feature article
Subscribe Now

Erasing Your Network Footprint

Startup LEVL Bypasses the Hard-Wired MAC Address

“You wouldn’t worry so much about what others think of you if you realized how seldom they do.” – Eleanor Roosevelt

Like most things about computers and the Internet, MAC addresses were created with the assumption that people aren’t jerks. Sadly, that notion proved incorrect, and we’ve spent the last 40-odd years trying to curb spam, malware, Wi-Fi spoofing, ad tracking, and any number of other modern ills. 

To that list add the many and varied attacks on online privacy. In a pre-digital society, we took it for granted that if your neighbors couldn’t see or hear you, they didn’t know where you’d been or what you’d been doing. (They probably didn’t care, either.) Nowadays, we’ve learned that tech-savvy firms probably do know where you’ve been, what you’re reading, what you’ve purchased, and what kind of music you like. They’re also adept at piecing together a pretty good profile that includes your age, gender, appearance, place of birth, school friends, employment history, and other details that we’d prefer not to think about. 

Our collective response has been varied, from totally unaware, to aware but unconcerned, to vaguely uncomfortable, to obsessively paranoid. We all fall somewhere along that spectrum. We’re grateful for whatever concessions to privacy that vendors care to give us and we learn to accept the rest. 

Hardware MAC addresses are part and parcel of networking, which also makes them a tool for the forces of privacy/antiprivacy. The lowly media access control (MAC) address is every connected device’s unique network ID, an immutable and exclusive identity assigned at birth. MAC addresses sit near the bottom of the seven-layer OSI stack, and, unlike, say, an IP address, MAC addresses don’t change. 

That’s great, because it gives each client on the network a permanent ID that’s guaranteed to be unique. But it’s also a problem because each client on the network has a permanent ID that’s guaranteed to be unique. It’s like a tattoo: a good idea at the time, but a permanent mark that you can never remove. That’s a problem if you’re concerned about network privacy. 

Among the online marketers’ various and nefarious bag of tricks is MAC tracking. Your MAC address follows your device everywhere, so it’s relatively easy to tell that the laptop you carried into Starbucks yesterday is the same one you used in the lobby of the Hilton last year. Same goes for your phone, tablet, e-book reader, smart home appliances, and absolutely everything else that has an Ethernet, Wi-Fi, or Bluetooth interface. It’s possible to track online activity with MAC addresses, and you can locate MAC addresses in physical space, almost like GPS. It’s an online beacon highlighting your peripatetic presence. 

Enter startup company LEVL. The 20-person firm aims to wean network operators off the ubiquitous MAC address and to use an alternative it calls LEVL-ID instead. It’s a different way to assign network identity without necessarily also revealing everything else about your device – or yourself. 

Like a MAC, a LEVL-ID is a 48-bit identifier. It’s unique to your device, so no two devices on the same network will ever have the same LEVL-ID. But, unlike a permanent MAC, a LEVL-ID changes with each network you join. That is, you get one LEVL-ID at home, a different LEVL-ID at the coffee shop, yet another one at the hotel, and so on. There’s no correlation between LEVL-ID addresses from one network to the next, so there’s no way for apps or online vendors to follow your activity. (At least, not by using hardwired network identifiers. Tracking cookies, IDFAs, MAIDs, and other methods still exist.) 

LEVL-IDs are generated using a nonrandom algorithm, so if/when you rejoin a previous network, you’ll get the same LEVL-ID. The company says each ID is generated using information gleaned from all seven levels of your device’s network stack, including subtle physical characteristics like chip voltage, signal response, timing, and other “fingerprints” that uniquely identify the device but that are also repeatable and reliable. Like MACs, LEVL-IDs are tied to an interface, so a laptop will have one LEVL-ID for its Ethernet port, a separate one for Wi-Fi, and a third for Bluetooth. 

The LEVL-ID doesn’t replace the MAC address – how could it? – but rather lives alongside it. MACs are enshrined in global networking standards, so it’s too late to overhaul them. The idea is to get network managers and operators to selectively ignore MAC addresses when they can and to use comparatively anonymous LEVL-IDs instead. 

Which raises an interesting feature of the technology. LEVL-IDs don’t live on the client device at all and are completely transparent to the user. Your laptop or phone doesn’t know – and in fact has no way of knowing – that LEVL-IDs are even in use. It all lives on the network access point or router. That means there’s no software to install, no new settings, and no changes to operating systems or drivers. Your network devices are already LEVL-ID ready, and they don’t even know it. 

It does mean the networking equipment needs to be updated with LEVL’s software, and that’s where the company focuses its business. Hotels, large enterprises, event centers, and municipalities are all target markets – anywhere that someone controls the infrastructure and access to the user data. LEVL’s business model is to license its software technology on a subscription basis, with pricing dependent on the number of client nodes. A large hotel, for example, might pay more per month than a retirement home that has fewer online users. 

The implication is that network operators won’t sell, rent, or otherwise share their users’ data with marketers, although, to be honest, there’s nothing to prevent them from doing so anyway. A LEVL-ID is still a unique identifier, so it’s easy to tell if a certain user regularly returns to your network or how much time they spend online. LEVL-ID provides the tools for anonymization; it doesn’t provide the incentive. 

LEVL is clearly aware of this and the company touts “targeted marketing” as one of its unique selling advantages, as well as its ability to identify the type, manufacturer, and exact model of client devices attached to the network. Worryingly, the company also brags that “LEVL essentially transforms every connected device into a sensor… and offers state-of-the art human presence and motion detection, device motion indication, and device localization to ISPs with best-in-class response time and sensitivity.” 

So… is LEVL a privacy play or not? Or is the company just shifting the responsibility – and the financial rewards – to itself and its customers? It’s a little of both. 

The company points out that LEVL-IDs are more private than any MAC address. A LEVL-ID never reaches the upstream telecom conglomerate, nor does it ever make it down to the client device. There’s no “secret” on the device for apps to steal because LEVL-ID exists only on the network. Your LEVL-ID changes the minute you leave the network, which decreases the incentive to misuse it. But it does allow the local network operator – and only the local network operator – to collect some limited information. 

Tim Colleran, the company’s BizDev VP, says, “Device identity has always been used for marketing and advertising purposes… There is more accountability via the network operator [with LEVL-ID]. We would expect network operators to have opt-in or opt-out clauses. Personally, I prefer to have my information in the hands of a regulated company I trust, and am subscribing to, versus a company that only makes money by selling my information.”

LEVL-ID certainly can be more private than a MAC address, which is tracked without our conscious content. It shifts the responsibility to the local network operator, which may have some incentive to keep its users happy.  MAC tracking is on by default; LEVL-ID makes it optional and more fine-grained.

LEVL’s technology isn’t the only approach to the scourge of MAC address tracking. Plenty of operating systems (Android, iOS, Windows, etc.) have offered MAC randomization since at least 2014. The idea is that your actual hardware MAC address is kept secret, and a new, pseudo-random one is generated in the network driver for public consumption. This technique works, but it also has drawbacks. Some applications complain or get confused when they see the underlying MAC address change. Security apps, in particular, often bind their authentication to a MAC address, either to enable or to deny network access. If the MAC address changes, the apps assume you’re on a different machine. LEVL-ID bypasses those problems, mostly because client apps and operating systems never see the new ID. It’s not a client solution, it’s an infrastructure change. 

It was too much to hope that MAC address tracking could be eliminated at a stroke. MACs will be with us for a long time, but LEVL-ID does a good job of providing an alternative, and it does so in a way that doesn’t inconvenience every user and every networked device. Says Colleran, “User privacy is a multi-headed beast, and it depends on consumer behaviors around opt-ins and license agreements. We are doing what we can with our current technology to let users reclaim their privacy.” Amen to that. 

Leave a Reply

featured blogs
Oct 15, 2021
We will not let today's gray and wet weather in Fort Worth (home of Cadence's Pointwise team) put a damper on the week's CFD news which contains something from the highbrow to the... [[ Click on the title to access the full blog on the Cadence Community site. ...
Oct 13, 2021
How many times do you search the internet each day to track down for a nugget of knowhow or tidbit of trivia? Can you imagine a future without access to knowledge?...
Oct 13, 2021
High-Bandwidth Memory (HBM) interfaces prevent bottlenecks in online games, AI applications, and more; we explore design challenges and IP solutions for HBM3. The post HBM3 Will Feed the Growing Need for Speed appeared first on From Silicon To Software....
Oct 4, 2021
The latest version of Intel® Quartus® Prime software version 21.3 has been released. It introduces many new intuitive features and improvements that make it easier to design with Intel® FPGAs, including the new Intel® Agilex'„¢ FPGAs. These new features and improvements...

featured video

Intel Architecture Day 2021: Data Center - Infrastructure Processing Unit

Sponsored by Intel

Intel unveiled its biggest architectural shifts in a generation for CPUs, GPUs and IPUs to satisfy the crushing demand for more compute performance at Architecture Day 2021. Guido Appenzeller, Chief Technology Officer of Intel's Data Platforms Group explains how the IPU's design enables cloud and communication service providers to reduce overhead and free up performance for central processing units.

Click here to learn more

featured paper

How to Design with Maxim’s Latest Supervisors

Sponsored by Maxim Integrated (now part of Analog Devices)

As the technologies in MCUs, µPs, DSPs, and FPGAs move toward lower geometries and power, operational voltages become significantly low for these devices. Reducing the core voltage poses challenges in the use of high-accuracy power supply and voltage supervisors to avoid system failure. This application note discusses the critical parameters Maxim’s MAX16132–MAX16135 supervisor family and presents a reasonable approach in choosing the right reset threshold and hysteresis for voltage supervisor ICs.

Click to read more

featured chalk talk

i.MX RT1170

Sponsored by Mouser Electronics and NXP Semiconductors

Dual Core microcontrollers can bring a lot of benefits to today’s modern embedded designs in order to keep all of our design requirements in balance. In this episode of Chalk Talk, Amelia Dalton chats with Patrick Kennedy from NXP about why newer design requirements for today’s connected embedded systems are making this balancing act even harder than ever before and how the i.MX RT1170 can help solve these problems with its heterogeneous dual cores, MIPI interface, multi-core low power strategy and SRAM PUF technology can make all the difference in your next embedded design.

Click here for More information about NXP Semiconductors i.MX RT1170 crossover microcontrollers