- From: David Singer <singer@apple.com>
- Date: Mon, 4 Oct 2010 16:02:44 -0700
- To: Richard Barnes <richard.barnes@gmail.com>
- Cc: public-privacy@w3.org
- Message-Id: <8232E363-1787-4931-903A-0680FAB0BD0D@apple.com>
Indeed, it's the more general concern I was having an anxiety attack about. I always imagined it was *infrastructure* Mac addresses that were harvested. The thought that my *laptop's* Mac address is in the database feels rather different. And no, I never put my laptop into 'infrastructure mode' at home. Bluetooth also uses Mac addresses. Maybe someone is harvesting those as well. You could probably track a person's movements by following sightings of their WiFi or Bluetooth. Ugh. I am effectively broadcasting "It's me, I'm nearby" all the time, to anyone who cares to listen. Can I have a tin-foil hat, please? On Oct 4, 2010, at 11:47 , Richard Barnes wrote: > Worth noting that this attack doesn't even involve any advanced web APIs. It's a generic XSS against the web-based interfaces that home gateways present. The more general concern is of course the existence of MAC-to-location databases. > > >> On Oct 4, 2010 2:09 PM, "David Singer" <singer@apple.com> wrote: >> >> I was actually quite disturbed when I entered the mac address of my *laptop* on this page: >> >> http://www.samy.pl/mapxss/ >> >> and it got my location to within one house (i.e. it attributed it to the house next door). >> >> This means anyone sniffing my mac address when I am traveling will have a pretty good idea of where I am from. My iPhone's MAC address did not trace.... >> >> David Singer >> Multimedia and Software Standards, Apple Inc. >> >> > David Singer Multimedia and Software Standards, Apple Inc.
Received on Monday, 4 October 2010 23:03:52 UTC