W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

Re: MAC addresses and privacy...

From: Richard Barnes <richard.barnes@gmail.com>
Date: Mon, 4 Oct 2010 14:47:56 -0400
Message-ID: <AANLkTi=7+UwC=GT=3cVLoVKGw1eE75oiacMGWUCuazts@mail.gmail.com>
To: David Singer <singer@apple.com>
Cc: public-privacy@w3.org
Worth noting that this attack doesn't even involve any advanced web APIs.
It's a generic XSS against the web-based interfaces that home gateways
present.  The more general concern is of course the existence of
MAC-to-location databases.

On Oct 4, 2010 2:09 PM, "David Singer" <singer@apple.com> wrote:

I was actually quite disturbed when I entered the mac address of my *laptop*
on this page:

http://www.samy.pl/mapxss/

and it got my location to within one house (i.e. it attributed it to the
house next door).

This means anyone sniffing my mac address when I am traveling will have a
pretty good idea of where I am from.  My iPhone's MAC address did not
trace....

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Monday, 4 October 2010 19:13:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 4 October 2010 19:13:15 GMT