How does changing Mac addresses increase anonymity?

Discussion in 'privacy problems' started by DesuMaiden, Apr 30, 2013.

Thread Status:
Not open for further replies.
  1. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Please explain.
     
  2. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    a mac address is kinda like an ip address each network card has its own mac including routers ect, if your using your home network it doesn't really matter but if your using a public wifi or random wifi you can leave a trail with your mac address, it can be logged by their routers every laptop ect that connected to it by mac address.

    a tool that may be of interest, because not only does your mac get logged, your host name can also get logged by their router

    http://www.irongeek.com/i.php?page=security/madmacs-mac-spoofer
     
    Last edited: Apr 30, 2013
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is the only problem that I see with a fixed MAC address. But in itself, changing MAC doesn't increase anonymity at all, it just makes tracking you harder.
     
  4. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    yea well if it makes tracking you harder, then it obviously increases your anonymity. ;)
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Yes and no :) The fact that someone can track you across sites or locations does not necessarily mean that he knows who you are. Yes, it can help that someone in identifying you, but tracking and loosing anonymity are not exactly the same things.
     
  6. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Things really get interesting when you deploy multiple pseudo hotspots in a grid fashion around say a small city or town that collect and pipe that information back to a central repository. Especially if say someones device automatically attempts to connect to any available network.

    I mean, yes MAC addresses can be one avenue, where if you use public networks, you run the risk of having that information stored in a log outside of your control.
     
  7. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    MAC addresses are generally unique and generally persistent. They are highly useful for distinguishing devices, traffic, and by extension often individuals. They are also highly useful for linking traffic and information together. A fictitious example:

    You are in a coffee shop being evil. A lovely woman comes in and sits across from you. Darn, she has a wedding ring, but she is simply too beautiful to let that stop you. Maybe the marriage is rocky. She pulls out her device and you see her MAC Address pop up. You watch some of her traffic, learning a bit about her interests, but don't catch a name or other very personal details. Before you know it she splits. Next day you are there again, hoping she'll come in. A man walks in and pulls out his device. You see the same MAC Address pop up. Uh oh. You see him, John Smith, sending an email to a friend... "I grabbed Samantha's tablet and am at the coffee shop. I'll pick you up in an hour. BTW, we've decided that the time is right to have a child!!!. Don't let me walk out of Home Depot without paint samples.".

    Changing the MAC Address of the device connected to your cable modem is a common way of arriving at a new public IP Address. A static or very sticky public IP Address is one of the worst things for privacy. The interface identifier portion of IPv6 addresses may be derived from a device's MAC Address, so that too much be watched out for and dealt with. Software can (often) read MAC Addresses and thus use them for unique identifier purposes at even higher protocol levels. It is likely that in some scenarios a person with access to the right database(s) could pull up the personal information from purchase records associated with a device given just its MAC Address.
     
  8. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    1 word, "Fingerprint". I don't understand your logic, but do as you wish ;)
     
    Last edited: May 1, 2013
  9. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Maybe I used the wrong words :) If you are referring to normal fingerprints (the ones used by the police to identify a culprit), I will try to reword my argument: if the police finds a fingerprint at the crime scene, unless they already have it in their database, it won't be possible to use it to find identify the culprit. They can use it to see where the (unknown) culprit went, what things he touched, and so on. But unless they have a name linked to that fingerprint in their database, the fingerprint can be used just for tracking, and not to "de-anonymize" the suspect.
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    If *you* are the target, and your hardware gets looked at, they can't place your MAC (and Machine Name...don't forget that too) at any other location, if you spoof. The "inspection" could be either physical, or virtual through the air.

    If an *area* is a target, your presence can't be narrowed down by inspecting WiFi Access Point logs, or WireShark captures, and correlating with things like video or physical surveillance.

    http://www.theregister.co.uk/2010/06/29/spy_ring_tech/

    I really don't get people that say doing anything with MAC's is pointless...there are people in jail or deported because of them, LOL :D

    PD
     
  11. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I don't sense any disagreement in general, just some hairsplitting due to the question focusing on "anonymity". A MAC Address, by itself, isn't going to reveal someone's name. Unless we're talking about Abe Febac or Debb Cafe spoofing their MAC Address to contain their name. This technicality is important because it will be used, by some, as an argument against MAC Addresses having to be handled as carefully as actual names. It would be absurd for company XYZ to claim that a database containing [Timestamp, GPS Coordinates, Name] is anonymous but it could make the aggressive claim that [Timestamp, GPS Coordinates, MAC Address] is anonymous. It could share a database of the latter format with third parties and cover that with a "we may share anonymous usage information & statistics with third parties" clause in its privacy policy. Many of those people who happened to read the privacy policy would feel safe because they see the word "anonymous" in there. However, XYZ might be sharing that database with a third party that has its own [MAC Address, Name] database. Mission Accomplished! A serious privacy issue was obscured by a narrow definition of "anonymous"/"anonymity".
     
    Last edited: May 2, 2013
  12. er34

    er34 Guest

    Chaning the MAC address does not change anything re. privacy or anonymity.
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    It's been stated well already. I don't see why some believe it has nothing to do with privacy or anonymity. Yes, it's an "after the fact" kind of problem if you're up to no good or an anon blogger in Shanghai, but linking a MAC address to a router log, observed at several times or on camera, the privacy/anonymity is gone. They may not know your NAME (yet), but it's only a matter of time. As Pauly said, people are in jail because of MAC and router logs equaling up to 2+2=4. Simple, really.

    `
     
Loading...
Thread Status:
Not open for further replies.