Lets chat about PineNumbers!

[telot]

Good day my fellow pineapplers!

I'm very curious about the pinenumbers feature. Why would we want anyone (even you Seb/Darren) to track usage on a device that is so easily (and dare I say commonly?) used for illegal/semi-legal things? The very nature of the pineapple is grey-hat at best. Its purpose-built to take advantage of inherent trust vulnerabilities and exploit them. This is great for pentesters, but not everyone who buys/uses a pineapple is a pentester.

I know, I know, theres plenty of disclaimers about not using it for nefarious activities - which protects you guys very well. You certainly need these boilerplate statements when building/supporting this kind of device. But what protects us, the consumers? I understand you're want for usage statistics, just like any dev - you can build better future products and continue to increase functionality in a more efficient way with your current products. With this type of device, with this market you're in, with these privacy-paranoid customers that you have...it just doesn't make sense in my brain. Tell me, why would I allow that on my pineapple?

My second argument is that of contactual privacy afforded to my customers. Say I use the pineapple for legal pen testing as I should, and say I am pentesting a fortune 500 company or even better, a government institution. What happens on a pen test, stays in a pen test. By contractual obligation I can only share the results of the pen test with my customers in their status reports and final report. By allowing the pineapple to send usage statistics and other metrics (even anonymous ones) to the cloud, the pineapple would break that trust I have with my customers and infringe on the contracts I've signed and get paid for.

I understand theres going to be an opt-out function in the gui (and I hope cli support as well) - but I thought I'd explain myself as to why I won't be participating with some of my pineapples. My test pineapples, the one I play with at home, the one I use to rick roll my friends - I will surely leave on for your metrics. Ones that are actually used on jobs, I'm afraid I just can't, and I hope you understand. I'd love to begin a dialog about this, so please let me know your thoughts. Thanks everyone!

telot

[Sebkinne]

Hey everyone,

Let me reply to Telot's post in chunks:

I'm very curious about the pinenumbers feature. Why would we want anyone (even you Seb/Darren) to track usage on a device that is so easily (and dare I say commonly?) used for illegal/semi-legal things? The very nature of the pineapple is grey-hat at best. Its purpose-built to take advantage of inherent trust vulnerabilities and exploit them. This is great for pentesters, but not everyone who buys/uses a pineapple is a pentester.

I see what you are saying here. Being tracked is usually seen as a bad thing. Now, I should say that YOU aren't being tracked. We are talking about getting information such as:

-How many pineapples are out there?

-How many are on XYZ firmware?

-How long do people wait until they update?

The reason PineNumbers are useful here is because it eliminates duplication.

I know, I know, theres plenty of disclaimers about not using it for nefarious activities - which protects you guys very well. You certainly need these boilerplate statements when building/supporting this kind of device. But what protects us, the consumers? I understand you're want for usage statistics, just like any dev - you can build better future products and continue to increase functionality in a more efficient way with your current products. With this type of device, with this market you're in, with these privacy-paranoid customers that you have...it just doesn't make sense in my brain. Tell me, why would I allow that on my pineapple?

You are right. There are plenty of disclaimers. I don't think I need to expand on this point as I have given my opinion on this a few times.
In regards to why we want the statistics, you are exactly right. You said it yourself, to make better products, streamline features etc etc etc. Why would you allow that? Well.. think about that for a second ;)

My second argument is that of contactual privacy afforded to my customers. Say I use the pineapple for legal pen testing as I should, and say I am pentesting a fortune 500 company or even better, a government institution. What happens on a pen test, stays in a pen test. By contractual obligation I can only share the results of the pen test with my customers in their status reports and final report. By allowing the pineapple to send usage statistics and other metrics (even anonymous ones) to the cloud, the pineapple would break that trust I have with my customers and infringe on the contracts I've signed and get paid for.

As I said, I think this is.. well, simply not accurate. I am not sure what you understand under usage statistics, but as I stated above it would be in a very simple format. It would not really have anything to do with what / why you are using it. I doubt that what version of the pineapple you are using is under a NDA through any contract. If so, well.. there is always the way to turn it off. But as I said, data we would collect has NOTHING to do with data from a pentest / the customers / the user (well, not really, maybe firmware preference?).

I understand theres going to be an opt-out function in the gui (and I hope cli support as well) - but I thought I'd explain myself as to why I won't be participating with some of my pineapples. My test pineapples, the one I play with at home, the one I use to rick roll my friends - I will surely leave on for your metrics. Ones that are actually used on jobs, I'm afraid I just can't, and I hope you understand. I'd love to begin a dialog about this, so please let me know your thoughts. Thanks everyone!

There will be a way to opt out of it. GUI and CLI (of course ;) ). I appreciate that you took the time to discuss and explain your opinion. I hope that my reply was able to change your mind at least partly.

As I have said before, statistics are based on the device and not the user. A different deal are extra services we may (or may not) include at some later point. For those aspects, consider the PineNumber as a serial number. We will use it along with other credentials to match devices with accounts and be able to target account based things onto specific devices. If you dislike that idea the solution is simple - don't use those services. We do have some pretty great things in the works that could be very interesting for people - more information when we are further in the project. Maybe then PineNumbers will make more sense.

All the best,

Seb

[ShadowBlade72]

I'd be okay as long as tracking is limited to basic things such as what you listed:

-How many pineapples are out there?

-How many are on XYZ firmware?

-How long do people wait until they update?

What I don't want to see happen is the Pineapple ends up like the new Cisco routers with their "Smart Wi-Fi". Where you're required to have an account registered on their cloud service to use your device. Then on top of that you have to authorize them to track all of your activity and agree they can brick your device if they don't like what you're doing.

I think people would be more comfortable with this if it were an "Opt-In" function. When you upgrade your firmware it'll ask you if you'd like to opt into the program. If you select yes, it'll remember that forever and not ask you again. If you select no, it won't bother you until you upgrade your firmware again.

Just my $.02

[NullNull]

I think people would be more comfortable with this if it were an "Opt-In" function. When you upgrade your firmware it'll ask you if you'd like to opt into the program. If you select yes, it'll remember that forever and not ask you again. If you select no, it won't bother you until you upgrade your firmware again.

+1 from me

[Sebkinne]

I'd be okay as long as tracking is limited to basic things such as what you listed:

-How many pineapples are out there?

-How many are on XYZ firmware?

-How long do people wait until they update?

What I don't want to see happen is the Pineapple ends up like the new Cisco routers with their "Smart Wi-Fi". Where you're required to have an account registered on their cloud service to use your device. Then on top of that you have to authorize them to track all of your activity and agree they can brick your device if they don't like what you're doing.

I think people would be more comfortable with this if it were an "Opt-In" function. When you upgrade your firmware it'll ask you if you'd like to opt into the program. If you select yes, it'll remember that forever and not ask you again. If you select no, it won't bother you until you upgrade your firmware again.

Just my $.02

I dislike the word tracking. We aren't really planning on tracking anyone / anything. Once we do add a statistics reporting feature you will be told exactly what and how it is reporting it in the changelog of the firmwares. It will be as transparent as possible to avoid any false ideas about what we are trying to do.

The pineapple will not require an account with our cloud to run / function / be what it is. However it IS possible that we add cloud services at some point. Don't worry though, they will not affect the normal use of the pineapples but rather, these services would allow you to do some pretty awesome stuff that some users may or may not want to take advantage off. The only way to make these mysterious services work is by registering and using something to identify your devices, such as PineNumbers. But this is something for the future and is still a bit away. We will make sure to keep you all informed.

About the Opt-in vs Opt-out, that is something we haven't decided yet. Sadly it isn't as easy as saying "Opt in forever". For that to be possible on the first boot we would need to check your pineNumber against our servers. That is exactly what you wouldn't want. The way this is planned is as follows:

1. Update your 2.7.X firmware to 2.8.X/2.9.X (Statistics will most likely be added in 2.8.9/2.9.0).
2. Your pineapple will reboot and once it is back up the statistics reporter will wait for a connection.
3. Once a connection is available, it will report to the cloud servers.
4. The cloud servers respond and on a successful response the statistics reporter will disable itself.
5. Once you upgrade your firmware again, this disabling will removed and we go back to point 1.

We will need to see where it is easiest / best to add the opt-out / opt-in. Of course I prefer the opt-out method as people tend to leave those type of settings alone. If it is off, why turn it on. But as I said, this needs more thought and will hopefully satisfy everyone.

[airman_dopey]

I agree with a lot of the people here. I am relieved a bit knowing that it is a one time connection when upgrading the firmware. Imagine the troubles it could cause if you're on a pentest with your device trying to phone home. However, I do feel this feature should have a conspicuous way of viewing the report prior to sending; maybe having to scroll to the bottom of it to send it.

I think we can speculate this until we're blue in the face, but I for one will sit and wait to see the actual update before I base any final opinions.

[Sebkinne]

I agree with a lot of the people here. I am relieved a bit knowing that it is a one time connection when upgrading the firmware. Imagine the troubles it could cause if you're on a pentest with your device trying to phone home. However, I do feel this feature should have a conspicuous way of viewing the report prior to sending; maybe having to scroll to the bottom of it to send it.

I think we can speculate this until we're blue in the face, but I for one will sit and wait to see the actual update before I base any final opinions.

Checking to see if we have a valid connection is non obtrusive. It would happen in the background and would only send if it has a connection. It would not spam to keep trying.

Also, viewing the report is..well, kind of pointless. Why? This is pretty much all we take:

{['PineNumber': 'version']}

So as you can see, that really isn't a lot of information. About 69 bits if I am not mistaken..

Anyway, we will see what happens. I am happy to hear and consider every ones opinions, so keep it coming!

I do hope that people understand why we want to collect the data and what we collect.

[telot]

I didn't realize it was only upon upgrading. That clears up a great number of my concerns. Thanks again for being so frank and open with us Seb - as I'm sure you can tell, we really do appreciate it.

telot

[Mr-Protocol]

I think it's a great idea personally. I know Seb and I talked about it a while back. I would love to know how many pineapples (with updated firmware) are uniquely out in the wild and what versions are out there. If nothing else, can show growth of the project and how large it really is. Currently there is no way to accurately determine how many pineapples are in the wild.

I think it would be cool to possibly have an "Opt In" module for maybe making an online map for geo-locating pineapples to maybe find fellow Hak5 around your area, or other things to that extent. But as a default "This is a pineapple running Vx.x.x firmware with this unique ID" should be an "Opt Out" type of thing in my opinion. Anything other than just some baseline stats should be an Opt In.

I have been meaning to post in this thread but have become rather busy with current events. I'm always up for a chat about it on a google hangout or IRC if you catch me online.

[digininja]

If we did want to track more than just the version then my suggestion is to do something like the Debian Popcorn project.

This is a package that is installed (so opt-out by default as you have to explicitly install the package) but when installed it can be used to report info about the installation back to a logging server.

For more info see http://popcon.debian.org/