Apple adds privacy-protecting MAC spoofing (when Aaron Swartz did it, it was evidence of criminality)


#1

[Permalink]


#2

You mean when Swartz was illegally entering areas that he wasn't supposed to and trying to hide activity that he admitted that he was trying to hide because he was violating something he knew he wasn't supposed to (regardless if it was illegal or just a violation of an agreement)?

Just confused, because in Swartz's case, it kinda was, regardless of how raw a deal he may have gotten. Regardless, in Apple's case, once connecting to a network -- not just putting random packets into space to ping if there is a network, it will transmit only the correct address. This is only few cases of searching for networks and nothing more. That said, it isn't like I didn't do the same things Swartz was doing...errr...except I was running an illegitimate FTP at a university that I was actually paying to attend back in '92. I think of some of the things I did and how lucky I was I didn't get in much trouble.


#3

Exactly, the intent and actual use are totally different. Also, Apple's plan is not exactly spoofing because the temp MAC addresses aren't trying to imitate a particular device's address or even a legitimate address from another registered manufacturer.


#4

The worst thing Aaron Schwarz did was put his laptop in the wiring closet. If he just sat in the library, or ran it from his office...

That poor kid. He didn't deserve what was being done to him.


#5

I approve of this. You don't even have to have a three letter agency budget to set up distributed system of wifi sniffers that scoop up MAC addresses and get scarily good location tracking https://www.youtube.com/watch?v=ubjuWqUE9wQ

On the other hand, even with this, you're still probably being tracked in at least a dozen other ways.


#6

"If he just sat in the library, or ran it from his office..."

You are absolutely right. He had an office at ANOTHER university that allowed him to be there a short distance away and gave him an office. MIT didn't. They didn't give him permission to be trying to break into network closets. He might not have broken in, but it was most certainly illegal entry. Does illegal entry require someone to go to jail or require a cop to make a judgement call to say You Damn Kid, Get Out Of Here? Well, depends. Sounds like the later to me.

That doesn't change the very fact that he KNEW he was doing something wrong, he bragged about his civil disobedience, and even if he was trying to do something positive -- he knew the actions he had taken were illegal to some extent.

The point isn't whether Swartz got a raw deal, or otherwise, it is the conflation and equivocation of the headline that one is evidence of criminality (which is it) so the other should be as well or the world jus' ain't not fairs. Its an argument that works on 14 year olds. I mean, if there was a way to sell this sort of outrage to 14 year olds, a journalist could get mildly rich comfortable.


#7

'xactly Typically overzealous Doctorow headline, which does a disservice to Swartz, imho, because the repudiation of the analogy could be interpreted as support for the original claim. It doesn't, but shady tactics never cast a good light on the user.

This is exactly like the NSA claiming innocence by twisting the wording beyond a breaking point.


#8

You know what else is a notable irony? That notable ironies don't bring back the dead.


#9

I've never heard anybody claim Swartz was blameless, just that he was treated unfairly, yet the straw man that is constantly presented, is the same one you're using right now.

Is MAC spoofing wrong in and of itself? No. Then MACspoofing is no more evidence of criminality than owning a gun. (which is what Cory wrote)
If you own a gun, you CAN use it for crime, and if you do, you can get charged for it, but owning said gun is not evidence in and of itself that anything you have done has criminal intent.
There was someone else, not too long ago who was "accused" of using a nefarious tool called wget. this was presented as evidence of hacking the same way that MAC spoofing was used with Swartz.
The prosecution did not need to charge him with MAC spoofing, and they didn't, they just tried to drum up the charges as much as possible in as unfair a manner as possible.

To be clear, this is what you are defending right now, aren't you? Your point is to say that he deserved the treatment he got?
Because nobody here is defending his innocence, its too late for that, Cory wrote "When Aaron Swartz did it, it was evidence of criminality", which is a direct comment on how his trial was grossly unfair.
His trial wasn't fair, the charges weren't fair, therefore the sentence he was faced with was unfair, The way he was treated ensured that even if he was 100%, without a doubt, guilty of something, he would not be charged with it and justice would not have been served.
And this is what you are defending with your straw man.

Go ahead, say he was guilty, and of what, please, but go ahead, here's the link to the wikipedia article:


Its pretty clear why, and I'll speak for myself here, I believe that the charges were trumped up in order to get an easy conviction, not because they thought they could prove them.

TL;DR:

Whatever you may think of Swartz's actions, MAC spoofing is not a crime, it is not scary "hacking" either which is what was claimed and is in fact something so simple it will be available on iphones soon.
Coming in here just talking about how Swartz was guilty (You are most definetly not saying he was innocent or wronged in any way) is only serving to derail the conversation.

Or is your point that MAC spoofing is wrong?


#10

I read it as a reminder that technology is always scary until a corporation allows us to believe it isn't.
If Apple gives you a way for mainstream users to use wget, you'll forget that it was once presented as an evil hacking tool and nobody challenged it.


#11

You seem so intent on proving that Swartz was unfairly prosecuted that you seemed to have lost the ability to read what I had said.

In your case of a gun, owning a gun is not evidence of criminality. However, if you have a gun, are casing a joint, and then use the gun while committing a crime as a specific tool to achieve your goals while committing the crime...yeah...it goes to show intent.

Again, I think the guy was railroaded, however, he used this tool to evade being caught and using it in this way sorta shows that he was trying not to get caught doing something. It really isn't that hard to understand.

Do I need to say it again, the guy was railroaded, but he wasn't innocent. Even if it is just breaking the rules of what MIT asked of people using their facilities...he was trying to evade these rules. If you can't see this, there really is no point in discussing this further because you aren't looking at the evidence, you are focusing on emotion.


#12

This might be where we are speaking past each other.
We seem to be agreeing that he was railroaded, but we seem to disagree that the charges were the instrument with which he was being coerced.

And I'm talking about how this relates to the article at hand, isn't it always the case, that if you try to hide your identity by MAC spoofing, that it sorta shows that you are trying not to get caught doing something? I don't see Apple too worried about this, in fact, this is the reason its being offered.

BTW, using a weapon in an assault is a crime, not evidence of intent of a crime, you have to prove a crime was commited and then, that a specific person commited that crime. And then there are different charges depending on what type of weapon was used.

Look, please list the crime(s) he (allegedly) committed, and then watch any pretense of MAC spoofing as evidence of intent vanish.
Then realize that the only other reason, other than technical, that MAC spoofing was mentioned at all was the prosecution wanted to paint Aaron as an evil hacker in order to secure a conviction.
Then notice how Cory's headline actually makes sense.

Or disagree with me, that's OK too.


#13

All my devices at home — as well as those of visiting family and friends — have their MAC addresses PRE-registered with the household router in order to gain Internet access. So knowing the router passcode is insufficient … the router will only work with devices that it already has registered in its wireless access list. If Apple does, in fact, implement such a system, it may be necessary to purchase and install another router in line that doesn’t maintain a wireless access list, just to accommodate Apple's random MACs. Thanks Apple ...


#14

Ugh, more incessant whining about Cory's blogging style in this thread instead of substance. I wish I could start blocking the repeat offenders. Has anyone figured out a greasemonkey script that'll work with this bbs to do so? All my efforts have failed because of ajax code or something.

WE GET IT. YOU DON'T LIKE CORY'S BLOGGING STYLE.

How about posting about it in a thread dedicated to whining about it instead of being constantly off-topic and derailing threads? Cory obviously doesn't give one fuck what you pedants think, yet you still feel the compulsive, obsessive need to complain in many threads.

Here's the Cory Doctorow blogging grievance thread:

http://bbs.boingboing.net/t/cory-doctorow-blogging-grievance-thread/

Please post there and focus on the topics in other threads for now on.


#15

Some early networking protocols set the MAC address themselves instead of using the hardware address.  It's been way too long for me to remember the details, but either DECNET or DEC LAT or both did that, and probably some others. The reason was probably so you could always find the main server at :::::01: instead of having to ARP for it, and at least some of the DEC protocols were non-routable so there wasn't a significant risk of collisions.

Also "Yo, dawg, I hear you like Macs, so I put lots of MACs on your Mac, Mac."


#16

This topic was automatically closed after 5 days. New replies are no longer allowed.