Your Android phone is a SNITCH: Wi-Fi bug makes you easy to track Your mobile device could be compromising your privacy by broadcasting your location history over the air, even when it is in sleep mode, according to new research by the Electronic Frontier Foundation. Of particular concern are newer Android gadgets, specifically those running Android 3.1 "Honeycomb" or later. That version of …
*Yawn*, so I have to fall back on other methods of fingerprinting you.
I don't personally (obviously - or do I)? but someone who cares has ignored a MAC address as a sole source of uniquely identifying you for years. For starters, that may identify your computer but not you and if you share your computer then that's useless anyway {you != pc}.
"They" will give "you" a unique index eg a GUID and associate lots of data against it as it turns up via G+, FB, Twatter, affiliate sites etc etc ad nauseam. Each bit of data will also be assigned some form of probability or weight of being "you". It could work a bit like a spam scanner like Spamassassin in that the weights will be added up and tested against a threshold to say yep - this session is "you".
Have you any idea how much info your browser gives out in the headers, or emails? Even huge firms forget to remove internal Received: headers in their emails - have a look : it's hilarious how much of their internal network structure you can glean from that.
You'll need to think a lot more about personal security than messing your MAC addresses around. Me? I don't bother.
Cheers
Jon
PS My habit of signing forum posts as above will be in someone's database as will my habit of using post scriptums - oh well!
You can't track someone at a website using their MAC address, how would you know their MAC address?
The only way it would even be possible would be to get the user to download a plugin or software during their browsing session and read it that way, but to what purpose?
If you want a unique ID you would normally just create one and put it in a cookie or get them to login to your site (which then also works cross device).
There is greater awareness of security these days. Not that things are anywhere near secure, but the situation is better than it was a decade ago, and much better than the completely security unaware 90s were. But privacy seems to be something few programmers take into account, if they can come up with an easy way to accomplish something they don't even think about stuff like this, apparently.
You are not wrong there on many levels. One that immediately springs to mind is the mess that is web proxy support in many apps. A web proxy is quite handy in anonymizing a web session. Support is equally borked and complicated across all OSs. Some apps are good and some are bad. Try and get MS registration to work though a web proxy (can't remember which bits fail but some do, despite Negotiate support in the proxy).
Then there is the end user and the corporate policy. I work for and with many for whom security is paramount and yet certain bits of the puzzle remain off limits. Data leaks and the result is well ...
In my more Trevor Potts moments, I scream, then I stroke my pfSense firewalls, my mod_security web firewalls, my Squid n Dans Guardian proxies, my OpenVPN and IPSEC VPNs, my carefully controlled AV, my layer 2 controls, my n factor auth, my ... well you get the idea (and that's just at home - you should see how mental I am at work) and then quietly give up and go and have a lie down.
At least they keep most of the baddies away - I think.
Cheers
Jon
Programmers? What the hell have they got to do with it?
Anything labelled "improves user experience" gets boosted to the top of the list, anything labelled "security risk" gets kicked to the bottom.
Instead of bitching about "programmers", send a stroppy tweet to your 'phone's manufacturer and reseller.
I assume that as you are posting as AC that you take your security very seriously. However you have requested information to which the answer might send you blind or cause your hands to fall off their wrists.
These forums come under the heading of The Register and you are asking for information about something called "Cyanogenmod".
I'd go and have a chat on their forums if I was you. I'm sure it isn't too far away.
Cheers
Jon
Pfft, unless (as I do) I keep my phone switched off until I need to use it. My battery has lasted 19 days so far.
I keep the phone switched on, but BT/WiFi/Data switched off unless I'm using it.
I get about 8 or 9 days out of my Galaxy S2 :-)
Vic.
This article was awesome for introducing me to wigle, and the links to the interesting articles by Chainfire in the blog post. It's fascinating to see it's the wi-fi hardware itself doing this, and not the software.
Jesus Christ, nobody with a Linksys *ever* changes their default name, do they??
Yeah, this doesn't sound completely overblown at all........
"Oh look this phone has recently been to Tesco, McDonalds, BT-Hub-2F6J, Wanadoo-978C, The Cloud and Starbucks" yup - that sounds incredibly identifiable, quick give me a pen and a map so I can draw the exact route this phone must of took......
Bollocks.
"Oh look the CEO's phone is showing that he has recently been to company B and he was out all day yesterday, I wonder if those merger rumours are true after all?"
"Oh look Julie's phone is showing the Palma Resort, isn't that where Kevin went last week on holiday? I thought Kevin was married?"
"Hey boss, we went to that nightclub last night and Luis Suárez was there and his AP was showing Real Madrid, maybe he's in talks about transferring? Should we print it?"
...etc
"...The idea is to conserve battery by allowing a phone to connect to known Wi-Fi networks even while in sleep mode, since Wi-Fi uses less power than the mobile data radio."
First, that is a well known *feature*, not a bug.
Second, only the most seriously mentally challenged cannot Google the result to turn off the "offending" service.
I did it a while ago, as it annoyed me that wifi kept trying to connect and worse, successfully drained the battery more quickly.
If I understand what you're saying correctly I think someone may have already had this good idea...
https://play.google.com/store/apps/details?id=net.kismetwireless.android.smarterwifimanager
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
