Hello, Penguins! We will interrupt this week’s showcase friday to bring you a breaking news story. Apple just released an update to iOS 17 that fixes a bug that has been leaking users’ Wi-Fi MAC addresses for the past three years. This is a major privacy faceplant for Apple, and it’s a cautionary tale for all closed-source giants. The bug, reported under CVE-2023-42846 could have allowed attackers to track users’ movements by monitoring their Wi-Fi MAC addresses.
LittleHermiT
link
fedilink
22Y

How is this a problem when the hardware address is dumped once packets are out onto the web? Are you worried your router knows it’s you? Outside your subnet, on the internet, your Mac address is not part of the packet.

Danny M
creator
link
fedilink
5
edit-2
2Y

that’s wrong. the device exposed the real mac address on port 5353 (udp) which is apple’s “bonjour” service, which acts as a service discovery/zeroconf network tool.

that means that other devices in the same network can know your real mac address, this makes it very easy for say ISPs to track you across networks if you use friends networks, open wifi networks in coffee shops etc.

LittleHermiT
link
fedilink
12Y

Still within a subnet. If you connect to an internet cafe Wifi, you should be more worried about your dns traffic for identifying you.

Danny M
creator
link
fedilink
12Y

DNS tracking can be mitigated with Oblivious DoH, DNSCrypt or even a VPN.

LittleHermiT
link
fedilink
1
edit-2
2Y

And so on and so on. If you want to be tracked, you can be tracked, regardless of a mac address, or the hoops a user jump through to create the illusion of privacy. I can think of lots of unconventional ways to track a naive user.

@whale@lemm.ee
link
fedilink
3
edit-2
2Y

deleted by creator

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 108 users / day
  • 435 users / week
  • 1.32K users / month
  • 4.54K users / 6 months
  • 1 subscriber
  • 4.34K Posts
  • 110K Comments
  • Modlog