@evacide I'm not one of those hyper Apple hater types, but it's getting pretty exhausting seeing that so much of their alleged privacy-preserving innovations have turned out to be cosmetic theater. App labels, the "do not track" toggle, now this. /sigh

@evacide Well, it definitely works *sometimes* - drove me mad trying to keep throttles on the kids phones so my wife and I could actually work when we only had a ****ty 10Mbps VDSL connection.

EDIT - ah, hidden in a different part of the message. :-/

@evacide oops

@evacide believe #bigtech at your own peril

@evacide That is just kind of embarrassing.

I mean I can absolutely see how it could happen -- the decision of what MAC to stuff in the source address could easily come from a slightly different path than the information stuffed in the discovery packet, etc.

But you'd also think for a Serious Security/Privacy Feature, one might do a bit more extensive testing, and just observing beacon/discovery/arp/etc traffic to see if all is well would be a pretty reasonable thing.

@evacide Well, at least “in the last 7 days Safari has prevented 71 trackers from profiling me” 🍸😹 And they fixed the MAC address disclosure?🍸😺

@evacide at least it wasn't so obvious that pre-existing stalking tech would have kept working

@evacide lol how did nobody find this before

@evacide I would see this on my iDevices and always thought it seemed too good to be true!

@evacide hello #samsung are you listening opportunities comes a knocking

MAC Spoofing is a pain anyhow and killed effective MAC based access to a LAN.

@evacide @kuketzblog maybe relevant for your blog as well?

@evacide glad it’s finally fixed 🤞

@evacide awesome article

@evacide open source >>>> walled gardens

@evacide ”In 2013, a researcher unveiled a proof-of-concept device that logged the MAC of all devices it came into contact with.”

This seems to refer to a Black Hat 2013 demonstration in the summer of 2013. We had already exhibited an artwork doing this at Art Hack Day in Stockholm in the spring, and we probably weren’t the first ones.

@evacide “From the get-go, this feature was useless because of this bug,”

This is incorrect.

“never worked as advertised” is correct, though. Passive MAC address snooping was prevented, but information was leaked when you connected to a network.

@evacide Shocker...I wouldn't be surprised if there are more Apple "privacy features" that have never worked as advertised.

@evacide oh that’s less impactful than i thought

if the feature that rotates the identifier when the device is unassociated and scanning for networks didn’t work, i’d actually be scared 🦋

@evacide Oh FFS, they were using the HW identifier in mDNS advertisements? That makes me extremely sad.

@spla