Re: [Tails-dev] Please review MAC address spoofing documenta…

Nachricht löschen

Nachricht beantworten
Autor: intrigeri
Datum:  
To: The Tails public development discussion list
Betreff: Re: [Tails-dev] Please review MAC address spoofing documentation
hi,

sajolida@??? wrote (04 Mar 2014 12:40:25 GMT) :
>> * "MAC address spoofing hides the serial number of your network card,
>> and so to some extend, who you are, to the local network." <-- maybe
>> make it clear that this is true if you're using Tails, and not
>> in general?


> To please our geek karma regarding correctness I thought I could either:
> - add "in Tails" somewhere in the second sentence but that wouldn't make
> this point clearer to anyone else but someone who understands it already.
> - add a more thorough explanation about what MAC spoofing doesn't do
> outside of Tails, but we don't pretend to be a general security guide
> and that's outside of the scope we use pretend covering.


> Make sense? Alternative proposal?


"MAC address spoofing in Tails hides [...]", maybe?

>> * FWIW, people who congratuled me directly for the Unsafe Browser
>> feature were talking of McDonald's, not airports. Instead of "in an
>> airport", I'd rather see an example less targeted at the class of
>> people who can afford flying; maybe more people could easily relate
>> to "in a fast-food restaurant" (even if that's also a strong
>> cultural marker).


> What about "in a restaurant" or "in a bar or restaurant"?


Both suit me well.

>> * It strikes me as odd that this documentation only mentions leaking
>> MAC addresses on the LAN, and has nothing about its broadcasting in
>> the air when using Wi-Fi. Is this on purpose?


> In the section describing the threads, I think the language is vague
> enough to cover this scenario: « Someone observing those networks can
> recognize your MAC address and track your geographical location. » and
> « someone observing the traffic coming out of your computer on the
> local network ».


> But I could add a footnote from there to make it more explicit as well:


> « While using Wi-Fi, anybody within range of your Wi-Fi interface can
> see your MAC address, even without being connected to the same Wi-Fi
> access point. »


Looks good.

> Can you also confirm this is technical true with WPA in all its flavors?


I'm not sure, but better fail closed than open (that is, better warn
a bit too much than not enough).

>> * "Using your own computer on a restricted network where you had to
>> register with your identity or credit card. In this case, you
>> already revealed your geographical location to the local network by
>> other means." <--- right, but you perhaps have not revealed them
>> what specific computer you own / are carrying. Besides, that's
>> a list of cases when MAC spoofing can be problematic, and this
>> bullet point does not explain what would be the problem.


> Indeed, MAC spoofing is not problematic as such in this case, and the
> fact that your credit card transactions can also track you is documented
> later on. So I'm in favor of just removing that paragraph.
> I'd like your acknowledgment on this.


Here it is: ACK :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc