[mu53]

MAC addresses can be used to uniquely identify you, and then they can see what domains you are connected to. It really can tell them a lot especially factoring in background processes and capabilities of predictive ML right now.

Its all about how far you spread your information. Giving it all to a VPN or spreading it across every wifi access point you need to use.

[vladvasiliu]

Don't most devices use randomized MAC addresses for Wifi nowadays? I don't have a Windows machine handy to verify, but I'm pretty sure even they do it. Not sure if it's the default, though. Ditto for MacOS.

My Linux box (NetworkManager on Arch) does it, but I don't remember whether I had to manually turn it on.

edit: according to [0], NetworkManager defaults to randomized for scanning, but not for connections.

[0] https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoof...

[coldtea]

>Don't most devices use randomized MAC addresses for Wifi nowadays?

Does it help if you're one of 2 people in the Starbucks, and the other person is the one logging the IPs you visit?

[vladvasiliu]

Well, since they can't correlate the MAC with you, I don't see how it's different from the VPN provider logging and selling the IPs you visit.

[coldtea]

>Well, since they can't correlate the MAC with you

They don't have to. They see you right there.

[vladvasiliu]

But then your VPN provider can do exactly the same. It even works if there are 1000 people in the coffee shop.

[coldtea]

Yes. But not the ones who are directly targeting you there, which is the point.