 'Can we steal your password button'
Frustrating then that it's so hard for users to reveal the password being used by their phone to connect to a WIFI hotspot.
Are you saying Google's using this for gain, or for any reason? Is there any evidence whatsoever to suggest that this data has ever been accessed by a Google employee ever, for any purpose whatsoever?
Slight tangent, but the difference between "can" and "does" is a vast one I don't think people are getting, with all these privacy issues coming about these days. Here's a scary thought: any person who owns a gun/car/knife/taser/baseball bat can kill someone else with it. They could do it.
Unless it "does" happen, and there's evidence that it happened, they don't get in trouble.
What Google can do is almost endless. What it does do is what matters.
That's not obvious. It's possible, common, and dare I say a "best practice" to store stuff like this encrypted. To be decrypted only on the device.
Also, wifi passwords, Oh my!!! Security wise you should treat your wifi network as open whether it is or not. I.e. isolate it, firewall it, do not trust it.
Marry the Geo-location, SSID, phone owner and passwords and you've got real information for the authorities. On Everyone.
Why not? I see 'back up my settings' and I assume it means everything. For a computer security reporter to clutch his pearls and say 'I certainly did not' makes me wonder why he think he's qualified to write a column on this subject. Strictly outrage bait.
Just having a reliable set of millions of real world passwords is invaluable - they'd be useful for brute-forcing other hashed password files.
Not sure why the author assumes most Android users would enable this feature... unless he didn't realize it was an option on the initial setup.
For home use - who cares? It would be a sizable mission to make use of the password...and that would get them what? A couple of lolcats and my skyrim saved games? Nice.
google must work with the NSA and must give them access to everything, but all is secret because FISA Laws.
Which i am sure they are willing to share if just pushed a little.
