[tor-talk] Mac?
Seth David Schoen
schoen at eff.org
Fri Sep 9 02:32:10 UTC 2011
Andre Risling writes:
> I've some questions about MAC address and changing it
>
> - Why would someone want to change ("spoof") their MAC address?
The MAC address usually identifies a particular physical computer
to a local area network. If someone doesn't want their physical
computer to be recognized by a network, they might want to change
the address.
The most common reasons for this in practice are probably
* Some networks let people use the network for free, but only for
a limited period of time, or only on one occasion; this is
enforced using MAC addresses, so changing MAC addresses lets
people get around the restriction and continue using the
network. For example, an airport or university wifi network
might let a "guest" use the network for 30 minutes without
paying or registering.
* Some networks might ban someone they consider abusive or
unwelcome using the MAC address (for example, an open wifi
network where someone has used it in a way that the operator
considered abusive or excessive). In that case, the person
who was banned might change their MAC address to get around
the ban.
* ISPs might record or log MAC addresses, which could be used for
commercial or law enforcement purposes, so someone who doesn't
want to end up in such logs might use a false or random MAC
address. In some places, law enforcement might pressure or
require the ISPs to keep these logs as a way of trying to catch
people accused of breaking the law, or as a way of providing
corroborating evidence after-the-fact when a suspect is caught.
* Although it's not known to happen on a large scale, other people
on a LAN with you could detect and log your MAC address to
monitor when your computer is physically present on the LAN
(perhaps to learn or make a profile of when you're present at
a certain place that you're known to visit periodically?), so
changing your MAC address would let you avoid this kind of
monitoring.
* Some ISPs use a clumsy policy where the subscriber's observed
MAC address is not allowed to change frequently (sometimes
because of somewhat obsolete ISP billing systems that used the
MAC address to identify the subscriber, or sometimes because
of old ISP policies meant to discourage people from using more
than one computer with a single account). In this case,
people may change the MAC address of one computer (or a wifi
router) to match the address of a different computer (which
is called "cloning"). This could also be used by someone
who has paid for a certain amount of Internet access on a paid
wifi network (say, in an airport or hotel) let a friend take
over using the access when the first person is all done.
> - Is a computers MAC address sent out whenever you connect to the web?
>
> -If it is, how often is it sent out?
It's "sent out" to the local router but not out over the Internet,
so web servers, for example, can't observe it. You have to be on
the same LAN in order to observe it.
> - Who stores the MAC address of the computer you're using? The ISP? An
> Webmail service?
Whoever operates the local router can store it (e.g., if you're on a
friend's wifi, the friend could store it; if you're on a commercial
wifi network, the commercial wifi operator could store it; if you're
directly plugged into a cable modem owned by an ISP, the ISP could
program the cable modem to store it; ...).
An exception is that some software could deliberately choose to
transmit the MAC address for its own reasons, like enforcing
anti-copying restrictions or because of a weird choice to use the
MAC address to identify individual computers for some other reason.
There's nothing about how the Internet works that _requires_ any
software to do this, and it's probably not common.
> -Does the Tor network capture and store Mac addresses?
Nope, never.
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
More information about the tor-talk
mailing list