Hello, Penguins! We will interrupt this week’s showcase friday to bring you a breaking news story. Apple just released an update to iOS 17 that fixes a bug that has been leaking users’ Wi-Fi MAC addresses for the past three years. This is a major privacy faceplant for Apple, and it’s a cautionary tale for all closed-source giants. The bug, reported under CVE-2023-42846 could have allowed attackers to track users’ movements by monitoring their Wi-Fi MAC addresses.
  • Possibly linuxEnglish
    132 years ago

    I don’t think anyone believes apple is good for privacy and they are certainly not good for freedom.

  • LittleHermiTEnglish
    12 years ago

    How is this a problem when the hardware address is dumped once packets are out onto the web? Are you worried your router knows it’s you? Outside your subnet, on the internet, your Mac address is not part of the packet.

    • Danny MOP
      62 years ago

      that’s wrong. the device exposed the real mac address on port 5353 (udp) which is apple’s “bonjour” service, which acts as a service discovery/zeroconf network tool.

      that means that other devices in the same network can know your real mac address, this makes it very easy for say ISPs to track you across networks if you use friends networks, open wifi networks in coffee shops etc.

      • LittleHermiTEnglish
        12 years ago

        Still within a subnet. If you connect to an internet cafe Wifi, you should be more worried about your dns traffic for identifying you.

        • Danny MOP
          12 years ago

          DNS tracking can be mitigated with Oblivious DoH, DNSCrypt or even a VPN.

          • LittleHermiTEnglish
            12 years ago

            And so on and so on. If you want to be tracked, you can be tracked, regardless of a mac address, or the hoops a user jump through to create the illusion of privacy. I can think of lots of unconventional ways to track a naive user.

    • Danny MOP
      82 years ago

      yeah, there was a feature that was supposed to do it, but they never implemented the feature properly, which made it literally useless, and it was discovered just now, 3 years later

    • @[email protected]
      122 years ago

      It randomized the MAC address for the device it connected to, but sent its real MAC address to every other device on the network.

      So it wasn’t useless, it was just… Mostly useless.

  • @[email protected]
    162 years ago

    This is a real win-win for Apple.

    • 3 years ago, they got to brag about implementing a privacy feature.
    • And now, they get to brag about patching a newly discovered privacy bug in record time!

    The target market has eaten this up like pigs at a trough too. From r/privacy of all places:

    • “I’m not going to drop everything and sell all of my Apple products over something so minor especially since this issue never directly effected me.”
    • “Redditors love to hate on Apple so much. As an Apple customer this really isn’t a big issue”
    • “At least they took the time to fix it which is something a lot of companies wouldn’t do.”
    • Danny MOP
      52 years ago

      Maybe you’re right, but to me it’s still worth it to point out those issues

      • @[email protected]
        82 years ago

        I agree, and thank you for pointing them out 😊 I think everybody should hold big tech responsible, whether they like/use the products, or whether they don’t.

        I consider it important to remain critical, even of the stuff I love

      • @[email protected]
        72 years ago

        I can’t even with these people. Sitting duckz/suckersz doesn’t even begin to accurately convey