[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] All I Want For X-mas: TorPhone

random MAC, Device Name, Serial # and IMEI ?

2014-12-27 8:09 GMT+08:00 Seth David Schoen <schoen@xxxxxxx>:

> spencerone@xxxxxxxxxxxxxxx writes:
> > Awesome!
> >
> > Though a tablet could work, I am more for a more pocket-sized mobile
> > device. Also, Seth, thanks for the more in-depth concern regarding
> > the WiFi MAC address and guard nodes, however, though I am all for
> > people knowing how their devices work and why, the details of that
> > kind of stuff is a bit over my head, even if I know what they are.
> Hi Spencer,
> The MAC address, at least, is a very important issue if you actually
> want users to have location privacy with the device.  One of the most
> important ways that governments and companies track physical locations
> today is by recognizing individual devices as they connect to networks
> (or, with some versions of some technologies, when the devices announce
> themselves while searching for networks).  If the device itself has a
> recognizable physical address that a network operator or just someone
> listening with an antenna can notice, that is a tracking mechanism --
> and not a theoretical tracking mechanism but one that's been reduced to
> practice by advertisers, hotspot operators, and governments.
> Depending on what kind of privacy you're looking for, using Tor in this
> scenario might not help much, because other people can still tell where
> "you" are (at least a particular device!), and, depending on the scope of
> the trackers' view of things, may be able to go on to make a connection
> between "your device using Tor today over here" and "your device using
> Tor next week over there".  In that case, the users of such devices
> don't get the level of blending-into-a-crowd they might expect.
> One privacy property you might want as a user of such a device is that
> when you get online from a particular network, other people on that
> network don't know it's you, but just see that some non-specific user of
> the TorPhone is now on the network.  Without solving the MAC address
> issue, and possibly some other related issues, you won't get that
> property, even if the device is totally great in other ways.
> The guard nodes historically may have constituted a similar problem
> ("oh, it's the Tor user who likes to go through nodes x, y, and z, not
> the other Tor user who likes to go through w, x, and y, or the other
> other Tor user who likes to go through p, q, and x").
> A more general point is that someone who's trying to track you may use
> _any_ available observable thing about you, your devices, your behavior,
> and so on.  That's why really making users less distinguishable calls
> for a lot of careful thinking and a lot of hard work, like in
> https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
> If you're talking about making a whole device like a phone, a lot of
> that process has to be repeated, over and over again, to have a hope of
> getting really strong privacy properties.  (Some people trying to make
> Tor-centric operating systems like Whonix and Tails have definitely been
> thinking about these problems at the operating system level, but they're
> currently targeting laptops rather than phones.  And yes, they do worry
> about the wifi MAC address!)
> --
> Seth Schoen  <schoen@xxxxxxx>
> Senior Staff Technologist                       https://www.eff.org/
> Electronic Frontier Foundation                  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to