Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Can browsers or websites uniquely identify a Macbook Pro like identifying an iPhone using UUID or AdID?
- Thread starter Pradeep6
- Start date
- Sort by reaction score
TL;DR: I think that it is save to say, that you can probably identify a particular laptop model using packet filtering and finger printing data only on a local network. Of course a website can be used to inject malware in some form, which then can pass on various information including the MAC of your system.
•—————————————————————————•
But if we exclude any "malware" installed in your browser or system:
On a technical level the best data source for web tracking is packet capture. It can be enabled in a variety of ways (SPAN/mirror ports, packet brokers, TAPs, and so on). The trick is to pull the relevant information and discard the rest so there is no need for storing massive packet captures.
Information obtained in this way includes things like MAC address, source IP, destination IP, time, website, URI, and username.
But a MAC address typically doesn't survive a network border transition (say, a firewall or router). So … in almost all cases what you would see in such logs would be the MAC address of your border router, your firewall, your load balancer or whatever else is there next to web server on the LAN.
The only situation I can think of that *might* show the sender's MAC address is if a VPN connection to the target was used, and that would be a very special case. I'm inclined to believe that the sender MAC in such a case would be a virtual MAC address rather than a physical one. But I'm not a VPN expert.
MAC adresses are of course often used on public WLANs like on an airport and because they are unique per device, they will give a reliable audit trail as to what is happening on the local network.
Additionally, if you visit a web page with a browser with JavaScript enabled, a lot of information about your browser and device can be detected, including
- Browser Name / Version
- Operating System
- Screen Size / Resolution
- If plugins like Java are installed
- Internet Connection Type (BroadBand /4G/3
- Mobile Device Name (if you are browsing from a Mobile Phone or Tablet)
- Default system locale / language
- System time and timezone
- Installed fonts
- If you visited the site by clicking on a link, then the url of the previous page
- Your exact location (requires your permission)
The availability and accuracy of these information varies with different browsers and their configuration.
You can use this tool provided by EFF to get some idea about how well your current browser settings protect you against tracking and fingerprinting.
Even without Javascript enabled, you location can be determined from your IP address. Depending on your location, and accuracy of the Ip2Location database used, the location can be accurately determined up to the city. Your IP address can also be used to find out the ISP name and details.
GeoIP2 Precision Data for your IP address
•—————————————————————————•
But if we exclude any "malware" installed in your browser or system:
On a technical level the best data source for web tracking is packet capture. It can be enabled in a variety of ways (SPAN/mirror ports, packet brokers, TAPs, and so on). The trick is to pull the relevant information and discard the rest so there is no need for storing massive packet captures.
Information obtained in this way includes things like MAC address, source IP, destination IP, time, website, URI, and username.
But a MAC address typically doesn't survive a network border transition (say, a firewall or router). So … in almost all cases what you would see in such logs would be the MAC address of your border router, your firewall, your load balancer or whatever else is there next to web server on the LAN.
The only situation I can think of that *might* show the sender's MAC address is if a VPN connection to the target was used, and that would be a very special case. I'm inclined to believe that the sender MAC in such a case would be a virtual MAC address rather than a physical one. But I'm not a VPN expert.
MAC adresses are of course often used on public WLANs like on an airport and because they are unique per device, they will give a reliable audit trail as to what is happening on the local network.
Additionally, if you visit a web page with a browser with JavaScript enabled, a lot of information about your browser and device can be detected, including
- Browser Name / Version
- Operating System
- Screen Size / Resolution
- If plugins like Java are installed
- Internet Connection Type (BroadBand /4G/3
- Mobile Device Name (if you are browsing from a Mobile Phone or Tablet)
- Default system locale / language
- System time and timezone
- Installed fonts
- If you visited the site by clicking on a link, then the url of the previous page
- Your exact location (requires your permission)
The availability and accuracy of these information varies with different browsers and their configuration.
You can use this tool provided by EFF to get some idea about how well your current browser settings protect you against tracking and fingerprinting.
Even without Javascript enabled, you location can be determined from your IP address. Depending on your location, and accuracy of the Ip2Location database used, the location can be accurately determined up to the city. Your IP address can also be used to find out the ISP name and details.
GeoIP2 Precision Data for your IP address
Great. Thank you very much for the detailed explanation. Got the clarification now.