- From: John Morris <jmorris@cdt.org>
- Date: Fri, 21 May 2010 00:23:11 -0400
- To: Brian LeRoux <brian.leroux@nitobi.com>
- Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
The vast majority of people will never spoof their MAC addresses. MAC addresses -- if trivially available to any website on the Internet -- would become a unique and unchanging identifier for all Internet users, thereby destroying privacy and anonymity. Websites track users today with cookies and Flash LSOs and the like, and users have a reasonable level of control over those (although controls over LSOs are slower to emerge). Easy MAC address availability would deprive users of that control, and would trivially allow users' access of diverse websites to be linked up. Everyone from behavioral advertising companies to the government of China would be thrilled if the W3C enabled simple universal Internet user tracking. So, as Thomas asked, what are your specific use cases? On May 20, 2010, at 11:28 PM, Brian LeRoux wrote: > What are the significant and problematic implications for privacy!? > > > > On Thu, May 20, 2010 at 8:24 PM, John Morris <jmorris@cdt.org> wrote: >> +1 on Thomas's request for specific, realistic use cases for >> revealing MAC >> addresses through the web browser. I'd also be interested in any >> argument >> that revealing MAC addresses is "not really a threat" -- I think >> that such a >> capability would have very significant and problematic implications >> for >> privacy. >> >> John >> >> On May 20, 2010, at 5:28 PM, Thomas Roessler wrote: >> >>> On 20 May 2010, at 14:23, Brian LeRoux wrote: >>> >>>> Some notes from the phonegap team for consideration: >>>> >>>> - MAC addresses can be used to uniquely identify a network device >>>> which we can/have/do use for some apps. I can give some specific >>>> use >>>> cases here if neccessary. We feel this is useful in the spec and >>>> not >>>> really a threat. >>> >>> I'd be interested in seeing the specific use cases. In particular: >>> *What* >>> is it that you really want to uniquely identify? The network >>> interface? The >>> user? The device? >>> >>>> - Also: MAC addresses can be spoofed! >>> >>> Yes, but that's not very likely to occur. >>> >>>> - IP Addresses only give a rough estimate of where a person >>>> is...and >>>> if we don't include it can be easily retrieved with >>>> http://whatismyipaddress.com anyhow. We should include in the spec. >>> >>> These may well be different addresses: The device might be behind >>> a NAT, a >>> proxy of sorts, or may use an anonymization service. >>> >>> >>> >> >> >> >> > > >
Received on Friday, 21 May 2010 04:23:43 UTC