"Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised."
"Three years ago, Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised." 36 comments
@evacide I'm not one of those hyper Apple hater types, but it's getting pretty exhausting seeing that so much of their alleged privacy-preserving innovations have turned out to be cosmetic theater. App labels, the "do not track" toggle, now this. /sigh @evacide Well, it definitely works *sometimes* - drove me mad trying to keep throttles on the kids phones so my wife and I could actually work when we only had a ****ty 10Mbps VDSL connection. EDIT - ah, hidden in a different part of the message. :-/ @evacide That is just kind of embarrassing. I mean I can absolutely see how it could happen -- the decision of what MAC to stuff in the source address could easily come from a slightly different path than the information stuffed in the discovery packet, etc. But you'd also think for a Serious Security/Privacy Feature, one might do a bit more extensive testing, and just observing beacon/discovery/arp/etc traffic to see if all is well would be a pretty reasonable thing. @swetland @evacide @evacide Well, at least “in the last 7 days Safari has prevented 71 trackers from profiling me” 🍸😹 And they fixed the MAC address disclosure?🍸😺 @evacide at least it wasn't so obvious that pre-existing stalking tech would have kept working @evacide I would see this on my iDevices and always thought it seemed too good to be true! @evacide ”In 2013, a researcher unveiled a proof-of-concept device that logged the MAC of all devices it came into contact with.” This seems to refer to a Black Hat 2013 demonstration in the summer of 2013. We had already exhibited an artwork doing this at Art Hack Day in Stockholm in the spring, and we probably weren’t the first ones. @evacide “From the get-go, this feature was useless because of this bug,” This is incorrect. “never worked as advertised” is correct, though. Passive MAC address snooping was prevented, but information was leaked when you connected to a network. @evacide Shocker...I wouldn't be surprised if there are more Apple "privacy features" that have never worked as advertised. @gabehcuod @evacide the feature works fine for most people. as the article says, it might not give enough protection to people who could be specifically targeted @evacide oh that’s less impactful than i thought if the feature that rotates the identifier when the device is unassociated and scanning for networks didn’t work, i’d actually be scared 🦋 @evacide Oh FFS, they were using the HW identifier in mDNS advertisements? That makes me extremely sad. @retiolus és curiós que ningú ho hagi descobert fins que la pròpia Apple ha alliberat l'actualització que ho soluciona. @retiolus no hi ha evidències que s'hagi "rastrejat" cap dispositiu ja que ningú ho sabia fins que Apple ha aplicat l'actualització. Si Apple no hagués dit res cap mitjà hauria publicat "Apple enganya als seus usuaris".Parlar malament d'Apple genera visites... @spla no cal que hi hagi evidències? El wifi públic que ja rastrejava per raons comercials els parells connectats a la seva xarxa doncs... ho haurà seguit fent? I "no hi ha evidències" fins que es faci públic que durant 3 anys tal empresa o tal govern ho ha utilitzat. El que passa sempre bàsicament 😂 |
@evacide Another killer article by @dangoodin ✅
Also... figures 😑 yay it's fixed! 😌
(edit: 30% more happy)