Trying to understand MAC address and TOR / VPNs

When connection from a home network, it's my understanding that the router's MAC address, not the computer's MAC address, is revealed beyond the home network (e.g. to the ISP).


When using a VPN, can the ISP or VPN provider see/log the router's MAC address?

In the case of TOR, who would be able to see/log the router's MAC address?

I found a few threads here that discuss a similar topic, but can't find the answers above.

 

An Internet Protocol device by default provides its MAC address only to the DHCP server that assigns its IP address. So your ISP gets the router's MAC address, and your router gets your computer's IP address.

In connecting with sites on the Internet, your computer relies on Network Address Translation (NAT) done by your router. So websites, VPN servers, Tor entry guards, etc only see your router's public IP address. They don't see any MAC addresses.

However, with geolocation enabled browsers will share your router's MAC address with Google and other geolocation sites. Google etc have created comprehensive geolocation databses for WiFi routers based on wardriving and other roaming clients. Also, websites can run Javascript apps that hack your router's MAC address.

Androids and iPhones by default report all WiFi router MAC addresses to their servers.

 

So if you go into about:config in Firefox and toggle geo.enabled to false does this block google and others from capturing your MAC address?

 

I don't know if it's the same thing, but on Android 4.1-4.2, under Location Services, 'WiFi and Mobile Network Location' are not on by default. It asks during setup if you want to enable it, and any time you turn on GPS it also wants to turn it on, but it asks...I always say no.

Funny thing about different routers and MAC's: I had 2 different Buffalo routers with DD-WRT that I didn't have to do anything with, as far as MAC addresses went, it just worked. I switched to an Asus RT-N66 and it wouldn't connect to my ISP, no matter what. I ran the Troubleshooter and it filled in the MAC address for a satellite box I have on the network and then worked fine. Weird.

PD

 

can chrome be hardened against this ?

 

Yes. Also, any legitimate site will ask whether you want to use geolocation (which will work only if you've enabled it in the browser).

 

That's good to know. I've been thinking about getting an Android device, but I'm still suspicious

That sounds odd. Please say more. What device is actually connecting to your ISP?

 

Maybe I've exaggerated here. I get from PaulyDefran that geolocation isn't enabled by default on at least some Android devices.

Anyone know?

 

don't forget, Ubuntu (and maybe kubuntu? edubuntu? etc) is also giving away your geolocation data unless you disable it.

 

It's just looking up your public IP address, in order to suggest a time zone. It's not giving away anything private.