[hoistbypetard]

Does anyone have a theory on what the "advertisers and trackers" want a MAC address for? If they're using it for anything load bearing, it seems like there is an interesting CCC talk lurking here for anyone who wants to visit that airport with a few hundred dollars worth of devices and stuff a few tens of million spoofed MAC addresses into the system.

[s5ma6n]

Since MAC address ranges are allocated to certain manufacturers, it is a simple way to track your device type. Additionally, all MAC addresses are unique so it is the easiest way to match/combine your data from different trackers.

[RKearney]

> Additionally, all MAC addresses are unique so it is the easiest way to match/combine your data from different trackers.

This is not true. While it's intended for MAC addresses to be unique, there are plenty of instances where manufacturers re-use MACs when they run out instead of registering more.

Additionally, there is no issue with multiple devices having the same MAC address as long as they're never on the same Layer 2 domain.

[s5ma6n]

As far as I know, IEEE is quite strict in this matter but I just searched for it now and have seen a couple of cases where people ran into duplicate MAC addresses.

I would assume this is a rare occurrence and if not, it should still be okay to sometimes run into address collisions for advertising purposes.

Thanks for the info.

[m463]

You are arguing that mac addresses are not unique, however that doesn't mean it doesn't match/combine your data extremely well.

[hoistbypetard]

Right. I understand what MAC addresses are. In addition to the characteristics you named, they are also entirely at the discretion of the client and therefore are trivially spoofable so long as no one else on the same media currently has the address you're spoofing. And because the advertisers and the trackers are a step removed from the LAN, they have no way to detect an attack where someone just shits tens of millions of nonsense addresses at them.

So I'm suggesting that if we know what they are using those for, there could be something fun (like a CCC talk) to be gained from tainting their data in a creative, easy way. Like a few hundred dollars worth of junk devices in a suitcase sending a bunch of carefully crafted MACs :-)

[toyg]

The amount of people who routinely spoof their own MAC when on public wifi is so minuscule to be objectively irrelevant to any mass-data-gatherer out there. Unless this becomes something that the OS can automatically randomize for you (are you listening, Apple...?), even a creative attack won’t move the needle.

[hoistbypetard]

Of course. (And I think Apple does/might do that?)

I'm suggesting that if we discover/think that these advertisers/trackers are using it for anything interesting, there could be some fun to be had at their expense by picking up a suitcase full of junk wifi devices, configuring them to deliberately spoof their own MAC, and visiting that airport. I think you'd only need to spend hundreds on junk devices to taint their system with tens of millions of addresses.

If there's any observable result, I think it'd be fun to do and write it up/present it at a Chaos Computing Congress (or similar) event.

[morpheuskafka]

Knowing whether someone has a Qualcomm, Broadcomm, Intel, or Foxconn WiFi card doesn't seem that useful for profiling.

Of course, the location tracking based on your device's network discovery packets is a whole bigger issue.

[stefan_]

That's how it works for something like a network card, but on smartphones, MAC addresses from the device vendor (Apple, Huawei, Xiamo, Motorola, ..) are used, even if the WiFi chip on all those devices is from the same manufacturer.

[eeZah7Ux]

On the contrary, it adds a good handful of bits of information.