Is it dangerous to post my MAC address publicly?

Disclosing the MAC address in itself shouldn't be a problem. MAC addresses are already quite predictable, easily sniffable, and any form of authentication dependent on them is inherently weak and shouldn't be relied upon.

MAC addresses are almost always only used "internally" (between you and your immediate gateway). They really don't make it to the outside world and thus cannot be used to connect back to you, locate you, or otherwise cause you any direct harm.

The disclosure can be linked to your real identity since it might be possible to track you using data collected from WiFi networks, or it can be used to falsify a device's MAC address to gain access to some service (mostly some networks) on which your MAC address is white-listed.

Personally, I wouldn't really worry about it. However, when it's not inconvenient, I usually try to redact any irrelevant information when asking for help or sharing anything.


A MAC address is a number used to uniquely identify your device on the local network segment. The address is (and needs to be) visible to everyone on the network segment, but because of how network routing works, is not normally visible to anyone else.

  • Unless you take steps to change it regularly, your MAC address uniquely identifies your device. Someone could use the address you posted to associate the device they've been tracking with an actual person, but if someone's going to the effort to track the movements of a wireless device, they probably already know who owns it.

  • Certain wireless routers set their default password based on the MAC address. This isn't as useful as it sounds, though: in order to actually use the password, they need to be within radio range of your AP, and in that case, they can simply sniff the MAC address off the air.

  • The first digits of the MAC address identify the manufacturer of your device. In theory, someone could use this information to make a targeted attack against a security hole in your card's network driver, but I've never heard of it happening in practice.

In short, there are some theoretical hazards, but in practice, anyone in a situation to exploit them has other ways to get your MAC address.


One significant thing is that there are databases that, given a mac address, can give the longitude and latitude of a wifi router. Most try to make sure you can only get your own location, but anyone can drive around and scan for the right mac address.

Skyhook wireless unofficial api

CNET article on google maps' database

Google maps official API

Wireless Geographic Logging Engine (thanks to Brad)

Tags:

Mac Address

Privacy

Related

Why do browsers enforce the same-origin security policy on iframes? Does Android encryption really prevent law enforcement access? What are the differences between dictionary attack and brute force attack? How do systems protect against a stolen code-signing certificate after the certificate expires? What role do hashes play in TLS/SSL certificate validation? My IP address (with a NAS) is targeted by a hacker. What to do? Should I be worried? How can I find if my password has been posted online? Secure REST API and Single Page App by using external OAuth 2 Authorization Code Can you recover original data from a screenshot that has been 'blacked out'? Are social security numbers useless by themselves? Are certificate authorities required to obey to the signature algorithm (hashing) specified in the CSR? What kind of factor is a physical signature?

Recent Posts