On 9/22/2020 5:52 PM, Martin Thomson wrote: > There's an additional consideration that might be worth pulling out here. > And it's not an impact on network operations, it's a potential for > applications that interact with these network services to undo the work of > lower parts of their stack. > > For instance, if your device connects to the same network and the same > captive portal it might open a web browser to connect to that portal. If the > web browser presents the cookies it received from the portal last time they > talked, it undoes the work of the OS. > > Now, some implementations use these nasty browser-like things with aggressive > sandboxing that don't save cookies. That comes with other costs, but it > addresses the problem up until the point that the network connection is > restored and then who knows what happens once the pseudo-browser is no longer > involved. > > Maybe that is out of scope for your draft, but it shouldn't be out of scope > for a group that attempts to look more closely at providing advice for > dealing with these features. > > (Does this thread really need to be cross-posted so widely? Can we decide on > a single venue?)
Martin is making an important point here. There are a number of privacy enhancing technologies deployed at different layers: MAC address randomization at L2, Privacy addresses at L3, various forms of encryption and compartments at L4 and above. Each of these technologies is useful by itself, but they can easily be defeated by deployment mistakes. For example: 1) Using the same IP address with different MAC addresses negates a lot of the benefits of randomized MAC addresses, 2) Using a private IP address provides some privacy to client connections. However, if the same address is also used for a publicly accessible server, a lot of the privacy benefits disappear. 3) Using a private IP address without also using a randomized MAC address is not going to provide privacy against local observers. 4) Web cookies and other forms of web tracking are widely used to enable surveillance. Randomizing the MAC address and the IP address without also doing something about web tracking is not going to provide much gains. Defining that "something about web tracking" is challenging, given requirements for users to identify themselves to social media sites and other services. My personal choice would be some form of compartments, each with their own IP address and MAC address, but opinions will probably vary. That would be a great topic for a BOF. -- Christian Huitema _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
