[AusNOG] Metadata retention... it's now (almost) a thing
Matt Palmer
mpalmer at hezmatt.org
Thu Oct 30 13:32:48 EST 2014
On Thu, Oct 30, 2014 at 01:00:00PM +1100, thelionroars wrote:
> I would hope someone involved realises that identifying with a MAC address
> is worse than useless.
On the contrary, a MAC address identifies a device (to a reasonable degree).
It may not help a *huge* amount with making an arrest[1], but it'll provide
a solid piece of evidence to use towards gaining a conviction. Or at least
confirming that you're water-boarding the right dissident (if you worry
about those things).
- Matt
[1] Although finding the same MAC address using multiple different networks
at different times[2], you can get a good indication of movement
patterns, which may then provide more data to aid in apprehension.
[2] That's even *with* iOS 8's MAC address randomization on probes. For any
device that *doesn't* do randomization, I'd be amazed if law enforcement
doesn't quickly gain the technology required to track that -- if they aren't
already doing it.
--
"You are capable, creative, competent, careful. Prove it."
-- Seen in a fortune cookie
More information about the AusNOG
mailing list