‘Computer hostnames are harmful to privacy’

According to a request for comments, or rfc, from the Internet Engineering Task Force, the current use of hostnames for computers is injurious to privacy. There are a number of recommendations to change this.

The IETF document is not a specification of a new standard; it concerns a so-called informational rfc, which reflects the view of the organization. For example, the authors write that in current consumer networks, the distribution of host names is mainly performed by the users themselves. For example, the operating system may propose a name containing the name of a user or a login. This also occurs in business networks, according to the authors.

They cite another example, where an attacker can see that a VPN connection is made to Microsoft via a WiFi connection from a device with a last name in the designation. This makes it a lot easier to identify that person. The document lists a number of protocols that reveal names, including dhcp and dns.

The authors propose several ways to solve the problem. For example, people could be advised not to use the protocols that betray names in ‘unsafe’ places. A problem with this approach is that disabling is not always possible and it is often not clear when there is an increased risk. Another possibility is to change the different protocols themselves. The authors also consider this solution impractical, because some protocols are closed.

Finally, the most workable option seems to be changing the way platforms handle hostnames. For example, the authors point to the possibility of generating arbitrary host names, as is now also the case with MAC addresses in some cases. They recommend also changing the IP and MAC addresses of hosts with a changed name. Problems could also arise with this approach, for example in identifying the owners of shared network folders. Therefore, the authors recommend that more research be done on random hostname generation.