tag:blogger.com,1999:blog-29173677.post3642620541951265723..comments2023-08-03T10:01:21.218-07:00Comments on Conor's Web Log of Esoterica: Privacy TheatreConor P. Cahillhttp://www.blogger.com/profile/18408504477586184299noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-29173677.post-8831739383602573752010-06-06T08:08:45.711-07:002010-06-06T08:08:45.711-07:00I don't agree with the assertion that an SSID ...I don't agree with the assertion that an SSID and mac address automatically are PII by themselves. <br /><br />For example, hundreds of thousands (if not millions) of APs have the SSID "linksys". I can't see anyone reasonably arguing that such a SSID is PII. In addition, one can reasonably make the argument that a user choosing to broadcast their SSID by definition provides consent for others to know that SSID.<br /><br />As far as mac address, they are predictable identifiers -- once I know one mac address (even for my own system) I can predict many, many others. So just having a mac address is not PII (IMO). Associating that address with other user information (web traffic, logins, etc.) can cause the set of data to become PII, but I don't believe that a mac address by itself, especially one that is not typically exposed outside of the internal network (e.g. the mac address on the AP is not typically the same as the mac address on the Ethernet connection to the ISP, so you only get to see this mac address if you are able to see the wireless AP network itself in which case the AP provides the mac address again anyway).Conor P. Cahillhttps://www.blogger.com/profile/18408504477586184299noreply@blogger.comtag:blogger.com,1999:blog-29173677.post-3733112633362838912010-06-06T07:12:46.288-07:002010-06-06T07:12:46.288-07:00Coner, any usage of PII outside its intended conte...Coner, any usage of PII outside its intended context and without user consent is a bad thing. SSID and MAC addresses are PIIAxel Nennkernoreply@blogger.comtag:blogger.com,1999:blog-29173677.post-83500325011275142702010-06-05T03:46:59.654-07:002010-06-05T03:46:59.654-07:00Alex, that is a quite different situation than wha...Alex, that is a quite different situation than what is currently being discussed. First you have permanently mounted cameras everywhere. Then you add facial recognition and license plate recognition to the picture -- two "identifiers" that are clearly associated with the user and which last for long periods of time and which, when tied to the location of the camera, reveal substantial information about the user.<br /><br />So yeah, I would say your example would be a bad thing. However, that isn't what is being discussed at this point in time.Conor P. Cahillhttps://www.blogger.com/profile/18408504477586184299noreply@blogger.comtag:blogger.com,1999:blog-29173677.post-34832373510106735662010-06-04T22:51:13.554-07:002010-06-04T22:51:13.554-07:00Imaging that Google or some other entity would mou...Imaging that Google or some other entity would mount cameras with number plat and face recognition on every street corner. <br />Now you would argue that Google is only aggregating and publishing data that is public anyway.<br /><br />That the data is available does not mean that you may use it.Axel Nennkerhttp://ignisvulpis.blogspot.com/noreply@blogger.comtag:blogger.com,1999:blog-29173677.post-42503641199634699652010-06-04T10:08:29.950-07:002010-06-04T10:08:29.950-07:00I tend to equate broadcasting a SSID as an invitat...I tend to equate broadcasting a SSID as an invitation for others to connect to you. That may be fine for you because one can't get far with just an SSID on your system -- they need the encryption password as well (and I use the same setup).<br /><br />That said, if you do broadcast the SSID, you should not have expectations that the SSID is not visible/known to others outside your home. Which seems to be part of the argument being made by some of the privacy folks.Conor P. Cahillhttps://www.blogger.com/profile/18408504477586184299noreply@blogger.comtag:blogger.com,1999:blog-29173677.post-81761590721377232422010-06-04T08:58:32.309-07:002010-06-04T08:58:32.309-07:00Wait, what? I agree that enabling encryption on y...Wait, what? I agree that enabling encryption on your WiFi network is a good thing, and from what I've observed in most neighbourhoods I've looked in lately, everyone *is* doing this already.<br /><br />But what difference does it make if I broadcast my SSID or not? If the traffic is already going over the air, then the SSID is capturable from all WiFi client devices, no? So I call "security by obscurity" in hiding SSIDs - it might keep out the least dangerous folks, but I doubt their attacks are the ones to which you allude when you say "they are open to much worse attacks than Google capturing their SID & mac address)".<br /><br />I personally always leave my SSID in broadcast mode - I judge the convenience to myself and my friends & family to be far more valuable than the false sense of security I'd get from 'hiding' it (when it's not even all that well hidden, since it'd be part of my wireless communications). And further, even once an attacker were to know the SSID, they still have to get past my password. And if they really want to do that, they'll do it no question - at which point the security layers protecting each of my computing devices from unsolicited inbound attempts will still be there. (Which they always should be in place, since 4 of the 5 devices in my home that are on that wifi network are mobile, and are regularly exposed to direct Internet connections in their weekly travels.)Anonymoushttps://www.blogger.com/profile/07323799102171752171noreply@blogger.com