Linked by Howard Fosdick on Mon 21st Nov 2011 07:48 UTC
Google Last June, CNET disclosed that Google collects and publishes the estimated locations of millions of phones, laptops, and other Wi-Fi devices. All without their owner's knowledge or permission. Google has finally announced how to exclude your home network from this database. Simply append "_nomap" to its name. Details over at CNET. Left unsaid is why the burden is placed on millions of individuals to opt-out, instead of on perpetrator Google.
Thread beginning with comment 497880
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: Comment by clhodapp
by Soulbender on Tue 22nd Nov 2011 00:54 UTC in reply to "RE[5]: Comment by clhodapp"
Soulbender
Member since:
2005-08-18

Can you say which manufacturer is reusing addresses and their reason for doing so?


I think it was Netgear but I'm not entirely sure. The reason for re-using them is that the address space allocated to a manufacturer is not infinite. Why not re-use the same MAC's on cards that you send to entirely different geographical regions? The chances of those cards would go to the same owner are rather slim.

But it seems to me that they could/should have avoided the use of unique static identifiers when it was being worked on.


Perhaps but in all honesty I dont see the point in doing so. The scenarios in which knowing the MAC address is serious attack vector are rather limited.
For one, the MAC address in itself carries no useful information. The most you can derive from it is the manufacturer and maybe the model. Secondly, to make any use of it you need to break into it and in order to do that you need to know either it's IP address or be in the local vicinity of the access point. Sure, you can locate access points this way but why bother when you can just walk around at random with equal, or better, results. Let's even go far as to say that you're targeting a specific person. Now, chances are you already know approximately where this person lives so you can just as easily, and more reliably, get the information by going there yourself. In fact, you would have to go there yourself sooner or later to get the IP address so you see,Google's information is redundant and not really useful for the purpose of cracking.

Now, if Google published the IP address of each access -point I would be worried.

Edited 2011-11-22 00:55 UTC

Reply Parent Score: 3

RE[7]: Comment by clhodapp
by Alfman on Tue 22nd Nov 2011 01:38 in reply to "RE[6]: Comment by clhodapp"
Alfman Member since:
2011-01-28

Soulbender,

"I think it was Netgear but I'm not entirely sure. The reason for re-using them is that the address space allocated to a manufacturer is not infinite."

Well they haven't run out yet, any reuse right now would suggest administrative error. Although I'm certainly interesting in reading any sources saying that manufacturers are doing it deliberately.

"Perhaps but in all honesty I dont see the point in doing so. The scenarios in which knowing the MAC address is serious attack vector are rather limited."

I already said some people using self-configuring IPv6 are already leaking a MAC address. But conceptually I don't really care where they learn my mac address - it could be at a conference or school or rest stop, I still don't like the idea that they might then use a database to track where I go.

"For one, the MAC address in itself carries no useful information."

It doesn't have to be "useful information" to track you, it just has to be unique.

"Secondly, to make any use of it you need to break into it and in order to do that you need to know either it's IP address or be in the local vicinity of the access point....Google's information is redundant and not really useful for the purpose of cracking."

It's the tracking of personal equipment that concerns me much more than having my device hacked.

Reply Parent Score: 2

RE[8]: Comment by clhodapp
by Soulbender on Tue 22nd Nov 2011 02:10 in reply to "RE[7]: Comment by clhodapp"
Soulbender Member since:
2005-08-18

I already said some people using self-configuring IPv6 are already leaking a MAC address.


Yes, I agree this is a concern since it effectively relates the MAC address to an IP address. This does leak some information, such as the vendor of the network card and perhaps also the model.
I can't remember if that's the default behavior though or if you have to manually set it up like that. Probably differs between operating systems.

It's the tracking of personal equipment that concerns me much more than having my device hacked.


Ah well, I guess we have to agree to disagree. This doesn't bother me much in the grand scheme of things.

Reply Parent Score: 2