Can they see that I am using a Mac?

4dseibert

Hi,
New user to all of this
Using this at work. Can IT tell if this IP is a mac? There are only a couple mac users here?

Thanks In advance

tomeworm

Sure can, along with the browser and version of browser you're using, what OSX version you're running, your screen size, various plugins running like Flash, etc. Makes it pretty easy to ID you. A vpn gives you some level of privacy. It does not provide anonymity. Getting closer to anonymity requires some additional effort on your part starting with installing some plugins in your browser to obfuscate anything unique about your computer that can be traced back to you. For example I run User Agent Overrider plugin in Firefox and change its options as needed. I believe I saw a plugin that will even do so randomly. Also be sure to disable WebRTC.

You can see just how unique a signature your computer leaves here. 

tomeworm

It could be that your best option is to use TorBrowser.

Omnibus_IV

TOR won't work, nor VPN. This is after the fact. Your machine is already on your work's network. If the IT department collects machine information then they already know about your machine. If you use VPN or TOR, you will get a network IP from the VPN service or TOR, but you are still connected to your work network. The only difference is the IT department will not be able to monitor your data unless they remote access into your computer and watch from there. I doubt they will do that, but do not underestimate the IT department. Remember, you are accessing their equipment and therefore, may have the right to access your machine without your permission.

JMHO

tomeworm

Omnibus_IV said:

TOR won't work, nor VPN.

It depends. But in theory you're correct. It really comes down to company policy and what they permit and prohibit on company computers. If they prohibit the use of vpn or TOR, such as companies are required by law to enforce in China, then yes, such things are going to be monitored for. In most other countries though generally not.

If the network admin were concerned about it enough (and in my experience it's unlikely) they could identify you with your MAC address (something that in a company network setting would be all but impossible to obfuscate) and go from there.

Many companies have had to impose rules against employees accessing their social media accounts from work because they've found it cuts into worker productivity. How does it get enforced? Typically the IT dept. monitors network access to Facebook, Twitter, etc. and then gives a warning to any employees found violating the rule. A vpn serves as a useful means of bypassing the monitoring. No one can see which sites you're accessing other than the vpn. However if the company prohibits vpn use and you get caught then you've got a problem. 

[Deleted User]

@4dseibert As others have mentioned, any network administrator will be able to tell an awful lot about your machine simply be how it connects, and if using an unencrypted stream to the internet, what data it is sending.

Before continuing on with my suggestions for ways around this (in the following post), its important to take a moment to consider what your companies security and usage policies are. This is not only for your own safety (and job security), but also for the corporate network's safety. Questions you should answer before continuing on include:

1. Is it against the ToS to spoof my MAC?
2. Is it against the ToS to use any software other than pre-installed or whitelisted software?
3. Does my system have any privildges that could put the company at risk, either by my system being hacked (work files and credentials), or by my system being used as a trojan to access the network?
4. Does my network have a firewall or usage policy that restricts against tunneling to my home or other locations, for example, to connect to my home server and upload my work progress? (Many corporate and government networks block even Google Docs as a matter of security policy to help stop internal leaks or malware spreading)
5. Are my planned activities going to put the company or my employment at risk? Is it worth it when I could just bring a phone to work and hotspot connect to it for personal use instead or wait until I get home?

If you answered yes to any of these questions, consult the network operator with your concerns or move on. Continuing further may compromise the security of your network, or end your employment, career, or freedom if criminally prosecuted for your actions if something bad happens.

[Deleted User]

Spoofing your MAC

The first line of defense for anonymizing your network connection is the MAC address. Assuming you are not breaking any ToS for the network and are not participating in illegal activities, you may want to spoof your MAC just for additional peace of mind in situations where you are somewhat concerned with your privacy.

Not too long ago, the city of London had trash bins collecting the MAC addresses of passerbys (http://www.bbc.com/news/technology-23665490), and regardless of their claimed intentions on how that data is or isn't collected or how it is or isn't used, once they've obtained it without your willing consent, that's a privacy invasion I would want to end. 

It's important to note also that simply changing your MAC does not stop fingerprinting in other channels such as monitoring connection times, connected resources, DNS requests, logins, etc. It is most often used to either keep privacy or extend allocated free time on public WiFi.

Multiple MACs

Your device will likely have multiple interfaces for connecting to the internet, commonly an ethernet and a wifi adapter. As each internet interfacing device will have its own MAC, you'll need to make sure to change all of them.

Instructions for Mac

First, let's generate the MAC. In an open terminal window, type

        openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'

To get a list of active interfaces, open a terminal and type

        sudo ifconfig

From the list, choose your active Ethernet and/or Wifi adapters you'd like to spoof, then in the terminal use the following command to shut down the network, change them, then turn the network interface back on:

        sudo ifconfig eth0 down
        sudo ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
        sudo ifconfig eth0 up

...replacing en0 with the interface name and xx:xx:xx:xx:xx:xx with a valid-formed MAC address we generated above.

Now confirm the updated MAC status by running

        sudo ifconfig

Note: These settings are not persistent so you will lose them after rebooting and need to perform this action. You can make this easier by putting these commands into a script and running the script instead. That script would look like this:

MAC spoofing script

        sudo ifconfig eth0 down
        sudo ifconfig eth0 "$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//')"
        sudo ifconfig eth0 down

While you could add more lines of code to the script to first grab the current MAC address, modify it, then confirm it actually changed, that may be error prone and give false positives. For something this important, doing it manually and confirming yourself is probably best.

For those who prefer a tool to use, you may want to install macchanger for OS X (https://github.com/acrogenesis/macchanger/).

Instructions for Debian (Linux / Ubuntu)

Debian has a package for this specifically called macchanger. While the above code for Mac OS X will work for Linux in general, macchanger has more functionality and can be called with more confidence and automation.

You can install it by opening a terminal window and typing

        sudo apt-get install macchanger

macchanger has its own settings and options available.

GNU MAC Changer
Usage: macchanger [options] device

  -h,  --help                   Print this help
  -V,  --version                Print version and exit
  -s,  --show                   Print the MAC address and exit
  -e,  --ending                 Don't change the vendor bytes
  -a,  --another                Set random vendor MAC of the same kind
  -A                            Set random vendor MAC of any kind
  -p,  --permanent              Reset to original, permanent hardware MAC
  -r,  --random                 Set fully random MAC
  -l,  --list[=keyword]         Print known vendors
  -b,  --bia                    Pretend to be a burned-in-address
  -m,  --mac=XX:XX:XX:XX:XX:XX
       --mac XX:XX:XX:XX:XX:XX  Set the MAC XX:XX:XX:XX:XX:XX

Report bugs to https://github.com/alobbs/macchanger/issues

For systemd systems you can use,

        sudo service network-manager stop
        macchanger -r eth0
        sudo service network-manager start

Otherwise,

        sudo ifconfig eth0 down
        sudo macchanger -r eth0
        sudo ifconfig eth0 up

If you wish to do this without installing macchanger or you're on a system that does not have macchanger, you can still use

        sudo ifconfig eth0 down
        sudo ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
        sudo ifconfig eth0 up

Instructions for Windows 8 and 10

1. Press the [Windows key] + [x], then select Device Manager (for Win 7. use the start menu).
2. Navigate to the Network Adapters listing
3. Right-mouse click on the interface you want to spoof the MAC for, and choose Properties
4. Navigate to the Advanced tab
5. In the properties list window, scroll down to Network Address.
6. Enter a value without any special characters (example: 72:00:08:69:F2:08 becomes just 72000869F208)
7. Click OK
   

[Deleted User]

Are you a newbie who doesn't trust themselves to secure their own OS, configure the firewall properly, or perhaps you just want to take your privacy to the next level? Then perhaps you might consider a more radical solution such as:

Use an OS Built to Stop Leaks

Besides just changing your MAC address, when connecting to and using a network, what OS you're using is possible to deduce based on network responses, open ports, and unencrypted data sent from your computer across the network. This can be mitigated by switching to a different OS entirely, such as:

• QubesOS https://www.qubes-os.org/  - run multiple, different OSs inside of VMs, each with their own software and network firewalls, optionally forcing traffic over Tor with Whonix, or;

• Tails https://tails.boum.org/ - boots from media such as a USB stick and runs entirely in RAM, forcing all traffic over Tor).

Both of these OSs are designed to increase your security and privacy overall, although they each have their own drawbacks and considerations. If you're interested in reading more about them, follow the links above. If not, ignore this post!

WARNING: Using Tails will make it impossible to use the PIA VPN or any other VPN, although you may continue to use the supplied proxy in certain situations. Tails is designed to entrust your privacy entirely to Tor and the TailsOS. There is no room for VPNs yet in Tails' security recipe.