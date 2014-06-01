It was cool to find out that I was crossing daily with the same people in different places and yet we never met.
It was a small project I made for fun, nothing serious :)
Have there been any developments in randomising MAC addresses or other solutions to this problem?
I found this app called Pry-Fi:
https://play.google.com/store/apps/details?id=eu.chainfire.p...
Thing is that it is usually useless. Only instance where you would even send a package (thus showing your MAC) when searching is if you were searching for a hidden AP. Funny that Microsoft is the only one that got that right, as they have a checkbox that says "hidden AP". All others just assume that the AP may be hidden and try to connect anyway. (worse is that they scan in the background while you are connected. NM does it at least)
I'm sure the data from that is much more fine grained.
Update: Ah got it. With Oyster they can only register the entry and exit points and not the route taken.
In cases where there are multiple routes to complete a trip (eg remaining on one line vs making multiple connections for a faster journey) it was therefore previously not possible to determine what percentage of people chose which route.
"Encrypted hashes" isn't totally specific given the vague language used when talking to general audiences, but assuming it means a cryptographic hash, then that doesn't really give much (any) privacy. There are only so many possible MAC addresses, and it's pretty easy to try them all in minutes. I was going to do the math, but Threatpost already has an article about this.[1] There's also a stub Wikipedia article.[2]
Unique salts don't work if you still want to be able to compare MAC addresses, which is sort of the point. You can have a single salt for all hashes, or alternatively encrypt with a single key, but then it's just a matter of that single salt or key being leaked.
+1 for randomized MAC addresses.
[1] https://threatpost.com/research-finds-mac-address-hashing-no...
[2] https://en.wikipedia.org/wiki/MAC_Address_Anonymization
