feature article
Subscribe Now

Erasing Your Network Footprint

Startup LEVL Bypasses the Hard-Wired MAC Address

“You wouldn’t worry so much about what others think of you if you realized how seldom they do.” – Eleanor Roosevelt

Like most things about computers and the Internet, MAC addresses were created with the assumption that people aren’t jerks. Sadly, that notion proved incorrect, and we’ve spent the last 40-odd years trying to curb spam, malware, Wi-Fi spoofing, ad tracking, and any number of other modern ills. 

To that list add the many and varied attacks on online privacy. In a pre-digital society, we took it for granted that if your neighbors couldn’t see or hear you, they didn’t know where you’d been or what you’d been doing. (They probably didn’t care, either.) Nowadays, we’ve learned that tech-savvy firms probably do know where you’ve been, what you’re reading, what you’ve purchased, and what kind of music you like. They’re also adept at piecing together a pretty good profile that includes your age, gender, appearance, place of birth, school friends, employment history, and other details that we’d prefer not to think about. 

Our collective response has been varied, from totally unaware, to aware but unconcerned, to vaguely uncomfortable, to obsessively paranoid. We all fall somewhere along that spectrum. We’re grateful for whatever concessions to privacy that vendors care to give us and we learn to accept the rest. 

Hardware MAC addresses are part and parcel of networking, which also makes them a tool for the forces of privacy/antiprivacy. The lowly media access control (MAC) address is every connected device’s unique network ID, an immutable and exclusive identity assigned at birth. MAC addresses sit near the bottom of the seven-layer OSI stack, and, unlike, say, an IP address, MAC addresses don’t change. 

That’s great, because it gives each client on the network a permanent ID that’s guaranteed to be unique. But it’s also a problem because each client on the network has a permanent ID that’s guaranteed to be unique. It’s like a tattoo: a good idea at the time, but a permanent mark that you can never remove. That’s a problem if you’re concerned about network privacy. 

Among the online marketers’ various and nefarious bag of tricks is MAC tracking. Your MAC address follows your device everywhere, so it’s relatively easy to tell that the laptop you carried into Starbucks yesterday is the same one you used in the lobby of the Hilton last year. Same goes for your phone, tablet, e-book reader, smart home appliances, and absolutely everything else that has an Ethernet, Wi-Fi, or Bluetooth interface. It’s possible to track online activity with MAC addresses, and you can locate MAC addresses in physical space, almost like GPS. It’s an online beacon highlighting your peripatetic presence. 

Enter startup company LEVL. The 20-person firm aims to wean network operators off the ubiquitous MAC address and to use an alternative it calls LEVL-ID instead. It’s a different way to assign network identity without necessarily also revealing everything else about your device – or yourself. 

Like a MAC, a LEVL-ID is a 48-bit identifier. It’s unique to your device, so no two devices on the same network will ever have the same LEVL-ID. But, unlike a permanent MAC, a LEVL-ID changes with each network you join. That is, you get one LEVL-ID at home, a different LEVL-ID at the coffee shop, yet another one at the hotel, and so on. There’s no correlation between LEVL-ID addresses from one network to the next, so there’s no way for apps or online vendors to follow your activity. (At least, not by using hardwired network identifiers. Tracking cookies, IDFAs, MAIDs, and other methods still exist.) 

LEVL-IDs are generated using a nonrandom algorithm, so if/when you rejoin a previous network, you’ll get the same LEVL-ID. The company says each ID is generated using information gleaned from all seven levels of your device’s network stack, including subtle physical characteristics like chip voltage, signal response, timing, and other “fingerprints” that uniquely identify the device but that are also repeatable and reliable. Like MACs, LEVL-IDs are tied to an interface, so a laptop will have one LEVL-ID for its Ethernet port, a separate one for Wi-Fi, and a third for Bluetooth. 

The LEVL-ID doesn’t replace the MAC address – how could it? – but rather lives alongside it. MACs are enshrined in global networking standards, so it’s too late to overhaul them. The idea is to get network managers and operators to selectively ignore MAC addresses when they can and to use comparatively anonymous LEVL-IDs instead. 

Which raises an interesting feature of the technology. LEVL-IDs don’t live on the client device at all and are completely transparent to the user. Your laptop or phone doesn’t know – and in fact has no way of knowing – that LEVL-IDs are even in use. It all lives on the network access point or router. That means there’s no software to install, no new settings, and no changes to operating systems or drivers. Your network devices are already LEVL-ID ready, and they don’t even know it. 

It does mean the networking equipment needs to be updated with LEVL’s software, and that’s where the company focuses its business. Hotels, large enterprises, event centers, and municipalities are all target markets – anywhere that someone controls the infrastructure and access to the user data. LEVL’s business model is to license its software technology on a subscription basis, with pricing dependent on the number of client nodes. A large hotel, for example, might pay more per month than a retirement home that has fewer online users. 

The implication is that network operators won’t sell, rent, or otherwise share their users’ data with marketers, although, to be honest, there’s nothing to prevent them from doing so anyway. A LEVL-ID is still a unique identifier, so it’s easy to tell if a certain user regularly returns to your network or how much time they spend online. LEVL-ID provides the tools for anonymization; it doesn’t provide the incentive. 

LEVL is clearly aware of this and the company touts “targeted marketing” as one of its unique selling advantages, as well as its ability to identify the type, manufacturer, and exact model of client devices attached to the network. Worryingly, the company also brags that “LEVL essentially transforms every connected device into a sensor… and offers state-of-the art human presence and motion detection, device motion indication, and device localization to ISPs with best-in-class response time and sensitivity.” 

So… is LEVL a privacy play or not? Or is the company just shifting the responsibility – and the financial rewards – to itself and its customers? It’s a little of both. 

The company points out that LEVL-IDs are more private than any MAC address. A LEVL-ID never reaches the upstream telecom conglomerate, nor does it ever make it down to the client device. There’s no “secret” on the device for apps to steal because LEVL-ID exists only on the network. Your LEVL-ID changes the minute you leave the network, which decreases the incentive to misuse it. But it does allow the local network operator – and only the local network operator – to collect some limited information. 

Tim Colleran, the company’s BizDev VP, says, “Device identity has always been used for marketing and advertising purposes… There is more accountability via the network operator [with LEVL-ID]. We would expect network operators to have opt-in or opt-out clauses. Personally, I prefer to have my information in the hands of a regulated company I trust, and am subscribing to, versus a company that only makes money by selling my information.”

LEVL-ID certainly can be more private than a MAC address, which is tracked without our conscious content. It shifts the responsibility to the local network operator, which may have some incentive to keep its users happy.  MAC tracking is on by default; LEVL-ID makes it optional and more fine-grained.

LEVL’s technology isn’t the only approach to the scourge of MAC address tracking. Plenty of operating systems (Android, iOS, Windows, etc.) have offered MAC randomization since at least 2014. The idea is that your actual hardware MAC address is kept secret, and a new, pseudo-random one is generated in the network driver for public consumption. This technique works, but it also has drawbacks. Some applications complain or get confused when they see the underlying MAC address change. Security apps, in particular, often bind their authentication to a MAC address, either to enable or to deny network access. If the MAC address changes, the apps assume you’re on a different machine. LEVL-ID bypasses those problems, mostly because client apps and operating systems never see the new ID. It’s not a client solution, it’s an infrastructure change. 

It was too much to hope that MAC address tracking could be eliminated at a stroke. MACs will be with us for a long time, but LEVL-ID does a good job of providing an alternative, and it does so in a way that doesn’t inconvenience every user and every networked device. Says Colleran, “User privacy is a multi-headed beast, and it depends on consumer behaviors around opt-ins and license agreements. We are doing what we can with our current technology to let users reclaim their privacy.” Amen to that. 

Leave a Reply

featured blogs
Jan 17, 2021
https://youtu.be/mKoW8ji9_g8 Made in my kitchen (camera Ziyue Zhang) Monday: Young People Program at DATE 2021 Tuesday: IEDM Opening Keynote Wednesday: Cadence/Arm Event on Optimizing High-End Arm... [[ Click on the title to access the full blog on the Cadence Community site...
Jan 15, 2021
I recently saw (what appears at first glance to be) a simple puzzle involving triangles. But is finding the solution going to be trickier than I think?...
Jan 14, 2021
Learn how electronic design automation (EDA) tools & silicon-proven IP enable today's most influential smart tech, including ADAS, 5G, IoT, and Cloud services. The post 5 Key Innovations that Are Making Everything Smarter appeared first on From Silicon To Software....
Jan 13, 2021
Testing is the final step of any manufacturing process, and arguably the most important, and yet it can often be overlooked.  Releasing a poorly tested product onto the market has destroyed more than one reputation for quality, and this is even more important in an age when ...

featured paper

Common Design Pitfalls When Designing With Hall 2D Sensors And How To Avoid Them

Sponsored by Texas Instruments

This article discusses three widespread application issues in industrial and automotive end equipment – rotary encoding, in-plane magnetic sensing, and safety-critical – that can be solved more efficiently using devices with new features and higher performance. We will discuss in which end products these applications can be found and also provide a comparison with our traditional digital Hall-effect sensors showing how the new releases complement our existing portfolio.

Click here to download the whitepaper

Featured Chalk Talk

Intel NUC Elements

Sponsored by Mouser Electronics and Intel

Intel Next Unit of Computing (NUC) compute elements are small-form-factor barebone computer kits and components that are perfect for a wide variety of system designs. In this episode of Chalk Talk, Amelia Dalton chats with Kristin Brown of Intel System Product Group about pre-engineered solutions from Intel that can provide the appropriate level of computing power for your next design, with a minimal amount of development effort from your engineering team.

Click here for more information about Intel NUC 8 Compute Element (U-Series)