I suppose this news was inevitable:
http://www.cbc.ca/news/politics/cse...travellers-edward-snowden-documents-1.2517881
http://www.cbc.ca/news/politics/cse...travellers-edward-snowden-documents-1.2517881
CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents
- Thread starter Chaos
- Start date
On that note: on any device you own that has Wi-fi, for your own sake PLEASE disable the automatic joining of open networks. This data is being exploited on a COMMERCIAL level, not just by the NSA / CSEC.
MarcosSantiago
Well-known member
OK... so now what?
Who is going to step up and say anything? The Prime Minister? The RCMP? Rob Ford?
Last edited:
yea this isn't really a huge revelation at all
That they can pick up a MAC address off a Wi-Fi device is not a revelation.
The fact that they then track that MAC address to a destination airport (even to a foreign airport) , then out into the wilds is.
If you are into this sort of thing, what they were doing was technically feasible, they just wanted to run a real-time test.
What they were doing was an exercise to see if they could track a MAC address from start of journey to end of journey. They can. In this exercise they successfully tracked at least one phone from one Canadian airport to another, then out into a mid sized Canadian city.
BUT, let's get this straight from the get-go. In this exercise they were tracking phones, not people. As long as they did not equate that MAC address to a person, then destroyed the meta-data when they were finished, I think what they were doing was legal... well sort of....
It still isn't mac tracing isn't new this isn't particularly high level stuff. Now what may be high level is how they got access to destinations airports networks to continue the tracing. But if they were friendly governments cooperating this to amounts to "Can we access your mac tables for your public wifi"(There was probably a bit more to it than that but thats about the information you need). Now if they gained access illegally to those or other security systems.
BTW for people not aware a MAC address is a unique physical (assigned in production) identifier that is present on any piece of network equipment. So each wifi card for a phone a laptop can be identified by this.
Last edited:
on pc's sure can you do that on cell phones/tablets?
https://play.google.com/store/apps/details?id=diewland.changemac&hl=en
well yea guess you can at least on android (probably jail broke ios)
MarcosSantiago
Well-known member
That is part of the problem. It is a combination of the collection of information + the retention (how long they will keep the data) + the purpose (who they are tracking, and why, and for how long).
What if they are collecting not only metadata but they are grabbing everything they can? And what if they are planning to keep the data forever, to correlate with other sources, and identify Canadian people who behave "suspiciosuly" on Canadian soil? These are the question somebody has to go and find out answers to.
This story does not have much to do with the security of using internet via your phone. If your using a trusted site with strong encryption its just as safe using your phone as your home pc (especially if your using WIFI).
So what's preventing them from caching my banking info when I logg into their wifi?
They don't have access to the data itself, just the metadata. That means they only know you were there, that you did or didn't access WiFi, and maybe how much data was transmitted. They don't know the content of that data.
However, I don't think people should be using public WiFi to do their banking or other secure stuff as others may be able to hack the network and get the actual data?
Sorry, I should have said they know *your phone* was there, that *it* did or didn't access WiFi...
In most cases I suspect they don't know who the phone actually belongs to.
If they can identify the person from the MAC address then that would be illegal in my non-lawyer opinion. Otherwise, it's legal and it's done by big chains when you walk through the store so they can track movement patterns of their shoppers.
In most cases I suspect they don't know who the phone actually belongs to.
If they can identify the person from the MAC address then that would be illegal in my non-lawyer opinion. Otherwise, it's legal and it's done by big chains when you walk through the store so they can track movement patterns of their shoppers.
If they were capturing and storing every packet on the WIFi it is still encrypted with some pretty Hefty encryption. At best they would have is a bunch of unintelligible strings of data.
When you go to a secure site you will notice that the website address starts with HTTPS that means its secure ie all traffic from that site to you is encrypted. GTM is not https its just regular old HTTP so unless there is some kind of security in place that operates under that as far as i know when you login to this site it sends your user name and password plain text so in theory i can capture the packets and read your users name and password if i'm on the same network but banks sites will always use HTTPS. So its quite safe to use banking or shopping on your phone over either WIFI and regular 3G internet.
Last edited:
roadtoruin
Well-known member
Nothing to hide - nothing to fear.
-Turbodish
Go back to sleep canada, CSEC is in control.
-Turbodish
Go back to sleep canada, CSEC is in control.
