Re: [perpass] privacy implications of UUIDs for IoT devices

Christian Huitema <huitema@huitema.net> Fri, 14 October 2016 15:19 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CE5B129523 for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 08:19:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRyVbxPKrARa for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 08:19:13 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9AD3A129506 for <perpass@ietf.org>; Fri, 14 Oct 2016 08:19:13 -0700 (PDT)
Received: from xsmtp24.mail2web.com ([168.144.250.190] helo=xsmtp04.mail2web.com) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1bv4GI-0001fQ-KD for perpass@ietf.org; Fri, 14 Oct 2016 17:19:11 +0200
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp04.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1bv4GC-0003Bq-6U for perpass@ietf.org; Fri, 14 Oct 2016 11:19:04 -0400
Received: (qmail 20654 invoked from network); 14 Oct 2016 15:18:59 -0000
Received: from unknown (HELO [192.168.0.111]) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <perpass@ietf.org>; 14 Oct 2016 15:18:59 -0000
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Christian Huitema <huitema@huitema.net>
X-Mailer: iPhone Mail (14A456)
In-Reply-To: <539e53e5-12fe-2226-f490-b7fd5b61a4d9@cs.tcd.ie>
Date: Fri, 14 Oct 2016 08:18:58 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <8C7F19FB-D521-4979-BEA7-0450AC59D8A6@huitema.net>
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <CAKr6gn2EjAwqvTXgNyO0Jc3yt9qFRfixXMURHg3wQLe4FcwWWQ@mail.gmail.com> <CY1PR03MB2265659F67817DF02F3FCF29A3C70@CY1PR03MB2265.namprd03.prod.outlook.com> <61bb307c-6186-db01-1664-6ecabc9c21a3@si6networks.com> <c0b89950-268e-a350-cbee-33c35cf92c2d@alum.mit.edu> <539e53e5-12fe-2226-f490-b7fd5b61a4d9@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dO5jGoutCtPJ/11xS2TwWqZOY5lkjXYUoNnYIToAcyNTM4a8dHyy/6XKHITvJur9hbGa SnyR4uG5Qm74q4mQhHdMu7Ur8em0j+8gK+J1khYSIbtf63VNbf0lrvssY+k7AEofBVNG/3HAcYkT jK1+QSQEit8V5LMJlG7WqlxGSGzSDTQlgKl0NCglTv0GMiLlbZnckpWaLvahyBjmQxBKOzvQAufT jZZvuYhxtUmLumqmDO+ustUYaLmreOUtW3+6dDeNFeO8e/E+Ekw8fYdgTfXTPpuFqUUQz+mM8JAD 4ECWxFVfhA0wo5opwb7rzMjLtxILKgSTD/NX0ENWAOoHFGLn7qCHm7t9J44StsUNvjV8/2rAztFe klLxGNN3KHaPkHjAtYpWjlxpV9EL7OSJ3VWOecfSiNGtWyX+SkzL/xDONGP0PwcsocAqk8Y/wQ+e 4Bn8TZYUMmZkt04C8NgOiGJbXUwkuFrD1XDSUv13DQc3YXCFpq8YnEJMb3PcNAkxC60jiD6XqsJZ tjQxlyCdsewTaGJorwW9JJ/gTcx95t8bMiBnidwi6OkAXzU5a6Q/tJTbLDrPzkvdTIJ076hDdLsR ZMxd0ZLZrOPTv3nlZv/9
X-Report-Abuse-To: spam@mx99.antispamcloud.com
X-Originating-IP: 168.144.250.190
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.13)
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/oLoJxYLXVWNXggxwYFidTvAMCjY>
Cc: perpass@ietf.org, Paul Kyzivat <pkyzivat@alum.mit.edu>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 15:19:18 -0000

The MAC address issue is situational. When a device is moving, you want it not tracked, and you want the MAC random. At home, you don't care about the device privacy, and you want an easy way to do an inventory of what is on the network.

-- Christian Huitema 

> On Oct 14, 2016, at 8:07 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie>; wrote:
> 
> 
> 
>> On 14/10/16 15:55, Paul Kyzivat wrote:
>> 
>> When looking at devices seen on WiFi the vendor ID is often displayed
>> and used to figure out which device is which, to correlate problem
>> symptoms with likely causes, and many other reasons.
> 
> How often? Compared to how often those are uselessly sent?
> (With the privacy downsides applying in all cases.)
> 
> I'm not saying that the "I need to debug stuff" arguments
> for access to information are baseless, but I do think we
> (techies) to better consider the privacy implications of
> things like that.
> 
> S.
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass