nanog mailing list archives
Re: ISP customer assignments
From: Valdis.Kletnieks () vt edu
Date: Mon, 05 Oct 2009 23:42:32 -0400
On Mon, 05 Oct 2009 20:40:28 EDT, TJ said:
Isn't this really a security by obscurity argument?
No - security through obscurity is "security measures that only seem to work because you hope the attacker doesn't know how they are implemented". In this case, making sure somebody else can't aggregate data about you is more akin to making sure somebody else can't obtain your password. In this case, you're making it harder for the attacker because they *do* know how the security measure works - if you're IP-address hopping or using RFC4191 privacy, then they know they have to find other means to do the tracking.
Making it a bit harder for the attacker, relying on 'Eve' just not realizing who I am?
Actually, yes. If you're the type of person that is careful not to accept website cookies to prevent cross-session and even cross-website tracking, you probably don't want to make it easy for Multi-click or whoever to do their tracking by having an IP address that shouts "Hey I'm the same laptop that was in the Starbuck's in Chicago last Tuesday". That isn't making it a little harder, it's making it a *lot* harder. And there's something to be said for Eve just not realizing who I am - the only reason my father's family made it to the US was because a Soviet border guard didn't realize my grandfather was on a "take in the forest and shoot on sight" list. So sometimes being able to keep Eve from making that correlation is literally a life-or-death issue.
Most of those concerns are in fact mitigated by a well implemented Privacy implementation
Which is why I started off by mentioning RFC4191. ;)
Attachment:
_bin
Description:
Current thread:
- RE: ISP customer assignments, (continued)
- RE: ISP customer assignments Brian Johnson (Oct 05)
- Re: ISP customer assignments Chuck Anderson (Oct 05)
- Re: ISP customer assignments William Herrin (Oct 05)
- Re: ISP customer assignments Ricky Beam (Oct 05)
- Re: ISP customer assignments Dan White (Oct 05)
- Re: ISP customer assignments Valdis . Kletnieks (Oct 05)
- Re: ISP customer assignments Dan White (Oct 05)
- Re: ISP customer assignments Ricky Beam (Oct 05)
- Re: ISP customer assignments Dan White (Oct 06)
- RE: ISP customer assignments Brian Johnson (Oct 05)
- RE: ISP customer assignments TJ (Oct 05)
- Re: ISP customer assignments Valdis . Kletnieks (Oct 05)
- Message not available
- Re: ISP customer assignments Dan White (Oct 06)
- Re: ISP customer assignments TJ (Oct 06)
- Re: ISP customer assignments James Hess (Oct 06)
- Re: ISP customer assignments Michael Dillon (Oct 08)
- Re: ISP customer assignments Steven Bellovin (Oct 05)
- Re: ISP customer assignments Owen DeLong (Oct 05)
- Re: ISP customer assignments Michael Thomas (Oct 05)
- Re: ISP customer assignments David Andersen (Oct 05)