XPost: misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Chris wrote:   
   >> Too trivial, in fact.   
   >> Anyone can do it.   
   >   
   > Let's remind ourselves of what your original claim was:   
      
   Your call if you wish to remain civil and discuss this at an adult level.   
      
   What happened on my side was:   
    a. I'm aware of WPS (google, mozilla, WiGLE, etc.)   
    b. All of whom respect my opt-out wishes for privacy   
    c. Yet, I recently read the paper by Eric Rye about Apple's WPS system   
       (bolstered by summaries from the likes of Brian Krebs and others)   
      
   Suffice to say:   
    1. I was appalled at the shocking privacy implications of Apple's WPS   
    2. Which is different from all the others in shocking insecure ways   
    3. So, I tested out Apple's WPS database by modifying FOSS scripts   
       (and writing a few of my own, e.g., to compare location changes)   
      
   After spending *years* opting out of WPS databases, I almost had a heart   
   attack when I found I was in Apple's WPS DB, for all the world to see.   
      
   I don't have any special coding skills, but I was able to do almost   
   everything the reviewers claimed could be done, which I characterized as   
   trivial to do.   
      
   The fact I did it, is legitimate proof that it's trivial to do, in fact.   
   Which is the one of the most scary parts of all, is it not?   
      
   What's even more scary is the mere fact I'm in the database, even though I   
   followed every Apple public directive to opt out, means Apple does not   
   follow their own privacy policy.   
      
   That's legally, ethically & morally wrong, in my humblest of opinions.   
   Currently, I'm trying to get Apple to reverse that decision.   
      
   If/when I'm successful, I will have protected the privacy of millions.   
      
   >>> Let's just say California wanted to find all the people who moved from   
   >>> California to Florida who retired to ask them to pay their 401K taxes.   
   >>>   
   >>> It would be trivial, using Apple's WPS system, to find everyone in any   
   >>> given county in Florida who recently moved there from California.   
   >   
   > It's been two weeks since I challenged you to compete this "trivial" task.   
      
   I already proved it, Chris.   
   I provided you with they code, in fact.   
      
   So even you can prove it to yourself.   
   The fact you don't understand the proof doesn't mean it's not trivial.   
      
   And besides, it's a red herring for you to make me prove that I can do what   
   is OBVIOUS anyone can do with the data, and which the papers said they   
   could do.   
      
   Your only goal is to defend Apple to the death, no matter what, using the   
   first inanely absurd excuse that you can think of to defend Apple's WPS.   
      
   What you're asking me is to track people I have no intention of tracking.   
   Just be3cause you're desperate to defend Apple to the death, no matter   
   what.   
      
   That's not what adult discourse is all about, Chris.   
    a. It is trivial.   
    b. Everyone who ran the code knows it's trivial.   
      
   For you to claim otherwise, likely means you haven't run the code yet.   
   Run it.   
      
   Then tell us what you think of it.   
      
   > TBF you have done more than I thought you would. However, it is nowhere   
   > near being able to trace any californian who may have moved to florida for   
   > the purposes of chasing them for taxes solely by their router.   
      
   Ah, but it is.   
   You think I can't run my own code, Chris?   
      
   I can start with my own BSSID, for example.   
   And then radiate outward from there.   
      
   It's trivial.   
   Anyone who ran they code knows that.   
      
   Run the code.   
   Then tell us it can't do what it does.   
      
   > It's quite clear that:   
   > a) it is not trivial   
   > b) you've proved nothing new   
   >   
   > As a side note, it is quite hypocritical of Donald to claim that MAC   
   > addresses are private information which identifies people directly and then   
   > to post hundreds of real ones all over usenet. Why would he choose to   
   > violate people's privacy like that?   
      
   Well, if you think the code, which is trivial to run, is not trivial to   
   run, then you're simply proving a different point than whether or not it's   
   trivial.   
      
   Even Apple didn't deny my claims (in my emails to their VP & back).   
   Neither did Brian Krebs (of Krebs Security) nor Mozilla Security.   
      
   Certainly the researchers and the articles about it didn't deny this.   
      
   Only you deny that it can be easily done.   
    a. Just you.   
    b. Nobody else.   
      
   Since nobody but you claims that it can't be easily done, all you're really   
   telling us is that no adult conversation is possible with people like you.   
      
   Your only goal is to defend Apple to the death, no matter what, using the   
   first insanely absurd excuse that you can think of to defend Apple's WPS.   
      
   For you to claim otherwise, likely means you haven't run the code yet.   
   Run it.   
      
   Then tell us what you think of it.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)