Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'reply to jonasyorg' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
reply to jonasyorg
Authored by: snoop on Jul 19, '05 12:03:04PM

jonasyorg, when I said that Bonjour does not give out user names, I was referring to the Bonjour protocol (mDNS-SD). No where in the Multicast DNS Service Discovery spec does it say to give out user names. The mDNS spec assigns your machine a dot-local name. That dot-local name does not need to be a user name. It can be anything you want. Just because in Mac OS X it defaults to your first and last name doesn't mean it must stay that way. Each application that uses Bonjour can do whatever it wants. If an individual application such as iChat decides to advertise a Bonjour service using your user name, then it can do that. However, it's also in your power to choose not to use that individual application. And guess what, disabling mDNSResponder doesn't prevent an application from revealing information about you. An application could embed the mDNSResponder code from Darwin directly into the application. Many Java applications that run on Mac OS X use an open source library called JmDNS to advertise services, and this library is embeded in the application and it doesn't use mDNSResponder. An application could also simply bypass mDNS and broadcast your information on its own using a custom protocol. Turning off mDNSResponder does not magically make your computer safe. On a default Tiger machine with no additional applications installed, if you don't want your name advertised by Bonjour, then change your Computer Name to something generic, and don't use Bonjour iChat. There, problem solved, and you can even use Bonjour Browser to prove it to yourself, however, the minute you install an application, there's a potential for it to advertise information about you. I'm not saying having this "disabling Bonjour" information out there isn't valuable. For example, it's valuable for application developers who want to verify that their application still works with mDNSResponder disabled. I was only recommending that most average customers will do more harm than good if they disable Bonjour. Many of these customers only use their Macs from home behind their own NAT, and so mDNS traffic isn't even leaving their private network. You have every right to turn off mDNSResponder. I just thought you were overstating the security issues.



[ Reply to This | # ]
reply to jonasyorg
Authored by: displaced on Jul 19, '05 01:41:42PM

Many of these customers only use their Macs from home behind their own NAT, and so mDNS traffic isn't even leaving their private network.


... and as mentioned, Bonjour (or, to use its generic name, Zeroconf) is a non-routable service... and so will never leave (or accept requests from beyond) your private network anyway (assuming I'm interpreting the specs correctly)



[ Reply to This | # ]