What Is Mac Address Used For

/ Comments off



  1. What-exactly-is-a-mac-address-used-for
  2. What Can Mac Address Be Used For
  3. Sample Mac Address
  4. Mac Address Vendor Private
  5. Find Device Using Mac Address
What is the mac address used for

To communicate with a Wi-Fi network, a device must identify itself to the network using a unique network address called a media access control (MAC) address. If the device always uses the same Wi-Fi MAC address across all networks, network operators and other network observers can more easily relate that address to the device's network activity and location over time. This allows a kind of user tracking or profiling, and it applies to all devices on all Wi-Fi networks.

MAC Address or media access control address is a unique ID assigned to network interface cards (NICs). It is also known as a physical or hardware address. It identifies the hardware manufacturer and is used for network communication between devices in a network segment. MAC Address usually consists of six groups of two hexadecimal digits. The MAC address is used by the Media Access Control sublayer of the Data-Link Layer (DLC) of telecommunication protocols. There is a different MAC sublayer for each physical device type. The other sublayer level in the DLC layer is the Logical Link Control sublayer. Content Continues Below. MAC addresses are used in the local network while IP addresses can be used to identify network devices all around the world. Method 1: How to Find Your MAC Address in Windows 10 with Command Prompt.

To reduce this privacy risk, iOS 14, iPadOS 14, and watchOS 7 use a different MAC address for each Wi-Fi network. This unique, static MAC address is your device's private Wi-Fi address for that network only.

Join Wi-Fi networks with a private address

Using a private Wi-Fi address doesn't affect how you join or use most Wi-Fi networks. Connect to Wi-Fi as you normally do.

  • If your Wi-Fi router is configured to notify you whenever a new device joins the network, you will be notified when your device first joins with a private address.
  • If a network can't use a private address to provide parental controls or identify your device as authorized to join, you can stop using a private address with that network.
  • Rarely, a network might allow you to join with a private address, but won't allow internet access. If that happens, you can stop using a private address with that network.

Turn private address off or on for a network

You can stop or resume using a private address with any network. For better privacy, leave the setting on for all networks that support it.

iPhone, iPad, or iPod touch

  1. Open the Settings app, then tap Wi-Fi.
  2. Tap the information button next to a network.
  3. Tap Private Address. If your device joined the network without using a private address, a privacy warning explains why.

Apple Watch

  1. Open the Settings app, then tap Wi-Fi.
  2. Tap the name of the network you joined. If you haven't joined the network yet, swipe left on its name and tap more .
  3. Tap Private Address.

Learn more

  • If you erase all content and settings from your device, or you use the Reset Network Settings feature, your device will use a different private Wi-Fi address the next time it connects to the Wi-Fi network.

What-exactly-is-a-mac-address-used-for

To many, 'personally identifiable information' (also 'PII' or 'personal information') means information that can be used to identify an individual, such as a person's name, address, email address, social security number/drivers' license number, etc. However, in the US, there is no uniform definition of personal information. This is because the US takes a 'sectoral' approach to data privacy. In the US, data privacy is governed by laws, rules and regulations specific to market sectors such as banking, healthcare, payment processing, and the like, as well as state laws such as breach notification statutes). Companies, such as Google, often include their own definition of personal information in their privacy policy. Even though there is no uniform definition, however, it's clear that that more and more information is falling under the PII/personal information umbrella.

One category of data with potentially significant implications to US businesses if classified as PII are Internet Protocol (IP) and Media Access Control (MAC) addresses.

  • An IP address is a unique numerical or hexadecimal identifier used by computing devices such as computers, smartphones and tablets to identify themselves on a local network or the Internet, and to communicate with other devices. IP addresses can be dynamic (a temporary IP address is assigned each time a device connects to a network), or static (a permanent IP address is assigned to a network device which does not change if it disconnects and reconnects). There are two types of IP addresses - the original IPv4 (e.g., '210.43.92.4'), and the newer IPv6 (e.g., '2001:0db8:85a3:0000:0000:8a2e:0370:7334').
  • A MAC address is a unique identifier used to identify a networkable device, such as a computer/phone/tablet/smartwatch, as well as other connected devices such as smart home technologies, printers, TVs, game consoles, etc. A MAC address is a 12-character hexadecimal (base 16) identifier, e.g., '30:0C:AA:2D:FB:22'. The first half of the address identifies the device manufacturer, and the second half is a unique identifier for a specific device. If a device needs to talk to other devices, it likely has a MAC address.
  • Why do devices need both? There are incredibly technical reasons for this, but at a very high level, MAC addresses are used to identify devices on a local wired or wireless network (e.g., your home network) to transmit data packets between devices on that local network, and IP addresses are used to identify devices on the worldwide Internet to transmit data packets between devices connected directly to the Internet. Your router has an IP address assigned by your ISP, as well as a MAC address which identifies it to other devices on the local network. Your router assigns a local IP address (e.g., 192.168.1.2-192.168.1.50) to connected devices by MAC address. Network traffic comes to your router via IP address, and the router determines what MAC device on the network to which to route the traffic.
    Think of a letter mailed to your attention at your corporate office address of 1234 Anyplace Street, Suite 1500, Anytown, US 12345. The mailing address will tell the mail carrier what address to deliver it to, but the carrier won't deliver it right to you personally. Suppose you are in Cube 324. Your mail room will look up your cube number, and deliver the letter to you. The letter is like an online data packet, the mailing address is like an IP address, the cube number is like a MAC address, and the mail room is like a router -- the router takes the inbound packet delivered by IP address and uses the local device's MAC address to route the packet to the right device on the network.

Canada's approach. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) defines 'personal information' as 'information about an identifiable individual.' The Office of the Privacy Commissioner of Canada (OPCC) has released an interpretation making clear that this definition must be given a 'broad and expansive interpretation,' and that it includes information that 'relates to or concerns' a data subject. With respect to IP addresses, according to the OPCC an Internet Protocol (IP) address is personal information if it can be associated with an identifiable individual. (Note that in Canada, business contact information is not considered personal information, which implies that an IP or MAC address of a work computing device associated with an employee's work contact information is not personal information.)

The European approach. In Europe, the current Data Protection Directive and the proposed Data Protection Regulation both define personal data as 'any information relating to an identified or identifiable natural person.' Individual EU member states differ on whether an IP address should be considered personal data. The European Court of Justice (ECJ) has held that IP addresses are protected personal information 'because they allow ... users to be precisely identified,' and is considering whether to adopt an even stronger position that dynamic IP addresses collected by a website operator are personal information even if though the Internet service provider, and not the website operator, has the data needed to identify the data subject. The same rules should apply to MAC addresses. The new Data Protection Regulation, which will override member state implementations of the Directive, states in its findings that '[n]atural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.'

In the US, the sectoral and state-by-state approach to data privacy does not paint a clear picture as to whether an IP address or MAC address should be considered personal information.

  • Specific laws. The one US statute that clearly states that IP and MAC addresses are personal information is the Children's Online Privacy Protection Act (COPPA). In 2013, the FTC revised the COPPA Rule, which defines 'personal information' as 'individually identifiable information about an individual collected online,' as specifically including IP addresses, MAC addresses, and other unique device identifiers. The Health Insurance Portability and Accessibility Act (HIPAA) includes device identifiers (such as MAC addresses) and IP addresses as 'identifiers' that must be removed in order to de-identify protected health information. State security breach notification laws define personal information, but those laws do not include IP address, MAC address, or other device identifier as PII.
  • The FTC's view. In April, Jessica Rich, the Director of the FTC's Bureau of Consumer Protection, wrote on the FTC's business blog about cross-device tracking. In her remarks, she restated the FTC's long-held position that data is personally identifiable, 'and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device identifiers, MAC addresses, static IP addresses, or cookies meet this test.' She then specifically cited the FTC's 2013 amendments to the COPPA Rule as an example of this in practice. Director Rich's comments signal that the FTC views IP and MAC addresses, and other unique device identifiers, in a similar manner as the Office of the Privacy Commissioner of Canada -- if it can be associated with an identifiable individual, it should be considered personal information.
  • Google's View. It is also worth looking at Google's definition from its privacy policy, given Google's prominence as a collector and user of consumer personal information. Google defines personal information to include both information that personally identifies a person, as well 'other data which can be reasonably linked to such information by Google, such as information we associate with your Google account.' This is essentially the FTC's view, with a reasonableness standard.

What Can Mac Address Be Used For


Given all this, what should US businesses do?

Sample Mac Address

What Is Mac Address Used For

Mac Address Vendor Private

  • Consider using a term to define IP addresses, MAC addresses, and other user device identifiers which identify a thing, not a person, but can be linked to an individual depending on what information is collected or obtained about that individual. I call this information linkableinformation.
  • If linkable information is, or reasonably can be, associated or linked with an identifiable individual in your records, it becomes personal information.
    Think of your driver's license and your license plate as things. Your drivers' license has your name, photo, and other information, so it identifies you. Therefore, a copy of your license would be personal information. On the other hand, your license plate by itself identifies a thing (your vehicle), and therefore by itself is linkable information, but not personal information. However, if your license plate is contained in a list of names and associated license plates maintained by a company, the license plate is associated with you, and therefore the company should handle it as personal information. Similarly, your phone number identifies a thing (your phone, not you, as you can let anyone use your phone) and therefore is linkable information; if your number is linked with an identifiable individual (e.g., the number is associated with a recording an individual's voice on a phone call), the phone number becomes personal information.
    An IP address in a server log, by itself, is linkable information not linked or associated with an individual, and therefore not personal information. However, an IP address as part of an electronic signature record, where the IP address is collected and stored with a person's name, time/date stamp of acceptance, and IP address are collected, would be personal information.
  • If your company's privacy policy defines personal information to include device identifiers such as IP addresses and MAC addresses, or defines when device identifiers would be considered personal information, ensure you are doing what your privacy policy says you will do. Failing to comply with a stated privacy policy can give rise to an FTC investigation and/or complaint under ยง5 of the FTC Act, as well as state AG investigations/actions and private litigation.
  • If you collect information from European consumers, given the extra-territorial reach of the upcoming Regulation US companies should carefully watch how IP and MAC addresses fall into the EU's definition of personal data, and determine whether it needs to comply with Europe's approach.
  • If you collect IP address information from a child under 13 through a website or app governed by COPPA, by law it's personal information.
  • Talk to your IT group about whether you collect any device information, such as IP or MAC addresses, that could be linkable information, and analyze whether that data is linked or associated with personal information in your systems.

Find Device Using Mac Address


Eric Lambert is Assistant General Counsel at CommerceHub, Inc., a leading cloud services provider helping retailers and brands increase sales and delight shoppers by expanding product assortment, promoting and selling products on the channels that perform, and enabling rapid, on-time customer delivery. Eric works primarily from his home office outside of Minneapolis, Minnesota. Any opinions in this post are his own. He is a technophile and Internet evangelist/enthusiast. In his spare time Eric dabbles in voice-over work and implementing and integrating connected home technologies.