The simple version is, even if you use a VPN they can still get the MAC address on your computing device, by various means including tricks. Then they can correlate usage of that value with who you are, by comparing data from various accesses. Now, Reddit alone can't do that, indeed they can use multiple data sources in order to cross-correlate. ANYONE who does online gaming will be traceable by this means.
The short take is, you are not totally anonymous even with VPN, if you are on a PC. If you are on a burner phone it is harder but if you make even one slipup, you're hosed.
True, but a direct hardware query will always return the factory hard-coded value. So even if the average person runs spoofing software for this on normal Internet packet use, they are vulnerable to specialized tools for attack. So my guess is the average random Redditor doesn't run spoofing, and probably some nosy people have fingerprinted them. A side note, some software vendors use MAC address on user machine as a key to authentication of software license.
Hm, I agree here, however am wondering about what tools they would use to penetrate through the VM and see the real MAC address of the NIC. Basically, if I’m spoofing my MAC and browsing on a VM, how does one look beyond that.
If by some trick outside software can invoke BIOS calls, it can read the data straight off the hardware. The MAC address can exist as a value burned in on each MAC's firmware or ROM; the value exists at a memory address one could query, or might be accessible through a chip in the HW implementing the Ethernet Phy layer, I believe. I'd have to go read old developer datasheets I haven't reference for 15 years to remember what the method is.
The simple version is, even if you use a VPN they can still get the MAC address on your computing device, by various means including tricks. Then they can correlate usage of that value with who you are, by comparing data from various accesses. Now, Reddit alone can't do that, indeed they can use multiple data sources in order to cross-correlate. ANYONE who does online gaming will be traceable by this means. The short take is, you are not totally anonymous even with VPN, if you are on a PC. If you are on a burner phone it is harder but if you make even one slipup, you're hosed.
MACs can be spoofed/changed tho.
True, but a direct hardware query will always return the factory hard-coded value. So even if the average person runs spoofing software for this on normal Internet packet use, they are vulnerable to specialized tools for attack. So my guess is the average random Redditor doesn't run spoofing, and probably some nosy people have fingerprinted them. A side note, some software vendors use MAC address on user machine as a key to authentication of software license.
Hm, I agree here, however am wondering about what tools they would use to penetrate through the VM and see the real MAC address of the NIC. Basically, if I’m spoofing my MAC and browsing on a VM, how does one look beyond that.
If by some trick outside software can invoke BIOS calls, it can read the data straight off the hardware. The MAC address can exist as a value burned in on each MAC's firmware or ROM; the value exists at a memory address one could query, or might be accessible through a chip in the HW implementing the Ethernet Phy layer, I believe. I'd have to go read old developer datasheets I haven't reference for 15 years to remember what the method is.