What is a MAC address?

Every network interface — wired or Wi-Fi — has a MAC address, which is a serial number assigned to each interface at the factory by the vendor. MAC addresses are used on the local network to identify the communications of each network interface.

IP-地址用於識別位於網際網路上的位置,而 MAC-地址則是在本地區域網路內識別出你的設備。MAC-地址只能用於本地內部網路而無法送出到互聯網上。

在本地區域網路內利用此獨特的識別方式可能會傷害用戶隱私,看看這兩個例子:

  1. 如果你的筆電連接到好幾個 Wi-Fi 網路, 在不同的區域網路間,你的無線網卡使用了同一個 MAC-地址 某人觀察這些網路活動可以認出你的MAC-地址然後追踪 出你的地理位置**。

  2. Unless you choose to hide that you are connecting to the Tor network, someone who monitors your Internet connection can know that. In this case, your MAC address can reveal that you are a Tor user.

What is MAC address anonymization?

When MAC address anonymization is enabled, Tails temporarily changes the MAC addresses of your network interfaces to random values for the time of your Tails session. MAC address anonymization hides the serial number of your network interface, and so, to some extent, who you are, from the local network.

MAC address anonymization is enabled by default in Tails because it is usually beneficial. But in some situations it might also lead to connectivity problems or make your network activity look suspicious. This documentation explains whether to use MAC address anonymization or not, depending on your situation.

To learn how Tails implements MAC address anonymization, see our design documentation about MAC address anonymization.

When to keep MAC address anonymization enabled

MAC address anonymization is enabled by default for all network interfaces. This is usually beneficial, even if you don't want to hide your geographical location.

這裏有些例子:

  • Using your own computer on an public network without registration, for example a free Wi-Fi service in a restaurant where you don't need to register with your identity. In this case, MAC address anonymization hides the fact that your computer is connected to this network.

  • Using your own computer on a network that you use frequently, for example at a friend's place, at work, at university, etc. You already have a strong relationship with this place but MAC address anonymization hides the fact that your computer is connected to this network at a particular time. It also hides the fact that you are connecting to the Tor network on this network.

When to disable MAC address anonymization

In some situations MAC address anonymization is not useful but can instead be problematic. In such cases, you might want to disable MAC address anonymization as instructed below.

Note that even if MAC address anonymization is disabled, your anonymity on the Internet is preserved:

  • 在本地區域網域內的敵方只可以看到連線到 Tor 網路的加密連線。
  • 你的MAC-地址不會透過互聯網傳送到你所訪造的網站。

However, as discussed above, disabling MAC address anonymization makes it possible for someone to track your geographical location. If this is problematic, consider using a different network interface, like a USB Wi-Fi adapter, or moving to another network.

這裏有些例子:

  • Using a public computer, for example in an Internet café or a library. This computer is regularly used on this local network, and its MAC address is not associated with your identity. In this case, MAC address anonymization can make it impossible to connect. It can even look suspicious to the network administrators to see an unknown MAC address being used on that network.

  • On some network interfaces, MAC address anonymization is impossible due to limitations in the hardware or in Linux. Tails temporarily disables such network interfaces. You might disable MAC address anonymization to be able to use them.

  • Some networks only allow connections from a list of authorized MAC addresses. In this case, MAC address anonymization makes it impossible to connect to such networks. If you were granted access to such network in the past, then MAC address anonymization might prevent you from connecting.

  • Using your own computer at home. Your identity and the MAC address of your computer are already associated to this local network, so MAC address anonymization is probably useless. But if access to your local network is restricted based on MAC addresses it might be impossible to connect with an anonymized MAC address.

Disable MAC address anonymization

You can disable MAC address anonymization from the Welcome Screen:

  1. When the Welcome Screen appears, click on the Add Additional Setting button.

  2. Choose MAC Address Anonymization in the Additional Settings dialog.

  3. Select the Don't anonymize MAC addresses option.

Other considerations

  • 其它的監控方式可以揭示你的地理位置:影像監控、行動電話活動、信用卡交易、社交人際互動等等。

  • 使用 Wi-Fi 無線網路時,在同一個無線網路區域範圍內的任何人都可以看到你的 MAC-地址, 甚致還不必連結到同一個無線接入點。

  • 當使用行動網路連線時,如 LTE, 3G 或 GSM , 你的 SIM-卡 (IMSI) 和手機序號 (IMEI) 都會揭露資訊到行動電話營運商。

  • Some captive portals might send your MAC address over the Internet to their authentication servers. This should not affect your decision regarding MAC address anonymization. If you decide to disable MAC address anonymization your computer can already be identified by your ISP.