Aaron Crosman on 15 Sep 2004 17:00:05 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] Phillys hot spots...


>I disagree. The MAC address is very easy to change. And for the ones
>would be trying to use the system for what it shouldn't be used for,
>be the ones that would have the software to change it. 
>By tracking, I mean after the fact. I assume that if you go to
>you are linked to a credit card, so that can be back tracked 6 months
>the road. Just as you have to sign up for a computer at the library (I
>that is the case in Phila as well as my local library). 
>Here there is no tracking. Just sit and surf, and leave. 

Well, okay, that was my point about low level crime (things the RIAA,
MPAA care about).  Those types of folks in my experience often have no
real idea how traceable they are particularly over time as patterns in
their behavior emerge (hence the mass lawsuits by the RIAA).  I would
guess this goes for the average child-pornographer as well, but as I
don't know that I know any it's hard to say.  Sure there are some people
in-between clueless and very good, but probably not many.  Once they are
very good I expect they could work around the tracking of a
Starbucks-like setup.  So for this small group of in-betweens they might
have a new security hole to work in, but again if they become a repeat
costumer they become more traceable particularly if you accept the
arguments that the city should be allowed to setup cameras to watch
public places (which I don't accept).

You have a good point about getting tracked down 6 months later, but I
wonder how much of that really happens.  Most cases that I have heard
about the computer crime was discovered only after they got nailed for
another crime (my understanding is that this is very common with porn
cases), or the police spend months chasing shadows online before getting
anywhere close to a physical location, and they can't do much except
harden security in the mean time.  I haven't heard much about picking
people up based on 6 month old logs.  Of course that's just what I've
seen in the news and online, I've never looked for good statistics on
that kind of thing.

Oh, and a quick note about libraries.  I know in the New Castle County
Library system in DE would be unable to track from the IP address to the
user without luck.  They do check library cards before you log use the
web browsing computers, but most branches they just write it on a sheet
of paper, with the time.  If someone came a day later (let alone 6
months) I very much doubt that they would be able to find that sheet of
paper, let alone read the handwriting.  My real point being that there
are already many places people can get online without being easy to
track (another being most college computer labs).

>It would be easy enough to setup a repeater that would allow you access
>park from an area that isn't in love park, have a small PC with 2 NICS,
>to access the park, the other to focus the signal (via a cantenna
>Put this inside a parked car, especially, if each time access is
acheived the 
>MAC address changes. 

Well sure, but how many people are going to be organized enough to pull
that off, and not organized enough to have 8 other means of doing the
same on the networks that bleed out of people's home's and offices
already. Moreover, I would expect someone that well organized to have
several other ways of getting online other then Love Park.  Not be able
to track a single point of entry is already going to be large problem, I
don't see municipal setups adding to that considerably.  I might occur
to a few more people, but the option is already there.


PS.  Sorry this email got much longer then I expected, but this is kind
of a fun mental exercise.  Granted I should get back to work now.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug