Actions

Hostnames

From Whonix


Hostnames.jpg

Introduction[edit]

Computers are given hostnames for a number of good reasons. For instance, this is particularly useful for computers which operate on a network, as administrators and users are then able to ping computers, remotely connect to the computer, mount computer disks, and conduct other relevant activities. Naming conventions for computers are usually left to the individual, and may either comprise random chosen selections (“MrBig”, “coffeelover”, “Qubes-Whonix ™Rocks” etc.), or default values that comprise information such as user name, login name, and device brand / model / make.

In the case of smaller devices like smart phones, these usually have manufacturer-assigned names which are either generic (“Samsung Phone”) or completely unique (“android_f7s89f8ir78etywt”), and may contain information such as the brand name, language used, and the name of the device owner. In many cases, hostnames cannot be changed - or at least not without “rooting” the device. [1] In the case of Whonix ™, the hostname is always set to "host". [2] [3]

Privacy Risks[edit]

The hostname given to a user’s home computer or device can be leaked via a number of protocols, posing a privacy risk depending on the specificity of the naming convention. Vulnerable protocols which may leak the hostname include, but are not limited to: [1] [4]

Disclosure of information is particularly problematic for mobile devices, since adversaries that monitor remote networks (like Wi-Fi hotspots) are able to obtain the hostname via passive monitoring, or active probing using a variety of Internet protocols. In combination with traffic analysis, adversaries that can obtain a hostname may be able to extract information that identifies the particular device and its properties; potentially revealing unique individuals utilizing the device. [1]

Even if generic names are used for hostnames such as “pinkrose” or “linuxfan”, the possible identity of the user is narrowed significantly to a much smaller subset, particularly when combined with data on sites that are visited. This may quickly lead to user identification because hostname disclosure allows for tracking of the computer or device across many domains, and one-time exposure of the user via clearnet traffic can inform databases which link unique hostnames to user identities.

As a further example, consider an adversary that is tracking users connecting to a specific Wi-Fi hot spot in an airport. After retrieving the hostname of a particular user “ABSmith”, and observing VPN connections to the Apple corporate network, the two pieces of information reveal that Mr Smith is the owner, and is an employee of Apple.

Recommendations[edit]

Obviously a generic hostname is advisable, but in practice, there are limited other solutions available at present. One is to turn off any protocols that are not strictly necessary and which leak hostnames, particularly when insecure places are visited. This reduces the attack surface, but is impractical for certain protocols; for example, DHCP is necessary for Internet connectivity and many services depend on protocols such as mDNS. Another option is to use different hostnames for different purposes, rather than relying on a global hostname - this option is available on some OSes. Ultimately, a randomized hostname protocol is necessary to protect privacy, similar to methods utilized for MAC addresses. [1]

References[edit]



Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg Hacker.news.jpg 200px-Mastodon Logotype (Simple).svg.png

Please consider a recurring donation! Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.