•

Apple's Privacy Faceplant: A Cautionary Tale for Closed-Source Giants

https://escapebigtech.info/posts/mac-address-exposed/

Hello, Penguins! We will interrupt this week’s showcase friday to bring you a breaking news story. Apple just released an update to iOS 17 that fixes a bug that has been leaking users’ Wi-Fi MAC addresses for the past three years. This is a major privacy faceplant for Apple, and it’s a cautionary tale for all closed-source giants. The bug, reported under CVE-2023-42846 could have allowed attackers to track users’ movements by monitoring their Wi-Fi MAC addresses.

10 comments

whale

•

dannym

•

Maybe you're right, but to me it's still worth it to point out those issues

whale

•

cheese_greater

•

I can't even with these people. Sitting duckz/suckersz doesn't even begin to accurately convey

possiblylinux127

•

I don't think anyone believes apple is good for privacy and they are certainly not good for freedom.

FlapKap

•

Sooo what was the bug? That it didn't randomise MACs when connecting?

whale

•

cheese_greater

•

dannym

•

yeah, there was a feature that was supposed to do it, but they never implemented the feature properly, which made it literally useless, and it was discovered just now, 3 years later

little_hermit

•

How is this a problem when the hardware address is dumped once packets are out onto the web? Are you worried your router knows it's you? Outside your subnet, on the internet, your Mac address is not part of the packet.

dannym

•

that's wrong. the device exposed the real mac address on port 5353 (udp) which is apple's "bonjour" service, which acts as a service discovery/zeroconf network tool.

that means that other devices in the same network can know your real mac address, this makes it very easy for say ISPs to track you across networks if you use friends networks, open wifi networks in coffee shops etc.

whale

•

little_hermit

•

Still within a subnet. If you connect to an internet cafe Wifi, you should be more worried about your dns traffic for identifying you.

dannym

•

DNS tracking can be mitigated with Oblivious DoH, DNSCrypt or even a VPN.

little_hermit

•

And so on and so on. If you want to be tracked, you can be tracked, regardless of a mac address, or the hoops a user jump through to create the illusion of privacy. I can think of lots of unconventional ways to track a naive user.

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post

Don't promote proprietary software

Try to keep things on topic

If you have a question, please try searching for previous discussions, maybe it has already been answered

Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience

Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead

Discord

much thanks to @gary_host_laptop for the logo design :)