The footprint we leave behind when we use Wi-Fi, even if we’re not connected

The footprint we leave behind when we use Wi-Fi, even if we’re not connected

Using various public or private wireless signals, users leave a series of data from their devices

In the future, devices will be able to adapt to each user's context and specific needs
In the future, devices will be able to adapt to each user’s context and specific needs

Feel like the apps you use know where you’ve been? How is it possible to get an ad for a certain brand of coffee if you weren’t even connected to Wi-Fi when you walked into the store a few hours ago?

We live in a highly connected society. Every day we have more devices connected and we communicate more times and from different locations. This is a constant silent threat. Without realizing it, we leave traces of what we do, when we do it, and where we do it.

The problem of privacy and security on the Internet is more pressing today than ever. There are many dimensions: confidentiality of information, authenticity of it and interlocutors. This article focuses on one aspect: how to make walking more difficult.

MAC addresses and Wi-Fi networks

Devices use MAC addresses to connect to a Wi-Fi network. Medium access control). They serve to identify a device on the network when it sends or receives data.. For this reason, MAC addresses must be unique on a network.

Each device has a factory-set MAC address. These addresses are globally unique, so no two devices in the world share the same address. This is a problem, as we will see below.

Devices on a Wi-Fi network use MAC addresses every time they send or receive information. If the same address is always used, network operators or others observers which can be on the network, can monitor when a particular device is connected to the network. In addition, in many cases it is very easy to associate the MAC address used by the device with the real identity of the user.. For example, when we first connect to a network, we provide information to gain access.

The use of random MAC addresses may affect the applications we use and the networks we connect to are currently being investigated.
The use of random MAC addresses may affect the applications we use and the networks we connect to are currently being investigated.

The device is vulnerable to tracking even without a network connection. Wi-Fi often requires devices to send certain messages, for example to find out what networks are available. These messages include MAC addresses, so they can be used to discover the identity of terminals, including those without a network connection.

In some cases, the device may actively request networks to which it has recently connected, including the names of those networks in notifications. This allows a potential attacker to find out which networks the device has visited recently, gaining highly sensitive information.

Random and private addresses

To avoid these serious privacy issues, major operating systems have started using random MAC addresses (called Personal addresses in case of Apple devices). To make tracking more difficult, devices generate a random MAC address instead of the factory set one. This address must be unique only within the network on which the device resides.

If a device uses different random addresses for each network it connects to, an observer will not be able to conclude that it is the same device. also, Devices use different random MAC addresses every time you send information without connecting to any network. This makes it difficult to track users who are not even connected to the network.

Recently, Android and iOS mobile devices have started using random MAC addresses by default. In some scenarios or specific networks it may be necessary Disable this behavior. An example of this is in networks that use lists of authorized MAC addresses.

It is important to explore how to combine the use of random addresses with other mechanisms designed to improve privacy.
It is important to explore how to combine the use of random addresses with other mechanisms designed to improve privacy.

The future

The use of random MAC addresses may affect the applications we use and the networks we connect to are currently being investigated. There are scenarios where the network needs to identify a device anonymously, even though it uses random addresses. This is the goal of the IETF MADINAS Working Group (Internet Engineering Working Group), the main body for standardization of Internet protocols.

It is important to explore how to combine the use of random addresses with other mechanisms designed to improve privacy. In the future, devices will be able to adapt to each user’s context and specific needs. Just as we don’t walk barefoot on the street and can do it at home, our devices must learn how and when to use certain solutions to protect our privacy.

Read this article from a mobile device connected to a Wi-Fi network? You may be revealing more information than you think.

*By Carlos Jesus Bernardo Cano.*

This text is reproduced from The Conversation under a Creative Commons license.

conversation

Source: La Nacion

follow:
\