Does VPN hide your MAC address: what you need to know

Share or tell us what you think in the comments!

It’s well known that a VPN can hide an IP address, but what about the MAC address? Can websites track it down or can it be seen on your router even when using a VPN? To answer these questions it is important to understand what the MAC address is and how do devices use it. Let’s explore further what you need to know about it.

MAC stands for Media Access Control which is an address that contains 12 symbols (ex. E8:FC:AF:B9:BE:A2) and is unique to every device. It is used to identify a physical device (or hardware) such as a network interface card (or NIC) on a local network. This address never changes as it is burned-in by a manufacturer.

In many cases, there are multiple devices connected to the same network – laptops, phones or TVs, and in order for a router to know which internet packets belong to which device it keeps track of every device’s MAC addresses. A router holds this information in an ARP table where for each MAC address a local IP address is assigned.

Let’s take a look at a graph on how devices communicate using MAC addresses:

A Graph How Devices Use MAC Address To Communicate over the network
Device communication over the network via MAC addresses

When you try to access a certain website, your device and a router communicate over their MAC addresses on a local network. Then, once the router sends internet traffic outside the local network it strips off your devices MAC address and uses its own instead. With each hop, the previous device’s MAC address is stripped off and replaced before sending any internet packets further. In a long network chain, routers and other network equipment only know about MAC addresses of those devices that are directly connected to them.

Using a VPN or not, the websites can not see your device’s MAC address simply because it is stripped off once your internet traffic leaves the router. The website can not even know your router’s MAC address since it usually takes multiple hops via different devices to reach it.

Even though MAC can not be seen by the websites directly, there are few indirect ways to get it – extracting from your IPv6 and by running a script on your device.

You have probably heard of two versions of IP address – IPv4 and IPv6. Many ISPs nowadays assign both versions to your account. The interesting part is that IPv6 format is very similar to your MAC address format and this is because sometimes an IPv6 address is made using it.

When you visit a website both your IPv4 and IPv6 are visible to the website and it is possible to extract your MAC address from IPv6 address. Using a VPN is a good idea to completely hide both versions of IP this way preventing indirect access to your data. Not all IPv6 addresses using your devices MAC address, there might be different ones assigned to you by your ISP that are random.

Another way websites could get your MAC address is by running a script directly on your device. It is theoretically possible, but practically extremely hard to implement since running such a script that could access the device’s information would literally require tricking you to grant administrator privileges and running it on your device.

Just by visiting a website and clicking a random popup would not work, since such a script could not possibly be run from a browser. Therefore the only way it could work is if someone remotely connects to your computer and executes the downloaded script file.

A router is a part of a local network and MAC address is used for your device to communicate with it. Using a VPN would not hide your MAC address from a router since VPN is used to hide your IP address on the public internet. In fact, if your MAC would be hidden from a router you would not have access to the internet.

Hiding your MAC address completely on a local network is not really possible since it would cut your internet access, however, if you are concerned that someone might detect your device there’s one way to do it – spoof it.

On every OS there is a way to fake or change your real MAC address, or even create a temporary one that is rotating all the time. Here’s how to spoof your MAC on every platform:

Here’s how to spoof your MAC address on Windows 10:

  1. Type Device Manager in Windows 10 search box
  2. Find Network Adapters and select Properties of your network adapter
  3. Go to Advanced tab and select Network Address or Local Network Address
  4. Change the value in the box and restart your device

Here’s how to spoof your MAC address on macOS:

  1. Turn off wifi
  2. Launch Terminal app
  3. Use terminal command to generate random MAC address: openssl rand -hex 6 | sed ‘s/\(..\)/\1:/g; s/.$//’
  4. Use terminal command to set the new MAC address sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx where your new MAC is instead of X’s
  5. Restart your device

Spoofing your MAC address on iOS requires jailbreaking your phone, therefore it is not recommended to spoof it.

Here’s how to spoof your MAC address on Android:

  1. Go to GooglePlay and download ‘Android Terminal Emulator‘ app
  2. In the app type ‘ip link show’ to get the network interface name (it’s probably ‘wlan0’)
  3. Now type ‘ip link set wlan0 XX:XX:XX:YY:YY:YY where wlan0 is your network interface name and new MAC address value instead of Xs and Ys.
  4. Go to device properties to see if your MAC address has been changed.

When VPN is used it really does not affect or hide your device’s MAC address, but it does not need to do it anyway since in the long device chain your MAC does not travel any further than your router. However, there are few indirect ways to find out your MAC – one is extracting it from IPv6 address and another by tricking you to run a script that would send the information. If you want to really protect yourself you could use a VPN to hide your IPv6 address or try to spoof your MAC address.


Share or tell us what you think in the comments!

Add a Comment

Your email address will not be published. Required fields are marked *