In the movies, it can all look so simple.
“I’ve tracked down the phone near the scene at the time of the murder!”
“What’s the IP address?”
“192.168.1.48—that’s an address from the Miami area!”
“Right! That’s who we’re looking for! Put out a warrant for her arrest! Notify all units in the area that the suspect is likely armed and dangerous!”
In real life, this doesn’t happen. IP addresses, like the one given above, are topological locators, rather than geographical ones. They indicate where you are attached to the network, rather than where you physically are—or where you first turned your computer on.
If you travel from Miami to New York, you will not keep your IP address—the one your computer or other device received while it was connected to the network in Miami will no longer be valid when you reach New York. The service provider in New York will give you a new one to use for the time you are connected to its network.
In fact, if you disconnect from one provider’s network (say your local cable company) and connect to another (say your cell phone service), your computer will switch from an IP address assigned by the first provider to an address assigned by the second.
This does not, however, mean that the addresses your computer uses are anonymous—nor that they cannot be tracked as you move around. Here’s why not:
Internet protocols are built in layers; one set of protocols supports communications along a single physical link (whether wired or wireless), a second supports communications between two devices (or, as they are more commonly called, hosts), and a third supports communications between individual applications (apps). While the IP address is the most widely known, each of these layers has its own address scheme.
The set of addresses of most interest here are the ones used to provide communications between two devices attached to a single physical medium, often called Media Access Control, or MAC, addresses. These are assigned by the manufacturer of the device, generally so that every device with a network interface has at least one (and often many more) MAC addresses unique to that device.
Yes, your laptop, your phone, and your tablet all have MAC addresses that are probably unique in the entire world.
If someone can see your traffic as it is transmitted across the “first hop” physical network and your devices are using the manufacturer-assigned MAC address, they can discover the unique address assigned to your device.
This, as it turns out, is simple to do if you are connected through a wireless link, whether at home, at a coffee shop, in a hotel, etc. If someone can somehow monitor all the networks you happen to connect to, they can determine where you are and what traffic you are sending by correlating the use of your device’s unique MAC address across networks.
Interestingly, the next-generation Internet Protocol, IPv6, is designed so that devices can build their IPv6 addresses from the MAC address assigned to each device. If IPv6 addresses are used in this way, your MAC address will be “leaked” to every device that receives your packets, anywhere on the Internet. Using this information, your location can be tracked. Although you will receive a new IPv6 address each time you connect to a new service provider or in a different location, your MAC address will be encoded into the lower order part of every IPv6 address your device receives. All someone needs to do is correlate your IPv6 addresses across time to determine where you are and where you have been.
To make matters worse, in order to make these MAC addresses unique, information about the manufacturer of your device is encoded into them. Manufacturers are assigned groups of these numbers in large ranges. If you can access a list of the numbers assigned to each manufacturer (easy enough to do), you can determine the device’s manufacturer, and potentially other useful information like the year the device was built. Identifying your device may allow an attacker to find well-known defects which can be used to compromise its security.
What can be done about all of this? Somewhere in the settings for most larger devices, there is an option to generate random MAC addresses when connecting to a wireless network. If this option is enabled, the device will randomly generate a new MAC address each time it connects. Some devices will generate a new MAC address periodically, as well. This feature prevents attackers from discovering the actual address assigned to the device by the manufacturer and from tracking you through that information even if they do discover it.
You should always enable this setting, and any other setting that claims to provide “local network security” on your device.
More computer safety and security tips from Russ White:
Pop-ups? Just say no, and close those tabs! Making the internet work for YOU means, among other things, getting control of who can follow you around. If allowing these notifications sounds like a perfect avenue for an attacker, that’s because it is. This attack surface is a very large hole in the security of your computer.
Are you trapped in a news bubble? Russ White: The news filtered to you might leave out important things you need to know. But how can you tell? Before we talk about how to get out of the news filter bubble, we need to look at how it actually works.
Escaping the news filter bubble: Three simple tips Spoiler: Reduce the amount of information big providers have about YOU. Over time, unnoticed bubbles form ever more effective barriers against alternative information, maybe information you need. But getting out requires only a few simple steps.