So if I log into a public wi-fi at Starbucks, as soon as I connect and accept their terms don't they have my real IP at that point before I can log into a VPN?
It's not that they have your IP address. You have their IP address. Or rather, you're using their IP address, so that websites see that you're coming from an IP address that's been assigned to Starbucks. What Starbucks does have from you is your device's MAC address. That could be used as evidence that you used the Starbucks WiFi AP at particular times. The most reliable approach is to use a specific USB WiFi network adapter when you're at Starbucks, and never use it anywhere else. You could have multiple USB WiFi network adapters, one for each WiFi hotspot that you use. Before doing that, make sure to disable your device's built-in USB WiFi network adapter.
Wouldn't MadMACs work? MadMACs: MAC Address Spoofing and Host Name Randomizing App for Windows 7 (Should work in Windows Vista and Windows 8 too) from Irongeek I wrote MadMACs awhile back, as a simple script to randomize my MAC address (and host name) in Windows on every boot. I had not updated it in a long time so it stopped working well in newer versions of Windows (Windows 7, Windows Vista and Windows . When someone would try to get MadMACs to work on a newer version of the OS, Windows would not always respect the registry setting for what MAC address they were suppose to use. Seems that if it is a wireless interface, the 2nd nibble has to be a 2, 6, A or an E on Windows Vista and newer. I included functionality in the new version of MadMACs to make sure this nibble is correct if you tell it the NIC you are trying to change/randomize the MAC address on is a WiFi card. I've also added a GUI for configuring your MAC addresses on your network cards (the old version used prompts), made the config file more INI like, and made it so that MadMACs itself can reset your adapter and start using the new MAC address immediately (name changes will take a reboot). http://www.irongeek.com/i.php?page=security/madmacs-mac-spoofer
zapjb, The easy workaround for some windows hardware is that the MAC's first octet has to be set to 02. There is some interesting reading about bridges to account for why windows WILL be forced to accept those MAC forms internally. When doing that it is very easy to open 7 Pro with a scrambled/spoofed MAC without fail as the machine mounts. My software does it behind the scenes and without fail. Mirimir, one advantage to using my auto scrambling method is that you never have the same MAC at the Starbucks from one day to the next. A physical USB dongle transmitter retains the same MAC and is present to be accounted for. The software method means that there is no physical hardware to compare its MAC to any on record at Starbucks (the actual MAC # is never used there). Of course the hard drive is fully encrypted so there is no evidence to view either. I use Linux now but I am describing how I handled windows in the past.
Mirimir, trade off of course. Using Linux I have never seen my spoofed MAC ever changed back. My thinking is the "physical presence" of my usb antenna(s) and I have a few for use with Backtrack/Penetration (LOL!), is much more of a risk. My laptop being encrypted will never expose any spoofed MAC because an adversary will only see the original NIC MAC, which I don't use except at home. Clearly a trade off, but I don't want to have a physical MAC to see while at a coffee shop. Hope that makes some sense! zapjb, I am not at home so I am typing from memory. Take a look at a software program named Macchanger by Technium (guessing on the spelling). It is FREE and I have used it for a long time on 7. I was having an impossible time changing the MAC until I discovered that by changing the MAC where the first octet is 02 will be successful almost always. You will see there is an option to automatically create a MAC using the 02 octet. Windows has many machine NICs locked to the original MAC but an 02 in the first octet causes it to drop its guard so to speak. There is a link on the control panel of the program that speaks about it. If you have a look at it and still have questions post back here. If you are successful do the same so others can learn too. The reason I had to guess on the spelling (for the windows 7 application)is that I have left windows completely and only use Linux now. MAC manipulation is handled a bit differently with linux but is still easy to do. Back to Mirimir and in a sense you too: The method I just discussed allows for a MAC to be changed but not cloned because the first octet is always 02. If I need to clone a MAC with a normal set of numbers I use a usb dongle to accomplish the penetration exam, or whatever!
@Palancar Yes, there's a trade-off. Maybe the best approach is using a few USB WiFi adapters, perhaps one for each context (particular hotspot, activity and so on) plus MAC spoofing to hinder profile building.
@Palancar Thanks for 02 trick.i'll try that. one more thing that works on windows 7 is to uninstall your NIC win7 drivers and FORCE install Windows xp drivers for your NIC.This way you can change to any MAC you want to.no need to keep first octet as 02.
one more thing, router/modem can see and log NIC MAC and Computer-Name only, Right? unless it exploits your system using some script. And websites and ISP can not see either of these(at least in IPv4)?ISP can see just Mac of your modem,right?