W3C home > Mailing lists > Public > public-privacy@w3.org > October to December 2010

Re: MAC addresses and privacy...

From: David Singer <singer@apple.com>
Date: Sat, 9 Oct 2010 15:28:17 +0800
Cc: Thomas Roessler <tlr@w3.org>, Richard Barnes <richard.barnes@gmail.com>, public-privacy@w3.org
Message-Id: <50F3F776-6F39-4005-AC76-DC3ACEA2D77B@apple.com>
To: Rigo Wenning <rigo@w3.org>

On Oct 9, 2010, at 7:13 , Rigo Wenning wrote:

> I think the trouble we are facing is that something is working different than 
> the way we expect it to work. I still lack sufficient knowledge about the real 
> bits, but I wanted to share my thoughts. 

I think this came up at the London workshop;  there is some similarity here to people's reaction to risks.  People are very averse to risks that involuntary and/or imperceptible;  consideration of the actual statistics of the risk is often tertiary.  I think something similar happens in privacy; people react negatively to issues even if they might have granted permission if asked (voluntary) or when the privacy issue happens "over there" (imperceptible), e.g. "someone else can work out where I am without my knowing".

> I think we react (and that was also my reaction) because MAC-addresses are 
> something useful in my local network. It helps me to do all kinds of things. 
> But if some software is capable of blowing the boundaries of this local 
> network, the MAC address turns into a uniqueID facilitating traceablility. 

Yes, it's being used for a purpose other than the one that led me to use it in the first place (which was, I want my packets to come to me and not someone else).  And I 'expected' geolocation to locate the geo address of 'fixed' 'infrastructure' WiFi points, not my (potentially portable) equipment.

> To conclude, I think it is not without value to collect such cases and give 
> some opinions that may even turn into some best practice in one way or the 
> other. 
> One way to do that may be the PLING wiki, where we collect already those 
> enlightening cases. The challenge in this case is to describe the case as 
> neutral as possible and keep the emotions of deceived expectations in a 
> separate statement.
> http://www.w3.org/Policy/pling/wiki/InterestingCases
> Anyone willing to write this down?

I think collecting these cases is a good start on seeing some patterns, principles, etc.  We really need some real-world issues to expand our horizons.

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Saturday, 9 October 2010 07:28:54 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:23:52 UTC