MAC Address Randomization Isn’t as Safe as We Thought

In the fight to protect your privacy, there are a few tools at your disposal. One tool, MAC address randomization, has long been thought of as a way to keep prying eyes off your internet connections, no matter where you were.

What is a MAC address? It is a unique multi-digit number that identifies your device when it connects to the internet. If you connect over a public Wi-Fi connection, someone who’s monitoring your MAC address will know when you connect again in the future, when you disconnect, and so on. But techxperts learned a simple trick a long time ago: by generating new, random MAC addresses each time you connect, you should be able to avoid having public Wi-Fi owners track your movements or activity. This tracking is typically used for advertising purposes, like sending you an online ad if you happened to pass by that store again, but in some cases it could be used to find out when you enter a competitor’s store, for example. For some consumers, that’s a little too much like Big Brother watching.

Unfortunately, MAC address randomization has now been found to be not quite as foolproof as we originally thought. A new study by researchers at the US Naval Academy uncovered flaws and vulnerabilities that allowed them to track one hundred percent of the devices they were following. There’s a very technicalexplanation of the researchers’ findings in this article, but the takeaway is that this technique may not do anything to protect your privacy after all.

There’s a long-standing rule of the thumb when it comes to privacy and technology: you’re not as safe as you think. We have software to thwart viruses, firewalls to prevent malicious code from sneaking in over the internet, VPNs to “trick” spies into not seeing our activity or knowing our location, parental control filters to keep our children safe online, and so much more. But the end result is that hackers keep finding workarounds to the protective measures we rely on. Does that mean we just ignore the danger and not install these safety protocols? Of course not. But there is a very important truth that all tech users must understand.

Nothing will ever replace diligent attention to your online accounts and internet activity. Whether it’s trying to avoid being “followed” over public Wi-Fi or preventing your ISP from selling your history and data to advertisers, taking your own privacy steps is critical. Relying solely on technology without safeguarding your information and your family for yourself is too big a risk.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.