Is it dangerous to post my MAC address publicly?

  • When posting questions, it is often quite useful to include debug output. However, it sometimes include the MAC address of my laptop, router, or both.

    What are the possible dangers of releasing these mac addresses publicly?

    In short, there's no danger whatsoever. Please refer to similar question with excellent answers:

    The answers below are all correct-- I just wanted to mention that you should not disclose any personally-identifiable information unnecessarily. It's true that nefarious use is nearly impossible, but when it comes to security, your "enemy" should know as little as possible about you.

    I once found an unknown computer on my network (shared between some students), and when I googled the mac. I identified who it was. He had posted debug info on a Q/A forum

    It’ll make you extra-identifiable by IPv6 address if you’re using IPv6 with SLAAC without privacy extensions (which is a bad idea already).

    @Dogeatcatworld Perfect example of why you share nothing.

  • Adi

    Adi Correct answer

    6 years ago

    Disclosing the MAC address in itself shouldn't be a problem. MAC addresses are already quite predictable, easily sniffable, and any form of authentication dependent on them is inherently weak and shouldn't be relied upon.

    MAC addresses are almost always only used "internally" (between you and your immediate gateway). They really don't make it to the outside world and thus cannot be used to connect back to you, locate you, or otherwise cause you any direct harm.

    The disclosure can be linked to your real identity since it might be possible to track you using data collected from WiFi networks, or it can be used to falsify a device's MAC address to gain access to some service (mostly some networks) on which your MAC address is white-listed.

    Personally, I wouldn't really worry about it. However, when it's not inconvenient, I usually try to redact any irrelevant information when asking for help or sharing anything.

    +1; I suspect any scenario in which your MAC address would be useful to an attacker (e.g., a MAC-restricted WiFi network) is a scenario in which the attacker can already view your MAC address.

    @apsillers I'll have to disagree. That only works if you're connected and using the network at the time the attacker is attempting to grab the MAC address. If you're not connected to the network, then the attacker must acquire the MAC address through other means.

    I'll certainly agree to that, and admit my statement wasn't very complete. Perhaps I should revise it to say that most situations in which an attacker can meaningfully use your MAC address are situations in which your MAC address is clearly visible *when in use*. Learning someone's MAC address might be valuable to an attacker if some particular combination of space/time/usage constraints would prevent them from learning it from your normal use.

    With IPv6 the MAC often makes up part of the IP.

    Wasn't the author of that iloveyou worm caught because his mac-address was included in that vbasic code?

    @ott-- Even if it were true, it would still be irrelevant. You'd be comparing shouting your name while you're walking down the street to shouting your name while you're robbing a bank. If the story were true, he would have been caught if he left his phone number or email address in the code. So is that an argument against not disclosing your email address or phone number? Of course not.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM