Google also knows all the secrets of General David Petraeus, or anyone else that uses Gmail. And everything you've (secretly) searched for.
Google's business model is based on aggregating that information and gaining value out of the data, mostly in the form of advertising. As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again. This is why they publish videos saying that no-one can ever walk out of a Google data centre with a hard drive.
I continue to use the services I use because I find the benefit I gain from them, more useful than the potential risk of exposure.
Should these secrets be encrypted? If they were, it would be possible for Google to steal your key if they wanted to. This is the same kind of perception problem that led to the Chrome team being hauled over the coals in public for not encrypting saved passwords. They have to be available to be useful, but people would rather perceive they weren't available.
> As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again.
Just out of curiosity, how would we know even if a secret was let out to, say, the NSA or US Govt? Because (a) Google isn't allowed to legally acknowledge it and (b) US LEOs will use "parallel construction" to obscure the fact that they obtained such secret information.
Moreover, if you're not a US citizen, even lesser chances of ever coming to know what information is being handed over/intercepted by the US Govt. If Presidents of countries can be targeted for surveillance, no reason a common person cannot.
Please note, I am not saying Google was specifically guilty of passing on info to the NSA in these cases, but just that, even if they were forced to, there's no way the affected users would come to know.
> "As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again."
I used to think this but now I'm not so sure. With the way services like FB and others slowly change settings, Sony gets hacked and other data breaches, news about govt spying etc, I wonder whether the mass public is suffering from Learned Helplessness [1]. After all, what alternatives do most people really have?
I agree that it's unlikely Google as a whole would decide to read/use confidential data. on the other hand, the idea that someone w/in Google might abuse their position is completely plausible.
if we know that people at the NSA were passing around phone sex calls by US troops, do you really want to keep trusting that no-one at Google will ever do anything problematic w/ yr data?
edit: to be clear, I use Google services all the time & store a lot of confidential data w/ them. but there need to be institutional (whether at Google or outside it) safeguards that go beyond trusting a company as a whole to always behave in a way compatible w/ its own rational self-interest.
>Google's business model is based on aggregating that information and gaining value out of the data, mostly in the form of advertising. As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again.
Really? Because from what I've seen, the general public (including companies) would just continue using it without caring.
These are all great points but let us know for God's sake. You trust them, and I sure trust them with a lot of secrets. But they have to ask. I would have no idea if not for Hacker News.
CyanogenMod is on my list.
EDIT: Oh, and "backing up" my contacts without asking me. That made me livid, that's the height of arrogance. And yet I still use Android.
By that logic Google wouldn't encrypt the data between servers, in response to NSA revelations either. Yet, they're doing that. The point is it should at least be secure from outsiders/internal spies.
The author is worried about WiFi passwords? If you trust that your WiFi is secure in general, you're in trouble. WPS is horribly insecure, for example, and that's what most home users use. Most user-chosen passwords are incredibly easy to guess for another. The better thing to do is to assume that your network traffic is always under surveillance (since the NSA is tapping Tier1 network providers), and to encrypt everything, or use network protocols which encrypt everything.
The only thing WiFi passwords are good for is to prevent your neighbors from using your network and using up all of your bandwidth (which would slow down your network access) and preventing drive-by spammers/hackers from doing things which you might then get blamed for.
Yeah and those locks on your doors are a joke! Why are you pretending your home has an expectation of privacy? So dumb! Of COURSE anybody can just come into your house any time they want.
Honestly, I use WEP encryption because I know that WiFi security is a house of cards in general. As you've said, it's enough to prevent the typical user from leeching bandwidth.
The nice thing about using WEP is that if someone does end up using my network for something nefarious and I end up holding the bag for it, I (or an expert witness) can point out that WEP is known to be vulnerable in court giving me an out.
Your WiFi password is only useful for someone who is within 100 feet of your house. If you have federal agents surveilling you from 100 feet away you have way bigger problems than your WiFi password.
Actually its from further away than that with a high gain directional antenna (I've hit WiFi hot spots about a mile distant using same) but the point is that they can do this from outside your property. You would probably know if someone was in your house but you'd be hard pressed to notice a Yagi antenna pointed at your window from across the street or down the block a bit.
That said, I read the article more as 'yet another reason this whole compelling third parties is an issue' sorts of reasoning as opposed to this is some new threat that we didn't know about. The author points out it has been covered in lots of places. The argument is that more for the folks who aren't thinking they are affected by this because they aren't dissidents or people of interest (yet).
While I don't like at all the idea of government surveillance without court order, I find the idea of corporate surveillance even more horrifying.
Actually, this is what amuses me in the whole privacy affair. So a bunch of companies were using and abusing your data to target ads at you and shape your news stream so that it's more addictive, and people were cheering. A government (still mostly democratic, though not from my non-US perspective) is revealed to snoop on people illegally and people rage. I don't actually question the rage – but I see the complacent acceptance of the private companies using the same data as amusing.
A large part (not whole, though) of what NSA does is taking your stuff from the place it already shouldn't have been. We're complaining about a fireplace in a burning forest.
Some wifi routers have Internet facing management interfaces that use the same password as the wifi network.
Your curt response oversimplifies the situation to the point where an uninformed reader could mistakenly believe the situation has no impact. Your comment should be read in the light of an engineer not only completely missing the point, but an example of the danger of this type of engineering analysis.
Minor technical decisions that "make sense" sometimes have severe technical repercussions.
I wish! My wifi password at work is useful over a much larger area. It is also the login password for my email, the course management system I use when teaching, and pretty much everything else job related. I work at a university "powering silicon valley." You would think they might be a little more careful about things like that...
In general, I agree that distance is a factor. However, the range at which signals can be intercepted is substantially greater and repeating and recording equipment also comes into play.
I was once visiting my friends house in the English midlands. I had been there once before, but this time I had to find the way there myself.
I managed to get the entire way to his street, but then I realized that I had forgotten his house number. He didn't pick up his phone, and I didn't want to knock on every door on the road. I was lost.
Then I realized that the previous time I had visited, I had logged on his wifi. It was from a different phone, but with Google's sync all my old wifi passwords had been synced. I didn't remember the name he had given it, but I could walk along the road until I suddenly connected.
This very same point could be made against Apple, for instance, but there hasn't been a single comment to that effect in any discussion of this article.
I wonder if all of this recent Google-bashing is really just a symptom of something larger. People are suddenly waking up to the obvious-in-hindsight realization that simply giving their data to a third party involves a certain amount of trust.
The reason people don't seem to be ganging up on Facebook, Apple, etc. in a similar way is because they never really earned that faith. Take Facebook: from the very start their founder was known to consider their users "dumb fucks" for entrusting him with their privacy.
In my opinion, the fact that Google went out of their to, and generally succeeded at earning that trust is a good sign. It shows they take the matter seriously.
All American companies operate under the same rules. If you've taken the position that all American companies are not to be trusted, fine. But if you haven't, wouldn't Google's history make them one of the more trustworthy ones?
Apple encrypt WiFi passwords and never store them in plain text – not on their servers and not on the device. The encryption requires your login password to decrypt which Apple also don't store in plain text on their servers (although it is accessible on the device if you don't use a PIN or password, it is not backed up to iCloud).
The reason why this allegation is levelled against Google: they don't encrypt backups and they don't encrypt WiFi passwords on the device.
A little more specifically about iOS WiFi passwords: the Keychain (which is where WiFi passwords are backed up on iOS and the Mac) is AES encrypted and requires your login password (or your Apple ID password) to decrypt. Unless Apple is also stealing plain text versions of your login passwords (there's no indication that they are) then it is not possible for Apple to read your WiFi password. Yes, theoretically, they could steal your Apple ID password too but there's no indication that they do (and they've talked about the exact security on Apple IDs following the developer.apple.com breach recently).
Although both are American companies operating under the same rules, there is a fundamental difference between Apple and Google's business models.
Apple makes its money from selling you new hardware every year or two - they need to make you lust after slick, shiny things every keynote.
Google makes its money from knowing about you, mining that data and converting that into advertising clicks - they need to collect as much information about you as possible.
Which means that the same pieces of data have different value to the two companies.
(Of course, Facebook follows a similar model to Google)
> "The reason people don't seem to be ganging up on Facebook, Apple, etc. in a similar way is because they never really earned that faith. Take Facebook: from the very start their founder was known to consider their users "dumb fucks" for entrusting him with their privacy."
Not really. We only learned of FB's attitude to privacy when they started changing defaults and were being sued by the Winklevoss bros. Otherwise, we may never have known what he thought of his early users.
Apple never claimed "Don't be evil" as a motto and they do appear to care more about security. There is encryption in some of their products (even though they can likely still gain access - a point that is made in the article). Arguably, they've done more than Google to demonstrate that they care about my data.
> This very same point could be made against Apple, for instance, but there hasn't been a single comment to that effect in any discussion of this article.
Security is about tradeoffs. How bad would it be if someone else got this information? How helpful is it to me to give it to this third party? Wireless passwords are a huge pain: visit someone's house, ask them for their password, and then feel guilty while they look through various papers to find a long string of hex digits which are so annoying to enter on the phone. This pain makes the tradeoff well worth if for me (and I suspect for nearly everyone) when balanced against the low risk of Google doing something nasty with the saved passwords.
(Disclaimer: I work for Google, but if I had an iPhone I'd want the same functionality.)
Are wifi passwords considered a security issue? I treat it the same way as a flimsy lock on a garden shed - I'd prefer both the shed and wifi to be open, but there's a formal "lock" to keep out teenage pranksters and drunks.
Google having all the WIFI passwords is about as worrying as a government having a 3 day cache of everything - not very worrying unless they do stuff with it.
Since Google has misused access to WIFI hotspots to slurp data it's a little bit more worrying.
Since it's probably personal information it's also probably covered by data protection laws in some countries.
when i read the title, i though "really?! how?" then i read the article and realized any time i have restored my android phone, then entered my Google account, it automagically connects to all access points i usually use (home, work, other office, etc)...
For convenience, most people won't opt out of it. Most people won't bother at all. Google employees(or even NSA if you don't do anything illegal) coming to your home/office to use your WiFi is a joke! Only the paranoid ones are perturbed by these kinds of revelations, and they are ready to face the inconvenience caused.
I didn't use last pass until recently when keeping a difficult password on every site became a major pain given that countless numbers of password enforcing rules are there on the web some requiring at least one caps, some enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave up on it. Every damn time I had to reset password on services I use less frequently. But now I don't.
Although LastPass claims that they keep the passwords encrypted and they themselves can not read them. But I don't believe them. Login to lastpass.com. Click your vault on top right corner. Click the pencil against any site in the list. Click the 'show' link in front of password field. And your password is staring at you in plain text. And it has been accessed at lastpass.com. Once they start storing master passwords, or once someone cracks their hash you are done with.
But there is no simple and easy alternative. To get the job done we need to make these sacrifices.
This is a simple version of how it works, your master password isn't sent to lastpass, just an encryption key which is created with your email address and master password. On the website this is done client side with javascript. When you click on the pencil icon, you are reading the decrypted file, which you have decrypted on your own computer, with javascript.
who says they need to use wifi. i expect a significant proportion of those passwords are shared with other systems, or may allow access to other corporate services - most likely VPN.
In contract law, there's a concept called "meeting of the minds". A contract is formed when there has been a meeting of the minds between two parties as to what the deal is, and the parties have taken some concrete action to initiate the deal - often signing something, or shaking hands, or handing over money, or something like that.
The operative question is: when someone signs into a Google account on an Android device, and without any notification whatsoever the device sends his passwords to Google - which is what happens - has there been a meeting of the minds? Are both parties in agreement about what the deal is here?
What does that mean? "Google knows"? That data exists in a database owned by Google, or that Google actively farms that data and makes use of it?
Are you saying Google's using this for gain, or for any reason? Is there any evidence whatsoever to suggest that this data has ever been accessed by a Google employee ever, for any purpose whatsoever?
Slight tangent, but the difference between "can" and "does" is a vast one I don't think people are getting, with all these privacy issues coming about these days. Here's a scary thought: any person who owns a gun/car/knife/taser/baseball bat can kill someone else with it. They could do it.
Unless it "does" happen, and there's evidence that it happened, they don't get in trouble.
What Google can do is almost endless. What it does do is what matters.
And in addition to that they have the audacity to not make them accessible to the user! No way to look up your own wireless password in your phone, i.e. to tell a guest, thats just ridiculous.
> backing up Wi-Fi passwords along with other assorted settings. And, although they have never said so directly, it is obvious that Google can read the passwords.
That's not obvious. It's possible, common, and dare I say a "best practice" to store stuff like this encrypted. To be decrypted only on the device.
Also, wifi passwords, Oh my!!! Security wise you should treat your wifi network as open whether it is or not. I.e. isolate it, firewall it, do not trust it.
I do not agree with the statement that users aren't aware of if their settings are being backed up. It is one of the options that users get when setting up Google account on any Android phone.
It's completely ridiculous that Google "backs up" passwords in clear text without encrypting them. Mozilla does that properly in their Sync service. So why can't Google do that?
Does MAC filtering at the router level help at all? If the backup option is turned on, does Google also save your MAC addresses? If not, that seems like a good start to prevent someone from connecting to your network, even if they know the password. Obviously this won't help for public hot spots, but I always assume that public hot spots are already open to anyone.
What if you are connecting to a Wi-Fi network using MSCHAP or MSCHAPv2? Does Google now know my domain login and password? That seems like a huge gaff.
IM(Paranoid)O, it puts the "inadvertent" collection of SSIDs while driving down every street taking pictures for Google View into a new context. They gave a simply implausible explanation that this data was recorded "inadvertently". (No, fitting all those vehicles with the equipment and software would cost serious money!)
Marry the Geo-location, SSID, phone owner and passwords and you've got real information for the authorities. On Everyone.
[+] [-] crb|12 years ago|reply
Google's business model is based on aggregating that information and gaining value out of the data, mostly in the form of advertising. As soon as it lets a major secret out, even just once, it's game over, and no-one will ever trust a secret to Google again. This is why they publish videos saying that no-one can ever walk out of a Google data centre with a hard drive.
I continue to use the services I use because I find the benefit I gain from them, more useful than the potential risk of exposure.
Should these secrets be encrypted? If they were, it would be possible for Google to steal your key if they wanted to. This is the same kind of perception problem that led to the Chrome team being hauled over the coals in public for not encrypting saved passwords. They have to be available to be useful, but people would rather perceive they weren't available.
[+] [-] r0h1n|12 years ago|reply
Just out of curiosity, how would we know even if a secret was let out to, say, the NSA or US Govt? Because (a) Google isn't allowed to legally acknowledge it and (b) US LEOs will use "parallel construction" to obscure the fact that they obtained such secret information.
Moreover, if you're not a US citizen, even lesser chances of ever coming to know what information is being handed over/intercepted by the US Govt. If Presidents of countries can be targeted for surveillance, no reason a common person cannot.
Please note, I am not saying Google was specifically guilty of passing on info to the NSA in these cases, but just that, even if they were forced to, there's no way the affected users would come to know.
Link: http://worldnews.nbcnews.com/_news/2013/09/02/20291489-snowd...
[+] [-] amirmc|12 years ago|reply
I used to think this but now I'm not so sure. With the way services like FB and others slowly change settings, Sony gets hacked and other data breaches, news about govt spying etc, I wonder whether the mass public is suffering from Learned Helplessness [1]. After all, what alternatives do most people really have?
[1] http://en.m.wikipedia.org/wiki/Learned_helplessness
[+] [-] batemanesque|12 years ago|reply
if we know that people at the NSA were passing around phone sex calls by US troops, do you really want to keep trusting that no-one at Google will ever do anything problematic w/ yr data?
edit: to be clear, I use Google services all the time & store a lot of confidential data w/ them. but there need to be institutional (whether at Google or outside it) safeguards that go beyond trusting a company as a whole to always behave in a way compatible w/ its own rational self-interest.
[+] [-] willvarfar|12 years ago|reply
There are belated efforts by google to encrypt the traffic between its data centres, but its basically too late.
[+] [-] coldtea|12 years ago|reply
Really? Because from what I've seen, the general public (including companies) would just continue using it without caring.
[+] [-] orblivion|12 years ago|reply
CyanogenMod is on my list.
EDIT: Oh, and "backing up" my contacts without asking me. That made me livid, that's the height of arrogance. And yet I still use Android.
[+] [-] devx|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] tytso|12 years ago|reply
The only thing WiFi passwords are good for is to prevent your neighbors from using your network and using up all of your bandwidth (which would slow down your network access) and preventing drive-by spammers/hackers from doing things which you might then get blamed for.
[+] [-] ebbv|12 years ago|reply
[+] [-] srollyson|12 years ago|reply
The nice thing about using WEP is that if someone does end up using my network for something nefarious and I end up holding the bag for it, I (or an expert witness) can point out that WEP is known to be vulnerable in court giving me an out.
[+] [-] guelo|12 years ago|reply
[+] [-] ChuckMcM|12 years ago|reply
That said, I read the article more as 'yet another reason this whole compelling third parties is an issue' sorts of reasoning as opposed to this is some new threat that we didn't know about. The author points out it has been covered in lots of places. The argument is that more for the folks who aren't thinking they are affected by this because they aren't dissidents or people of interest (yet).
[+] [-] LaGrange|12 years ago|reply
Actually, this is what amuses me in the whole privacy affair. So a bunch of companies were using and abusing your data to target ads at you and shape your news stream so that it's more addictive, and people were cheering. A government (still mostly democratic, though not from my non-US perspective) is revealed to snoop on people illegally and people rage. I don't actually question the rage – but I see the complacent acceptance of the private companies using the same data as amusing.
A large part (not whole, though) of what NSA does is taking your stuff from the place it already shouldn't have been. We're complaining about a fireplace in a burning forest.
[+] [-] ohazi|12 years ago|reply
[+] [-] droopybuns|12 years ago|reply
Your curt response oversimplifies the situation to the point where an uninformed reader could mistakenly believe the situation has no impact. Your comment should be read in the light of an engineer not only completely missing the point, but an example of the danger of this type of engineering analysis.
Minor technical decisions that "make sense" sometimes have severe technical repercussions.
[+] [-] moocowduckquack|12 years ago|reply
[+] [-] rch|12 years ago|reply
[+] [-] larsbot|12 years ago|reply
[+] [-] brudgers|12 years ago|reply
As do actors other than Federal agents.
[+] [-] ibudiallo|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] darkarmani|12 years ago|reply
[+] [-] thomasahle|12 years ago|reply
I was once visiting my friends house in the English midlands. I had been there once before, but this time I had to find the way there myself.
I managed to get the entire way to his street, but then I realized that I had forgotten his house number. He didn't pick up his phone, and I didn't want to knock on every door on the road. I was lost.
Then I realized that the previous time I had visited, I had logged on his wifi. It was from a different phone, but with Google's sync all my old wifi passwords had been synced. I didn't remember the name he had given it, but I could walk along the road until I suddenly connected.
Saved the night.
[+] [-] jfasi|12 years ago|reply
I wonder if all of this recent Google-bashing is really just a symptom of something larger. People are suddenly waking up to the obvious-in-hindsight realization that simply giving their data to a third party involves a certain amount of trust.
The reason people don't seem to be ganging up on Facebook, Apple, etc. in a similar way is because they never really earned that faith. Take Facebook: from the very start their founder was known to consider their users "dumb fucks" for entrusting him with their privacy.
In my opinion, the fact that Google went out of their to, and generally succeeded at earning that trust is a good sign. It shows they take the matter seriously.
All American companies operate under the same rules. If you've taken the position that all American companies are not to be trusted, fine. But if you haven't, wouldn't Google's history make them one of the more trustworthy ones?
[+] [-] gilgoomesh|12 years ago|reply
Apple encrypt WiFi passwords and never store them in plain text – not on their servers and not on the device. The encryption requires your login password to decrypt which Apple also don't store in plain text on their servers (although it is accessible on the device if you don't use a PIN or password, it is not backed up to iCloud).
The reason why this allegation is levelled against Google: they don't encrypt backups and they don't encrypt WiFi passwords on the device.
A little more specifically about iOS WiFi passwords: the Keychain (which is where WiFi passwords are backed up on iOS and the Mac) is AES encrypted and requires your login password (or your Apple ID password) to decrypt. Unless Apple is also stealing plain text versions of your login passwords (there's no indication that they are) then it is not possible for Apple to read your WiFi password. Yes, theoretically, they could steal your Apple ID password too but there's no indication that they do (and they've talked about the exact security on Apple IDs following the developer.apple.com breach recently).
[+] [-] rahoulb|12 years ago|reply
Apple makes its money from selling you new hardware every year or two - they need to make you lust after slick, shiny things every keynote.
Google makes its money from knowing about you, mining that data and converting that into advertising clicks - they need to collect as much information about you as possible.
Which means that the same pieces of data have different value to the two companies.
(Of course, Facebook follows a similar model to Google)
[+] [-] amirmc|12 years ago|reply
Not really. We only learned of FB's attitude to privacy when they started changing defaults and were being sued by the Winklevoss bros. Otherwise, we may never have known what he thought of his early users.
Apple never claimed "Don't be evil" as a motto and they do appear to care more about security. There is encryption in some of their products (even though they can likely still gain access - a point that is made in the article). Arguably, they've done more than Google to demonstrate that they care about my data.
[+] [-] garethadams|12 years ago|reply
See a couple of months ago (the context is iMessages but the level of implicit trust is the same): https://news.ycombinator.com/item?id=5943778
[+] [-] cbr|12 years ago|reply
(Disclaimer: I work for Google, but if I had an iPhone I'd want the same functionality.)
[+] [-] PeterisP|12 years ago|reply
[+] [-] DanBC|12 years ago|reply
Since Google has misused access to WIFI hotspots to slurp data it's a little bit more worrying.
Since it's probably personal information it's also probably covered by data protection laws in some countries.
[+] [-] tiernano|12 years ago|reply
[+] [-] cowls|12 years ago|reply
Evil Google, disguising the 'Can we steal your password button'
[+] [-] prab97|12 years ago|reply
I didn't use last pass until recently when keeping a difficult password on every site became a major pain given that countless numbers of password enforcing rules are there on the web some requiring at least one caps, some enforcing using at least one symbol but not using a ~ or a # yeda yeda. I gave up on it. Every damn time I had to reset password on services I use less frequently. But now I don't. Although LastPass claims that they keep the passwords encrypted and they themselves can not read them. But I don't believe them. Login to lastpass.com. Click your vault on top right corner. Click the pencil against any site in the list. Click the 'show' link in front of password field. And your password is staring at you in plain text. And it has been accessed at lastpass.com. Once they start storing master passwords, or once someone cracks their hash you are done with. But there is no simple and easy alternative. To get the job done we need to make these sacrifices.
[+] [-] aestra|12 years ago|reply
This is a simple version of how it works, your master password isn't sent to lastpass, just an encryption key which is created with your email address and master password. On the website this is done client side with javascript. When you click on the pencil icon, you are reading the decrypted file, which you have decrypted on your own computer, with javascript.
[+] [-] kevcampb|12 years ago|reply
[+] [-] bloodorange|12 years ago|reply
[+] [-] wglb|12 years ago|reply
[+] [-] jellicle|12 years ago|reply
The operative question is: when someone signs into a Google account on an Android device, and without any notification whatsoever the device sends his passwords to Google - which is what happens - has there been a meeting of the minds? Are both parties in agreement about what the deal is here?
[+] [-] DanBC|12 years ago|reply
Frustrating then that it's so hard for users to reveal the password being used by their phone to connect to a WIFI hotspot.
[+] [-] diminoten|12 years ago|reply
Are you saying Google's using this for gain, or for any reason? Is there any evidence whatsoever to suggest that this data has ever been accessed by a Google employee ever, for any purpose whatsoever?
Slight tangent, but the difference between "can" and "does" is a vast one I don't think people are getting, with all these privacy issues coming about these days. Here's a scary thought: any person who owns a gun/car/knife/taser/baseball bat can kill someone else with it. They could do it.
Unless it "does" happen, and there's evidence that it happened, they don't get in trouble.
What Google can do is almost endless. What it does do is what matters.
[+] [-] 0x006A|12 years ago|reply
[+] [-] njharman|12 years ago|reply
That's not obvious. It's possible, common, and dare I say a "best practice" to store stuff like this encrypted. To be decrypted only on the device.
Also, wifi passwords, Oh my!!! Security wise you should treat your wifi network as open whether it is or not. I.e. isolate it, firewall it, do not trust it.
[+] [-] nly|12 years ago|reply
[+] [-] donniezazen|12 years ago|reply
[+] [-] shmerl|12 years ago|reply
[+] [-] chinpokomon|12 years ago|reply
[+] [-] bobzibub|12 years ago|reply
Marry the Geo-location, SSID, phone owner and passwords and you've got real information for the authorities. On Everyone.