W3C home > Mailing lists > Public > public-device-apis@w3.org > May 2010

Re: Sys Info network attributes

From: Doug Turner <dougt@dougt.org>
Date: Thu, 20 May 2010 22:07:21 -0700
Message-Id: <CAFC02DC-FF41-40E0-85A5-79DA82C84333@dougt.org>
To: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Although, like Jonas, I do not think that Firefox will implement this API given the risk/reward, but I thought I would express some personal opinion here.

Today, one of the sources of position is a mapping from wifi data to physical position.  Given a set of mac address and signal strengths, you can ask a provider where you are.  These providers basically drive around, scan for these signals, and record the GPS location.

If today we implemented System API in the browser.... a very nice use case would be to allow users to upload mac address and their position.  A user content generated approach to what Google and Skyhook has done requiring no software other than their browser.

Doug Turner


On May 20, 2010, at 9:23 PM, John Morris wrote:

> The vast majority of people will never spoof their MAC addresses.  MAC addresses -- if trivially available to any website on the Internet -- would become a unique and unchanging identifier for all Internet users, thereby destroying privacy and anonymity.  Websites track users today with cookies and Flash LSOs and the like, and users have a reasonable level of control over those (although controls over LSOs are slower to emerge).  Easy MAC address availability would deprive users of that control, and would trivially allow users' access of diverse websites to be linked up.   Everyone from behavioral advertising companies to the government of China would be thrilled if the W3C enabled simple universal Internet user tracking.
> 
> So, as Thomas asked, what are your specific use cases?
> 
> 
> On May 20, 2010, at 11:28 PM, Brian LeRoux wrote:
> 
>> What are the significant and problematic implications for privacy!?
>> 
>> 
>> 
>> On Thu, May 20, 2010 at 8:24 PM, John Morris <jmorris@cdt.org> wrote:
>>> +1 on Thomas's request for specific, realistic use cases for revealing MAC
>>> addresses through the web browser.  I'd also be interested in any argument
>>> that revealing MAC addresses is "not really a threat" -- I think that such a
>>> capability would have very significant and problematic implications for
>>> privacy.
>>> 
>>> John
>>> 
>>> On May 20, 2010, at 5:28 PM, Thomas Roessler wrote:
>>> 
>>>> On 20 May 2010, at 14:23, Brian LeRoux wrote:
>>>> 
>>>>> Some notes from the phonegap team for consideration:
>>>>> 
>>>>> - MAC addresses can be used to uniquely identify a network device
>>>>> which we can/have/do use for some apps. I can give some specific use
>>>>> cases here if neccessary. We feel this is useful in the spec and not
>>>>> really a threat.
>>>> 
>>>> I'd be interested in seeing the specific use cases. In particular: *What*
>>>> is it that you really want to uniquely identify?  The network interface? The
>>>> user?  The device?
>>>> 
>>>>> - Also: MAC addresses can be spoofed!
>>>> 
>>>> Yes, but that's not very likely to occur.
>>>> 
>>>>> - IP Addresses only give a rough estimate of where a person is...and
>>>>> if we don't include it can be easily retrieved with
>>>>> http://whatismyipaddress.com anyhow. We should include in the spec.
>>>> 
>>>> These may well be different addresses: The device might be behind a NAT, a
>>>> proxy of sorts, or may use an anonymization service.
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 
> 
> 
> 
Received on Friday, 21 May 2010 05:08:03 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:43 UTC