Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-Privacy] Privacy of mobile traffic



Hello Amelia,

On 31/05/2016 14:31, Amelia Andersdotter wrote:
> Dear all,
> 
> I've been lurking on the list for some months.
> 
> I would like to ask, with respect to decisions by Data Protection
> Authorities in the Netherlands and Sweden in 2015 about tracking of
> mobile phones through free public wifis (in malls and municipality
> public areas), which would be the best way to solve this through
> standardisation.

I assume you are referring to devices that are connected to a network.
In the current situation, changing the MAC address will require to
disconnect then reconnect to the network, which might not be very
convenient.

Changing the standard so that such MAC address changes will involve
significant modification and thus would be difficult to deploy.

A such solution could be inspired by the most recent version of
Bluetooth. It uses a resolvable random address that looks random
unless you have the shared secret to 'resolve' the identifier.

http://blog.bluetooth.com/bluetooth-technology-protecting-your-privacy/

> 
> For me, it appears that the technical infrastructure is built in such a
> way that geolocation tracking is the obvious way to start exploring
> financiation models for these free public wifis. Would there be an
> intuitive way to build the infrastructure in such a way that this is not
> the obvious technical capacity which springs to mind when investigating
> how to provide such networks?

Of course that would be great if tracking was not possible. But keep
in mind that when those protocols were designed, privacy/tracking was
not a major issue and the designers probably didn't thought that
everybody will carry a Wi-Fi device in there pocket 20 years later.
> 
> The reason I'm asking is that I am, together with a friend, exploring
> various ways of influencing the radio standardisation policies of the
> European Commission. My interest is policy-oriented rather than
> research-oriented.

We can always use some support coming from the European commission. :)

Regards,

Mathieu Cunche

> 
> best regards,
> 
> On 04/14/16 22:06, Piers O'Hanlon wrote:
>> Hi all,
>>
>> Here are the links I mentioned in today’s telecon on privacy analysis of mobile data:
>>
>> - ReCon project (Northeastern University, University of Helsinki, INRIA, and Vienna University of Technology):
>> http://recon.meddle.mobi/
>>
>> - ICSI Haystack: Understand the Fate of Your Private Data:
>> https://haystack.mobi/
>>
>> Also here’s a link to that paper I mentioned that analyses mobile laptop ‘chatter’:
>> http://www.chiark.greenend.org.uk/~mroe/research/pets2008.pdf
>>
>> Regards,
>>
>> Piers
> 
> 
>