When Aaron Swartz Spoofed His MAC Address, It Proved He Was A Criminal; When Apple Does It, It's Good For Everyone

from the only-the-second-one-is-true dept

Whenever we write about Aaron Swartz and the criminal prosecution against him, some of our (and Aaron's) critics scream that it was "obvious" that he knew he was up to no good, because he chose to spoof his MAC address on the machine he used to download JSTOR articles. Of course, as many people explained, spoofing a MAC address isn't some crazy nefarious thing to do, and often makes a lot of sense. In fact, Apple recently announced that iOS 8 will have randomized MAC addresses to better protect people's privacy. Simply speaking: Apple is making "MAC spoofing" standard. And, as the folks over at EFF are noting, this is a very good thing for your privacy.

As Cory Doctorow points out, this highlights the ridiculousness of MAC spoofing being used as evidence against Swartz, when now it's going to be a standard feature of iPhones and iPads (and, hopefully, other device makers will quickly follow suit).

This, of course, is one of the unfortunate results when you have law enforcement folks who simply don't understand much technology. People who actually understand both privacy and the ways you might approach problems you face on the internet, recognize that things like MAC spoofing are perfectly reasonable to do at times -- but such actions are twisted by law enforcement as being nefarious and dangerous because it makes it easier to "build a case" and because they don't understand how perfectly common such actions are.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: aaron swartz, ios, mac address, privacy, spoofing


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Scote, 17 Jun 2014 @ 11:15am

    The context is different

    To be fair,t he context is different. Swartz was spoofing MAC addresses at a single location to gain connections he would have been denied without spoofing. Apple is rotating MAC addresses on a mobile device to make it harder for any person or company with a wifi router to track the mobile device user. So, not apples to apples. And I say that as someone who thinks Aaron Swartz was unfairly railroaded.

    link to this | view in chronology ]

    • icon
      ChurchHatesTucker (profile), 17 Jun 2014 @ 11:27am

      Re: The context is different

      Apple is rotating MAC addresses on a mobile device to make it harder for any person or company with a wifi router to track the mobile device user.

      Which is essentially what Aaron was doing. The argument is over when it's criminal to do that.

      link to this | view in chronology ]

      • identicon
        Scote, 17 Jun 2014 @ 11:36am

        Context counts in criminal trials

        First off, let me say I favored Aaron Swartz goal of liberating public domain documents. However, in a criminal trial about whether his attempts to access those documents on a network were criminal, any extra steps he used to avoid the network security could be used as evidence against him, that he was taking extra steps to get around security that was designed to stop an individual from doing what he was doing on that specific network.

        It isn't as simple as "switching MAC addresses" is criminal when Swartz did vs "switching MAC addresses" is good when Apple does it any more than "driving" is bad when someone drives away from a bank robbery, but driving is good when Google Maps drives. The context does make a difference. And if MAC address switching had been a standard feature, enabled by default by the manufacturer, on his laptop, it wouldn't have been an issue at trial. The issue was that he specifically invoked it to get around security measures. Now, I don't think that rose to the level of criminality alleged by the publicity happy fed, nor that it necessarily was sufficient evidence that he violated the Computer Fraud and Abuse act, but it was evidence that he knew what he was doing wasn't within the way the network was designed to be accessed.

        link to this | view in chronology ]

        • icon
          Rikuo (profile), 17 Jun 2014 @ 11:47am

          Re: Context counts in criminal trials

          "And if MAC address switching had been a standard feature, enabled by default by the manufacturer, on his laptop, it wouldn't have been an issue at trial."
          Correct me if I'm wrong...but what I'm reading into this is that if someone does something bad with a laptop, at trial, any functionality that wasn't present in the laptop at the time of its manufacture is deemed bad?
          So let's say I get an old laptop that at the time of manufacture has an 802.11b/g/n wifi module. I get a USB 802.11ac device, plug it in, and use that to hack into my neighbour's 802.11ac router. Now suddenly, according to what you wrote, the fact that my laptop didn't have ac functionality at the time of manufacture is deemed bad?

          link to this | view in chronology ]

          • identicon
            Scote, 17 Jun 2014 @ 11:54am

            Uh, no.

            "at trial, any functionality that wasn't present in the laptop at the time of its manufacture is deemed bad?"

            No, it isn't deemed "bad".

            The the point is that if you take *specific* steps to avoid the security in place that can be used as evidence that you A) knew there was security in place B) that you took steps to avoid it, which can be used as evidence that C) you knew what you were doing was prohibited.

            link to this | view in chronology ]

            • icon
              G Thompson (profile), 17 Jun 2014 @ 12:02pm

              Re: Uh, no.

              You are talking about intent, whereas if in fact he did that to EVERY network he accessed then it would not be intentional to the specific case at hand the mens rae breaks down since it isn't intent since the intent is in fact the norm!

              In other words if you always spoof your address because you are either paranoid or otherwise , and it seems with good reason nowadays, the intent element doesn't hold water. Also the onus is on the prosecution that someone in your field, doing exactly the same thing with same knowledge would NOT do that always. And as anyone in the networking or security field understands that would be pulled to shreds by any capable defense.

              Oh and MAC address's aren't for the "security" purposes you are alluding that they are for.

              link to this | view in chronology ]

            • icon
              Rikuo (profile), 17 Jun 2014 @ 12:11pm

              Re: Uh, no.

              "The the point is that if you take *specific* steps to avoid the security in place that can be used as evidence that you A) knew there was security in place B) that you took steps to avoid it, which can be used as evidence that C) you knew what you were doing was prohibited."

              Here, you aren't defining what security is. Not very likely, but it could very well be that the neighbour's security is the fact his router is ac (which is not very common yet), and his thinking is that since only a few people have ac wifi capability in their devices, it acts as a form of security through obscurity.
              Now suddenly here I come with my laptop, I stick in my ac USB device into my laptop, and am able to access the neighbour's router (let's say he's stupid enough to not have a password). Using your reasoning from above, I took a specific step to avoid his security (using an ac device), I knew the ac 'security' was there, thus this then means that anyone using an 802.11ac USB device has done something illegal.
              Which is the problem with the mac address spoofing that is being focused on. Something that millions of IT professionals do on a regular basis, which is a basic concept (spoofing MAC address/using an ac wifi device) becomes determined bad by the court.

              link to this | view in chronology ]

            • icon
              Beta (profile), 17 Jun 2014 @ 1:35pm

              Re: Uh, no.

              "[T]he point is that if you take *specific* steps to avoid the security in place that can be used as evidence that you A) knew there was security in place B) that you took steps to avoid it, which can be used as evidence that C) you knew what you were doing was prohibited."

              1. You've taken a big step back, from "criminal" to "prohibited".
              2. Step B seems superfluous; whether I know that something is prohibited or not does not depend on whether I'm doing it.
              3. It's extremely weak evidence in any case.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 17 Jun 2014 @ 9:41pm

              Re: Uh, no.

              "The the point is that if you take *specific* steps to avoid the security in place that can be used as evidence that you A) knew there was security in place B) that you took steps to avoid it, which can be used as evidence that C) you knew what you were doing was prohibited."

              Like the *specific* step of choosing to use a device running iOS 8. It's not like there aren't other devices. So, usage of iOS 8 can be used as evidence that you A) knew there was security in place B) that you took steps to avoid it, which can be used as evidence that C) you knew what you were doing was prohibited.

              Yeah, I see how that works.

              link to this | view in chronology ]

        • icon
          ChurchHatesTucker (profile), 17 Jun 2014 @ 11:55am

          Re: Context counts in criminal trials

          And if MAC address switching had been a standard feature, enabled by default by the manufacturer, on his laptop, it wouldn't have been an issue at trial.

          I don't doubt it, but it's a strange world when "default option" Is what it takes to avoid prosecution.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 17 Jun 2014 @ 11:59am

          Re: Context counts in criminal trials

          And if MAC address switching had been a standard feature, enabled by default by the manufacturer, on his laptop, it wouldn't have been an issue at trial.

          An ability to edit the MAC address is standard in most network utilities on Linux systems.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 17 Jun 2014 @ 5:29pm

            Re: Re: Context counts in criminal trials

            An ability to edit the MAC address is standard in most network utilities on Linux systems.


            The ability to edit the MAC address is REQUIRED for some protocols. There was a now-defunct protocol which changed the MAC address to identify the node (forgot which one it was); but there are also some modern router redundancy protocols like VRRP which share a MAC address between two (or more) routers (or hosts).

            So, yeah, MAC address switching is a standard feature.

            link to this | view in chronology ]

            • identicon
              Lawrence D’Oliveiro, 19 Jun 2014 @ 10:00pm

              Re: now-defunct protocol which changed the MAC address to identify the node

              DECnet changed the MAC address to correspond to the bottom 10-bits-or-something of the node address. Because the DECnet engineers were too bloody lazy to come up with an ARP.

              link to this | view in chronology ]

          • icon
            fb39ca4 (profile), 17 Jun 2014 @ 9:02pm

            Re: Re: Context counts in criminal trials

            They'll argue Linux is not default on a computer you buy and so you must be a hacker for daring to not use Windows/OSX.

            link to this | view in chronology ]

            • icon
              PaulT (profile), 18 Jun 2014 @ 12:32am

              Re: Re: Re: Context counts in criminal trials

              If you use the terminal, the ability to edit the MAC is also a standard function of OSX. Depending on the NIC driver, you can also do it through your advanced network properties tab in Windows.

              Of course, they'll probably argue that simply knowing where these things are and editing them constitutes hacking, even if the OS allows you to do it with no further work from yourself...

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 18 Jun 2014 @ 6:22am

                Re: Re: Re: Re: Context counts in criminal trials

                Of course they will. After all, they consider changing the URL to be hacking, don't they?

                link to this | view in chronology ]

        • identicon
          Anonymous Coward, 17 Jun 2014 @ 12:07pm

          Re: Context counts in criminal trials

          But "switching MAC addresses" is a "standard feature, enabled by default by the manufacturer, on his laptop." He didn't have to write any code, or hack the operating system to change the Mac address. Its an option that is available to anyone using an off the shelf laptop.

          link to this | view in chronology ]

          • identicon
            Scote, 17 Jun 2014 @ 12:11pm

            Re: Re: Context counts in criminal trials

            "He didn't have to write any code, or hack the operating system to change the Mac address. Its an option that is available to anyone using an off the shelf laptop."

            Entering stolen passwords (not that Swartz did that) would be utilizing a "standard feature" without writing any code, too. Yet doing so would be evidence of hacking. *Context* matters. Changing MAC addresses isn't inherently criminal, but if you can show that it was specifically done to avoid network security measures (and I'm using that in the broad sense) then it can be evidence that the person doing that knew they were doing something they weren't supposed to be doing on the network.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 17 Jun 2014 @ 12:32pm

              Re: Re: Re: Context counts in criminal trials

              Okay, so you agree that the "standard feature" isn't the reason that what apple is doing is different then what Aaron did. Then we dive into the why Aaron did it and why Apple is doing it. In this case Apple seems much more malicious. Apple is stating that they wan't to avoid detection. Aaron was doing it to trouble shoot a network issue (granted, that was caused by the university).

              There is nothing about a MAC address not working on a network that indicates a security reason, its just not working. The fact that changing a MAC address is as easy as it is, would indicate that a MAC address blocking is not be a security measure.

              link to this | view in chronology ]

        • icon
          Beta (profile), 17 Jun 2014 @ 1:07pm

          Re: Context counts in criminal trials

          "[I]n a criminal trial about whether his attempts to access those documents on a network were criminal, any extra steps he used to avoid the network security could be used as evidence against him, that he was taking extra steps to get around security that was designed to stop an individual from doing what he was doing on that specific network."

          If he took steps to circumvent barriers, and those steps were of themselves criminal, then those actions were themselves criminal, not evidence about something else.

          If those steps were not criminal in and of themselves, then I don't see how taking them was evidence of anything except ingenuity (which, I'll grant you, is being slowly criminalized).

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 18 Jun 2014 @ 8:00am

          Re: Context counts in criminal trials

          When a watch company puts an intended scratch on a device, it is DRM, preventing the watch to be sold outside of normal channels.

          But, when I accidentally scratch my watch and try to get a refund, or sell it, it is illegal.
          ---

          When my garage door opener stops working, and I need a new one, and I go to a competitor for a replacement door (or Arduino)... that is DRM...and illegal?

          ------
          No, I disagree. This is called innovation and progress...and DRM is flawed.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 18 Jun 2014 @ 7:31pm

          Re: Context counts in criminal trials

          That's right and covering your face momentarily is not an indication of illegal conduct, per se. However, when Swartz did it for the purpose of concealing his identity as he committed breaking and entering, it is.

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jun 2014 @ 4:08pm

        Re: Re: The context is different

        So now that Apple has revealed it's criminal tendencies what is next bank robberies?

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Jun 2014 @ 7:38am

        Re: Re: The context is different

        No, he was spoofing MAC to bypass mac-based access control function s on a lan.
        There's a large difference between doing it on a private network to get around (weak) security and rotating what you present to random public access points.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 18 Jun 2014 @ 8:02am

          Re: Re: Re: The context is different

          what he did is equivalent of

          going to the store, and buying a product where it says "Limit 2";
          putting on sunglasses, and doing it again
          putting on a hat, and doing it again

          link to this | view in chronology ]

    • icon
      Trails (profile), 17 Jun 2014 @ 12:01pm

      Re: The context is different

      Swartz was spoofing MAC addresses at a single location to gain connections he would have been denied without spoofing. Apple is rotating MAC addresses on a mobile device to make it harder for any person or company with a wifi router to track the mobile device user.


      Nope, disagree completely. Network admins were tracking and blocking Aaron by MAC address.

      Apple rotates MAC addresses to prevent tracking, a PREREQUISITE to blocking.

      It's exactly the same thing.

      link to this | view in chronology ]

      • identicon
        Scote, 17 Jun 2014 @ 12:08pm

        Re: Re: The context is different

        No, not the same thing. He was *on their network* and they wanted him off. That is not the same thing as tracking mobile users who are *not on your network* by their WiFi automatically scanning for hot spots.

        link to this | view in chronology ]

        • identicon
          Bengie, 17 Jun 2014 @ 2:08pm

          Re: Re: Re: The context is different

          He was on a publicly accessible network and accessing publicly available works. Any Joe Schmo off the street could have to to the central office and asked for permission as this was the school's policy.

          The only thing different is he change his MAC address and attempted to download a lot of works at once via a high speed connection that he shouldn't have used.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 18 Jun 2014 @ 5:57am

            Re: Re: Re: Re: The context is different

            No. MIT has a public network and a private network. Anyone can use the public network or if you have a legit need, you can sign up for access to the private network which you have to agree to their terms of service. Apple is preventing private networks from getting access about you without agreement; Aaron either agreed to terms of service which he then ignored them or used a private network without proper permission. He broke the law. You can argue that it should not be against the law but he did break the law. If you can't do the time, don't do the crime.

            link to this | view in chronology ]

            • identicon
              Michael, 18 Jun 2014 @ 7:29am

              Re: Re: Re: Re: Re: The context is different

              It is a bit more complicated than that.

              What Aaron did, he was AUTHORIZED to do on a smaller scale. He had access to the system and was allowed to download the documents, but the system was designed to limit how many of them he could really get for a given time period (I don't remember the specifics). He noticed that the system determined the limit based on the MAC address that was accessing it and he worked around that limit by rotating his MAC address.

              This technical measure was, in fact, a violation of the TOS, but seems hardly worthy of prosecution for hacking.

              link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2014 @ 11:38am

    Apple recently announced that iOS 8 will have randomized MAC addresses to better protect people's privacy.
    While true, this is misleading. The random addresses are only used while scanning, and the usual (static) MAC is used once connected. It wouldn't have helped Swartz bypass anything.

    I hope this is just the beginning and Apple will eventually use random addresses all the time. There are 46 randomized bits, so collisions won't be a problem until there are several million devices in the broadcast domain (and then you'll have bigger problems than address collisions).

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2014 @ 1:22pm

      Re:

      "There are 46 randomized bits, so collisions won't be a problem until there are several million devices in the broadcast domain (and then you'll have bigger problems than address collisions)."

      Actually that's not quite correct. Vendors are supposed to use specifically unique addresses per device, but of course this has long been forgotten. I've run across several instances with specifically an HP laptop and HP Desktop using the same address and crashed a vlan, as well as two Linksys routers having the same MAC Address and take out a satellite link. Most network admins in large campus situations have experienced the same, I'm sure of it. And if you've ever run VMware ESXi, remember to change your vCenter ID per node....

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2014 @ 5:32pm

      Re:

      If you hook in Duplicate Address Detection or similar to the rotation, you could detect the collision and rotate the address again; a couple of rotations would be more than enough to find a non-colliding address.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2014 @ 12:03pm

    as the first comment days t

    link to this | view in chronology ]

  • icon
    Roger Strong (profile), 17 Jun 2014 @ 12:16pm

    Prosecutor Spoofing

    Turnabout is fair play. The Justice Department has been doing prosecutor spoofing.

    Sure, in reality the Justice Department's prosecutor swear to uphold the law and the Constitution, base their actions on ethics, rationality and blah blah blah.

    But just like "MAC spoofing is perfectly reasonable to do at times" - making your device appear like an entirely different device - it's perfectly reasonable for the country's Justice Department to appear to be from an entirely different country.

    And so Aaron Swartz and others often get a what appears to be a Justice Department that appears to be from a totalitarian dictatorship. One which also which also leaves the wealthy and those in the secret police untouched.

    Because prosecution is so much easier when you have the power to leave the accused wondering what country they're in.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2014 @ 1:02pm

    He used TCPIP and FTP through CAT5 two-way data communication cable or 2.4GHz IEEE 802.11n omni-directional mobile data connection to engage in malicious data copying and archiving with intent to distribute, and even had the audacity to store it on a NTFS Data Storage Partition to hide the evidence. He clearly knew what he was doing.

    link to this | view in chronology ]

    • icon
      Beta (profile), 17 Jun 2014 @ 1:16pm

      Re:

      I'm pretty sure you're not serious, but... "malicious data copying" really gives rise to some hilarious mental images.

      My favorite so far is similar to the Comfy Chair torture in Monty Python's "Spanish Inquisition" sketch, but in a "Tron" setting, and with Vincent Price if at all possible.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jun 2014 @ 1:21pm

        Re: Re:

        It was more of an example of how something completely legitimate can be construed to mean something criminal by using scary jargon that common people don't understand.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2014 @ 1:17pm

    Does this make it illegal to use an iPhone?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2014 @ 1:23pm

    Even with mac spoofing, they can still track you

    Whenever it's not connected to a wifi network, your ios device sends out beacons to every wifi network you've ever connected to -- ie, "Network A, are you out there?" "Network B, are you out there?"

    The collection of named wifi networks you've connected to more accurately identifies you than your mac address does, so mac spoofing does very little for that. Target uses this wifi-beacon approach, and probably does that to aggregate members of a household together.

    Now, if Apple would let you delete saved info for wifis you've connected to in the past *even when you're not currently connected to them*, that would be useful.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Jun 2014 @ 5:40pm

      Re: Even with mac spoofing, they can still track you

      Whenever it's not connected to a wifi network, your ios device sends out beacons to every wifi network you've ever connected to -- ie, "Network A, are you out there?" "Network B, are you out there?"


      Does it really do that? If it's like Android (and I'd guess it is), it'll only sends these probe requests if you added the network by its name (that is, it was a "hidden SSID" network) instead of choosing the network from the list of visible networks.

      One more reason to never hide your SSID, by the way.

      If you want to take a look, Wireshark has a mode where it captures raw 802.11 packets. It's very instructive to look at the beacons and probe requests around you. Turn on your phone's wifi while sniffing and you'll see the probe requests.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 17 Jun 2014 @ 6:07pm

        Re: Re: Even with mac spoofing, they can still track you

        In fact, I just tried it with an Android phone (no Apple device nearby for me to test). The result was as I expected: a few probe requests with the "broadcast" (zero-length) SSID, followed by it connecting to a known SSID from the probe responses.

        link to this | view in chronology ]

  • icon
    John Fenderson (profile), 17 Jun 2014 @ 2:13pm

    Good

    I've been spoofing random MAC addresses for years, for exactly the reason Apple gives for doing the same. I'm pleased that I might not be considered a black-hat for doing do.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2014 @ 2:25pm

    Swartz's MAC address changed when he switched from wireless to wired. That's not spoofing, that's what normally happens when you stop using one network interface and start using another.

    link to this | view in chronology ]

  • icon
    Derek Kerton (profile), 17 Jun 2014 @ 2:53pm

    A Neat Trick

    The problem here is the same as the misunderstanding about the East Anglia University emails the climate change scientist sent using the term "a neat trick". The word "trick" is picked up by people outside of science in the "tricky Dick" sense, not the "solution to a math problem" sense.

    Similarly, MAC spoofing is something that sounds nefarious, because of the word "spoof", but is really just a way to get some privacy, or to get services on a second device that were provisioned for your first device.

    Some people just don't understand the use of jargon inside of a trade or community. These same people would think card players are cheating at Gin when they win a "trick", or that they are The Donald when they play a "Trump" card.

    link to this | view in chronology ]

  • identicon
    zip, 17 Jun 2014 @ 3:04pm

    It's not just privacy issues

    Many public wi-fi networks time-out and require users to re-login on a regular basis. This can mean that files in the process of downloading can be irretrievably lost when the wi-fi connection cuts out and switches to a login screen.

    But there is an easy way around this problem. Spoofing your MAC address (and re-logging in) before starting a new download resets this clock, thereby giving you the full uninterrupted period that the "gatekeeper" software allows.

    link to this | view in chronology ]

    • identicon
      Scote, 17 Jun 2014 @ 3:32pm

      Not really a good argument that spoofing is innocent.

      What you are describing is how to spoof your MAC address so that you won't be limited by the deliberate limitations of a free WiFi Hotspot. That really isn't an example that demonstrates the legitimacy of MAC address spoofing but rather the opposite. If the WiFi hotspot wanted you to be able to stay logged in they wouldn't have configured the connection they way they did.

      Your advice may be practical and expedient, but it is an example that is in line with what Swartz was doing, knowingly working around deliberate limitations of the network.

      link to this | view in chronology ]

      • identicon
        zip, 17 Jun 2014 @ 5:24pm

        Re: really a good argument that spoofing is innocent.

        Using a change of MAC address to force a public wi-fi's timed re-logins to occur earlier, when they're most convenient for me rather than following the preset cutoff schedule (dictated by the wi-fi router setup) is an appropriate and legitimate use of MAC spoofing. It's not cheating 'the system' in the slightest -- in fact, it's helping the system, by eliminating the need for me to re-download files that got cut off the first time around due to an unexpected disconnection. So I save time - and they save bandwidth - so it's a win-win situation all around.

        link to this | view in chronology ]

        • identicon
          Scote, 17 Jun 2014 @ 6:05pm

          Right...

          Right...because free public WiFi is totally made for you to download files from the internet that are so large that they may time out. It isn't like they might have set up the automatic log outs to discourage people like yourself from using the network to download giant files or anything...

          /s

          link to this | view in chronology ]

          • icon
            Beta (profile), 17 Jun 2014 @ 7:45pm

            Re: Right...

            Sarcasm doesn't really work when the position you're mocking makes more logical sense than the alternative.

            link to this | view in chronology ]

            • identicon
              Scote, 17 Jun 2014 @ 7:55pm

              Re: Re: Right...

              Soo, tell me why you think zip is downloading so many large files through an unsecured WiFi connection that they need to spoof their MAC address to reset the connection between downloads? There are certainly legit reasons to down load large files, but I have to say that I wouldn't be surprised if zip has some reason for using public WiFi and MAC address spoofing. Zip's explanations really aren't the best example to suggest that there is nothing possibly nefarious about MAC address spoofing.

              link to this | view in chronology ]

              • icon
                Beta (profile), 29 Jun 2014 @ 6:47am

                Re: Re: Re: Right...

                There is so much wrong with your question I'm not sure where to start. According to Zip's description, first there is no need to reset the connection, it's just a good practice. Second, interruption can occur in any download, even if it isn't a large file. Third, it has nothing to do with how many files (large or small) there are. Fourth, Zip's motives for downloading these files have nothing at all to do with the problem of interruption or the solution that involves changing the MAC address. Fifth, yes indeed, Zip has "some reason" for using MAC address spoofing (a misnomer in my opinion), as Zip has explained to you at least twice, and maybe some reason for using public WiFi (as many people do or it wouldn't exist). Sixth, if you are moving the goalposts to "nothing possibly nefarious" then no evidence will convince you and no technology, medium, practice, or hobby can ever be entirely free of sinister overtones. Seventh, simple statements of fact and clear logic don't seem to make any impression on you, even with repetition (so I doubt that this comment will make any headway).

                P.S. Sorry to take so long replying-- I didn't check this thread for replies because I honestly didn't think you'd keep at it.

                link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Jun 2014 @ 9:35pm

    Different laws for different folks.

    Different laws for different folks. They're getting to where they don't even try to hide it anymore.

    link to this | view in chronology ]

  • identicon
    Ian, 18 Jun 2014 @ 4:08am

    Putting it into Context

    Sounds a lot like "That's not a bug, it's a feature."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Jun 2014 @ 1:34pm

    The article doesn't say what was done was illegal, just indications (or proof) that he knew what he was doing was illegal. Those are two different things.

    Is hiring a lawyer when asked to speak to police? Of course not, but some police (maybe most) would wonder why you would need a lawyer if you were not guilty?

    Things can be legal or illegal depending on context. A cop carrying a gun isn't illegal, but a NJ cop was charged with unlawful possession of a handgun (her service revolver) when she got drunk and emptied it out into someones car.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Jun 2014 @ 4:05pm

    NO NO NO NO NO Apple Devs!!! NO! BAD DEVS!

    This needs to be an option that is chosen by admin....esp if we have a mixture of BYOD and Company Devices (we use MAC filtering, and DHCP reservations to filter which devices are allowed access to the Internet. )

    link to this | view in chronology ]

  • identicon
    Mark Rodgers, 23 Jun 2014 @ 7:09am

    Isnt this kinda like having an LED license plate on your vehicle and using a random number generator while driving, but only your real license plate number while parked?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.