The growing popularity of Google and other online service portals, has moved a number of user services to central aggregated locations where users can check their RSS feeds and email. Although this configuration changes the network fingerprint that is emitted by services it does not reduce the amount of information that is leaked. For example, the Google homepage includes links to personalized RSS feeds including the user's email address in plain text, which often points to a user's real identity, e.g., email@example.com. This information can be readily used to create very accurate user profiles since a tracker can intercept these unencrypted HTTP transfers.
The Dynamic Host Configuration Protocol (DHCP) is a ubiquitous protocol used for automating network configuration. Unfortunately, there is no privacy protection for DHCP messages, so an eavesdropper who can monitor the link between the DHCP server and requesting client can discover the information contained in this option. For example, the following snippet illustrates the kind of information that can be derived from a DHCP request. Information on the types of services and more importantly hostname information is made readily available to eavesdroppers.
Client IP: 10.50.16.205 Client Ethernet Address: 00:17:f2:40:61:65 Vendor-rfc1048: DHCP:REQUEST PR:SM+DG+NS+DN+NI+NITAG+SLP-DA+SLP-SCOPE+LDAP+T252 MSZ:1500 CID:[ether]00:17:f2:40:61:65 LT:7776000 HN:"alamak"
We collect and correlate the information derived from DHCP headers. In particular, we are interested in user-identifying information such as the user's hostname. This information might appear innocuous but is often linked to personal information such as the user's name or company information. Again, in this case we associate DHCP-derived information with the base station's ESSID.