1
#PM Challenge - privacy aware network handling

  1. O1539871151508
    Eclair Feb 6, 2019

    O1539871151508 , Feb 6, 2019 :
    Target user group is everyone.

    Many shops and other places like a coffeeshop or public transport have started to track people with wifi and bluetooth beacons.
    If you have your wifi or BT enabled your cellphone constantly broadcasts your mac-adress and known endpoints. These can be used to track your movements as they are rather unique to your device.

    So i suggest to completely randomize the mac-adress for each scan including the vendor part of the mac and for each connection to a network unless the user specified the mac-adress for the network statically. To go with this only broadcast a known essid/bssid if a passive scan showed it as active recently.

    Ask the user if he encounters a new Hotspot-Mac-Adress for known Network-Names to make sure it is a genuine node and not some network which happens to share a common name.
     

    #1
  2. KeepTransisting
    The Lab - OnePlus 7 Pro Reviewer Feb 6, 2019

    KeepTransisting , Feb 6, 2019 :
    MAC address randomization would be a complete clusterfuck when it comes to wireless standards, though. The whole point of a MAC address is that it's a static address.

    Plus, nobody cares if you walked by a coffee shop or a bar. If you're that worried about that level of privacy, I've got some bad news for you when it comes to owning a smartphone.
     

    #2
  3. O1539871151508
    Eclair Feb 6, 2019

    O1539871151508 , Feb 6, 2019 :
    Static is ok, when you trust the network and you know it depends on your mac-adress for some small increase in security and comfort features which is very thin.

    Apple already protects its users this way:

    https://www.pcworld.com/article/331...r-location-even-when-you-arent-connected.html

    There are solutions for shop owners out there that do exactly that.
     

    #3
  4. Sridhar Ananthanarayanan
    Lollipop Feb 6, 2019

    Sridhar Ananthanarayanan , Feb 6, 2019 :
    All that would be necessary only if you connect to a public network, isn’t it?
     

    #4
  5. O1539871151508
    Eclair Feb 6, 2019

    O1539871151508 , Feb 6, 2019 :
    No, also when you have wifi enabled and not connected as the scanning also reveals your mac adress and presence to nearby accesspoints.
     

    #5
  6. Sridhar Ananthanarayanan
    Lollipop Feb 6, 2019

    Sridhar Ananthanarayanan , Feb 6, 2019 :
    Yeah, but how would that identify you?
     

    #6
  7. O1539871151508
    Eclair Feb 6, 2019

    O1539871151508 , Feb 6, 2019 :
    A mac adress that isn't changed is unique for you so you can see who comes by often, you can link them to multiple shops if the solution there is the same, you can get an estimate location within a place.
    If it is a semi-public wifi with a capturing portal where you need to accept some kind of terms of use maybe the hotspot makes a connection to a username or other form of id.
     

    #7
  8. O1539871151508
    Eclair Feb 22, 2019

    O1539871151508 , Feb 22, 2019 :
    In the Network Details you could do it like this

    Sample Network 1

    connect automatically yes/no
    Status: connected
    Signal Strength excellent
    Speed: 1Gbps
    Security: WPA2
    IP-Adresses: ::1,192.168.1.100,fd00:::::
    Subnetmask: 255.255.255.0
    Gateway: 192.168.1.1

    Proxy: none
    IP: DHCP

    Use real mac-adress on this ESSID: yes/no
     

    #8