Do Websites Track My Mac Address?

[ChiangMaiThai]

I know some websites track their users by their IP address, but consdiering that this can be easily spoofed, do some websites identify their users by tracking their MAC address?

So for instance, if you were kicked off a site and tried to come back on with a new IP, they would still know that this user was previosuly kicked off due to the MAC address.

I'm just curious

[sting01]

well assuming you are spoken about IPV4 and MAC, you must know it's old and obsolete protocoles. They must be replaced (in process) by IPV6, that (in the middle of thousnads other things) "mix" the old IP and the MAC.

As it's not a technie forum, I beg people to not flame me for the word "mix", fact is the old MAC address will be used to generate on the fly a new IP V6 address, and will be not used anymore (less work for the server/routeur, and also not broadcast messages every 10 seconds so less bandwidth used for nothing).

Top websites use that since a couple of years.

On the other hand, a ban cab issued on an IP adress, a mail address, a loggon,also a cookie can be set, or more vicious a cookie will be unset (if you are a bone fide tourist so you have a visa/cookie, if not you do not have and if you do not have then you can not enter ... that is what I always invite my clients to do and for security purpose).

[ChiangMaiThai]

well assuming you are spoken about IPV4 and MAC, you must know it's old and obsolete protocoles. They must be replaced (in process) by IPV6, that (in the middle of thousnads other things) "mix" the old IP and the MAC.

As it's not a technie forum, I beg people to not flame me for the word "mix", fact is the old MAC address will be used to generate on the fly a new IP V6 address, and will be not used anymore (less work for the server/routeur, and also not broadcast messages every 10 seconds so less bandwidth used for nothing).

Top websites use that since a couple of years.

On the other hand, a ban cab issued on an IP adress, a mail address, a loggon,also a cookie can be set, or more vicious a cookie will be unset (if you are a bone fide tourist so you have a visa/cookie, if not you do not have and if you do not have then you can not enter ... that is what I always invite my clients to do and for security purpose).

<{POST_SNAPBACK}>

Ok.... All I know is that when I type in ipconfig /all I can see my MAC address among other things. Now, when I visit a website, is it possible that they can also see this MAC address?

[autonomous_unit]

The Ethernet MAC address is used for local addressing between your computer's network interface and the other computers and routers on the LAN. As soon as a router accepts a packet and forwards it to the next router upstream, your MAC address is removed and the router's upstream MAC address is used instead. When traffic passes from one type of network to another, e.g. Ethernet LAN to ATM or frame relay, it is not even meaningful to talk about MAC addresses being exchanged.

So, MAC addresses are never used outside the LAN with Internet protocols, though some switched LANs can be rather large, e.g. I've seen entire companies with up to thousands of staff on one switched LAN.

Some application or web applet could conceivably find the local MAC address(es) and embed them into content that is sent over the Internet to a server... I do not know what security protections there are for this in contemporary browsers. What was said above about creating an IPv6 address with your MAC built into it would be an example of this, exposing local MAC addressing more globally than is necessary for Internet communication. There is a convention called "privacy extensions" to actually generate new, unique IPv6 addresses periodically to prevent correlation attacks; this is a luxury now possible with the greatly enlarged IPv6 address space (addresses are no longer a scarcity). However, I am not aware of IPv6 ISPs in Thailand so this all might be a bit academic...

Most likely, a web site tracking you between sessions would be using cookies, storing a unique value in your PC that was provided by the server on the first occasion you accessed the website.