W3C home > Mailing lists > Public > public-device-apis@w3.org > May 2010

Re: Sys Info network attributes

From: John Morris <jmorris@cdt.org>
Date: Fri, 21 May 2010 00:23:11 -0400
Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Message-Id: <DA83145A-ACE9-4880-BBD5-CDF1197F8D0C@cdt.org>
To: Brian LeRoux <brian.leroux@nitobi.com>
The vast majority of people will never spoof their MAC addresses.  MAC  
addresses -- if trivially available to any website on the Internet --  
would become a unique and unchanging identifier for all Internet  
users, thereby destroying privacy and anonymity.  Websites track users  
today with cookies and Flash LSOs and the like, and users have a  
reasonable level of control over those (although controls over LSOs  
are slower to emerge).  Easy MAC address availability would deprive  
users of that control, and would trivially allow users' access of  
diverse websites to be linked up.   Everyone from behavioral  
advertising companies to the government of China would be thrilled if  
the W3C enabled simple universal Internet user tracking.

So, as Thomas asked, what are your specific use cases?


On May 20, 2010, at 11:28 PM, Brian LeRoux wrote:

> What are the significant and problematic implications for privacy!?
>
>
>
> On Thu, May 20, 2010 at 8:24 PM, John Morris <jmorris@cdt.org> wrote:
>> +1 on Thomas's request for specific, realistic use cases for  
>> revealing MAC
>> addresses through the web browser.  I'd also be interested in any  
>> argument
>> that revealing MAC addresses is "not really a threat" -- I think  
>> that such a
>> capability would have very significant and problematic implications  
>> for
>> privacy.
>>
>> John
>>
>> On May 20, 2010, at 5:28 PM, Thomas Roessler wrote:
>>
>>> On 20 May 2010, at 14:23, Brian LeRoux wrote:
>>>
>>>> Some notes from the phonegap team for consideration:
>>>>
>>>> - MAC addresses can be used to uniquely identify a network device
>>>> which we can/have/do use for some apps. I can give some specific  
>>>> use
>>>> cases here if neccessary. We feel this is useful in the spec and  
>>>> not
>>>> really a threat.
>>>
>>> I'd be interested in seeing the specific use cases. In particular:  
>>> *What*
>>> is it that you really want to uniquely identify?  The network  
>>> interface? The
>>> user?  The device?
>>>
>>>> - Also: MAC addresses can be spoofed!
>>>
>>> Yes, but that's not very likely to occur.
>>>
>>>> - IP Addresses only give a rough estimate of where a person  
>>>> is...and
>>>> if we don't include it can be easily retrieved with
>>>> http://whatismyipaddress.com anyhow. We should include in the spec.
>>>
>>> These may well be different addresses: The device might be behind  
>>> a NAT, a
>>> proxy of sorts, or may use an anonymization service.
>>>
>>>
>>>
>>
>>
>>
>>
>
>
>
Received on Friday, 21 May 2010 04:23:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:43 UTC