Gadgets & Technology, Internet of Things (IOT), News

Individual names of computers compromise privacy

Individual names of computers compromise privacy
About Author
Christian Boas

Hostnames make especially mobile devices trackable and identifiable (Photo: XXX)

 

Computers – including smartphones – to name and use these in different networks endangers users’ privacy. Previously, researchers warn in a recent Request for Comments (RFC) of the Internet Engineering Task Force http://ietf.org. Because various Internet protocols give these so-called hostnames price. This could be used by attackers by looking for interesting names.

 

Internet name badge

For online data exchange, computers need unique names. In practice, very expressive names are often used that users have given to their devices. This is a problem.

 

“Providing a hostname to a computer and making it widely known when you are traveling from one network to another is the Internet equivalent of running around with a name tag,” the team warns.

 

Spies could in an extreme case come to which real person a device belongs – and whether it is thus an interesting espionage goal. If, for example, a laptop with the name “dthaler-laptop” is regularly connected via VPN to Microsoft’s corporate network, it would seem to suggest that it belongs to Dave Thaler, one of the authors of the RFC.

 

This would be of interest to attackers, as a software architect at Microsoft and a member of the Internet Architecture Board http://iab.org, Thaler is someone who could be a worthwhile undertaking. But also devices that do not directly contain a user name are a risk. For also terms such as “Jupiter” or “Rosebud” are references to the interests and thus the identity of the user.

 

Random names

Even the most abstract device name entails the risk that an attacker can track the use of a computer in different networks – which could quickly become a serious data protection problem with always supported smartphones. Of course, it would be good to repair Internet protocols that give hostnames. However, as a much more fundamental protection mechanism, Thaler and his co-authors propose in the work “Current Hostname Practice Considered Harmful”, however, in the future to random instead of fixed hostnames. This would make device tracking more difficult, regardless of whether all data leaks in all protocols are closed.

 

RFC “Current Hostname Practice Considered Harmful “: http://tools.ietf.org/html/rfc8117

 

To Top