We’re getting to the point now that, between Apple, Google, and Facebook. These three companies know pretty much everything there is to know about everything you do. Everyone knows this, and no-one particularly cares. I know this, and sometimes I care, but I still have an Apple laptop, a Google phone and talk to most of my friends using Facebook.
Every once in a while though, something happens that gives me a bit of a twinge of the ol’ paranoia. One such incident happened to me on Monday after I bought my newest toy — an Asus Android tablet.
When setting it up, I was asked to link the tablet to my Google account. It also asked me if I wanted to restore my backup onto it. This was strange, because I didn’t have a backup to restore. I realised it must have been talking about restoring my phone’s backups onto the tablet. So I told it to do so, just to see what would happen. Within a few minutes most of the apps that I use on my phone turned up in the menu on the tablet. Okay, handy, whatever.
Here’s where it got weird: when I took my tablet home from work it connected automatically to my home network, without asking me for my fourteen digit ridiculously paranoid WPA2 password. That’s when I had a look at the wireless settings and saw that Google had helpfully restored the Wi-Fi settings of all the networks that were stored on my phone, onto my tablet.
The implications of this are a tiny bit unsettling. My phone was backing up the Wi-Fi keys of all the networks I use onto Google’s servers. It’s not like I didn’t tell it to do so — I remember clicking the ‘backup my phone’ when I first bought the thing. The idea, however, that Google has all your Wi-Fi settings, and they’re stored in such a way that they can be retrieved by them is a little spooky.
Remember when Google got sanctioned for inadvertently using its Street View cars to record Wi-Fi transmissions from all over Europe? A lot of people said “who cares? all my Wi-Fi traffic is encrypted, and so should yours be, too”.
But if Google has a record of your Wi-Fi encryption keys because you’ve used them in a phone. Then that’s an interesting thought.
All the people I’ve met who work at Google are awesome, and I don’t even think the company (in its faceless corporate mode) is evil. Even if some of the things they’re doing lately are straining things.
The threat doesn’t come from Google having those keys, the threat comes from Google being compelled to release that information to a government agency. Or even volunteering to do so if a government asks nicely. While that’s hopefully very unlikely, remember that that’s what Yahoo did when China asked them to kindly hand over dissident’s accounts, and the whole NSA illegal wiretapping scandal was made possible because AT&T gave the NSA access, without even requiring a warrant, just to be a good citizen.
I guess my point is: it’s always good to know “Who’s got your Stuff?”, and my Wi-Fi encryption keys were something that it didn’t occur to me that someone else had, and was capable of sharing to whoever they liked. Food for thought.