Kurtis Lindqvist wrote:
What is interesting is that people can identify a EUI-64 unicast address no matter where you are. For example, i use my laptop at work and at home (assuming I had an ipv6 connection at home). I could be identified as the same computer, without using cookies, since my base 64 address would be the same, despite the network prefix.
What I as external viewer could determine would that you where a computer that moved. From the frequency I could probably tell that you where a laptop. I would not tell me what would be home or work, and it would not say who you actually where.
You could determine this right now using a cookie and traceroute. And traceroute _could_ tell if you're at home or work (does your path lead into an ISP or a corporation?) and depending on the corporation, might yield enough information to do some simple human engineering and find out who you are as well. A traceroute may also indicate what part of the country you're in. Most ISP's group routers geographically and have somewhat descriptive names. So by looking at the trace, you can usually determine the state, and sometimes town, where the connection is coming from. (This isn't completely accurate, of course...) I don't see the advertisement of a Mac address to be any more or less secure than what we've got right now. Especially since most people do not disable cookies (since a lot of popular web sites don't work without them.) -- David