Possible invasion of privacy issue

I would like to know why this program is taking note of MAC addresses - this information is VERY sensitive and unique to your computer and there is NO reason for it to be needed by a software firewall. The MAC address of your NIC or LOM is a hardware key that is embedded in the chip and as far as I know is only used by network switches for routing purposes - why is CPF digging this up and is it being sent back to COMODO? I have used many software firewalls and have never come across this before so anyone with any insight into this detail please advise. ???


How is it digging up the MAC address? If you are referring to the MAC address shown in the information panel (bottom right hand corner of the firewalls GUI), it is merely reading it from your adaptor. It is not sent anywhere. It is merely displayed on your screen.

To verify this, install Wireshark or a similar packet sniffer. Run it for as long as you want and then go through the packet log, searching for your MAC address. At no point does the firewall send this data anywhere.

Hope this helps,
Ewen :slight_smile:

First of just to clarify a point, the MAC address is not necessarily fixed and can be (Not always) changed through the device driver or registry. Even if you could not do that a hacked driver could be used that would report a false MAC… Anyways.

Comodo would need that to tell the difference in the case you have two NIC cards, it is the MOST concrete way it can tell… (Most people don’t fake it, or use hacked NIC drivers (-: ).

I am not a Comodo developer so I cannot say for certain that the firewall is not sending back the MAC address although i very much doubt it!!

Well, so far I’ve gotten 2 replies, weak ones at that, and they both don’t answer the original question - why is CPF noting the MAC address of your network adapter when that information is not needed by any software firewall that I’ve come across? Again, the MAC address, which is usually expressed in HEX number format, IS unique to the hardware AND cannot easily be changed unless you re-program the chip. As has been mentioned in one reply, yes you can spoof a different MAC address for whatever reason but that doesn’t change the original number in the hardware. The whole reason I bring this up as a privacy issue is that the MAC address is THE final piece of information needed to track you down to your exact location…period. Before all the “hey he’s a conspiracy freak” types start coming out of the wood work, the point is - WHY IS CPF TAKING NOTE OF THIS VERY SENSITIVE INFORMATION IN THE FIRST PLACE?

How exactly are you tracking the MAC address?

I’m not flaming you but just wanting to find out your method of discovery.


Before I put forward anything, I’d like clear something up first… Are we are talking about this MAC Address? The MAC Address that is included in any Ethernet packet?

Yes, what else ?
If you don’t want your MAC-address to show then I suggest you remove your NIC .
Whatever you do, DON’T look at your traffic with wireshark .
You will get a seizure from seeing your MAC in every single packet you send …

My God ! if I write ipconfig /all in Start/run it shows my MAC address …
Why does windows need to know my MAC ?



Well… by the Wiki URL… I was trying to politely & gently point out that his MAC Address was on every IP Header packet & thats the point of MAC Spoofing… trying to hide who you were, not where you were. In short, I think dabigoreo has misunderstood how a MAC Address is used. Some firewalls even allow you filter based on MAC Addresses, CFP doesn’t… but, it is on the wish list I believe.

Yeah, that’s one of the things I like about you comodo-guys, you are always
so polite, even when someone comes up with un-founded insulting remarks like this . (R)
I just think that before you cry wolf you should make sure there IS a wolf in the first place.
This is a bit like people calling a p2p app “unsafe” because it shows the IP in the interface …

edit : a possible answer to “why does windows need to know my MAC” is :
It’s one of the identifiers used by the windows activation “feature” .
That means MICRO$OFT (also known as “They”) has your MAC on record
if you activated your windoze .
It’s to prevent “piracy” they say. The solution is of course to use a windoze
that doesn’t require activation … oh, what sweet irony that is !

The Comodo Firewall Release History thread:

------------------------------------- Whats new in Version 2.4.16 ------------------------------------- ... IMPROVED! DHCP stateful analysis : added MAC address verification for the DHCP server

MAC addresses are needed by ALL firewalls to tell the difference between two network cards. What if someone that did not know what they were doing set both cards to the same IP and subnet, how would Comodo know which one you are using???

Sometimes people have the same TCP/IP details set to both cards, but just plug the network cable into one and it works.

NOTE: Justin, kail , Little Mac, mike6688, Panic, Soya, TripleJolt and most of the Global Moderator class members are volunteers, we do not work for Comodo.

Sorry, I should have been more explicit in my answer. The MAC address of your NIC is in the IP header of every data stream leaving your PC, along with the outbound IP address used to establish the connection. The firewall isn’t including it, it’s part of the IP spec. The firewall doesn’t do it, and it certainly can’t prevent it.

What I meant in my response was that the firewall does not initiate a connection and transmit your MAC address as data to a remote location. This is why I recommended that you run a packet sniffer to analyze the outbound traffic. You should clearly be able to see the MAC address and IP address in each packets header. What you will not see is the MAC address being included in the data packet by the firewall.

As stated before, ask Microsoft why their software transmits your MAC address to their servers and is retained as part of your Windows activation.

Hope this helps,
Ewen :slight_smile: