random MAC, Device Name, Serial # and IMEI ? 2014-12-27 8:09 GMT+08:00 Seth David Schoen <[email protected]>:
> [email protected] writes: > > > Awesome! > > > > Though a tablet could work, I am more for a more pocket-sized mobile > > device. Also, Seth, thanks for the more in-depth concern regarding > > the WiFi MAC address and guard nodes, however, though I am all for > > people knowing how their devices work and why, the details of that > > kind of stuff is a bit over my head, even if I know what they are. > > Hi Spencer, > > The MAC address, at least, is a very important issue if you actually > want users to have location privacy with the device. One of the most > important ways that governments and companies track physical locations > today is by recognizing individual devices as they connect to networks > (or, with some versions of some technologies, when the devices announce > themselves while searching for networks). If the device itself has a > recognizable physical address that a network operator or just someone > listening with an antenna can notice, that is a tracking mechanism -- > and not a theoretical tracking mechanism but one that's been reduced to > practice by advertisers, hotspot operators, and governments. > > Depending on what kind of privacy you're looking for, using Tor in this > scenario might not help much, because other people can still tell where > "you" are (at least a particular device!), and, depending on the scope of > the trackers' view of things, may be able to go on to make a connection > between "your device using Tor today over here" and "your device using > Tor next week over there". In that case, the users of such devices > don't get the level of blending-into-a-crowd they might expect. > > One privacy property you might want as a user of such a device is that > when you get online from a particular network, other people on that > network don't know it's you, but just see that some non-specific user of > the TorPhone is now on the network. Without solving the MAC address > issue, and possibly some other related issues, you won't get that > property, even if the device is totally great in other ways. > > The guard nodes historically may have constituted a similar problem > ("oh, it's the Tor user who likes to go through nodes x, y, and z, not > the other Tor user who likes to go through w, x, and y, or the other > other Tor user who likes to go through p, q, and x"). > > A more general point is that someone who's trying to track you may use > _any_ available observable thing about you, your devices, your behavior, > and so on. That's why really making users less distinguishable calls > for a lot of careful thinking and a lot of hard work, like in > > > https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability > > If you're talking about making a whole device like a phone, a lot of > that process has to be repeated, over and over again, to have a hope of > getting really strong privacy properties. (Some people trying to make > Tor-centric operating systems like Whonix and Tails have definitely been > thinking about these problems at the operating system level, but they're > currently targeting laptops rather than phones. And yes, they do worry > about the wifi MAC address!) > > -- > Seth Schoen <[email protected]> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > tor-talk mailing list - [email protected] > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
