Race Is On to 'Fingerprint' Phones, PCs

Discussion in 'privacy general' started by lotuseclat79, Dec 1, 2010.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Race Is On to 'Fingerprint' Phones, PCs.

    -- Tom :eek:
     
  2. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    377
    Location:
    England
    Without reading the fine details of it - it sounds dreadful.

    Yet something else to try and circumvent ? :doubt:
     
  3. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    I think a Linux live-cd would twart his idea, since e.g. a standard live Ubuntu has the same user-agent, time, fonts and firefox-addons.

    I can't see, how he should manage to get info about the pc, if something like NoScript was installed.
     
  4. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    This is all just so old-school. For the most part, my physical computers only access the internet for software updates. I use VMs for all email, web browsing, etc. Each of my online identities uses a distinct VM, and all of my pseudonymous online identities use Linux VMs connecting via xB and other VPNs. And, as raspb3rry notes, one can use Linux LiveCDs to be totally generic.

    For example, do I really care that some database associates the signature of the VM I'm using right now as hierophant? I never attempt to hide the fact that I'm hierophant. OTOH, perhaps it'd be wise to periodically migrate to a new VM, just to mess with them.

    Also, although being targeted for online ads is a minor concern, it's readily stymied by using Adblock Plus, NoScript and OptimizeGoogle.
     
  5. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't see what this would really gain them. Why bother figerprinting the PC when they already have your IP address? Even with that data, I'd like to see them try to push those targeted ads onto my system without Proxomitron filtering them out.
     
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Well, they don't have your real IP address as long as you connect via Tor or a VPN. However, once they fingerprint a computer, they can link together all available information about it, including the IP addresses that it connects through.

    For example, they might learn that noone_particular uses a computer with fingerprint XYZ for posting to Wilders via Tor, and that John Smith of Dallas, TX, USA uses the same computer to update his Facebook page. That might be problematic, no?
     
  7. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    time being the emphasis is can and not must. all providers such as blogs, forums, webpages in general would have to fingerprint the hardware profile of each visitor and feed it back into a gigantic database in order to cross link profiles, which however with IP6 will become much easier.

    just let us hope that certain bodies do not make it mandatory by law one day, though it would not come as a surprise then considering current efforts to get inet users under control.

    perhaps the business goal of that entity is right now marketing but on the long run to become a top source for a cross linking database.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Once they fingerprint your Mac Address on both your router and your computer - they have you unless you know how to change it every time randomly (i.e. every session)) on both, and always use either Tor or a VPN on all of your computer's external transactions - despite what time a particular transaction might have taken place with a dhcp pool assisned IP Address with your ISP assignment to your router.

    The point is that the hardware device has been identified on both your router and your computer. After that with comprehensive traffic analysis with times and IP addresses - if you neither use Tor nor a strong VPN - they will connect the data points together and it points to your computer and router.

    In one of the other threads, I've posted a randomizing change mac address script that works on Linux/Unix and might also work in a cygwin environment that has an awk executable (awk.exe) specifically to execute in a Windows environment. It is composed of one file to copy from the thread post, and results in two files - the script .sh file which must be executable, and the awk file which is embedded in comments in the script text that must be separated into a readable, uncommented file in the same folder/directory as the script.

    Whether one uses a VM or not, all that matters to them is getting the hardware device's identity.

    -- Tom
     
  9. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
  10. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    in which tier are the mac addresses of router and computer are transmitted, afaik no via the http layer? TOR/VPN do not change either MAC, thence both would be useless, if the MAC being transmitted.
     
  11. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    concur, but such organizations have to make a statement every now and then to prove their purpose, btw, the article talks about tracking, which is technically a different pair of shoes than fingerprinting, though latter certainly can support the former
    is the question what sort of non-US entities would have an interest to track US inet users (not talking about high level espionage)? Do not reckon that overseas vendors would do so, most of them are forced to have a branch in the US, which then again answers to US litigation
     
  12. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    I was referring primarily to offshore gambling and porn sites as well as (for instance) foreign companies specializing in tourism and non-US investment "opportunities".

    Although I believe you should accept the risk, that doesn't address the real issue of peripheral damage to others who might use the same computer.

    -Oh well;
    as you pointed out, this is another topic.
    I probably should have started another thread.
     
  13. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Mac addresses are covered as LAN protocols which comprise the bottom two layers of the OSI Reference Model, i.e. the physical and data link layers.

    The idea is to spoof both Mac addresses that are transmitted, i.e. the router's Mac address and the computer's Mac address.

    See: post #30 in MAC & IP address (Page 2) for script/awk details/code.

    -- Tom
     
    Last edited: Dec 2, 2010
  14. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    thanks tom for the input. I fail to see how LAN is connected to fingerprinting as intended in the article and this thread - pardon my ignorance... usually LAN traffic stays there and does not leak into the inet for somebody to fingerprint.

    local machine fingerprinting has been done since long, as outlined in the article. not sure whether particular data is getting submitted outside when using smartphones and tablets of certain brands. reckon that iphones must be fingerprinted when connecting to the itunes store
     
  15. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    That's true. AFAIK, geolocation via wireless router MAC address depends on the web browser (or possibly, another app) reporting that information. Although it's a separate topic, I'm sure that MAC geolocation data will end up in the same databases as computer fingerprints, IP address, browsing habits, login names, and whatever else they can sniff.
     
  16. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,094
    Just to clarify my previous post: There are two levels of the data link layer, and the MAC address is handled by the lower data link layer - i.e. closest to the hardware physical layer.

    Also, not all routers are capable to clone, i.e. let you spoof its real Mac address by using the computer's - which is easy to spoof (especially, if you spoof the computer's Mac address before connecting to the network - i.e. bringing up the router to get an IP address). It is either allowed or not in the router's configuration.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.