Slashdot Mirror
iOS 8 Strikes an Unexpected Blow Against Location Tracking
schwit1 (797399) writes 'It wasn't touted onstage, but a new iOS 8 feature is set to cause havoc for location trackers, and score a major win for privacy.As spotted by Frederic Jacobs, the changes have to do with the MAC address used to identify devices within networks. When iOS 8 devices look for a connection, they randomize the MAC address, effectively disguising any trace of the real device until it decides to connect to a network.'
Generally, I've found this to be true. Their business model does not depend on a lack of customer privacy like Google.
At least according to the prosecutors who went after Aaron Swartz. His laptop got locked out of a network so he changed the MAC address with the built-in MacOS GUI utility and they said that was like filing the serial number off a car. Now all iphones are going to change it randomly during network scan? OMG, that's like a car that files off its own serial number every time you go around the block! Alert the authorities!!!!! Sigh.
Good.
When it actually connects it's giving the real MAC address.
The point is that there are many networks out there pinging for MAC addresses that the user DOESN'T connect to.
Most laws, except negligence statuettes, have an intent clause. In Schwartz's case it would have been easy to show that his intent was to circumvent being kicked off the network. Randomizing during search can easily be shown as an intent to remain anonymous.
When it connects it uses the real MAC address so MAC filtering will work.
The point, obviously, is that you can't be identified by the access points you don't connect to.
Of course you're traceable once you've connected; how else could you stay connected and get traffic to your device?
systemd is Roko's Basilisk.
Negligence statuettes?
Wonderful wonderful slip!
In your example, the prosecutors were able to argue that deliberately using a utility to intentionally change your MAC address was akin to taking steps to file off the serial numbers of a car. This is because Aaron intended to change his MAC address and deliberately took steps to effect the change.
If future iPhones automatically change their MAC address, on their own, without any intervention by their user, where is the crucial element of acting with intent or deliberation?
It is far too soon to cry wolf.
Apparently Nordstroms is logging all phones that enter into their stores. Then they can know how many times you've entered, how long you stayed, when you left. I wasn't aware they were starting to do that.
"First they came for the slanderers and i said nothing."
Wasn't there an update in the SSID discovery which allows to probe for SSID without sending MAC address at all ? I think I read about this some time ago, but I don't find a source (read: I don't have time to search). Of course this require the AP to understand this new version of protocol (so basically useless due to number of old AP)
I do not have any empirical data to back up this feeling, but considering the cozy and close relationship Apple has demonstrated with our friends in the NSA, this article strikes me as a dishonest attempt to fool us into thinking they actually care about privacy and security.
On a technical note, what does this do to ARP tables? How does that address resolution work?
will go bonkers because of this. Dell already sends me about a dozen emails a day about new MAC addresses our APs discover.
So let's not prematurely confuse "we are making tracking more difficult for the benefit of our users" with "we're still happy to violate users' privacy for profit, we're just making it so there's only one implementation for doing so you can buy--ours".
Why keep Wifi on? It never seems to work well for me. When I did try to use it the data connection would constantly sever and sometimes cause whatever app I'm using to get angry. Furthermore at my house my Wifi is much slower than my mobile connection. Even though I have a data cap (Verizon) I never exceed the cap without Wifi. I also save some battery by keeping it off.
A little long in the tooth to be so naive about wifi networks and tracking mobile devices, aren't you?
Seriously? So close to being useful, yet so far...
It's been said countless times... this is another example. IMO - we are the product.
IMHO, I don't believe this "feature" is for our privacy as much as it is to protect related data points of the hard-earned user base.
This is an American company. Everything is under... oh forget it.
How dare it muck with the status quo?
Lets suppose a malfunctioning device is crashing my enterprise wifi system. Tell me again, how in earth will I block it, and much less detect it? This is so wrong in many levels from the technical point of view...
Y'know, you could have just turned WiFi OFF when you're not using it - People can't track you and you will extend your rather pathetic battery life that much further. It's win-win!
Charged Aaron Swartz with "MAC Address Spoofing"
http://arstechnica.com/tech-po...
http://archive.org/stream/UsaV...
My question is what other modern tools do admins have for identifying malicious users to restrict access to open networks if automatic MAC address spoofing becomes commonplace?
Ferrari says it will randomise number plates to anonymise you from police patrols and IRS auditors.
Apple could doing something as simple XOR of the real MAC against a hash of the current time of day. It might appear to be random, but something that is easily reversible just in case law enforcement or a 3 letter agency needs it.
Of course you're traceable once you've connected; how else could you stay connected and get traffic to your device?
The point is that after you connect *again*, you are linkable to the previous you.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
The adoption of measures protecting privacy depends on user demand. Online commerce has been considered safe enough for years yet exchanging an email or having any online activity is completely unprotected. I was always surprised by lack of interest from users. Maybe the younger users, if they are not yet addicted to making all their life public on facebook et al would put some pressure for simple technical solutions that guarantee a basic level of privacy. Obviously, I don't expect complete protection against three-letter agencies; that's not the point. In that sense, this looks like a step in a desireable direction, even if it is done for the wrong reasons. As a potential customer, I appreciate this effort.
So, basically, the device is doing something stupid (banging away hoping an AP will talk to it, when the USER has not indicated a need to do so), and Apple is just going to put on a fig leaf, of who knows how much transparency, rather than just stop doing the stupid thing? Are the few milliseconds it takes to connect to a network deliberately really going to ruin the the experience THAT much?
no, that's just one of the reasons I don't have one (little utility traded for a lot of work maintaining and securing the thing).
Unless your device is beaconing for networks in your saved networks list (WHICH ONLY HAPPENS for networks that do not transmit their SSID) a client *never* sends out probes, so there is no opportunity to randomize the MAC address.
If your device is listening for WiFi beacons and finds one in your saved network list, it *must* associate with your actual MAC address.
In other words, the teeny tiny percentage of the population with hidden SSIDs in their WiFi network list will benefit from this, nobody else. It would have been a lot better if they had done this with bluetooth.
Just because you disagree doesn't mean it's not true.
You want to have the real MAC address with your tracking device ? You get a SSID request from MAC "random" for network "this is my great home SSID". Ok. First if "this is my great home SSID" is unique you got it. But if it's not, just says that you are in fact the network "this is my great home SSID" and you got a connection request from MAC "real MAC". I'm not sure if this works. (and if it works, it's more difficult to track a lot of users, because you have to responds to these instead of just listening. And user could have restricted SSID connection to some fixed AP MAC)
Stores and malls that want to track you still have options - perhaps the most obvious one is to offer free wifi to their customers. Which is probably a win-win situation, although most users probably won't realise that part of the price of the "free" wifi is that they get tracked until they tell their device to forget the network again. There might be some subtle biases introduced into the data captured by this method if some kinds of customer are more likely to accept the offer of free wifi than others, mind you.
The randomized MAC addresses might not be all that random. Apple might be able to reverse engineer the fake mac address to find the true mac address. That algorithm might be licensed to "business partners" for a fee. Apple is just interested in preventing third parties from tracking you without paying the due share to Apple.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
It actually randomised the MAC address. Its been a long time since MACs were burnt into ROM and couldn't be changed. On Linux you can do it using ifconfig or one ioctl() in C.
The straw to break the camel's back, no more idevices on my corporate systems.
Because what are the odds that someone would need consistent MAC's for something crazy like.. oh, I don't know... DHCP lease assignment/reservations? Did Apple forget how dhcpd works? Do they just not care about us networking people who need their users to be on the right frikking subnets?
I hate this type of analogy people come up with to further their agenda. It doesn't help the public understand what really is the issue and it also perverts the public's view on the subject.
Changing a MAC address is not akin to filing a serial number off of a car. A MAC address is not a security feature, it's an identification number for the physical layer of a network, in which collisions ARE possible (although not likely). So if an NIC has the same MAC address as another NIC, it's not like two cars having the same serial number (which doesn't repeat, because, you know, it's serial).
With Android, you can see the source code
And you've seen the source code for the Android device in your hand? Right. Didn't think so. Hell, even if you compiled it yourself I seriously doubt you looked. Furthermore 99.9999% of people wouldn't have the foggiest idea where to find the relevant bits of code even if they did have the source code. Which they don't. And even if they did they certainly don't have time to review all the code themselves. I'm as big a supporter of open source as anyone here but I'm under no illusion that it protects me from a company like Google.
Google isn't trying to hide anything from anyone, unlike Apple.
If you believe that I have some property I'd like to sell you. Just because they have a cute motto about not being evil doesn't mean much. Google is no better than Apple when it comes to collecting and selling information about you. They are an advertising company and that is how they make their money. They may not sell all your specific information to specific buyers but they definitely are using that information to make money. And if you think they aren't hiding anything just try waltzing into their headquarters and snooping around sometime. Tell me how that goes for you.
Which is the real point; only Apple applications can connect and track.
remember the good old days when microsoft just wanted to make you use a shitty browser not monitor your whole life for the government like google does? google is shit and the fact that they use linux to spy on you changes nothing. if hitler used linux slashdot would think he's cool. fuck hitler, fuck linux and fuck google.
The NSA wants to know
Although it provides little actual security, it is still used as a security feature, and Swartz knew that. He then deliberately changed the address specifically to circumvent the security. In this context, the analogy is clumsy (as all are), but fits.
Most security features provide little actual security. The lock on your door can be picked or just kicked in, and many fences can be easily crossed. The fact that they exist still means something.. that you don't want people in there without authorization. Even just a 'no trespassing' sign carries significant legal weight, despite it providing no actual security.
This is one more step in pushing their own schemes.
Sure, on the face of it there's benefit from being able to avoid being tracked by 3rd parties.
But what do you want to be you'll be unable to change your device's iBeacon ID in the same manner?
When I buy a Google/ASUS co-branded Nexus 7 tablet from Google Play Store, how am I not the customer? Or am I strictly only ASUS's customer and Google's product? When my boss buys a Google Apps subscription for his company, how is he not the customer?
But I don't have a mac address! I use a PC!
Fuck Aaron Swartz and all you cock suckers that worship his stupid ass.
It's not about intent at all - a MAC address is simply meaningless! A car's serial number is something that is officially alotted
IEEE disagrees with you to an extent. It is the registration authority for blocks of 16.7 million MAC addresses.
There's more reason to talk to wifi networks than the user wanting to connect to them. For example, the user might want to know where they are, and hence need to know what wifi networks are near by and at what signal strength.
What's Apple's implementation of tracking users, and where can I buy it?
No, the answer is not iBeacon, which explicitly actually doesn't support tracking users, and is opt-in for the user anyway.
Apple probably uses a logic to generate the random mac address depending on time of day, etc. Unfortunately, while advertisers may not be able to track the owner of the phone that easy anymore, I'm sure the law enforcement has a copy of the logic to reverse engineer to find the owner of the phone. Having said that though, I'm sure the law enforcement has other tools at their disposal to track one down. I think the better solution is to use TASKER to disable automatically when leaving the home/workplace and re-enable it when entering home/workplace. It works surprisingly well. Ya, I'm aware that tasker does not run on IOS. The choice is still yours though -- android or not android.
Well... Negligence *statues* tend to hurt people when they fall over. The statuettes are smaller, and therefore safer.
Don't say that like it is a bad thing. I *want* my devices to have predictable identities because that is how the home router knows what IP address to hand out. Same thing at work. Also understand that a repeatable MAC only links sessions locally: your MAC address is not advertised to the internet.
Now, what would be nice would be an option to only use the assigned MAC when associating to selected networks. E.g., home, work, a friend's, etc., but by default use a randomly generated MAC. The hotels I've been at "forget" your device quickly anyway requiring a new acceptance of the terms so using a random MAC per session wouldn't hurt any. That'd be great for hot spots.
More important is the IP6 address selection. I'm not sure of the current state of affairs, but last I knew MS Windows was the only one that respected privacy. Apple used the MAC to generate a predictable suffix which allows global unique device tracking no matter where you go in the world. Now, they were not alone in this and IIRC it was originally a recommended method. But it is ironic, given MS close ties to NSA spying, that MS Windows (Win7 home, I believe) was the one that would generate a new suffix periodically even on a single connection (e.g., each day the suffix would change).
but changing MAC is like filing serial# off a car! At least according to the prosecutors...
Not any more. The Bluetooth Sig just spent four years in heavy sessions to plug the privacy leak from the MAC address tagging every packet with a device "serial number". This was rolled out in Bluetooth 4.0, especially in the Bluetooth Low energy addition.
If the option is turned on, the "MAC address" that labels the packets is pseudo-randomly chosen and constantly mutating. If the other device trying to communicate has a special relation it can access the true MAC address and/or share the secret so it can predict the pattern of mutation.
Apple went one further, though. Even when the remote device has the option turned off and is using the real MAC address for the link label, their stack doesn't export this info to apps over the API. The apps have to have to negotiate with the far end of the link to get it (or find a way to work around the stack, and risk Apple deliberatly breaking it, or removing them from the app store, if they find out), even though it was already "in the air".
I think Apple is sensitive to accusations of privacy violations and is making it hard for independent developers to put them in legal hot water.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
But why does a phone needs serial number? It's just a communication device. Shall we start putting serial numbers on oranges?
Couldn't he have done the exact same thing by using a USB network adapter? If I want to change the MAC address of my home computer, I just put in a different NIC card.
I see more +5 posts in this discussion than I have in any other Slashdot thread.
Coincidence?
Or are Apple fanbois just more insightful and informative?
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
Unlike Google and Facebook, Apple makes a lot of money from their hardware business. Apple fans are happy to pay high margins on, what they feel, are superior products. Google and Facebook, OTOH, rely on selling customer data to advertisers to generate a good part of their revenue.
Apple is taking an interesting pivot on the "walled garden" approach. In the past it has been derided by some as a good reason to NOT buy Apple products. Now Apple is saying "yes, we have a walled garden but with that comes some benefits". One of which is data security and privacy. With iOS8 in particular we are seeing a greater emphasis on protecting the user from malware for example. I read somewhere that close to 98% of all malware is targeted towards Android devices. That's the price you pay for the freedom and flexibility of Android - it's easier for some to exploit.
What this also indicates is that more and more, many people are really beginning to distrust Google and Facebook with their data. This leads to fake FB profiles and fake Gmail accounts in an attempt to dodge the ad-man.
Personally, it has led me to using DuckDuckGo as my default search engine. Basically, I don't trust Google with my personal data. Yes, Google does a lot of great things but I'm careful with how I use their services. Facebook, in my view, does nothing to benefit anyone other than Facebook. They are a honeypot for advertising data and have consistently abused their position as data steward for millions of users, selling information to the highest bidder. I don't use any of their services and never will.
Now I'm not under the illusion that Apple does not collect any data on their users. I'm sure they do. But it seems to me that Apple can be more trusted than the other two.
Although of questionable constitutionality, as it may run afoul of the right to due process, an increasing number of criminal laws in the US are strict liability only, meaning that intent is not required to be demonstrated. Theoretically, prosecutorial discretion keeps these laws from being applied in ridiculous circumstances, but practically...
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
A 'win' for Apple on this will be to increase the adoption of iBeacon in public spaces.
I should point out that not every individual needs to be able to check the code on their personal phone. Since they are builds across platforms, only one person somewhere needs to do it and report on it. And given the vibrant mod community for Android, this happens. There are people who tear down into the guts of Android on all different phones and versions and carriers specifically to look for things that are being done that they don't like and find ways to turn them off and make that information available.
You example about hiding things is moot as of course companies don't ant you snooping around their HQ and such. They have future projects they are working on. This is far different than hiding what they are collecting and selling. There is no comparison to be made there. No one is under any illusion about Google collecting information and using it. That has been the Google model since the very early days and anyone who thinks differently needs to crawl out from under the prehistoric rock they are under. Google, however, by and large, keeps the data within their owned subsidiaries. They own the email, the maps, the ads, the search. So the data doesn't have to leave Google. Mostly. Obviously they have external partners. Everyone does. But their major revenue streams are all inhouse.
At least according to the prosecutors who went after Aaron Swartz. His laptop got locked out of a network so he changed the MAC address with the built-in MacOS GUI utility and they said that was like filing the serial number off a car. Now all iphones are going to change it randomly during network scan? OMG, that's like a car that files off its own serial number every time you go around the block! Alert the authorities!!!!! Sigh.
Sad that you don't understand enough about how WiFi works. There are two phases: In the first phase your device detects routers around it. In that phase, it must give out an MAC address so that the router can respond, but the MAC address is completely irrelevant. And no WiFi router will block out anyone during that discovery phase. The second phase is the connect phase, and in the connect phase, the device does indeed give its own MAC address.
In other words, what you are saying is complete bullshit.
So, basically, the device is doing something stupid (banging away hoping an AP will talk to it, when the USER has not indicated a need to do so), and Apple is just going to put on a fig leaf, of who knows how much transparency, rather than just stop doing the stupid thing? Are the few milliseconds it takes to connect to a network deliberately really going to ruin the the experience THAT much?
Basically, the "stupid" thing is what _all_ devices do. And you are free to call what Apple is doing "putting a fig leaf on", fact is that with any other device everyone interested gets a full frontal view of you in the nude. And of course eventually comes the point where your device _must_ check what WiFi devices are around, because without that it cannot find the one it wants to connect to.
Wonder if they're randomizing the entire MAC or just the lower three bytes, and what this does for the odds of a MAC collision.
Any bets this ends up causing as many problems as Apple's broken DHCP implementation in iOS 3.2.1 through 6.1?
Swartz? What law was that under? Cause you know the world differs on this, we don't all follow the sheep.
You do realise this is due to location tracking done even down to google, mobile phone providers etc etc
Google got a lawsuit over it. So it's not useless crap at all, before you could be tracked just by walking by something that was scanning/you were scanning, now you actually have to make a human interaction and connect.
Except that Apple has iTunes which requires an in-depth knowledge of their customers in order to make suggestions. Will their Mac Address randomizer work when you're visiting Apple's sites? One thing is privacy, another thing is ownership. Ownership of customer accounts.
Once connected to a network, it will use the real MAC, making it utterly traceable.
God, you remind me of the idiot who wanted to spoof his IP address "for security reasons". For his normal TCP traffic.
Of course news about a fake are Fake News.
go to:- http://jailbreakallios.blogspo...
It wasn't "locked out of the network". It was locked out of certain services, along with requiring a well publicized login access to the service. Make no mistake, MIT did their best to simply raise the fence against an insistent and abusive intruder, and the evidence of his deliberately working his way around those defenses discredits any claim that it was anything other than well understood criminal behavior on his part.
It's legal for me to have a tire iron. When I take it from my car and use it smash car windows and take bags of Xmas presents in a mall partking lot, it's a "burglary tool". When the act is on video tape picking up and trying to sneak out with the Xmas presents I've stolen, with the tire iron sticking out of my jacket, the fact that I have a valid employee ID and legal permission to be in the parking lot doesn't cut a lot of slack.
Let's not get silly about Aaron Swartz. He was a criminal who earned a felony conviction, and was too cowardly to be willing to actually face jail time.