I am confused how they even get MAC addresses for remote systems. Unless you are using IPv6, the MAC address is stripped off as soon as the packet reaches the first router. The remote MAC address is never transmitted over a router, only the IP address. Which means in order to get a MAC address you would need a sniffer installed on every local network around the planet.
It is possible they find the network and then hack in and install spyware on a computer on that local net that can sniff the address, but I don't believe even the best hackers can do this always and everywhere. This makes me think they may be using something other than a MAC address as a unique identifier for the remote machine. They just format it to look like a MAC address.
The only case I can imagine where you might be able to get a MAC address by monitoring an intermediate network is when you connect via a VPN that simulates a layer 2 network bridge.
So a lot of questions here. I would be interested to know exactly HOW they obtained this data. It would probably answer the question about what this unique identifier actually is. But I assume they will never reveal that to the public.
Well, duh, of course you are right! MAC addresses don't route! So what IS this list?!
Also - for grins, I plugged my OWN list of MAC addresses from my laptop. I happen to have a boatload of virtual adapters for various reasons (I have VM's on my laptop) as well as typical 'corporate' VPN clients (Sophos, Fortinet, etc).
The Fortinet VPN showed up, but the Sophos VPN did not.
None of the virtual device MACs showed up.
So the lack of a 'hit' on MACs is not exactly something I'd read too much into.
FYI, I have over 20 'adapters' on my laptop (ipconfig /all). Part of the reason is I installed Microsoft's sandbox app, which creates a virtual adapter for every 'real' adapter, but does this even when the 'real' adapter itself is a non-physical device. So out of the 20 adapters, only 3 have hits on the MAC db from Wireshark.
The biggest surprise is that the sophos virtual adapter is not showing up, while the Fortinet virtual adapter does.
I am confused how they even get MAC addresses for remote systems. Unless you are using IPv6, the MAC address is stripped off as soon as the packet reaches the first router. The remote MAC address is never transmitted over a router, only the IP address. Which means in order to get a MAC address you would need a sniffer installed on every local network around the planet.
It is possible they find the network and then hack in and install spyware on a computer on that local net that can sniff the address, but I don't believe even the best hackers can do this always and everywhere. This makes me think they may be using something other than a MAC address as a unique identifier for the remote machine. They just format it to look like a MAC address.
The only case I can imagine where you might be able to get a MAC address by monitoring an intermediate network is when you connect via a VPN that simulates a layer 2 network bridge.
So a lot of questions here. I would be interested to know exactly HOW they obtained this data. It would probably answer the question about what this unique identifier actually is. But I assume they will never reveal that to the public.
Well, duh, of course you are right! MAC addresses don't route! So what IS this list?!
Also - for grins, I plugged my OWN list of MAC addresses from my laptop. I happen to have a boatload of virtual adapters for various reasons (I have VM's on my laptop) as well as typical 'corporate' VPN clients (Sophos, Fortinet, etc).
The Fortinet VPN showed up, but the Sophos VPN did not. None of the virtual device MACs showed up.
So the lack of a 'hit' on MACs is not exactly something I'd read too much into.
FYI, I have over 20 'adapters' on my laptop (ipconfig /all). Part of the reason is I installed Microsoft's sandbox app, which creates a virtual adapter for every 'real' adapter, but does this even when the 'real' adapter itself is a non-physical device. So out of the 20 adapters, only 3 have hits on the MAC db from Wireshark.
The biggest surprise is that the sophos virtual adapter is not showing up, while the Fortinet virtual adapter does.