Hello, Penguins! We will interrupt this week’s showcase friday to bring you a breaking news story. Apple just released an update to iOS 17 that fixes a bug that has been leaking users’ Wi-Fi MAC addresses for the past three years. This is a major privacy faceplant for Apple, and it’s a cautionary tale for all closed-source giants.
The bug, reported under CVE-2023-42846 could have allowed attackers to track users’ movements by monitoring their Wi-Fi MAC addresses.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.44K Posts
- 57.6K Comments
- Modlog
I don’t think anyone believes apple is good for privacy and they are certainly not good for freedom.
How is this a problem when the hardware address is dumped once packets are out onto the web? Are you worried your router knows it’s you? Outside your subnet, on the internet, your Mac address is not part of the packet.
that’s wrong. the device exposed the real mac address on port 5353 (udp) which is apple’s “bonjour” service, which acts as a service discovery/zeroconf network tool.
that means that other devices in the same network can know your real mac address, this makes it very easy for say ISPs to track you across networks if you use friends networks, open wifi networks in coffee shops etc.
Still within a subnet. If you connect to an internet cafe Wifi, you should be more worried about your dns traffic for identifying you.
DNS tracking can be mitigated with Oblivious DoH, DNSCrypt or even a VPN.
And so on and so on. If you want to be tracked, you can be tracked, regardless of a mac address, or the hoops a user jump through to create the illusion of privacy. I can think of lots of unconventional ways to track a naive user.
deleted by creator
deleted by creator
Maybe you’re right, but to me it’s still worth it to point out those issues
I can’t even with these people. Sitting duckz/suckersz doesn’t even begin to accurately convey
deleted by creator
Sooo what was the bug? That it didn’t randomise MACs when connecting?
deleted by creator
deleted by creator
yeah, there was a feature that was supposed to do it, but they never implemented the feature properly, which made it literally useless, and it was discovered just now, 3 years later