Comments on: Tracking PCs anywhere on the Net

Anonymous Internet access may be a thing of the past, according to a doctoral student at the University of California.

[telephonics]

PC Identification

Assuming that the Islamic terrorists utile the internet for communicating with each other this technology might has application to tracking the key leaders and ultimately assist in eliminating them.

[telephonics]

PC Identification

Assuming that the Islamic terrorists utile the internet for communicating with each other this technology might has application to tracking the key leaders and ultimately assist in eliminating them.

Tadayoshi Kohno Thanks for nothing!

Cool say goodbye to our routers, say hello to paying for each device behind it.

[scioara]

There is a will ... there is a way

Short term you might be right. But, what's to stop me from tweaking my NAT's/router's/etc's TCP/IP stack to "play" with the info on which his detection method relies?

Tadayoshi Kohno Thanks for nothing!

Cool say goodbye to our routers, say hello to paying for each device behind it.

[scioara]

There is a will ... there is a way

Short term you might be right. But, what's to stop me from tweaking my NAT's/router's/etc's TCP/IP stack to "play" with the info on which his detection method relies?

No Different from a Virus

"Kohno's research is likely not the last word in Net anonymity, but simply the latest escalation in the arms race between snoopware and anonymity developers. Possible countermeasures include masking time skews with better random number generation techniques, for example."

Wonderful, so now some hotshot has created a way for fraudsters to get into my network. This is no different than a virus. Hopefully some firewall provider will figure out how to prevent this junk from profilerating. What's inside my firewall is intended to remain inside, we've got enough problems as is with viruses and spyware, and I don't need more hacker snoopware intruding on my business operations.

No Different from a Virus

"Kohno's research is likely not the last word in Net anonymity, but simply the latest escalation in the arms race between snoopware and anonymity developers. Possible countermeasures include masking time skews with better random number generation techniques, for example."

Wonderful, so now some hotshot has created a way for fraudsters to get into my network. This is no different than a virus. Hopefully some firewall provider will figure out how to prevent this junk from profilerating. What's inside my firewall is intended to remain inside, we've got enough problems as is with viruses and spyware, and I don't need more hacker snoopware intruding on my business operations.

[Marcus Westrup]

I have my doubts

It may sound good on paper, and even work in a controlled lab setting, but the real world is not so accommodating. Too many factors need to stay constant - thermal variations in the clocking circuit alone will change the results.

With many millions of devices on the net, there are too many signals and not enough skew bandwidth to do any serious tracking outside of a single building.

Wireless on the other hand . . .

[Marcus Westrup]

I have my doubts

It may sound good on paper, and even work in a controlled lab setting, but the real world is not so accommodating. Too many factors need to stay constant - thermal variations in the clocking circuit alone will change the results.

With many millions of devices on the net, there are too many signals and not enough skew bandwidth to do any serious tracking outside of a single building.

Wireless on the other hand . . .

[peterb]

real world test

use the new technique to pinpoint bin laden!

[peterb]

real world test

use the new technique to pinpoint bin laden!

[Jim Hubbard]

Proxies defeat this easily......

Using a proxy to request pages on your behalf is a simple (and free) way to defeat this supposed new threat to privacy. While NATs pass your TCP package through and may be vulnerable to this hack, proxies (when properly done) send their own requests on your behalf - easily defeating this little spoof of TCP.

[Jim Hubbard]

Proxies defeat this easily......

Using a proxy to request pages on your behalf is a simple (and free) way to defeat this supposed new threat to privacy. While NATs pass your TCP package through and may be vulnerable to this hack, proxies (when properly done) send their own requests on your behalf - easily defeating this little spoof of TCP.

[Raife]

Far too simplistic

Yet again, another 'method' which will apparently only work on the 'innocent', the 'ignorant', or someone who is just flat-out not trying to hide their 'identity' in the first-place, ...because simply stripping, or otherwise altering the relevant 'TCP'-headers, either directly through software, ...or by using a 'Proxy', ...or using different software-configurations, ...etc, ...etc, ...etc, ...would all seem to automatically defeat this 'hypothetical' ID-method.

And frankly, it appears that these so-called "fingerprints", most probably, are more a characteristic of 'wishful-thinking' than a truly practical 'hardware-identification' technique (though honestly, I can see, so-called, "...experts for the prosecution" managing to get 'convictions' based upon lengthy 'techno-babble' which falsely proclaims, "...the possibility of an incorrect identification" to be, "...one in a ka-gillion").

Furthermore, I could even see how easy it would be to 'frame' somebody else for a 'crime', simply by identifying, and then 'duplicating', their 'unique hardware-fingerprint'. ...Oh, the possibilities.

But seriously, there are far more serious, and direct, threats to 'anonymity' and 'privacy' afoot in the 'digital-world', these days, than this particular highly-questionable 'student-supposition' (just look-up "Trusted Computing", "DRM", or "BIOMETRIC-ID Authentication").

[Raife]

Far too simplistic

Yet again, another 'method' which will apparently only work on the 'innocent', the 'ignorant', or someone who is just flat-out not trying to hide their 'identity' in the first-place, ...because simply stripping, or otherwise altering the relevant 'TCP'-headers, either directly through software, ...or by using a 'Proxy', ...or using different software-configurations, ...etc, ...etc, ...etc, ...would all seem to automatically defeat this 'hypothetical' ID-method.

And frankly, it appears that these so-called "fingerprints", most probably, are more a characteristic of 'wishful-thinking' than a truly practical 'hardware-identification' technique (though honestly, I can see, so-called, "...experts for the prosecution" managing to get 'convictions' based upon lengthy 'techno-babble' which falsely proclaims, "...the possibility of an incorrect identification" to be, "...one in a ka-gillion").

Furthermore, I could even see how easy it would be to 'frame' somebody else for a 'crime', simply by identifying, and then 'duplicating', their 'unique hardware-fingerprint'. ...Oh, the possibilities.

But seriously, there are far more serious, and direct, threats to 'anonymity' and 'privacy' afoot in the 'digital-world', these days, than this particular highly-questionable 'student-supposition' (just look-up "Trusted Computing", "DRM", or "BIOMETRIC-ID Authentication").

[Andrew J Glina]

Clocks Skews

What happens if the computer updates it's clock via the internet every 10 minutes? Besides, as another person says, this might work for 10, 100 or even 1000 computers. But when it has to track millions of computers....

[Andrew J Glina]

Clocks Skews

What happens if the computer updates it's clock via the internet every 10 minutes? Besides, as another person says, this might work for 10, 100 or even 1000 computers. But when it has to track millions of computers....

[Skippy3246]

Just wait until the hackers start using this "wonderful" technology

This is just great! just what we all need. When the malware writers get a hold of this, they then utilize it to hack through our hardware and software firewalls. Then they can REALLY start delivering spam to our computers. I can hardly wait!!

[Skippy3246]

Just wait until the hackers start using this "wonderful" technology

This is just great! just what we all need. When the malware writers get a hold of this, they then utilize it to hack through our hardware and software firewalls. Then they can REALLY start delivering spam to our computers. I can hardly wait!!

[agottschald]

Sounds just a bit far fetched

Just how many computers are connected to the internet at some time? How many of each model ever made could be connected? When you have say a laptop made by Dell could this method pick out one out of all of the units of a particular model that have been made?

And if like me they switch between wired and wireless cards, not to count all of the cards that over time got damaged and had to be replaced, would the "fingerprint" remain the same?

I've noticed that my laptop clock isn't that great and since the laptop is reletively old, when pushing it on a task I've noticed the system clock loses time. The actual clock which is far from being the best time keeper, varies in time keeping dependent on temperature during idle use and even more during normal use. I just can't see that it would be possible to track a system with this method in the real world, like someone else said the real world is a very different place to a lab.

There is also where you are capturing the packets, if you are capuring the packets at your own site you have an advantage but if you are expecting to intercept packets somewhere in cyberspace, you may never even see them. Nice theory but there are more reliable ways of tracking someone especially if they are accessing your site. In cyberspace, you'd have better chances of winning the meggaball!

[agottschald]

Sounds just a bit far fetched

Just how many computers are connected to the internet at some time? How many of each model ever made could be connected? When you have say a laptop made by Dell could this method pick out one out of all of the units of a particular model that have been made?

And if like me they switch between wired and wireless cards, not to count all of the cards that over time got damaged and had to be replaced, would the "fingerprint" remain the same?

I've noticed that my laptop clock isn't that great and since the laptop is reletively old, when pushing it on a task I've noticed the system clock loses time. The actual clock which is far from being the best time keeper, varies in time keeping dependent on temperature during idle use and even more during normal use. I just can't see that it would be possible to track a system with this method in the real world, like someone else said the real world is a very different place to a lab.

There is also where you are capturing the packets, if you are capuring the packets at your own site you have an advantage but if you are expecting to intercept packets somewhere in cyberspace, you may never even see them. Nice theory but there are more reliable ways of tracking someone especially if they are accessing your site. In cyberspace, you'd have better chances of winning the meggaball!