{"id":1120,"date":"2010-06-10T12:09:33","date_gmt":"2010-06-10T20:09:33","guid":{"rendered":"\/?p=1120"},"modified":"2010-06-10T12:15:20","modified_gmt":"2010-06-10T20:15:20","slug":"gstumbler-tells-all","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1120","title":{"rendered":"Gstumbler tells all"},"content":{"rendered":"

The third party<\/a> commissioned by Google to review the software <\/a>used in its Street View WiFi cars has completed its report, called\u00a0Source Code Analysis of ‘Gstumbler’<\/a>.\u00a0 I will resist commenting on the name, since Google did the right thing in publishing the report:\u00a0 there\u00a0will no longer be any ambiguity about what was being collected.\u00a0<\/p>\n

As we have discussed over the last week, two issues are of importance – collection of device identity data, and collection of payload data.\u00a0 One thing I like about te report is that it has a begins with a a number of technical “descriptions and definitions”.\u00a0 For example, in paragraph 7 it explains enveloping:<\/p>\n

“Each packet is comprised of a packet header which contains network administrative information and the addressing information (or “envelope” information) necessary to transmit the data packet from one device to another along the path to its final destination.\u00a0 Each packet also contains a “payload” which is a fragment of the “content” of the communication or data transmission sent or received over the internet…”<\/p>\n

It explains that in 802.11 packets are encapsulated in frames, describes the types of frames and presents the standard diagram showing how\u00a0a frame is structured.<\/p>\n

\"\"<\/p>\n

Readers should understand that when network encryption is turned on, it is only the Frame Body (Payload) of data frames that is encrypted.<\/p>\n

In paragraph 19,\u00a0the report provides\u00a0an overview of its findings:<\/p>\n

“While running in memory, the program parses frame header information, such as frame type, MAC addresses, and other network administrative data from each of the captured frames.\u00a0 The parsing separates the information into discreet fields for easier analysis… All available MAC addresses contained in a frame are also parsed.\u00a0 All of this parsed header information is written to disk for frames transmitted over both encrypted and unencrypted wireless networks<\/em> [emphasis mine – Kim].”<\/p>\n

In paragraph 20, the report explains that the software discards the content of encrypted bodies (which of course it can't\u00a0analyse anyway) whereas unencrypted bodies are also written to disk.\u00a0 I have not discussed the issue of collecting the frame bodies in these pages – there is no need to do so since it is intuitively easy for people to understand what it means to collect payloads.<\/p>\n

In paragraph 22 the report concludes that “all wireless frame data was recorded except for the bodies of 802.11 Data frames from encypted networks.”\u00a0<\/p>\n

All device identifiers were recorded<\/strong><\/p>\n

As a result, there is no longer any question.\u00a0 The MAC addresses of all the\u00a0WiFi laptops and phones in the homes, businesses, enterprises and government buildings were recorded by the driveby mapping cars, as were the wireless access points, and this regardless of the use of encryption.\u00a0<\/p>\n

My one quibble with the otherwise excellent report is that it calls the MAC addresses “network administrative data”.\u00a0 In fact they are the device identifiers<\/strong> of the network devices – both of\u00a0the network access point and the devices connecting to that access point – phones and laptops.<\/p>\n

It is also worth, given some of the previous conversations about supposed “broadcasting”,\u00a0drawing attention to\u00a0paragraph 26,\u00a0which explains,<\/p>\n

“Kismet captures wireless frames using wireless network interface cards set to monitoring mode.\u00a0 The use of monitoring mode means that Kismet directs the wireless hardware to listen for and process all wireless traffic regardless of its intended destination… Through the use of passive packet sniffing, Kismet can also detect the existence of netwrks with non-broadcast SSIDs, and will capture, parse, and record data from such networks.”<\/p>\n

\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

Google's new report on its activities states, “All available MAC addresses are… written to disk for frames transmitted over both encrypted and unencrypted wireless networks.”<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,3,47,40,11,77],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1120"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1120"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1120\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}