Big brother loves you and wants to keep you safe.
Sat Jun 15 2019 08:03:50 EDT from IGnatius T Foobar @ Uncensored
But ... encryption keys? When you connect to wifi from an Android device, your encryption key is captured and sent to Google? That's over the line, and it's enough to flip my opinion on whether that is acceptable behavior.
On what basis do they claim this has any value to the customer?
User convenience. There is a setting buried in Android settings that stores WiFi keys - ANY WiFi key, on Google Servers so that when a user gets a new Android device and logs in with their Google account, it downloads all their previous WiFi connections so that they can just go to where that AP is and it will connect automatically without having to re-enter the key.
They were REALLY upset with me and basically told the German tech site that I was an idiot when I posted this in 2011, and people were divided. A lot of people were responding, "It is totally opt-in when you're setting it up and can be turned off in settings." Which is true, but most people get a device and a Verizon redshirt sets it up and just flips through the screens accepting the defaults and the end user doesn't know this has been selected or how to turn it off. Worse, it isn't granular. You can't turn it on or off on a case by case basis - it is all in or nothing - and they've done nothing to change this since 2011 when I discovered it.
Then two years later Horowitz put together that with them knowing the geolocation of every WiFi hotspot and knowing every WiFi password, then getting compromised by the NSA and having all their internal traffic unencrypted - that the NSA now effectively has every WiFi password ever accessed by any Android device and a map to where that WiFi password is located.
Isn't that special?