Well, the last one is easy to answer: there’s no concept of free versus paid IP or MAC addresses. As you’ll see in a moment, IP addresses are assigned as part of connecting to a network, and MAC addresses are assigned at the time hardware is manufactured.
Even hiding a MAC or IP address is a concept that doesn’t quite apply, but we’ll get in to that too.
And whether MAC or IP addresses are hidden or not, they are not the kind of things you should be spending your time worrying about to stay safe from hackers.
Become a Patron of Ask Leo! and go ad-free!
A MAC (or Machine Access Control) address is best thought of as kind of serial number assigned to every network adapter. No two anywhere should have the same MAC address. (I’ll talk about that “should” more in a moment.)
You can see your network adapter’s MAC addresses by using the command prompt in Windows with the ipconfig /all command. It looks something like this:
Ethernet adapter Local Area Connection 2: . . Physical Address. . . . . . . . . : 00-1D-60-2F-4B-39
Each network adapter on your computer, including wired and wireless interfaces, has one.
MAC addresses are typically used only to direct packets from one device to the next as data travels on a network.
That means that your computer’s network adapter’s MAC address travels the network only until the next device along the way. If you have a router, then your machine’s MAC address will go no further than that. The MAC address of your router’s internet connection will show up in packets sent further upstream, until that too is replaced by the MAC address of the next device – likely either your modem or your ISP’s router.
Bottom line: your MAC address doesn’t make it out very far.
Even if someone knows your MAC address, that knowledge certainly doesn’t help them do anything either good or bad.
An IP address is assigned to every device on a network, so that device can be located on that network.
The internet is just a network, after all – albeit a huge one – and every device connected to it has an IP address. The server that houses Ask Leo!, for example, is (currently) at 22.214.171.124. That number is used by the network routing equipment, so when you ask for a page from the site, the request is routed to the right server.
The computers or equipment you have connected to the internet are also assigned IP addresses.
If you’re directly connected, your computer will have an IP address that can be reached from anywhere on the internet. If you’re behind a router, that router will have the internet-visible IP address, but it will then set up a separate, private network to which your computer is connected, assigning IP addresses out of a private range that is not directly visible on the internet. Any internet traffic your computer generates must go through the router, and will appear on the internet to have come from that router.
The mailroom metaphor
Metaphors are always a tad difficult, but let’s try this.
An IP address is kind of like your postal address. Anyone who knows your postal address can send you a letter. That letter may travel a simple or complex route to get to you, but you don’t care, as long as it makes it.
The same is true of packets of data traveling on a network like the internet. The IP address indicates the computer to which a packet is destined, and the system takes care of getting it there. A letter may or may not also have a return address so you know who to write back to, but a TCP/IP address always has a return IP address.
A router can perhaps be thought of as a company’s mail clerk. You may send a letter to “Complaint Department, Some Big Company, Some Big Company’s Address”. The postal service will get that letter to the company. The company’s mail clerk then notes that the letter needs to go to the complaint department, and routes it there using inter-office mail. And of course, all your outgoing mail is picked up by the clerk and routed to the external postal service as needed.
When you’re behind a router, the same thing sort of happens. All of the packets destined for you are actually addressed to your router. The router then determines which of your computers that packet is meant for, and routes the packet appropriately (hence the name router).
Whether corporate mail room or networking router, neither the actual physical location of your office within your company’s building, or the actual local IP address of your computer on your local, private network is visible to the outside world.
A MAC Address is kind of like the color, size, and shape of your physical mailbox. It’s enough that the mail clerk (your network router) can identify it, but it’s unique to you. There’s no reason that anyone other than your postal carrier might care what it is, and you can change it by getting a new mailbox (network card) at any time and slapping your name (IP address) on it, without affecting your delivery.
As I said, it’s not a perfect metaphor, but perhaps it’ll help get some of the basic concepts across.
MAC addresses and staying safe
When it comes to staying safe, MAC addresses aren’t part of the discussion, because they never travel beyond your local network, and they can’t be hidden, as they’re required for networking to work. Many network adapters allow you to override the MAC address, but even so, it still identifies your computer on the local network.
IP addresses are also required for networking to work. The network has to know which computer to send data to. You can, in many cases, use things like anonymization services and the like to appear to be coming from a different IP address, but that doesn’t change the fact that your machine is still reachable by some IP address.
And, to be clear, it is quite possible for your MAC address, or your local IP address, to be read by software – that’s how the IPCONFIG command we saw earlier was able to show it to you. Other software could do the same, and even send that information on to someone else for some reason.
But it does them no good. Knowing your MAC address, or your local IP address, doesn’t help me if I’m not on the same local network as your machine.
Being connected to the internet, by whatever means, requires that you take steps to stay safe. There’s ultimately no way to completely “hide” your IP address without disconnecting from the network. What you should be doing are the classical steps to internet safety: get behind a router, keep your system up to date, run anti-malware scans, backup regularly, and so on.
A word about tracing
A MAC address cannot be traced, as it is only associated with a machine, not a location. If somehow captured, which would require additional software on the machine, it could strongly identify a specific computer. Since MAC addresses can be changed in software on many network adapters, it’s not necessarily possible for a MAC address to positively identify a machine.
Since I know it’ll come up, and as I’ve discussed over and over and over and over again, an IP address does not allow someone to find out your physical location or identity without law enforcement intervention. Similarly, you cannot find out someone else’s physical location or identity without involving the authorities.
If you found this article helpful, I'm sure you'll also love Confident Computing! My weekly email newsletter is full of articles that help you solve problems, stay safe, and give you more confidence with technology. Subscribe now and I'll see you there soon,