MAC Address and Privacy

Discussion in 'privacy problems' started by caspian, Apr 30, 2009.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    How important is a MAC address? Do message boards and social networking sites see your MAC address?

    I have heard that you can change it so that no one sees your real one. Is this difficult to do?
     
  2. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    The websites you visit can see your MAC, although, if I don't remember wrong, some kind of Javascript is needed. Your MAC address is not useful to identify you, but it can be evidence against you in case you are accused of something. On the other hand, changing your MAC is quite easy (google for "MAC spoofing"), so such evidence wouldn't have too much value since anybody could have spoofed your MAC while committing crime.
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    But if you have more than one account on a message board or at Myspace or somewhere, then it would be seen that both accounts are coming from the same person, right? Here is an example of a concern. I still have an old Myspace account where I use my real information. I never changed it because it has been there for years. I do not have another Myspace account at this time. But if I decided to open another one and wanted to use it in some kind of obscure artistic way, or to participate anonymously in some political discussions in a group, or something like that, then they could match the MAC address of the two accounts and see exactly who I am. Right?

    I do participate in some discussion groups. And I get into it pretty heavy with some right wing Conservatives. I definitely do not want that kind of person knowing who I am. Some of them are pretty wacko. So I guess I should learn how to spoof my MAC address. I hope it isn't too difficult. Thanks for the info.
     
  4. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Well yes, your reasoning makes sense. Although I don't believe it is common to collect MAC Address information, I know it can be done.
    Spoofin a MAC address is easy. You can check here or you can google yourself.
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for the link. I will definitely check that out.
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    My concern was having more than one account on a discussion forum where sensitive issues are discussed. I have been harassed and even threatened. And one time it was by the owner of the website.

    I started thinking about this because I read about some spyware programs that can be sent to people with a link or an embedded image. Programs that anyone can purchase. One of the things they said that they could get was your MAC address. I know it doesn't identify me, but if the same MAC address shows up twice on a message board or social networking site then it could connect to separate accounts. At least it seems like it could.

    And I also wonder if someone like Google might make connections and collect data that way. I mean if they know your IP, your name and location, could they not search for MAC addresses and file that away too? I know that what I am saying may not make sense because I am lacking in a lot of basic knowledge. But it seems plausible.

    And maybe Steve can answer this one. Would XB Machine prevent someone's MAC address from showing? I assume that the VPN does not.
     
  7. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    Sure it does! Steve The Great protects you from everything with his XB! Nothing is even near to his solution! *puppy*
     
  8. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Seems to match my recollection. If you are on a LAN, those on the internet can't see your MAC address because you are connected via NAT, and only the router gets your MAC address via an ARP request to complete the connection. But with a direct internet connection, the site needs to know your MAC address to complete the linkage, and can issue an ARP directly to you to find it out. ARP is the protocol that maps IP addresses to MAC (hardware) addresses so data can connect to some real piece of equipment eventually. So get a router-and clone the MAC address regularly, since that is now accessible from the internet. :)
     
    Last edited: Apr 30, 2009
  9. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    If Xerobank uses a variety of equipment and/or randomizes the MAC address for their routers on your various connections, should work. I have a Linksys WRT54G router running Tomato software, for example, that will let me change the MAC address of my WAN (internet) port at will.
     
  10. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    What happened to the "no politics" rule?
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes leonid, I can definitively answer this once and for all: Discovering a MAC address from an IP Address is only possible if the queried network is externally running ARP or NDP. These are not run on the internet, only on an internal network. Therefore MAC addresses are not available outside your local network. Nobody on the internet can get your MAC address from your IP Address. They are used internally for identifying physical adapters connected only to your home or work local network. This is more anonymity hocum, myth, and folk lore. Dismiss it and anyone who says otherwise.
     
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Can you comment on this:

    Java Programming - How to get client machine's MAC address?
    http://forums.sun.com/thread.jspa?threadID=5366536&start=0

    It seems to me that several years ago there was a test site - the client had to enable Java and the site could retrieve the MAC address.

    I thought I had it in my notes, but I can't find reference to the test site...
    ----
    rich
     
    Last edited: May 1, 2009
  13. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    Obtaining a MAC address by querying the PC [using something like Java] is different to seeing that information at a network level [eg. by packet headers].

    Simply browsing a website won't allow anyone to pick up your MAC address. Allowing unsafe Java applets and ActiveX controls is a great way to give away information about your machine, however :)

    That said, no-one is going to compromise your PC by discovering your MAC address. Pretty much the only thing it could be used for would be to identify the fact you visited a particular site [that hosted the malicious applet] and that would still require your ISP to record your MAC address history or enforce static MACs for some reason [eg. for IP leases].
     
  14. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I've always assumed forums, chat rooms, could track users by the MAC address,since IPs can change dynamically. Whether or not a PHP script could obtain this without something enabled at the client end - JAVA, ActiveX, etc - is not clear to me.
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Hey, better than that, a Java applet could *theoretically* query your Word Processing program and find out what your name is. Who cares about a MAC address being discovered if you're allowing Java applets to run in an insecure environment? Allowing or performing unsafe behaviors on your machine is foolish (like what sandboxie promotes), and no software can save you from yourself if you're not aware of what your security environmental limitations, threats, and best-practices are. So maybe the point is people need some help on those last 3.
     
  16. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    So the data link layer information is not accessible beyond the first hop?
    Thanks; Ed
     
  17. snowdrift

    snowdrift Registered Member

    Joined:
    Sep 7, 2007
    Posts:
    394
    Truer words were never spoke! Here, here!
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Well, of course! No one I know enables Java unless needed.

    I brought the Java thingie up because earlier you wrote,

    Evidently this is not the case.

    ----
    rich
     
  19. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Then what are tools like Nmap and ettercap doing?
    If I have someones IP address I can find all other info available.

    Would it be possible to collect the IP, then automate an nmap session while a person is still connected to a forum/discussion using PHP or JAVA script?

    Tool to obscure this information collection:
    OSFuscate
    Make your computer appear like a toaster to discovery tools if you want.

    PHP and JAVA Script Browser and OS detection scripts:
    http://techpatterns.com/downloads/php_browser_detection.php
     
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Searching, you can't use sniffers on wired public networks. Switched networks make it virtually impossible to snif packets unless addressed directly to you. At best, you can target specific hosts and impersonate, but not just grab any packet flowing out there. Promiscuous mode won't work.

    As to fingerprinting, no need to make any special changes - just use a basic firewall ...

    Mrk
     
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    One of my computers is wireless and the other has a direct connection from the router. It is physically connected. I am still not clear if a website can see my MAC address. I understand that a MAC address does not give away a location. But what if I wanted to open up another Myspace account as an anonymous person? If I use my real name on one account, can they match the two accounts with my MAC address?
     
  22. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    it's not likely, mac addressing is used over ethernet - to the router, the router then uses your assigned ip address over the internet and makes a note of the mac address that asked for the resquest (that's what that NAT stuff does to save ip addresses), so the mac address stays at the rotuer unless scripting is turned on, then it can be found out in ways i don't know about, that's not likely to happen either though! when the request comes back the router looks in it's arp address table, or asks 'who has "whatever the mac was that asked for the request"' then passes the stuff on to the computer.

    mac addresses can't be changed, but it's really easy to spoof your mac address with a registry hack, so you can change your mac address if you're really concerned about it.

    i know it doesn't make much sense, but it's the best i can do.
     
  23. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That makes perfect sense and I appreciate your help.
     
  24. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Regarding MAC addresses, what Steve says is true, i.e. no one can get the MAC address of your computer from the Internet, given that you do not use direct connection which would reveal your IP address as well.

    If you issue the arp -a command and it only reports the entry for the router, then your computer's MAC address is safe from outside inspection, which begs a further question regarding the router's MAC address which is as identifying as an IP address, but which many router's (but not all) allow to be spoofed.

    If you use a hardware router which also will have a MAC address, and if your IP address is shielded either by using a privacy service like XeroBank, or by using openssh connections, i.e. shielded from your ISP - the question I have is the router's MAC address vulnerable in any scenarios? And what scenarios is the router's MAC address vulnerable if you don't use a privacy service like XeroBank? I ask the question because a MAC address is related to the link layer whereas the IP address is related to the network layer, and my assumption is based on the realization that simply filtering network packets is not enough to protect one's system from attacks at different layers like the link layer (e.g. arp attack).

    What say you all?

    -- Tom
     
  25. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    ARP does not traverse the internet. No risk. Think of it like trying to breathe in outer space.
     
Loading...
Thread Status:
Not open for further replies.