Linked by Howard Fosdick on Mon 21st Nov 2011 07:48 UTC
Google Last June, CNET disclosed that Google collects and publishes the estimated locations of millions of phones, laptops, and other Wi-Fi devices. All without their owner's knowledge or permission. Google has finally announced how to exclude your home network from this database. Simply append "_nomap" to its name. Details over at CNET. Left unsaid is why the burden is placed on millions of individuals to opt-out, instead of on perpetrator Google.
Thread beginning with comment 497868
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by clhodapp
by Soulbender on Mon 21st Nov 2011 23:14 UTC in reply to "RE[3]: Comment by clhodapp"
Soulbender
Member since:
2005-08-18

I really would like to know what you mean here, because in practice having duplicate MAC addresses will break things like DHCP and switching hubs which rely on a MAC address's uniqueness.


Sure, it causes problem..on the local segment. It wont matter one bit if a company in Stockholm and one in Manila have devices with the same MAC address. A MAC does not need to, and in practice sometimes isn't, globally unique. I know some folks who have managed to end up with two different network cards (from the same manufacturer, of course) with the same MAC address.

(Didn't you just say it doesn't need to be unique?)


Yes, it has to be locally unique but not globally.

I'm not here to re-engineer it, but the unique id doesn't need to be static between sessions


You have a point there, it doesn't have to be the same forever. Of course, the problem is how you define a session. Is it the time between reboots of the AP? Individual TCP/IP sessions? As I said, it might be possible but not practically feasible for various reasons. Plus there's also some, very limited, security in knowing what MAC address your AP and workstations has. That said, MAC address security is an administrative burden for anything but tiny home networks and easy to circumvent.

Reply Parent Score: 2

RE[5]: Comment by clhodapp
by Alfman on Tue 22nd Nov 2011 00:33 in reply to "RE[4]: Comment by clhodapp"
Alfman Member since:
2011-01-28

Soulbender,


"A MAC does not need to, and in practice sometimes isn't, globally unique. I know some folks who have managed to end up with two different network cards (from the same manufacturer, of course) with the same MAC address."

I realize that MAC addresses only matter locally, but hardware MAC addresses are intended to be globally unique and manufacturers are not supposed to reuse them. Can you say which manufacturer is reusing addresses and their reason for doing so?


"You have a point there, it doesn't have to be the same forever. Of course, the problem is how you define a session. Is it the time between reboots of the AP? Individual TCP/IP sessions? As I said, it might be possible but not practically feasible for various reasons."

Why is that a problem? A session could be defined as whatever the standard deemed appropriate - including leaving it configurable in firmware. The higher level protocols don't need to be aware of it, there just needs to be a dynamic mapping between them and raw MAC addresses, which we already have as ARP.

Like I said, I wouldn't want to re-engineer 802.11 now that's it's here and working, at least not without a much more compelling reason. But it seems to me that they could/should have avoided the use of unique static identifiers when it was being worked on.

Reply Parent Score: 2

RE[6]: Comment by clhodapp
by Soulbender on Tue 22nd Nov 2011 00:54 in reply to "RE[5]: Comment by clhodapp"
Soulbender Member since:
2005-08-18

Can you say which manufacturer is reusing addresses and their reason for doing so?


I think it was Netgear but I'm not entirely sure. The reason for re-using them is that the address space allocated to a manufacturer is not infinite. Why not re-use the same MAC's on cards that you send to entirely different geographical regions? The chances of those cards would go to the same owner are rather slim.

But it seems to me that they could/should have avoided the use of unique static identifiers when it was being worked on.


Perhaps but in all honesty I dont see the point in doing so. The scenarios in which knowing the MAC address is serious attack vector are rather limited.
For one, the MAC address in itself carries no useful information. The most you can derive from it is the manufacturer and maybe the model. Secondly, to make any use of it you need to break into it and in order to do that you need to know either it's IP address or be in the local vicinity of the access point. Sure, you can locate access points this way but why bother when you can just walk around at random with equal, or better, results. Let's even go far as to say that you're targeting a specific person. Now, chances are you already know approximately where this person lives so you can just as easily, and more reliably, get the information by going there yourself. In fact, you would have to go there yourself sooner or later to get the IP address so you see,Google's information is redundant and not really useful for the purpose of cracking.

Now, if Google published the IP address of each access -point I would be worried.

Edited 2011-11-22 00:55 UTC

Reply Parent Score: 3

RE[6]: Comment by clhodapp
by phoenix on Tue 22nd Nov 2011 18:45 in reply to "RE[5]: Comment by clhodapp"
phoenix Member since:
2005-07-11

Soulbender,

"A MAC does not need to, and in practice sometimes isn't, globally unique. I know some folks who have managed to end up with two different network cards (from the same manufacturer, of course) with the same MAC address."

I realize that MAC addresses only matter locally, but hardware MAC addresses are intended to be globally unique and manufacturers are not supposed to reuse them. Can you say which manufacturer is reusing addresses and their reason for doing so?


A MAC address is only 48 bits. And the first chunk (first 6 hex digits I believe) describe the manufacturer, leaving only the last 6 hex digits for the unique part for the device (24 bits or 2^24 or 16,777,216 unique addresses).

Considering the number of laptops, smartphones, tablets, motherboards, etc sold since the MAC address was first standardised, and the limited number of NIC chipset manufacturers, it's impossible for companies to not be recycling MAC addresses.

Devices sold in the 80s and devices sold now probably have the same MAC addresses. Fortunately, few devices made in the 80s (ISA NICs for example) are in use today. ;)

Reply Parent Score: 4