Does a VPN Hide Your Device ID

Decoding VPNs: Can They Really Hide Your Device ID?

Avatar photoByFrank H

In the current time of the internet, if you find yourself needing to be anonymous in a specific circumstance, the first thing you will do must be to use a VPN. But you must wonder whether a VPN can hide the device ID you are using every day. Because you know that device ID may expose your identity if there is a connection between both. In this post, I’m going to share with you what I have learned and the related formation I collected while I tried to figure it out.

A VPN does not hide your IoT device’s unique identifier. While a VPN can encrypt and reroute your internet traffic, it does not mask the unique identifiers of your IoT device. For example, the main one, a Media Access Control (MAC) address, is embedded in the device’s hardware and cannot be changed or hidden. Therefore, even with a VPN, your device can still be identified by the parties it communicates to.

So you know that the VPN can’t hide your device IDs when you are active on the internet, and if the ID has been connected to your real ID(in most cases, you can be sure of that), you are identified whatever you do on the internet. If you do something to try to be anonymous on the internet, you need to know more about your device and then try to find a way to achieve your goal. Here, I’m going to share with you all the information I have learned or collected on the subject, reading on to get them:

What are unique identifiers on your device?

First, let’s make sure that we are on the same page. Generally, when we talk about device ID in the context of the VPN, the device definitely refers to IoT(Inter of Things), which has the capability to connect to the Internet and communicate with other devices over the Internet.

So, keep in mind when I talk about a device in this article, we should all know that it means the IoT.

All IoT devices generally have a few unique identifiers, such as a MAC address or serial number, which is used to identify itself and communicate with the device on a network. These unique identifiers is typically assigned by the manufacturer and can be used to track and manage the device throughout its lifecycle. Some IoT devices may also have additional unique identifiers, such as an IP address, that are assigned dynamically by a network.

The following is the list of all identifiers on our daily using devices, such as the smartphone, the tablet, and the laptop:

1. MAC Address

A MAC address, which stands for media access control address, is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment1. A MAC address is usually displayed as six groups of two hexadecimal digits, separated by colons or hyphens (example – 2C:54:91:88:C9:E3 or 2c-54-91-88-c9-e3).

A MAC address is used to identify a specific device on a network and to enable data transmission between devices. A MAC address is also used to assign a private IP address to each device by the router. A MAC address can be stored in hardware, such as the card’s read-only memory, or by a firmware mechanism. Some devices allow changing their MAC address.

The upper half of a MAC address (most-significant 24 bits) is called an organizationally unique identifier (OUI) and it can be used to determine the manufacturer of a device. The lower half of a MAC address (least-significant 24 bits) is assigned by the manufacturer and can be used to identify a specific device.

This is a unique identifier that is assigned to each network interface on a device. The MAC address can be used to identify the device on a local network.

2. IMEI (International Mobile Equipment Identity)

An IMEI number, which stands for International Mobile Equipment Identity, is a unique identifier assigned to a mobile phone or a satellite phone for use as a network address in communications within a cellular network. An IMEI number is usually displayed as 15 digits written in decimal and separated by hyphens (example – 35-209900-176148-1).

An IMEI number is used to identify a specific device on a network and to enable data transmission between devices. An IMEI number can also be used to blocklist a device if it is stolen or lost, or to check if a device is unlocked. An IMEI number is stored in hardware, such as the phone’s read-only memory, and cannot be changed.

The upper half of an IMEI number (most-significant 24 bits) is called an Type Allocation Code (TAC) and it can be used to determine the manufacturer and model of a device. The lower half of an IMEI number (least-significant 24 bits) is assigned by the manufacturer and can be used to identify a specific device.

The IMEI is used to identify the device on cellular networks.

3. MEID (Mobile Equipment Identifier)

An MEID number, which stands for Mobile Equipment Identifier, is a unique identifier assigned to a mobile phone or a tablet that uses CDMA2000 technology for use as a network address in communications within a network segment. An MEID number is usually displayed as 14 digits written in hexadecimal (example – A000002C9B9FA8).

An MEID number is used to identify a specific device on a network and to enable data transmission between devices. An MEID number can also be used to blocklist a device if it is stolen or lost, or to check if a device is unlocked. An MEID number is stored in hardware, such as the phone’s read-only memory, and cannot be changed.

An MEID number consists of three fields: an 8-bit regional code (RR), a 24-bit manufacturer code, and a 24-bit manufacturer-assigned serial number. The regional code can be used to determine the region where the device was sold or registered. The manufacturer code can be used to determine the manufacturer of the device. The serial number can be used to identify a specific device.

The MEID is used to identify the device on both cellular and Wi-Fi networks.

4. Bluetooth Device Address(BD_ADDR)

Bluetooth is a wireless communication technology that operates in the 2.4 GHz frequency band and enables short-range data transmission between devices. Bluetooth devices can form networks called piconets, where one device acts as a master and up to seven devices act as slaves.

Bluetooth does have a unique identifier for each device. It is called a Bluetooth Device Address (or BD_ADDR) and it is a 48-bit identifier assigned to each Bluetooth device by the manufacturer. A Bluetooth Device Address is usually displayed as six bytes written in hexadecimal and separated by colons (example – 00:11:22:33:FF:EE).

The upper half of a Bluetooth Device Address (most-significant 24 bits) is called an Organizationally Unique Identifier (OUI) and it can be used to determine the manufacturer of a device. The lower half of a Bluetooth Device Address (least-significant 24 bits) is assigned by the manufacturer and can be used to identify a specific device.

Bluetooth also uses other identifiers for different purposes, such as Service IDs, Protocol IDs, Profile IDs, Attribute IDs, and Characteristic IDs. These identifiers are usually 16-bit or 128-bit values that are assigned by the Bluetooth Special Interest Group (SIG) or by individual developers. These identifiers are used to define the services, protocols, profiles, attributes, and characteristics that Bluetooth devices can offer or use.

5. NFC ID

NFC (Near Field Communication) is a type of wireless communication technology that enables short-range, high-frequency data exchange between compatible devices. On a smartphone, or on your smart watch, NFC technology can be used for a variety of purposes, including:

  1. Mobile payments: using the smartphone as a contactless payment device
  2. Data transfer: quickly transferring files and information between NFC-enabled devices
  3. Access control: using the smartphone or the smart watch as an electronic key to unlock doors or access restricted areas
  4. Trigger actions: using NFC to trigger actions on the smartphone, such as launching an app or setting a reminder

NFC requires specific hardware in a smartphone to function, and not all smartphones have NFC capabilities. To use NFC, the smartphone and the other device must be close to each other, typically within a few centimeters.

Your device with the NFC will has a unique identifier called an NFC ID or NFC UID (Unique Identifier). This identifier is a series of hexadecimal digits that uniquely identifies the NFC device.

6. Unique Addresses On The Network

IoT devices also typically have unique addresses associated with them at the network level. These unique addresses are used to identify the owner or the network location of the IoT device within the network infrastructure.

IPv4 and IPv6 are two commonly used Internet Protocol (IP) addressing schemes for IoT devices. IPv4 (Internet Protocol version 4) is the older and more widely used addressing scheme, while IPv6 (Internet Protocol version 6) is the newer and more scalable addressing scheme designed to address the limitations of IPv4, such as address exhaustion.

IPv4 addresses are 32-bit numeric addresses, represented in the form of four sets of decimal numbers separated by periods (e.g., 192.168.0.1), while IPv6 addresses are 128-bit hexadecimal addresses, represented in the form of eight sets of four hexadecimal digits separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334). These unique IP addresses are assigned to IoT devices by the network infrastructure and are used for communication and routing purposes, allowing devices to send and receive data packets across the internet or other networks.

In addition to IP addresses, another unique addressing scheme commonly used in IoT networks is 6LoWPAN (IPv6 over Low-Power Wireless Personal Area Networks). 6LoWPAN is a protocol designed specifically for low-power wireless IoT devices, such as sensors and actuators, that have limited computing resources and battery life. 6LoWPAN enables these devices to use IPv6 addressing within the constrained network environment, such as Low-Power Wireless Personal Area Networks (WPANs), Zigbee, or Thread networks.

These unique addresses, such as IPv4, IPv6, and 6LoWPAN, play a crucial role in identifying the owner or the network location of IoT devices within the network infrastructure. They facilitate communication and data exchange between IoT devices, as well as with external networks or applications, while also enabling network administrators to manage and secure the devices within the network. Proper management and security of these unique addresses are essential for ensuring the privacy and security of IoT devices and the data they transmit.

7. Serial Number

The serial number is a unique identifier assigned to an IoT device during its manufacturing process. It is a sequence of characters or numbers that serves as a unique identification for each individual device. Serial numbers are used in networking to uniquely identify IoT devices and enable various network management and security functionalities.

One common use of serial numbers in IoT networking is for device provisioning and registration. When an IoT device is manufactured, it is assigned a unique serial number, which is used during the provisioning process to register the device with the network or cloud platform. This allows the network or cloud platform to identify and authenticate the device when it connects to the network, ensuring that only authorized devices are granted access.

Serial numbers are also used in network management and device tracking. Network administrators can use the serial number to track and manage devices within the network, monitor their status, and troubleshoot any issues that may arise. Serial numbers can be used to uniquely identify devices in network management tools, configuration files, and logs, making it easier to manage and monitor a large number of IoT devices in a network.

Furthermore, serial numbers can be used for device authentication and security purposes. For example, devices can use their serial number as part of an authentication process to establish trust with other devices or systems in the network. Serial numbers can also be used in access control lists (ACLs) or firewall rules to restrict or allow access to specific devices based on their serial numbers, helping to enhance the security of the IoT network.

8. Hardware model

The hardware model of an IoT device refers to its physical characteristics and components, such as the processor, memory, sensors, actuators, communication modules, and other hardware components that make up the device. These hardware characteristics can be utilized as identifiers in networking for various purposes, such as device identification, authentication, and communication.

One common approach is to use the hardware model of an IoT device as a unique identifier for network communication. This can be achieved by assigning a unique hardware model number or serial number to each device during manufacturing, which can then be used as an identifier for networking purposes. For example, in a local area network (LAN) or a wide area network (WAN), devices can be identified and authenticated based on their unique hardware model or serial number, allowing for secure communication and control.

9. Android ID

The Android ID is a unique identifier assigned to each Android device by the Android operating system. It is a 64-bit number (as a hexadecimal string) that is used by apps and services to uniquely identify an Android device. The Android ID is often used by app developers and advertisers for tracking and analytics purposes.

Unlike some other device identifiers, such as hardware serial numbers or IMEI numbers, the Android ID can be reset or disabled by users. Users can manually reset the Android ID by going to the device’s Settings > Backup & reset > Factory data reset, which will erase all data on the device, including the Android ID, and reset it to its default state. Users can also disable the Android ID by going to the device’s Settings > Google > Ads > Reset advertising ID, which will generate a new Android ID for the device.

It’s worth mentioning that the Android ID is not designed to be a permanent or immutable identifier, and it may change in certain scenarios, such as when a device is factory reset, undergoes a major software update, or when a new user profile is created on a multi-user device.

This is a unique identifier that is assigned to each Android device. The Android ID is used to track the device across different apps and services, but it can be reset or disabled by users.

10. IDFA

Apple devices also have unique identifiers that can be used for identification and tracking purposes. In the case of iOS devices, such as iPhones, iPads, and iPods, the unique identifier is commonly referred to as the “Identifier for Advertisers” (IDFA). The IDFA is a randomly generated, non-permanent identifier that is used by advertisers and app developers to track and target ads to individual iOS devices.

The IDFA is designed to protect user privacy, as it can be reset or disabled by users at any time in the device settings. Additionally, apps are required to obtain user consent before accessing the IDFA for advertising or tracking purposes, as per Apple’s App Store guidelines and privacy policies.

The IDFA is used by advertisers and app developers for various purposes, such as serving personalized ads, measuring ad performance, and analyzing user behavior. It allows advertisers to target ads to specific iOS devices based on their unique identifier, but it does not disclose any personally identifiable information (PII) about the device user.

It’s important to note that while the IDFA is a unique identifier for iOS devices, it is not a permanent or immutable identifier like a hardware serial number. Users can reset or disable the IDFA at any time in the device settings, which can affect the tracking and targeting capabilities of apps and advertisers.

11. UWB

Ultra-Wideband (UWB) is a wireless communication technology that uses radio waves to communicate over a wide frequency band, typically spanning several gigahertz (GHz). UWB technology allows for high precision and accuracy in location tracking, positioning, and ranging applications. In terms of device identification, UWB can be used to determine the location and distance of nearby devices with UWB capabilities, which can serve as a unique identifier for those devices in certain contexts.

UWB technology is commonly used in various applications, including asset tracking, indoor positioning, smart home devices, automotive systems, and healthcare devices. UWB-enabled devices can communicate with each other using short-duration pulses that spread across a wide frequency spectrum, allowing for precise ranging and localization capabilities. This can enable a range of use cases, such as unlocking doors based on proximity, locating lost items, tracking assets in real-time, and facilitating secure communication between devices.

UWB technology allows for precise ranging and localization capabilities, which can be used to establish a unique identity for a device based on its precise location and distance measurements.

It’s a little bit long list, isn’t it? It is what I have learned about which component on your daily driver device has the unique identifier that will help your adversaries to identify who you are.

The unique identifiers the VPN can hide

Now you have learned what unique identifiers are on your device. And you want to be anonymous while surfing on the internet by using a VPN. So is the VPN really helpful on this?

I would say the VPN can just do a little. In the list of the unique identifiers on your daily driver device, the only one the VPN can hide is the IPv4 address of the item ‘Unique Addresses On The Network.’

The VPN can change the IP address of a device while you are surfing online by rerouting the device’s internet traffic through a server operated by the VPN service provider. When a user connects to a VPN, their device establishes a secure connection to the VPN server, which acts as an intermediary between the user’s device and the internet.

Once the connection is established, the VPN server assigns the user’s device a new IP address, which replaces the original IP address assigned by the user’s internet service provider (ISP). This new IP address is typically associated with the location of the VPN server, rather than the user’s actual location. This process is known as IP address masking or IP address spoofing.

Certainly, the VPN can encrypt all data that include all kinds of the unique identifiers when they transmitted over the internet to provide same sort of protection for your privacy. But it is far away from providing anonymity you pursuit.

In order to be anonymous on the internet, you have to practice compartmentation and the OPSEC, while the VPN is the core component of the approach. If you want to learn more about the topic, please read another article named ‘Unmasking the Truth: Can Your VPN Really Keep You Anonymous Online?‘ on this website.

How To Hide IDs That The VPN Can’t

As you read here, you know that during era of the internet, the devices you use to access the internet has a lot different ways to expose your identity. Technically, your adversaries could write codes to collect all those unique identifiers from your device to identify you, either in context of browser or in the apps installed on your device.

It’s most impossible for you to be anonymous on the internet. I think the situations would get worse in the coming days. While there are more functions available that make your daily life more convenience and easy, it is possible you will lost your privacy completely.

So you will ask, are there any ways to hide the unique identifiers on my device that the VPN can’t? I think it would be very hard, if I can’t say it’s not impossible. Let’s explore that together:

How To Hide the Mac Address

The MAC address, also known as the Media Access Control address, is a unique identifier assigned to the network interface of a device, including IoT devices, at the hardware level. MAC addresses are used for communication within a local area network (LAN) and are not typically routable over the internet.

Hiding or changing the MAC address of an IoT device may not be a straightforward process, as it is a fixed hardware identifier. However, there are some techniques that can be used to mitigate the exposure of the MAC address:

  1. MAC address filtering: Some routers and access points have the option to enable MAC address filtering, which allows you to specify which MAC addresses are allowed to connect to the network. By configuring MAC address filtering on your router or access point, you can restrict access to your IoT device to only specific MAC addresses, effectively hiding the MAC address from other devices on the network.
  2. Network address translation (NAT): NAT is a technique used by routers to assign private IP addresses to devices on a local network and map them to a single public IP address for communication over the internet. With NAT, the MAC address of the IoT device is not exposed to the internet, as the router acts as an intermediary and masks the MAC address with its own MAC address.
  3. MAC address spoofer: A MAC address spoofer is a tool or software that allows a user to change the MAC address of a network interface on a device, such as a computer or an IoT device, to a different value. This is also known as MAC address spoofing or MAC address cloning.

It’s important to note that MAC addresses are fundamental to the operation of networking protocols, and attempting to hide or change MAC addresses may not be supported by all devices or networks. Additionally, tampering with MAC addresses may violate the terms of service of some networks or devices, and it’s essential to comply with applicable laws and regulations. Always consult the documentation and guidelines of your specific IoT device and network infrastructure before attempting to hide or change MAC addresses.

Hide IMEI

As you know, the IMEI is used to identify the device on cellular networks. There are a few ways to hide your IMEI on your IoT device.

One way is to use a custom ROM. A custom ROM is a modified version of the Android operating system that you can install on your device. Some custom ROMs allow you to hide your IMEI.

Another way to hide your IMEI is to use an app like IMEI Changer. IMEI Changer is an app that allows you to change your IMEI.

And, you can also root your device and then use an app like Magisk to hide your IMEI.

It is important to note that hiding your IMEI may not completely protect your privacy. There are other ways to track your device, such as your IP address. It is also important to note that some websites and services may block your access if you are using a custom ROM or if you have rooted your device.

Hide MEID

Changing the MEID (Mobile Equipment Identifier) number of a mobile device is not legally allowed. However, it is possible to temporarily change it, though I do not recommend doing so as it may only be done on jailbroken devices, which can void your device’s warranty and may be against the law. If you still decide to proceed, here are the steps to change the MEID number:

  1. Obtain root access or root rights on your device.
  2. Download and install Xposed Installer, an application used for customizing Android devices.
  3. Open the Xposed Installer app.
  4. Activate the IMEI/MEID changer application within Xposed Installer.
  5. Click on ‘Random IMEI’ option to generate a new MEID number for your device.
  6. If successful, the IMEI/MEID number of your device will be changed.

It’s important to note that I strongly advise against jailbreaking or tampering with mobile devices, as it may violate your device’s warranty terms and conditions, and can also be against the law in many jurisdictions. It’s crucial to use mobile devices in compliance with the terms of service of the device manufacturer and mobile network operators, and seek legal advice if you have questions or concerns about changing MEID or any other unique identifiers associated with mobile devices.

Hide Bluetooth Device Address

There are a few ways to hide the Bluetooth device address on your IoT device.

One way is to use a Bluetooth Privacy Mode. This mode will generate a random Bluetooth address for your device every time it connects to another device. This will make it more difficult for someone to track your device.

Another way to hide your Bluetooth device address is to use a Bluetooth Low Energy (BLE) device. BLE devices use a different type of Bluetooth address than traditional Bluetooth devices. Some BLE devices allow for the BLE address to be changed or randomized periodically for privacy or security reasons. For example, some BLE devices may offer features like “privacy mode” or “address randomization,” which allow the BLE address to be changed at regular intervals to prevent tracking or improve security.

Certainly, you can turn off Bluetooth on your device when it is unnecessary to use it.

Hide Serial Number

Sadly, according to my research, there is no way to hide or change the serial number of your IoT devices. It will always be there when you use an IoT device online. That’s why you have to be grid disciplined in practicing compartmentation and OPSEC if you really need to keep yourself to be anonymous online.

That is, using different devices for different activities on the internet. Or stick to VMs.

Hide Hardware model

The same as the serial number. There is no way to do that. If you really want, you could use a device simulator based on software to do something online. Or just stick to using the VMs.

Changing Android ID And IDFA

For Android ID, the data that define the Android ID is stored in the file located at…. However, without root, any application has no permission needed to edit it. So if you need to change it anytime necessary, root your Android device first. Then you could grant root privilege to the application that you will use to edit the file.

For IDFA on iPhone, Apple provides the way to reset it whenever you need:

On iOS devices, you can go to “Settings” > “Privacy” > “Advertising” and tap on “Reset Advertising Identifier” to generate a new IDFA.

The way to be anonymous while you surfing

Now that you’ve learned that it’s almost impossible for you to be anonymous during the time we live, with all these IoT devices we are using as our daily drivers, significant parts of our daily lives depend on the internet.

However, if you were the person who determines the get what he pursues. And with the resources needed available, you still can achieve some sort of anonymity online. Here I will share with you the list of actions you can take on to achieve that:

  1. Create as many VMs as you need to do different jobs with Whonix;
  2. Create a persona for each VM you have created in the previous step. Make sure it has its own email address, bitcoin wallet as the way of payment, mobile number, etc.
  3. Be disciplined to perform the selected job on different VM, and do your best not to make any connection between them.
  4. Using a reputed VPN and Tor together encrypts communication traffic and hides your actual IP address.
  5. Make sure there is no connection between all those things, such as email addresses, mobile numbers, IoT devices, etc., and your identity.
  6. Buy all services and devices you need to build the VMs mentioned above with the Bitcoin that keeps you anonymous.

If you want to know more, please read another article I wrote on this website, its name is Unmasking the Truth: Can Your VPN Really Keep You Anonymous Online? You can click the link provided to read it.

(Visited 33 times, 1 visits today)
Avatar photo

Frank H. is a passionate information security practitioner. He was the earliest MCSE in 1995 and has more than 30 years of IT industry experience. He partners with Microsoft as a solution provider and security advisor for governments. He recently became a digital nomad and now travels the world with his family while fighting cyber adversaries.

Similar Posts

Protect Your Privacy: Understanding VPNs and Search History

Protect Your Privacy: Understanding VPNs and Search History

Avatar photoByFrank H

Online privacy is a major concern for many internet users today. With ISPs, advertisers, hackers and even governments trying to track your online activities and collect your personal data, you may wonder how you can protect yourself from unwanted surveillance and interference. One of the most popular and effective tools for enhancing your online privacy is…

Leave a Reply