- From: Brian LeRoux <brian.leroux@nitobi.com>
- Date: Thu, 20 May 2010 21:36:54 -0700
- To: John Morris <jmorris@cdt.org>
- Cc: W3C Device APIs and Policy WG <public-device-apis@w3.org>
Hey John, I gave an example two emails ago. Again, if I want to spoof a mac address I get About 74,900,000 results on Google. If I want to access a mac address in any other first class development platform it is trivial. The scenario you describe def travels into security and privacy and capabilities which is, imo, a different problem, eh. On Thu, May 20, 2010 at 9:23 PM, John Morris <jmorris@cdt.org> wrote: > The vast majority of people will never spoof their MAC addresses. MAC > addresses -- if trivially available to any website on the Internet -- would > become a unique and unchanging identifier for all Internet users, thereby > destroying privacy and anonymity. Websites track users today with cookies > and Flash LSOs and the like, and users have a reasonable level of control > over those (although controls over LSOs are slower to emerge). Easy MAC > address availability would deprive users of that control, and would > trivially allow users' access of diverse websites to be linked up. > Everyone from behavioral advertising companies to the government of China > would be thrilled if the W3C enabled simple universal Internet user > tracking. > > So, as Thomas asked, what are your specific use cases? > > > On May 20, 2010, at 11:28 PM, Brian LeRoux wrote: > >> What are the significant and problematic implications for privacy!? >> >> >> >> On Thu, May 20, 2010 at 8:24 PM, John Morris <jmorris@cdt.org> wrote: >>> >>> +1 on Thomas's request for specific, realistic use cases for revealing >>> MAC >>> addresses through the web browser. I'd also be interested in any >>> argument >>> that revealing MAC addresses is "not really a threat" -- I think that >>> such a >>> capability would have very significant and problematic implications for >>> privacy. >>> >>> John >>> >>> On May 20, 2010, at 5:28 PM, Thomas Roessler wrote: >>> >>>> On 20 May 2010, at 14:23, Brian LeRoux wrote: >>>> >>>>> Some notes from the phonegap team for consideration: >>>>> >>>>> - MAC addresses can be used to uniquely identify a network device >>>>> which we can/have/do use for some apps. I can give some specific use >>>>> cases here if neccessary. We feel this is useful in the spec and not >>>>> really a threat. >>>> >>>> I'd be interested in seeing the specific use cases. In particular: >>>> *What* >>>> is it that you really want to uniquely identify? The network interface? >>>> The >>>> user? The device? >>>> >>>>> - Also: MAC addresses can be spoofed! >>>> >>>> Yes, but that's not very likely to occur. >>>> >>>>> - IP Addresses only give a rough estimate of where a person is...and >>>>> if we don't include it can be easily retrieved with >>>>> http://whatismyipaddress.com anyhow. We should include in the spec. >>>> >>>> These may well be different addresses: The device might be behind a NAT, >>>> a >>>> proxy of sorts, or may use an anonymization service. >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> > > >
Received on Friday, 21 May 2010 04:42:00 UTC