If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
ipv6 privacy extensions
On Sat, 23 Jul 2016 07:39:07 +0100, HighSpy wrote:
Why would a network administrator, any network administrator *insist* on knowing the MAC address of a device before it was used to access the network if not to track that device. To allow that device to log in automatically. If they want to track it they get the MAC address as soon as you try to connect anyway and they can connect that to your network login and track you without asking if they really wanted to. -- Faster, cheaper, quieter than HS2 and built in 5 years; UKUltraspeed http://www.500kmh.com/ |
Ads |
#17
|
|||
|
|||
ipv6 privacy extensions
On 23/07/2016 08:35, Rodney Pont wrote:
On Sat, 23 Jul 2016 07:39:07 +0100, HighSpy wrote: Why would a network administrator, any network administrator *insist* on knowing the MAC address of a device before it was used to access the network if not to track that device. To allow that device to log in automatically. Yes, I understand that, really, I do If a device logs in to a normal signed up account with username and password then they can get hold of the hardware address, if the *device* is used to play silly buggers they can block that hardware address, all this is understood. If they want to track it they get the MAC address as soon as you try to connect anyway and they can connect that to your network login and track you without asking if they really wanted to. Again I understand this but what I don't understand is why they are *insisting* on it. If it was just for our convinience why not let us use a normal sign in account. It's really no skin off their noses is it, in fact it's less work for them. There is some benefit to them in knowing the MAC address beforehand particularly if they also know the serial number of the device. I'm trying to find out what this benefit might be. If not to make it easy to trace a particular activity to an actuall hardwrare device then what? -- Quis custodiet ipsos custodes? |
#18
|
|||
|
|||
ipv6 privacy extensions
On Sat, 23 Jul 2016 08:58:29 +0100, HighSpy wrote:
Again I understand this but what I don't understand is why they are *insisting* on it. If it was just for our convinience why not let us use a normal sign in account. It's really no skin off their noses is it, in fact it's less work for them. OK, I'm glad you understand that, I wasn't completely sure that you had understood this aspect of it. There is some benefit to them in knowing the MAC address beforehand particularly if they also know the serial number of the device. I'm trying to find out what this benefit might be. If not to make it easy to trace a particular activity to an actuall hardwrare device then what? Don't assume that they know what they are doing. I can't see any advantage in them insisting on knowing your MAC address beforehand except to allow you straight into their network. That isn't really a safety aspect though, for them, because anyone could monitor what MAC addresses are in use and spoof one and so have direct access. It seems to me that you need to ask them their reasons for insisting. Whatever their reasons it doesn't make you any less secure, you are not giving them any information they don't already have. Maybe it's as simple as someone there has just come across the fact that their router can allow access to know MAC addresses and they think that it's a good idea and means that they can scrap the login requirements. If that's the case they really need to think again. Good luck on getting to the bottom of it. -- Faster, cheaper, quieter than HS2 and built in 5 years; UKUltraspeed http://www.500kmh.com/ |
#19
|
|||
|
|||
ipv6 privacy extensions
On Fri, 22 Jul 2016 17:04:59 -0400, Neil
wrote: On 7/22/2016 3:34 PM, Mayayana wrote: | Perhaps you've not set up a wifi access point, and that is the basis of | your confusion? It has long been possible to specify MAC addresses that | can use the WAP, block others, and allow log-ins from non-specified | devices. I'm not an expert on wifi. I rarely have occasion to use it at all. But from my reading of the IPv6 link it sounds to me like there's a valid concern. If the MAC address as part of a unique ID is enabled -- or more to the point, if an IPv6 unique ID is enabled -- then the IP sent to remote servers contains a unique ID. That allows the remote server to ID individuals. It also allows the library to have a log of who visited what site, based on that ID in the network traffic. [...] Maybe I'm mistaken, but that reads to me to say that what the library is asking is for people using their wifi to be uniquely identifiable online. Can you see a different reason for their demands? If you followed this topic from when it was introduced on the Win8 group, the first question is whether the library is "demanding" anything. One must understand that having users submit MACs to bypass wifi log-ins would be sufficiently time-consuming for a public location to make it completely impractical as a general policy. So, that begs the question, why that person's particular user group? It looked to me that it was an offer to make life easier for that person's user group -- for example, that they frequently use the library's wifi. So, my response to the question, "should I be concerned" is... no. The OP's concern seems to be whether s/he can be tracked on-line, and to that, I said that this issue has little or nothing to do with a MAC protocol for bypassing log-in at the library. It would be easy to "track" their user group's on-line activity *whether or not* they bypass the log-in (think about it for 10 seconds -- once they log in, where is their "privacy" going to be???) Finally, if one is *really* concerned about such things, there are remedies that have been available for decades. So, someone with the OP's level of knowledge would be better off believing that everything s/he does on line is exposed. And, the library has nothing to do with it. +1 Totally agree with you Neil. My internet provider, Shaw, has hotspots everywhere and my account lets me add 6 devices so they can get free wifi at any hotspot that Shaw sponsors. I have to add the mac address for each device, this enables automatic access to Shaw's wifi network. The mac address is used to automate the process. At first Shaw wifi did use a password/login but they quickly abandoned it and went to mac address for login. I guess a lot of customers had problems with the password/login process. I just added my grandaugter's mac address and she never has to login, which for her would be difficult. She enters any Shaw hotspot and the wifi is just on. It is a convenience for Shaw customers who are all part of a massive user group. The OP must be part of some user group and the mac address was used as a convenience to log in automatically. Nothing more. That lunacy about being tracked is too much. LOL! -- JT |
#20
|
|||
|
|||
ipv6 privacy extensions
On 23/07/2016 10:02, Justin Tyme wrote:
On Fri, 22 Jul 2016 17:04:59 -0400, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: Totally agree with you Neil. Figures I just added my grandaugter's mac address and she never has to login, which for her would be difficult. She enters any Shaw hotspot and the wifi is just on. It is a convenience for Shaw customers who are all part of a massive user group. The OP must be part of some user group and the mac address was used as a convenience to log in automatically. Nothing more. Is it me or are you people really that thick? I'm probably wasting my time here but I'll give it one more go Apparently there is a management overhead in registering MAC addresses. Why would the network administrators do something they didn't have to unless there was a benefit for them? What is this benefit If you know the answer and would like to share it that would be great If you don't know the answer then why bother responding That lunacy about being tracked is too much. LOL! We are all surely doomed :-( -- Quis custodiet ipsos custodes? |
#21
|
|||
|
|||
ipv6 privacy extensions
On 7/23/2016 2:48 AM, HighSpy wrote:
On 22/07/2016 22:04, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: | Perhaps you've not set up a wifi access point, and that is the basis of | your confusion? It has long been possible to specify MAC addresses that | can use the WAP, block others, and allow log-ins from non-specified | devices. I'm not an expert on wifi. I rarely have occasion to use it at all. But from my reading of the IPv6 link it sounds to me like there's a valid concern. If the MAC address as part of a unique ID is enabled -- or more to the point, if an IPv6 unique ID is enabled -- then the IP sent to remote servers contains a unique ID. That allows the remote server to ID individuals. It also allows the library to have a log of who visited what site, based on that ID in the network traffic. [...] Maybe I'm mistaken, but that reads to me to say that what the library is asking is for people using their wifi to be uniquely identifiable online. Can you see a different reason for their demands? If you followed this topic from when it was introduced on the Win8 group, the first question is whether the library is "demanding" anything. Amazing, truly amazing, you appear to know more about the situation than I do. What are they asking for then ... One must understand that having users submit MACs to bypass wifi log-ins would be sufficiently time-consuming for a public location to make it completely impractical as a general policy. So, that begs the question, why that person's particular user group? It looked to me that it was an offer to make life easier for that person's user group -- for example, that they frequently use the library's wifi. So, my response to the question, "should I be concerned" is... no. Again, you are missing the point (quelle surprise). Let's try this again Why would the library *insist* on knowing the MAC addresses if not to track the device (notice I use the word 'device') I'm still waiting for your insight. Your snarky remarks are unimpressive. It's clear that you don't understand what some of us have told you, which is pretty elementary information about WAPs. Basically, the only "advantage" to supplying a MAC is *yours*; you no longer have to log in. When you log in, as you have apparently been doing, your MAC address is already visible to the WAP, and any activity could be tracked to your specific device, should someone care to do so. That you wish to turn their offer (insistence, or whatever) into some kind of snoopy behavior is nonsensical. Take it or leave it. -- Best regards, Neil |
#22
|
|||
|
|||
ipv6 privacy extensions
On 23/07/2016 12:12, Neil wrote:
On 7/23/2016 2:48 AM, HighSpy wrote: On 22/07/2016 22:04, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: | Perhaps you've not set up a wifi access point, and that is the basis of | your confusion? It has long been possible to specify MAC addresses that | can use the WAP, block others, and allow log-ins from non-specified | devices. I'm not an expert on wifi. I rarely have occasion to use it at all. But from my reading of the IPv6 link it sounds to me like there's a valid concern. If the MAC address as part of a unique ID is enabled -- or more to the point, if an IPv6 unique ID is enabled -- then the IP sent to remote servers contains a unique ID. That allows the remote server to ID individuals. It also allows the library to have a log of who visited what site, based on that ID in the network traffic. [...] Maybe I'm mistaken, but that reads to me to say that what the library is asking is for people using their wifi to be uniquely identifiable online. Can you see a different reason for their demands? If you followed this topic from when it was introduced on the Win8 group, the first question is whether the library is "demanding" anything. Amazing, truly amazing, you appear to know more about the situation than I do. What are they asking for then ... One must understand that having users submit MACs to bypass wifi log-ins would be sufficiently time-consuming for a public location to make it completely impractical as a general policy. So, that begs the question, why that person's particular user group? It looked to me that it was an offer to make life easier for that person's user group -- for example, that they frequently use the library's wifi. So, my response to the question, "should I be concerned" is... no. Again, you are missing the point (quelle surprise). Let's try this again Why would the library *insist* on knowing the MAC addresses if not to track the device (notice I use the word 'device') I'm still waiting for your insight. Your snarky remarks are unimpressive. It's clear that you don't understand what some of us have told you, which is pretty elementary information about WAPs. Basically, the only "advantage" to supplying a MAC is *yours*; you no longer have to log in. When you log in, as you have apparently been doing, your MAC address is already visible to the WAP, and any activity could be tracked to your specific device, should someone care to do so. That you wish to turn their offer (insistence, or whatever) into some kind of snoopy behavior is nonsensical. Take it or leave it. In other words you don't know. That's OK but did you really have to waste all that bandwidth saying so you could've just said "I don't know' -- Quis custodiet ipsos custodes? |
#23
|
|||
|
|||
ipv6 privacy extensions
On 7/23/2016 6:55 AM, HighSpy wrote:
On 23/07/2016 10:02, Justin Tyme wrote: On Fri, 22 Jul 2016 17:04:59 -0400, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: Totally agree with you Neil. Figures What doesn't figure is why you don't get it. At this point, it's clear that you need to believe some paranoid nonsense rather than grasp some elementary facts about wireless access points. That's fine, but I hope you don't think you're persuading those of us with that knowledge that you're on to something we need to know about. Move on. -- Best regards, Neil |
#24
|
|||
|
|||
ipv6 privacy extensions
On 23/07/2016 12:18, Neil wrote:
On 7/23/2016 6:55 AM, HighSpy wrote: On 23/07/2016 10:02, Justin Tyme wrote: On Fri, 22 Jul 2016 17:04:59 -0400, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: Totally agree with you Neil. Figures What doesn't figure is why you don't get it. At this point, it's clear that you need to believe some paranoid nonsense rather than grasp some elementary facts about wireless access points. That's fine, but I hope you don't think you're persuading those of us with that knowledge that you're on to something we need to know about. Move on. In my long, long experience in this business people, particularly network administrators don't do anything for no reason. I don't know why they are insisting on the MAC addresses and neither apparently do you. That is the difference between you and I, you don't know but rather than find out you obfuscate your lamentable lack of knowledge by questioning others ability to understand. Again, I've seen it so many times it shouldn't come as a surprise. There is a reason for the demand and I will find out what it is, although not obviously from you. You carry on in your cosy world and leave the hard stuff to someone else. I see no benefit in continuing with this discussion. -- Quis custodiet ipsos custodes? |
#25
|
|||
|
|||
ipv6 privacy extensions
| In my long, long experience in this business people, particularly
| network administrators don't do anything for no reason. | Maybe not, but they might insist for no reason. As one can see in this group, an awfully lot of techie people like to think the rest of the world are idiots. So they might "demand" the MAC just as a parent might require something of a child without explaining. | I don't know why they are insisting on the MAC addresses and neither | apparently do you. | What he says seems to make sense. I was thinking that you had said they required you to disable the privacy extensions of IPv6, but re-reading, I don't see anywhere that you said that. So presumably any IPv6 IP you're sending outside the network should be as protected as an IP address can be, or would be if you were using it from home. That seems to leave only the mysterious "security mark" demand. Having to hand over your device for configuration does seem unreasonable and unjustifiable. But if they only want to change some sort of setting for better security they should be able to tell you that and let you do it. |
#26
|
|||
|
|||
ipv6 privacy extensions
On 7/23/2016 7:46 AM, HighSpy wrote:
On 23/07/2016 12:18, Neil wrote: On 7/23/2016 6:55 AM, HighSpy wrote: On 23/07/2016 10:02, Justin Tyme wrote: On Fri, 22 Jul 2016 17:04:59 -0400, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: Totally agree with you Neil. Figures What doesn't figure is why you don't get it. At this point, it's clear that you need to believe some paranoid nonsense rather than grasp some elementary facts about wireless access points. That's fine, but I hope you don't think you're persuading those of us with that knowledge that you're on to something we need to know about. Move on. In my long, long experience in this business people, particularly network administrators don't do anything for no reason. If you understood any of the responses you've gotten, it should make you wonder why they'd go to the trouble to accomplish what concerns you. I don't know why they are insisting on the MAC addresses and neither apparently do you. Actually, the reason for their request seems pretty obvious to me, and I've explained why more than once. That is the difference between you and I, you don't know but rather than find out you obfuscate your lamentable lack of knowledge by questioning others ability to understand. Again, I've seen it so many times it shouldn't come as a surprise. If you were under some bizarre impression that any of us could "know" what those we have never met might have in mind, then your tin foil hat is leaking RFI. The facts that some of us have repeatedly presented, and you repeatedly refuse to accept is that those wishing to track your activities in a place with public wifi don't need your permission to do so. When you log in, the jig is up. There is a reason for the demand and I will find out what it is, although not obviously from you. If that was really your only intent, then it should have been obvious that the ones to ask are the ones asking you to provide your MAC addresses, not us. But, based on your comments here, you wouldn't believe them, either. I see no benefit in continuing with this discussion. I see no benefit in your having started it in the first place. At least, not to any of us. -- Best regards, Neil |
#27
|
|||
|
|||
ipv6 privacy extensions
On 7/23/2016 7:18 AM, HighSpy wrote:
On 23/07/2016 12:12, Neil wrote: On 7/23/2016 2:48 AM, HighSpy wrote: On 22/07/2016 22:04, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: | Perhaps you've not set up a wifi access point, and that is the basis of | your confusion? It has long been possible to specify MAC addresses that | can use the WAP, block others, and allow log-ins from non-specified | devices. I'm not an expert on wifi. I rarely have occasion to use it at all. But from my reading of the IPv6 link it sounds to me like there's a valid concern. If the MAC address as part of a unique ID is enabled -- or more to the point, if an IPv6 unique ID is enabled -- then the IP sent to remote servers contains a unique ID. That allows the remote server to ID individuals. It also allows the library to have a log of who visited what site, based on that ID in the network traffic. [...] Maybe I'm mistaken, but that reads to me to say that what the library is asking is for people using their wifi to be uniquely identifiable online. Can you see a different reason for their demands? If you followed this topic from when it was introduced on the Win8 group, the first question is whether the library is "demanding" anything. Amazing, truly amazing, you appear to know more about the situation than I do. What are they asking for then ... One must understand that having users submit MACs to bypass wifi log-ins would be sufficiently time-consuming for a public location to make it completely impractical as a general policy. So, that begs the question, why that person's particular user group? It looked to me that it was an offer to make life easier for that person's user group -- for example, that they frequently use the library's wifi. So, my response to the question, "should I be concerned" is... no. Again, you are missing the point (quelle surprise). Let's try this again Why would the library *insist* on knowing the MAC addresses if not to track the device (notice I use the word 'device') I'm still waiting for your insight. Your snarky remarks are unimpressive. It's clear that you don't understand what some of us have told you, which is pretty elementary information about WAPs. Basically, the only "advantage" to supplying a MAC is *yours*; you no longer have to log in. When you log in, as you have apparently been doing, your MAC address is already visible to the WAP, and any activity could be tracked to your specific device, should someone care to do so. That you wish to turn their offer (insistence, or whatever) into some kind of snoopy behavior is nonsensical. Take it or leave it. In other words you don't know. That's OK but did you really have to waste all that bandwidth saying so you could've just said "I don't know' Since your comprehension appears to be suffering, let me be clear to other readers of this thread. It seems obvious to me why they have offered you wifi access without logging in, and it's not nefarious. It is you who just don't get it. -- Best regards, Neil |
#28
|
|||
|
|||
ipv6 privacy extensions
On Sat, 23 Jul 2016 11:55:09 +0100, HighSpy
wrote: On 23/07/2016 10:02, Justin Tyme wrote: On Fri, 22 Jul 2016 17:04:59 -0400, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: Totally agree with you Neil. Figures I just added my grandaugter's mac address and she never has to login, which for her would be difficult. She enters any Shaw hotspot and the wifi is just on. It is a convenience for Shaw customers who are all part of a massive user group. The OP must be part of some user group and the mac address was used as a convenience to log in automatically. Nothing more. Is it me or are you people really that thick? I'm probably wasting my time here but I'll give it one more go Apparently there is a management overhead in registering MAC addresses. Why would the network administrators do something they didn't have to unless there was a benefit for them? What is this benefit If you know the answer and would like to share it that would be great If you don't know the answer then why bother responding That lunacy about being tracked is too much. LOL! We are all surely doomed :-( Do you actually believe that you are that important to anyone? Global mass surveillance is a fact but it doesn't affect the vast majority of people in a negative way. If you are a person of interest then you need to be very careful. It is very doubtful that you are that person. You should treat the internet like an open book that anyone with the ability to read can access. There are steps you can take that can enhance your computer privacy to the point where you are anonymous. I won't go into explaining operational security, but I do understand OPSEC. I think some people *overestimate their importance* and become unreasonably paranoid. The fact that you can be tracked and the steps you take to avoid being tracked depends upon how big a fish you are and/or what it is you are trying to hide. -- JT |
#29
|
|||
|
|||
ipv6 privacy extensions
On 23/07/2016 20:57, Justin Tyme wrote:
On Sat, 23 Jul 2016 11:55:09 +0100, HighSpy wrote: On 23/07/2016 10:02, Justin Tyme wrote: On Fri, 22 Jul 2016 17:04:59 -0400, Neil wrote: On 7/22/2016 3:34 PM, Mayayana wrote: Totally agree with you Neil. Figures I just added my grandaugter's mac address and she never has to login, which for her would be difficult. She enters any Shaw hotspot and the wifi is just on. It is a convenience for Shaw customers who are all part of a massive user group. The OP must be part of some user group and the mac address was used as a convenience to log in automatically. Nothing more. Is it me or are you people really that thick? I'm probably wasting my time here but I'll give it one more go Apparently there is a management overhead in registering MAC addresses. Why would the network administrators do something they didn't have to unless there was a benefit for them? What is this benefit If you know the answer and would like to share it that would be great If you don't know the answer then why bother responding That lunacy about being tracked is too much. LOL! We are all surely doomed :-( Do you actually believe that you are that important to anyone? Global mass surveillance is a fact but it doesn't affect the vast majority of people in a negative way. If you are a person of interest then you need to be very careful. It is very doubtful that you are that person. You should treat the internet like an open book that anyone with the ability to read can access. There are steps you can take that can enhance your computer privacy to the point where you are anonymous. I won't go into explaining operational security, but I do understand OPSEC. I think some people *overestimate their importance* and become unreasonably paranoid. The fact that you can be tracked and the steps you take to avoid being tracked depends upon how big a fish you are and/or what it is you are trying to hide. The really worrying thing is you actually sound like you believe your own propagada. Everything is snuggly and warm and only the bad guys are being actively watched. That's all right then nothing to worry about. -- Quis custodiet ipsos custodes? |
#30
|
|||
|
|||
ipv6 privacy extensions
HighSpy wrote:
Why would the network administrators do something they didn't have to Mostly the reason network admins do anything is to make their own life easier :-) So in your library's case it sounds they can either have a system that handles authenticated logins *and* MAC address whitelists, where they need some way of generating and giving out logins and dealing with people forgetting their password etc Or they can have a system that just accepts MAC addresses. Either way (if they actually wanted to) they could associate your machine's MAC address with you, e.g. by your library membership details etc, so it's no skin off your nose, I'd be amazed if they were using IPv6. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|