[schoen]

This is a great project idea. A challenge is in classifying all of the elements of every protocol dissector as interesting or uninteresting. For example, TCP sequence numbers are high-entropy but low-consequence. MAC addresses are high-severity but normally not propagated to an ISP or a remote site operator.

There are also tensions between trying to identify leaks to a network eavesdropper and trying to identify leaks to a remote site (or ad network). In many people's analysis, the network eavesdropper is worse because you didn't mean to communicate with them at all, so any information they derive whatsoever is a pure loss of communications security. But for projects like Tor Browser and Privacy Badger, it counts as a loss of privacy if different sites can recognize you as the same user, even if you intentionally communicated with those sites.

Using HTTPS will prevent a sniffer from recognizing that some tracking cookies or identifiers are being sent, so you simultaneously get a true improvement against the network adversary and a false negative measuring privacy against the ad networks.

[flatulentone]

Considering that digital electric meters have been compromised, and that the one I studied had dual-band radios including WiFi spectrum, it may be best to assume that there may be unexpected data pathways that could use a MAC address. Note that the WiFi of many routers broadcasts the wired MAC addresses on the LAN as well as the wireless clients.

You're right about false-negatives with sniffers. If you read the source on pages you visit, you'll see https analytics data mining, so don't assume that every outgoing https connection is okay. (and some browsers don't use your normal DNS / hosts settings, so sites you think are blocked may not be)