OS X High Sierra
- Thread starter Tony L
- Start date
Richard Nichola
pfm Member
Tony, it really isn't... Phone with wifi switched on gets near to open hotspot which records MAC address. Tesco or whoever, tie very localised geographic hotspot at till to clubcard, and so they know stuff the person whose phone is a certain mac address likes to buy, restricted hotspot detects phone at bottom of escalator and targeted video ads follow person up the escalator... Much more likely to happen within a single organisation, though, due to data protection law prohibiting data sharing.
I'd agree the tracking cookie doesn't know MAC address of your phone unless you installed an app and gave it permission to nab that info, though.
https://www.theguardian.com/technology/2016/jan/21/shops-track-smartphone-uk-privacy-watchdog-warns
http://www.gizmodo.co.uk/2017/09/lo...rything-we-learned-from-tfls-official-report/
I'd agree the tracking cookie doesn't know MAC address of your phone unless you installed an app and gave it permission to nab that info, though.
https://www.theguardian.com/technology/2016/jan/21/shops-track-smartphone-uk-privacy-watchdog-warns
http://www.gizmodo.co.uk/2017/09/lo...rything-we-learned-from-tfls-official-report/
Darth Vader
From the Dark Side
Thats not possible with the standard way that WiFi connects to the Internet. The MAC address is only used at the LAN level and is not observable outside the IP network to which you are connected.
Its possible to write a trojan that picks up your MAC address and then fires that and your location into hyper space at regular intervals so best follow good practice so as to prevent such nasties from getting on board.
Anywho you are already traceable via your IMEI. Its what the police use to identify where you have been during a criminal investigation.
Cheers,
DV
jackbarron
Chelsea, London
Using the web or your mobile now is really like surfing with Big Brother looking over your shoulder and leering at you via adverts. It is rank.
A friend of mine who works as both an artist and in the computing field refuses to join social media groups like Facebook, because of how much information they access and use about you.
I used to think he was a bit of a nutter, but now realise what he said is true. No doubt the Burlington Estates advert will pop up on my Facebook page at some point.
The UK government is no doubt trying to access all the information possible on the web about its citizens. May has talked about how she wants to control the internet. It is a potentially very scary situation.
Jack
A friend of mine who works as both an artist and in the computing field refuses to join social media groups like Facebook, because of how much information they access and use about you.
I used to think he was a bit of a nutter, but now realise what he said is true. No doubt the Burlington Estates advert will pop up on my Facebook page at some point.
The UK government is no doubt trying to access all the information possible on the web about its citizens. May has talked about how she wants to control the internet. It is a potentially very scary situation.
Jack
Richard Nichola
pfm Member
All very good, except the person who controls the LAN sees your IP address. It's not as though it would be challenging to make a hotspot that has a query function that returns the MAC address of your wifi to a website.
Alice -> Nasty Hotspot -> Bob. (I just looked at fridges)
Nasty Hotspot <- Bob. (What just contacted this address?)
Nasty Hotspot -> Bob. (MAC: ABCD12345)
Alice <- Nasty Hotspot <- Bob. (Heres a cookie [Alice's MAC is ABCD12345])
Now Nasty Hotspot is probably constrained against doing that by data protection law, but if Nasty Hotspot is controlled by, say (Bob = Google?)
PS Read http://www.gizmodo.co.uk/2017/02/heres-what-tfl-learned-from-tracking-your-phone-on-the-tube/ and the bit about advertising...
Darth Vader
From the Dark Side
There are some things of which you should be aware:-
1) when you connect to a hotspot or home network you are given a private IP address - these cannot be advertised on the Internet by definition
2) the hotspot router associates your MAC address with the private address that it has given you
3) when the router connects you to the Internet it uses an IP address provided by the ISP
4) the router allocates a port number on that IP address for your Internet conversation
There is no way therefore that anyone on the Internet can get your private address but if they could it cannot be used on the Internet as its private. But then so what as thousands nay millions will have the same private address thats why they are not allowed on the Internet as there is no one route but multitudes. If the IP address cannot be reached then it can't be asked to give its MAC address via an ARP or proxy ARP.
A trojan however could get your MAC address via summit like ipconfig in the O/S CLI (similar for other O/S).
Cheers,
DV
PS I'm using Safari under macOS High Sierra running in a VM under Windows 7. Majik no?
Paul R
pfm Member
It's nothing to do with IP addresses. The hotspot knows your MAC whether you connect to it or not, simply having Wifi on will do. Read the Gizmodo link Richard posted.
They don't need to know where you live or what your name is for this to be useful.
Whether exploiting this in the same way Google exploit web browsing is legal, I don't know.
Even PFM, with its modest advertising, runs substantial amounts of code in your browser which is sourced (sic) from outside Tony's control and which is opaque to the point of obfuscation. The issue of who is responsible for that is quite an interesting one. If an ad contains something that damages my computer, is it Tony or Google?
Paul
They don't need to know where you live or what your name is for this to be useful.
Whether exploiting this in the same way Google exploit web browsing is legal, I don't know.
Even PFM, with its modest advertising, runs substantial amounts of code in your browser which is sourced (sic) from outside Tony's control and which is opaque to the point of obfuscation. The issue of who is responsible for that is quite an interesting one. If an ad contains something that damages my computer, is it Tony or Google?
Paul
Richard Nichola
pfm Member
Don't you think I know all that? The bad actor hotspot's router knows your MAC (as it is sitting in its ARP table), and it knows the source port number it allocated. As such a bad actor hotspot could easily yield that information on demand to a tracker it was in cahoots with.. Once they've tied a tracking cookie to your MAC, they could easily display a customised ad when you walk by. You don't even have to have done the product browsing while on the hotspot..
Darth Vader
From the Dark Side
However there is no such thing. A router doesn't have enough intelligence. You could build such a device say by modding network analyser or Firewall code on a dedicated computer but its simpler to hijack a users computer and obtain the MAC address from within and tie that into a cookie.
Of course nothing is impossible with enough money and time hence why we all must be vigilant.
Cheers,
DV
G
Guest432
Guest
Wouldn't actually yield any usable info for them i.e the costs would massively outweigh any revenue.
notevenclose
pfm Member
I've been an Apple registered developer for a decade or so, never really had any major issue with multiple OS betas, just the odd minor bug here and there.
Since I no longer have the time or inclination, cancelled my Dev membership earlier this year. High Sierra has completely screwed my HD (a non-critical partition needless to say). Finder constantly hangs, nothing launches.
I wonder if Apple's trying to tell me something... ;-)
notevenclose
pfm Member
Been on the Beta version and now just downloading the official release
All backed up to my TM for justincases
2012 i& Mac Mini; wondering if this could be one of the last major updates I'll get...
Keep looking at 27" iMac's to replace it; but to have what I've got (256GB SSD / 1TB HDD as a fusion drive, 16GB RAM etc) it'll be bloody expensive!
The hardware will likely be fine for a while yet. But this is the end of the line for any 32 bit apps, so next time around there might be some forced upgrades or searches for alternatives.
notevenclose
pfm Member
Are you sure you understand the full extent of what goes on?
Personally I much prefer to run adblockers and kill tracking as much as possible. Content I want access to which exists on an income from ads I'm quite happy to pay for.
notevenclose
pfm Member
You don't actually need High Sierra for that, it's in Safari 11 which can be used with Sierra.
Tony L
Administrator
What type of HD has it screwed up? Was the issue conversion to the new disk format? It doesnt sound 100% yet as so far there is no fusion drive support, and that was part of the reason for developing APFS!
There are apparently some bugs lurking in the graphics, Ive read some reports of folk managing to invoke kernel panics with comparative ease, so I suspect we will get a point release soon!
Tony L
Administrator
I understand it well enough, I certainly grasp it is anonymous, and that is all I care about, e.g. they know I look at guitars, hi-fi and CDs, they don’t know my name, address, phone number etc.
To my mind if you run ad blockers you should donate to every independent site you regularly visit. As a tight arse I just don’t block the ads unless they actually crash my browser (as some newspaper sites have been known to do). Every now and again I clear out all the cookies and start again, but that’s it. If I want to have a look at anything dodgy out of curiosity I’ll use a different browser, in my case that’s Chrome rather than Safari. That keeps me free from malware etc as nothing can jump browser to browser, not on Macs/iOS anyway.
notevenclose
pfm Member
Factory fitted SSD in a maxed out 2012 Mac mini 17 quadcore.
Not really an issue, it just struck me as somewhat ironic that it happened once I'd stopped coughing up Dev membership fees. Must have triggered the 'screw you, buddy' module.
When I have time I'll reboot and do a clean install on the offending partition.
I still run quite a lot of (very) old software, primarily from Adobe, CS3 suite. Managed to keep that on the road this long, but High Sierra will definitely be the end of that, along with my beloved CSSEdit.
'32 bit no more' as I believe the Proclaimers put it.
notevenclose
pfm Member
You might want to do some more research on what Google, FaceBook, et al actually know about you and how they build up patterns.
If an advertiser wants to target ads to males between 45 and 60 in certain post codes with interests in x and y but not z, that's entirely possible.
In the States Google is even buying credit card receipts from in-store - not online - transactions so they can correlate them with what ads they've shown you to see how effective they were.