Hacker News new | past | comments | ask | show | jobs | submit login

This seems like a good idea until you realize that you are the only one using a random mac address. (There is a vendor prefix at the beginning of every mac) Better would be to take a bit more care in choosing a more realistic address.



I think it's not a good idea to change your mac address as your only precaution against tracking. The DNS requests you'll make will reveal which sites you frequent.

I would advise to use a VPN connection. In this case it doesn't matter that you've randomized your mac address in a way which can be clearly identified as random. And even then you can see the VPN server IP in the logs so you should also make precautions and buy your VPN connection anonymously (and even then - you'll never know if you're really anonymous).

Changing your mac address seems to be sufficient (in addition to the VPN usage) to prevent easy tracking through something unique like your real mac address. But I agree that this is just 1-3 lines of code for realistic mac address generation so it should be unproblematic to add.

Edit: If you have fears of being uncovered by random-looking mac addresses without vendor prefixes, changing your mac address will probably not help you. Your threat model is different - maybe APT-level - and you have to do way more than changing your mac address.


Your adversary probably isn’t the NSA, it’s commercial tracking services. Their business is tracking the general public, they don’t care about one weird person.

Unless avoiding this becomes common practice and then the whole story changes.


Yes, this is also my reasoning.

> Unless avoiding this becomes common practice and then the whole story changes

If that means that everyone starts to use random mac addresses, you still can't identify specific persons based on their randomized mac addresses when they change them every time they reconnect.


No but it would make more sense to start tracking then based on their other behavior.


If you're paranoid enough to be spoofing your MAC address, surely you're paranoid enough not to rely on shady DNS servers?


You can spoof DNS requests of a victim when you are in the same network as them (the router knows which sites you visit through those DNS requests anyway). It doesn't matter which DNS server the victim uses. As long as they don't use encrypted DNS they expose the websites they visit.

Takes 5 minutes to configure your OpenWRT router to log all DNS requests: https://superuser.com/questions/632898/how-to-log-all-dns-re... Or if you are an attacker without control over that router: search for dns spoofing. I did this several times to demonstrate companies that their public networks can be hijacked.


Yep, feel free to modify to spoof a real hardware MAC address (as the original version of my blog post suggested: https://github.com/paulfurley/www.paulfurley.com/commit/bebc...)

As @_fink on Twitter pointed out, colliding with a real existing MAC address is not ideal.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: