[AusNOG] Metadata retention... it's now (almost) a thing

Beeson, Ayden ABeeson at csu.edu.au
Thu Oct 30 14:18:00 EST 2014 

Exhibit A)
http://9to5mac.com/2014/06/09/ios-8-randomizes-mac-address-while-scanning-wifi-blocks-marketers-tracking-you/

While this is only while not associated, Apple felt not being passively tracked was important enough to include it as a major feature of IOS 8...

Thanks,
Ayden Beeson

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Mark Andrews
Sent: Thursday, 30 October 2014 2:09 PM
To: thelionroars
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Metadata retention... it's now (almost) a thing


In message <CAJcib_5GpLT-t6zqHVgY_qhPiQj7Ts=gCYO8Pi6Fv1RP5pzg+Q at mail.gmail.com>
, thelionroars writes:
>
> I'm surprised MAC address tracking is being taken seriously by anyone here.
> A conviction based on it would never stand.

Not alone but as part of a complete brief, yes it could be used.
It also provides data which can be corollated with other data.

I can well imagine having a random MAC per stream eventually.  802.11 cards supporting thousands of simultaneous associations.

People don't like to be tracked even if they are not doing anything wrong.

Mark

> On 30 Oct 2014 13:52, "Paul Julian" <paul at oxygennetworks.com.au> wrote:
>
> > They would only catch small time script kiddies with MAC address,
> > anybody who knows what they are doing won't be using their machine
> > or will be using different ones all the time, I mean seriously,
> > busting somebody based on MAC address would be small time stuff
> > surely, sure it might get the people pirating movies and porn etc
> > but this bill is supposed to be to save the country from the
> > terr0rists isn't it ?? I really can't see a person like this who
> > would go to elaborate lengths to not get caught being busted by using the same MAC address multiple times.
> >
> > Paul
> >
> > -----Original Message-----
> > From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
> > Matt Palmer
> > Sent: Thursday, 30 October 2014 1:33 PM
> > To: ausnog at lists.ausnog.net
> > Subject: Re: [AusNOG] Metadata retention... it's now (almost) a
> > thing
> >
> > On Thu, Oct 30, 2014 at 01:00:00PM +1100, thelionroars wrote:
> > > I would hope someone involved realises that identifying with a MAC
> > > address is worse than useless.
> >
> > On the contrary, a MAC address identifies a device (to a reasonable
> > degree).
> > It may not help a *huge* amount with making an arrest[1], but it'll
> > provide a solid piece of evidence to use towards gaining a
> > conviction.  Or at least confirming that you're water-boarding the
> > right dissident (if you worry about those things).
> >
> > - Matt
> >
> > [1] Although finding the same MAC address using multiple different
> > networks at different times[2], you can get a good indication of
> > movement patterns, which may then provide more data to aid in apprehension.
> >
> > [2] That's even *with* iOS 8's MAC address randomization on probes.
> > For any device that *doesn't* do randomization, I'd be amazed if law
> > enforcement doesn't quickly gain the technology required to track
> > that -- if they aren't already doing it.
> >
> > --
> > "You are capable, creative, competent, careful.  Prove it."
> >                 -- Seen in a fortune cookie
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
>
> --001a113a62909a24eb05069b091a
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
>
> <p dir=3D"ltr">I'm surprised MAC address tracking is being taken
> seriou= sly by anyone here. A conviction based on it would never
> stand.</p> <div class=3D"gmail_quote">On 30 Oct 2014 13:52, "Paul
> Julian" &l= t;<a
> href=3D"mailto:paul at oxygennetworks.com.au">paul at oxygennetworks.com.au<
> = /a>> wrote:<br type=3D"attribution"><blockquote
> class=3D"gmail_quote" st=
> yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc
> solid;padding-left:1ex">They = would only catch small time script
> kiddies with MAC address, anybody who kn= ows what they are doing
> won't be using their machine or will be using d= ifferent ones all
> the time, I mean seriously, busting somebody based on MAC=  address
> would be small time stuff surely, sure it might get the people pir=
> ating movies and porn etc but this bill is supposed to be to save the
> count= ry from the terr0rists isn't it ?? I really can't see a
> person like=  this who would go to elaborate lengths to not get caught
> being busted by u= sing the same MAC address multiple times.<br> <br>
> Paul<br> <br> -----Original Message-----<br>
> From: AusNOG [mailto:<a
> href=3D"mailto:ausnog-bounces at lists.ausnog.net">aus=
> nog-bounces at lists.ausnog.net</a>] On Behalf Of Matt Palmer<br>
> Sent: Thursday, 30 October 2014 1:33 PM<br>
> To: <a
> href=3D"mailto:ausnog at lists.ausnog.net">ausnog at lists.ausnog.net</a><=
> br>
> Subject: Re: [AusNOG] Metadata retention... it's now (almost) a
> thing<b=
> r>
> <br>
> On Thu, Oct 30, 2014 at 01:00:00PM +1100, thelionroars wrote:<br> >
> I would hope someone involved realises that identifying with a MAC<br>
> > address is worse than useless.<br> <br> On the contrary, a MAC
> address identifies a device (to a reasonable degree)= .<br> It may not
> help a *huge* amount with making an arrest[1], but it'll pro= vide
> a solid piece of evidence to use towards gaining a conviction.=C2=A0
> O= r at least confirming that you're water-boarding the right
> dissident (i= f you worry about those things).<br> <br>
> - Matt<br>
> <br>
> [1] Although finding the same MAC address using multiple different
> networks=  at different times[2], you can get a good indication of
> movement patterns,=  which may then provide more data to aid in
> apprehension.<br> <br> [2] That's even *with* iOS 8's MAC
> address randomization on probes.=
> =C2=A0 For any device that *doesn't* do randomization, I'd be
> amaze= d if law enforcement doesn't quickly gain the technology
> required to tr= ack that -- if they aren't already doing it.<br>
> <br> --<br> "You are capable, creative, competent, careful.=C2=A0
> Prove it."<=
> br>
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -- Seen in a
> fortun= e cookie<br> <br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a
> href=3D"mailto:AusNOG at lists.ausnog.net">AusNOG at lists.ausnog.net</a><br
> > <a href=3D"http://lists.ausnog.net/mailman/listinfo/ausnog"
> target=3D"_blan=
> k">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
> <br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a
> href=3D"mailto:AusNOG at lists.ausnog.net">AusNOG at lists.ausnog.net</a><br
> > <a href=3D"http://lists.ausnog.net/mailman/listinfo/ausnog"
> target=3D"_blan=
> k">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
> </blockquote></div>
>
> --001a113a62909a24eb05069b091a--
>
> --===============2588354896716480880==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> --===============2588354896716480880==--
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
Charles Sturt University

| ALBURY-WODONGA | BATHURST | CANBERRA | DUBBO | GOULBURN | MELBOURNE | ONTARIO | ORANGE | PORT MACQUARIE | SYDNEY | WAGGA WAGGA |

LEGAL NOTICE
This email (and any attachment) is confidential and is intended for the use of the addressee(s) only. If you are not the intended recipient of this email, you must not copy, distribute, take any action in reliance on it or disclose it to anyone. Any confidentiality is not waived or lost by reason of mistaken delivery. Email should be checked for viruses and defects before opening. Charles Sturt University (CSU) does not accept liability for viruses or any consequence which arise as a result of this email transmission. Email communications with CSU may be subject to automated email filtering, which could result in the delay or deletion of a legitimate email before it is read at CSU. The views expressed in this email are not necessarily those of CSU.

Charles Sturt University in Australia  http://www.csu.edu.au  The Grange Chancellery, Panorama Avenue, Bathurst NSW Australia 2795  (ABN: 83 878 708 551; CRICOS Provider Numbers: 00005F (NSW), 01947G (VIC), 02960B (ACT)). TEQSA Provider Number: PV12018

Charles Sturt University in Ontario  http://www.charlessturt.ca 860 Harrington Court, Burlington Ontario Canada L7N 3N4  Registration: www.peqab.ca

Consider the environment before printing this email.

More information about the AusNOG mailing list