W3C home > Mailing lists > Public > public-device-apis@w3.org > May 2010

Re: Sys Info network attributes

From: John Morris <jmorris@cdt.org>
Date: Fri, 21 May 2010 00:43:50 -0400
Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Message-Id: <F10581D5-63EE-45D8-8784-D6ED8E11C8A3@cdt.org>
To: Brian LeRoux <brian.leroux@nitobi.com>
Brian,

Is this your main use case?  I actually don't really see the value  
being offered to users -- I must be missing something -- so perhaps  
you could flesh it out more.

> Imagine an app where ppl anonymously log complaints to a location. It
> drops a pin on the map. Everyone elses complaints are a white pin. The
> pin for your comment would be blue!


Do you have other use cases?

John

On May 21, 2010, at 12:36 AM, Brian LeRoux wrote:

> Hey John, I gave an example two emails ago. Again, if I want to spoof
> a mac address I get About 74,900,000 results on Google. If I want to
> access a mac address in any other first class development platform it
> is trivial. The scenario you describe def travels into security and
> privacy and capabilities which is, imo, a different problem, eh.
>
>
> On Thu, May 20, 2010 at 9:23 PM, John Morris <jmorris@cdt.org> wrote:
>> The vast majority of people will never spoof their MAC addresses.   
>> MAC
>> addresses -- if trivially available to any website on the Internet  
>> -- would
>> become a unique and unchanging identifier for all Internet users,  
>> thereby
>> destroying privacy and anonymity.  Websites track users today with  
>> cookies
>> and Flash LSOs and the like, and users have a reasonable level of  
>> control
>> over those (although controls over LSOs are slower to emerge).   
>> Easy MAC
>> address availability would deprive users of that control, and would
>> trivially allow users' access of diverse websites to be linked up.
>> Everyone from behavioral advertising companies to the government of  
>> China
>> would be thrilled if the W3C enabled simple universal Internet user
>> tracking.
>>
>> So, as Thomas asked, what are your specific use cases?
>>
>>
>> On May 20, 2010, at 11:28 PM, Brian LeRoux wrote:
>>
>>> What are the significant and problematic implications for privacy!?
>>>
>>>
>>>
>>> On Thu, May 20, 2010 at 8:24 PM, John Morris <jmorris@cdt.org>  
>>> wrote:
>>>>
>>>> +1 on Thomas's request for specific, realistic use cases for  
>>>> revealing
>>>> MAC
>>>> addresses through the web browser.  I'd also be interested in any
>>>> argument
>>>> that revealing MAC addresses is "not really a threat" -- I think  
>>>> that
>>>> such a
>>>> capability would have very significant and problematic  
>>>> implications for
>>>> privacy.
>>>>
>>>> John
>>>>
>>>> On May 20, 2010, at 5:28 PM, Thomas Roessler wrote:
>>>>
>>>>> On 20 May 2010, at 14:23, Brian LeRoux wrote:
>>>>>
>>>>>> Some notes from the phonegap team for consideration:
>>>>>>
>>>>>> - MAC addresses can be used to uniquely identify a network device
>>>>>> which we can/have/do use for some apps. I can give some  
>>>>>> specific use
>>>>>> cases here if neccessary. We feel this is useful in the spec  
>>>>>> and not
>>>>>> really a threat.
>>>>>
>>>>> I'd be interested in seeing the specific use cases. In particular:
>>>>> *What*
>>>>> is it that you really want to uniquely identify?  The network  
>>>>> interface?
>>>>> The
>>>>> user?  The device?
>>>>>
>>>>>> - Also: MAC addresses can be spoofed!
>>>>>
>>>>> Yes, but that's not very likely to occur.
>>>>>
>>>>>> - IP Addresses only give a rough estimate of where a person  
>>>>>> is...and
>>>>>> if we don't include it can be easily retrieved with
>>>>>> http://whatismyipaddress.com anyhow. We should include in the  
>>>>>> spec.
>>>>>
>>>>> These may well be different addresses: The device might be  
>>>>> behind a NAT,
>>>>> a
>>>>> proxy of sorts, or may use an anonymization service.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
Received on Friday, 21 May 2010 04:44:21 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:43 UTC