[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Mac?

Andre Risling writes:

> I've some questions about MAC address and changing it
> - Why would someone want to change ("spoof") their MAC address?

The MAC address usually identifies a particular physical computer
to a local area network.  If someone doesn't want their physical
computer to be recognized by a network, they might want to change
the address.

The most common reasons for this in practice are probably

* Some networks let people use the network for free, but only for
  a limited period of time, or only on one occasion; this is
  enforced using MAC addresses, so changing MAC addresses lets
  people get around the restriction and continue using the
  network.  For example, an airport or university wifi network
  might let a "guest" use the network for 30 minutes without
  paying or registering.

* Some networks might ban someone they consider abusive or
  unwelcome using the MAC address (for example, an open wifi
  network where someone has used it in a way that the operator
  considered abusive or excessive).  In that case, the person
  who was banned might change their MAC address to get around
  the ban.

* ISPs might record or log MAC addresses, which could be used for
  commercial or law enforcement purposes, so someone who doesn't
  want to end up in such logs might use a false or random MAC
  address.  In some places, law enforcement might pressure or
  require the ISPs to keep these logs as a way of trying to catch
  people accused of breaking the law, or as a way of providing
  corroborating evidence after-the-fact when a suspect is caught.

* Although it's not known to happen on a large scale, other people
  on a LAN with you could detect and log your MAC address to
  monitor when your computer is physically present on the LAN
  (perhaps to learn or make a profile of when you're present at
  a certain place that you're known to visit periodically?), so
  changing your MAC address would let you avoid this kind of

* Some ISPs use a clumsy policy where the subscriber's observed
  MAC address is not allowed to change frequently (sometimes
  because of somewhat obsolete ISP billing systems that used the
  MAC address to identify the subscriber, or sometimes because
  of old ISP policies meant to discourage people from using more
  than one computer with a single account).  In this case,
  people may change the MAC address of one computer (or a wifi
  router) to match the address of a different computer (which
  is called "cloning").  This could also be used by someone
  who has paid for a certain amount of Internet access on a paid
  wifi network (say, in an airport or hotel) let a friend take
  over using the access when the first person is all done.

> - Is a computers MAC address sent out whenever you connect to the web?
>    -If it is, how often is it sent out?

It's "sent out" to the local router but not out over the Internet,
so web servers, for example, can't observe it.  You have to be on
the same LAN in order to observe it.

> - Who stores the MAC address of the computer you're using?  The ISP?  An
> Webmail service?

Whoever operates the local router can store it (e.g., if you're on a
friend's wifi, the friend could store it; if you're on a commercial
wifi network, the commercial wifi operator could store it; if you're
directly plugged into a cable modem owned by an ISP, the ISP could
program the cable modem to store it; ...).

An exception is that some software could deliberately choose to
transmit the MAC address for its own reasons, like enforcing
anti-copying restrictions or because of a weird choice to use the
MAC address to identify individual computers for some other reason.
There's nothing about how the Internet works that _requires_ any
software to do this, and it's probably not common.

> -Does the Tor network capture and store Mac addresses?

Nope, never.

Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107
tor-talk mailing list