I’m feeling a little miffed at the moment. I might be tempted to go so far as to say I’m a mite peeved (please excuse my robust language). I will explain the source of my disgruntlement shortly, but first…
A media access control (MAC) address is a unique 48-bit identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. MAC addresses are tied to interfaces, so your PC will have one MAC address for your Ethernet port, another for its Wi-Fi, yet another for its Bluetooth interface, and so on.
In the case of mobile devices like tablets and smartphones, we almost invariably connect to the outside world via Wi-Fi. Within the Open Systems Interconnection (OSI) network model, MAC addresses are used in the medium access control protocol sub-layer of the data link layer. The Wi-Fi MAC address is hard coded into your device, which wouldn’t be a problem if there weren’t so many plonkers and nefarious players out there, many of whom are acting like Big Brother in Nineteen Eighty-Four, using your MAC address to track where you are, where you’ve been, and what you are doing (reading, watching, listening to, etc.).
A few days ago, I was chatting to the folks at a startup company called LEVL (I think of them as “leveling the playing field”). Their mission is to erase your network footprint. Paradoxically, they do this by generating their own 48-bit LEVL-IDs for each of your devices, where these IDs are generated by listening to your devices “speak.” In the same way that you can identify different people with your eyes closed by listening to them talk, LEVL’s algorithms can uniquely identify different devices by the way they squawk (“talk” … “squawk” … I’m quite proud of that one).
In order to achieve this, LEVL identifies “fingerprints” from all seven layers of the OSI model, including the physical layer. As a result, even if you had 20,000 devices all communicating the same message, the LEVL-ID associated with a particular device can uniquely identify that device in the crowd.
But doesn’t this make it easier to track you? Well, the trick here is that LEVL-ID’s are generated on a network-by-network basis, so the LEVL-ID associated with your iPad as seen by your router at home will be different to the one assigned to you by the Wi-Fi network in your office. In turn, this will be different to the LEVL-ID ascribed to you by the router in your local coffee bar.
One interesting aspect to all this that it doesn’t require you to load anything onto your devices or modify them in any way. For example, your ISP provider could download the LEVL-ID software as a patch into your home router as part of a regular upgrade in the wee hours of the morning while you are snoozing furiously.
There’s so much more to all this. I was planning on writing an attention-grabbing, awe-inspiring column about this technology for EEJournal.com, but I just saw that Jim Turley has already done so, and his column — Erasing Your Network Footprint — presents this topic far more eloquently than I could hope to do myself.
So, now you know the reasons for my disgruntlement. First, that when the folks at LEVL briefed me, they neglected to mention that they had already discussed this with Jim. And second, that Jim did such a good job of writing it up. Now I must away to gnash my teeth and rend my garb (or roll my eyes and sigh, which is the English equivalent). Meanwhile, why don’t you bounce over to read Jim’s column and then come back here to tell me what you think?
Ok, let me make sure I understand this. If I purchase a used computer, I inherit the network identity and activity of the previous owner? If I start a new job and the company gives me a laptop used by the person who was fired for some reason and replaced by me, same thing?
Ooh — that’s a good question I never thought to ask — I’ll ask them now — Max
Charles, Tim here from LEVL — Great question, so let me tackle it. Network identity really has two fundamental pillars. There is your user identity, which is a digital ID that is defined by a username, password and sometimes certificates installed on the machine. The user ID is used for access to specific network resources and access to personal information. There is also device identity, which typically has been the device MAC address ( media access control address), even though it was not really intended to be used as a general device ID. The LEVL-ID takes the place of the MAC address for the device identity. The device identity is more about how the device interacts with the network and what permissions the device has on the network. It is used in conjunction with the USER identity. So while the device will show up as the same device, just as it would have with a MAC address, access to user information will not be allowed because that is governed by the user identity. The broader issue is that over time, MAC addresses, which are global in nature, have been tied to user IDs by bad actors. As covered in the blog, the LEVL-ID is much less exposed to compromise by bad actors. — TC
Hi Tim — thank you so much for taking the time to respond — it’s much appreciated — Max