W3C home > Mailing lists > Public > public-device-apis@w3.org > May 2010

Re: Sys Info network attributes

From: Alissa Cooper <acooper@cdt.org>
Date: Fri, 21 May 2010 06:16:11 +0100
Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Message-Id: <BBB0711C-D12F-4230-96A9-AC14C085D62E@cdt.org>
To: Doug Turner <dougt@dougt.org>
Hi Doug,

Doesn't wifi positioning use the mac address of the wireless access  
point (not an individual's device), so that when other users then  
report the mac address of the access point nearest them, their  
locations can be generated? I guess I don't understand how mac  
addresses of individuals' devices would help with wifi positioning.

Alissa

On May 21, 2010, at 6:07 AM, Doug Turner wrote:

> Although, like Jonas, I do not think that Firefox will implement  
> this API given the risk/reward, but I thought I would express some  
> personal opinion here.
>
> Today, one of the sources of position is a mapping from wifi data to  
> physical position.  Given a set of mac address and signal strengths,  
> you can ask a provider where you are.  These providers basically  
> drive around, scan for these signals, and record the GPS location.
>
> If today we implemented System API in the browser.... a very nice  
> use case would be to allow users to upload mac address and their  
> position.  A user content generated approach to what Google and  
> Skyhook has done requiring no software other than their browser.
>
> Doug Turner
>
>
> On May 20, 2010, at 9:23 PM, John Morris wrote:
>
>> The vast majority of people will never spoof their MAC addresses.   
>> MAC addresses -- if trivially available to any website on the  
>> Internet -- would become a unique and unchanging identifier for all  
>> Internet users, thereby destroying privacy and anonymity.  Websites  
>> track users today with cookies and Flash LSOs and the like, and  
>> users have a reasonable level of control over those (although  
>> controls over LSOs are slower to emerge).  Easy MAC address  
>> availability would deprive users of that control, and would  
>> trivially allow users' access of diverse websites to be linked  
>> up.   Everyone from behavioral advertising companies to the  
>> government of China would be thrilled if the W3C enabled simple  
>> universal Internet user tracking.
>>
>> So, as Thomas asked, what are your specific use cases?
>>
>>
>> On May 20, 2010, at 11:28 PM, Brian LeRoux wrote:
>>
>>> What are the significant and problematic implications for privacy!?
>>>
>>>
>>>
>>> On Thu, May 20, 2010 at 8:24 PM, John Morris <jmorris@cdt.org>  
>>> wrote:
>>>> +1 on Thomas's request for specific, realistic use cases for  
>>>> revealing MAC
>>>> addresses through the web browser.  I'd also be interested in any  
>>>> argument
>>>> that revealing MAC addresses is "not really a threat" -- I think  
>>>> that such a
>>>> capability would have very significant and problematic  
>>>> implications for
>>>> privacy.
>>>>
>>>> John
>>>>
>>>> On May 20, 2010, at 5:28 PM, Thomas Roessler wrote:
>>>>
>>>>> On 20 May 2010, at 14:23, Brian LeRoux wrote:
>>>>>
>>>>>> Some notes from the phonegap team for consideration:
>>>>>>
>>>>>> - MAC addresses can be used to uniquely identify a network device
>>>>>> which we can/have/do use for some apps. I can give some  
>>>>>> specific use
>>>>>> cases here if neccessary. We feel this is useful in the spec  
>>>>>> and not
>>>>>> really a threat.
>>>>>
>>>>> I'd be interested in seeing the specific use cases. In  
>>>>> particular: *What*
>>>>> is it that you really want to uniquely identify?  The network  
>>>>> interface? The
>>>>> user?  The device?
>>>>>
>>>>>> - Also: MAC addresses can be spoofed!
>>>>>
>>>>> Yes, but that's not very likely to occur.
>>>>>
>>>>>> - IP Addresses only give a rough estimate of where a person  
>>>>>> is...and
>>>>>> if we don't include it can be easily retrieved with
>>>>>> http://whatismyipaddress.com anyhow. We should include in the  
>>>>>> spec.
>>>>>
>>>>> These may well be different addresses: The device might be  
>>>>> behind a NAT, a
>>>>> proxy of sorts, or may use an anonymization service.
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>
Received on Friday, 21 May 2010 05:16:44 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:43 UTC