Re: MAC addresses and privacy... from Rigo Wenning on 2010-10-08 (public-privacy@w3.org from October to December 2010)

From: Rigo Wenning <rigo@w3.org>
Date: Sat, 9 Oct 2010 01:13:32 +0200
To: Thomas Roessler <tlr@w3.org>
Cc: David Singer <singer@apple.com>, Richard Barnes <richard.barnes@gmail.com>, public-privacy@w3.org
Message-Id: <201010090113.42629.rigo@w3.org>

I think the trouble we are facing is that something is working different than 
the way we expect it to work. I still lack sufficient knowledge about the real 
bits, but I wanted to share my thoughts. 

I think we react (and that was also my reaction) because MAC-addresses are 
something useful in my local network. It helps me to do all kinds of things. 
But if some software is capable of blowing the boundaries of this local 
network, the MAC address turns into a uniqueID facilitating traceablility. 

Now while we have other expectations for MAC addresses, IPv6 addresses are 
supposed to identify a device. So no need for a MAC address to do the tracing 
in a near future. 

But is this evil? Evil means that somebody has consciousness about a behaviour 
being rejected by society and still continues to do it. But I think somebody 
just tried to be useful so that they can provide your location history (and 
benefit from that at the same time)

So what we should discuss here is the profound expectations and requirements 
we have for a democratic society concerning this unique identifiers. And there 
things like "controlabilty" come to my mind. 

To conclude, I think it is not without value to collect such cases and give 
some opinions that may even turn into some best practice in one way or the 
other. 

One way to do that may be the PLING wiki, where we collect already those 
enlightening cases. The challenge in this case is to describe the case as 
neutral as possible and keep the emotions of deceived expectations in a 
separate statement.
http://www.w3.org/Policy/pling/wiki/InterestingCases

Anyone willing to write this down?

Best, 

Rigo

On Tuesday, October 05, 2010 13:31:17 Thomas Roessler wrote:
> > Bluetooth also uses Mac addresses.  Maybe someone is harvesting those as
> > well.  You could probably track a person's movements by following
> > sightings of their WiFi or Bluetooth.  Ugh.  I am effectively
> > broadcasting "It's me, I'm nearby" all the time, to anyone who cares to
> > listen.
> >
> > 
> >
> > Can I have a tin-foil hat, please?
> 
> And yes, it certainly is possible to use a geolocation provider to harvest
> this sort of information about users' machines. It's also possible (to go
> down the tin-foil route a bit further) to harvest this sort of information
> about nearby machines, e.g,. using malware.

Received on Friday, 8 October 2010 23:14:13 UTC