Re: [perpass] privacy implications of UUIDs for IoT devices
Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 14 October 2016 16:48 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6451129516 for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 09:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dDRhpYKUmWBi for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 09:48:51 -0700 (PDT)
Received: from resqmta-po-09v.sys.comcast.net (resqmta-po-09v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 795AF1294E1 for <perpass@ietf.org>; Fri, 14 Oct 2016 09:48:51 -0700 (PDT)
Received: from resomta-po-02v.sys.comcast.net ([96.114.154.226]) by resqmta-po-09v.sys.comcast.net with SMTP id v5f8bBVYYS0FEv5f8bm21b; Fri, 14 Oct 2016 16:48:50 +0000
Received: from [192.168.1.110] ([73.186.127.100]) by resomta-po-02v.sys.comcast.net with SMTP id v5f7boqvnAVHav5f7bPudH; Fri, 14 Oct 2016 16:48:50 +0000
To: Robin Wilton <wilton@isoc.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <CAKr6gn2EjAwqvTXgNyO0Jc3yt9qFRfixXMURHg3wQLe4FcwWWQ@mail.gmail.com> <CY1PR03MB2265659F67817DF02F3FCF29A3C70@CY1PR03MB2265.namprd03.prod.outlook.com> <61bb307c-6186-db01-1664-6ecabc9c21a3@si6networks.com> <c0b89950-268e-a350-cbee-33c35cf92c2d@alum.mit.edu> <539e53e5-12fe-2226-f490-b7fd5b61a4d9@cs.tcd.ie> <6561F03D-4747-4754-A41E-73D0126E5F69@isoc.org>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <183c05c2-1ea6-16b9-1ddd-3910dd79ff47@alum.mit.edu>
Date: Fri, 14 Oct 2016 12:48:49 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <6561F03D-4747-4754-A41E-73D0126E5F69@isoc.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfDfdplFltvCy3ZOcC6KD/+rTcgsSpirQ7ZYN+Y5QnS6TDM31+C1V4fr4GxiSMNlQShCcksXLgb0E/s4NJzJeTj8AkNMPlA1y9qnCj0+6WLjnG2J/goIz aZvIpLZ71L9kWWol1RA8k6kTPvzKHNypARF9fXXjIwjqdjlysetmRN9H0OkCZP2uwuLgf19vsA9Djt02bDJsravabqqBYBZy1F20hKWaCwKmmseuvhIrnbSo
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/yqZ3QLs9qL_35jxfFeZrN9QN4lE>
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 16:48:53 -0000
On 10/14/16 12:28 PM, Robin Wilton wrote: > +1, plus a small further comment: Paul says "if this feature didn't exist, we'd have to invent an overt equivalent" as if that's a bad thing. > >>From my perspective, that kind of design decision ought always to be an overt one - especially where, as Stephen implies, an occasional use-case (trouble-shooting) is used as the justification for a permanent default with privacy implications (linkable, semantically-loaded MAC address). I'm ok with that. There may be a period when stuff people need to do gets harder because the new ways of doing it with privacy haven't yet been invented. Thanks, Paul > I recommend Michelle Dennedy's book, The Privacy Engineer's Manifesto, and Sarah Spiekermann's book on Value-based Design, for useful and informative guidance in this area. > > Hope this is of use, > Robin > > Robin Wilton > > Technical Outreach Director - Identity and Privacy > > On 14 Oct 2016, at 17:07, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote: > >> >> >> On 14/10/16 15:55, Paul Kyzivat wrote: >>> >>> When looking at devices seen on WiFi the vendor ID is often displayed >>> and used to figure out which device is which, to correlate problem >>> symptoms with likely causes, and many other reasons. >> >> How often? Compared to how often those are uselessly sent? >> (With the privacy downsides applying in all cases.) >> >> I'm not saying that the "I need to debug stuff" arguments >> for access to information are baseless, but I do think we >> (techies) to better consider the privacy implications of >> things like that. >> >> S. >> >> _______________________________________________ >> perpass mailing list >> perpass@ietf.org >> https://www.ietf.org/mailman/listinfo/perpass >
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- [perpass] privacy implications of UUIDs for IoT d… Peter Saint-Andre - Filament
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… John Levine
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Hugo Maxwell Connery
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Joseph Lorenzo Hall
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Eitan Adler
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Ross Schulman
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter