I checked on my stats today and noticed that it was recording every page load as a unique visitor.
Ive also noticed several requests for fixes in the forum.

The most glaring problem with is that the visitor stats are based on a cookie.
This will never work correctly or accurately.
Visitor stats should be based on ip address.

Everyone and their mother is using some sort of firewall or security software, most of which have to be configured to allow the cookie which you are using.
Which is why every page load was recorded as a unigque visitor in my stats. Their firewall blocked the cookie, so your counter didn't find one and recorded a unique visitor.

Please fix the counter the right way, visitor stats should be based on ip address.

I'm not really sure about this, but some browsers like aol don't have static ip addresses. Wouldn't this still skew results? Just wondering....

If someone on a dialup account visited then disconnected from their provider then reconnected and visited again, yes they would have a different ip address.
I guess a cookie could be used to track return visitors but the initial count should be based on ip address and only if the ip address is different then look for a cookie.
I don't know if it is possible or not, but the best way would be to use the MAC address of the modem or nic for counts.

Also using the ip address still wouldn't skew the visitor count any where near as much as using the cookie method with users not holding the cookie.
A dial up user may connect 3 or 4 times a day with a different ip address, but with the cookie missing the same user is showing 20+ page loads as all being unique visitors.

All AOL dialup users run through a proxy farm where AOL assigns available IPs for every new request to the server/website. There are advantages to using IP #'s and advantages to using cookies.

I've had someone look through 60 pages, and show up as 60 unique visitors, even though it's always the same IP address.

I used to use another online visitor tracking service, which grouped page visits by IP address, which makes a whole lot more sense to me. The only issue was with AOL, which sometimes showed unique page views as unique visits because of some really dynamic IP address system.

For a site targetting businesses (which rarely gets AOL traffic), IP address tracking is far more useful.

Maybe there's a way to combine so that if it's the same IP address OR the cookie shows it's the same visitor, it can count it as the same. That way, only an AOL visitor who has cookies blocked would be inaccurate. Since AOL users are the least likely to know how to block cookies, that would work well!

I don't know if it is possible or not, but the best way would be to use the MAC address of the modem or nic for counts

Personally, I think you are onto something with the MAC address. This is presuming that the owner of this website owns his own equipment including the cisco router. You can put a call in for a request on that MAC address for everything that comes through that router. As a matter of fact, the MAC address is sent in every packet that passed throught that router that is from a NIC or modem. It is only a matter of requesting it and parsing it into the system you already have in place. The IP may change however the MAC will not. This will hold true for the AOL users and dial-up users. This would allow for greater accuracy of reporting and get around all of the problems you are running into. You would have no need of cookies other than to track repeat visits. You would still have the IP information and all of the rest of the information just as you have now. That was an excellent idea.

Wayne
www.worldfamousgiftbaskets.net

For truly unique visitors you have the Path view.

And yes, the limit of 100 entries in the log will be reached fast. As will any other limit for that matter.

What you want is the ability to download the logs and filter them and come up with a variety of other stats. This I understand is in the making.

For truly unique visitors you have the Path view.

And yes, the limit of 100 entries in the log will be reached fast. As will any other limit for that matter.

What you want is the ability to download the logs and filter them and come up with a variety of other stats. This I understand is in the making.

Now, I am not sure if this is posted in the correct spot or not but it doesn't seem to make a lot of sense for the IP monitoring?? What I was saying is that if the owner of the site tracked by MAC address then we would have even more accurate stats......
[/quote]

I absolutely love these forums..... You guys here at Statcounter are awesome with your page rank.... These forums give out a page rank of 4 and that helps with a google recip link.. That alone will help keep me here helping everyone out.... Keep up the good work guys.

Wayne
World Famous Gift Baskets (www.worldfamousgiftbaskets.net)

If someone on a dialup account visited then disconnected from their provider then reconnected and visited again, yes they would have a different ip address.

That's not the way AOL works, at least not in the US. A single visitor with an AOL account is likely to show a different IP address on each request. That's because the requests are distributed among dozens of proxy servers.

A number of corporations do much the same thing: When an employee requests a page, the request is sent to whichever corporate proxy server has the lowest load at the moment. That results in the same sort of shifting IP address.

I don't see a huge problem with the current method of tracking visitors. I find that all of the users to my site with a consistent IP address are counted as a single unique visitor.

actually, if you tracked by MAC address then you could track the people on the phone line everytime as well as the people on high-speed.... This is not the first time this discussion has come up..... A MAC address never changes no matter who they are using.

Hope it helps

Yes, tracking by MAC is possible.

how do you track my MAC address? People don't sent that information when they request a webpage. So how is it possible?

Getting this from the Internet level will not happen....

You have to get this information from the server.... Depending on which server you use; you can do this a few different ways...

Off the top of my head here is one way that you can start it.
Without going into the OSI and TCP/IP Models which you can grab the information from the different layers as well; let us just presume that you are:

1. On a windows network
2. You already have their IPADDRESS (Yes, I know that AOL IP changes but the MAC will not)
3. You know a progamming language such as C++, VB, or PERL. (etc etc etc)

A perl script will work something to the effect below:

nbtstat -A IPADDRESS+Counter >c:\logfile.txt
find /i "00-" <c:\logfile.txt

This script currently will look for any new MAC address on a network however you can dynamically write something that will automatically insert the IP address in there and as they are on your system run the nbtstat command and that should return their MAC address to a log file where you can then extract it and track by MAC.

You can also use ARP to do the same thing.

Even if the IP address changes, so what, in your script have it look for the same MAC.... if the MAC stays the same then you should have no problem keeping even more accurate stats....

That should at least point you in the right direction if not help you solve a lot of issues.....

Is the above perfect? No! However, neither is the system you have in place currently. What do I mean by perfect? MAC addresss can be spoofed very easily but we are not here to track people that are trying to spoof their IP and MAC addresses now are we... we want more accurate data on tracking the people that are purchasing from our websites (presuming statement for the people that have e-commerce on their website).... the general consumer does not know how to spoof their IP or their MAC address. In fact, the general consumer has no idea what an IP or a physical address is.

In an ARP request, ARP is very simple there is no checking if the information is accurate or not.... when it gets the information... it simply presumes that everything is AOK.

In nbtstat it returns the the actual mac address unless an attacker/spoofer has already written or is using a program that spoofs his MAC address... even some linksys routers now come with a spot where you can put in a manual MAC address to return instead of the real one. Again, general consumers do not know how to do this nor do they care.

Hope it helps

Are you mad!? We don't have access to people's internal networks like that. We can't do that, that will work for your own local network - not for everyone across the internet. I'd be very scared if that information was available to anyone across the internet because it shouldn't be.

We can't go below the internet level!!!

You don't need to have access to peoples Internal Networks and you don't have to display that information to people either.... I am glad that you can be open minded and look for something inside that instead of flipping out...

When someone logs onto your server to view your webpage they are on YOUR network... therefore you can pull that information from it.

You obviously do not understand the making of it or how to accomplish it hence your reaction.....

But I understand if you do not want to even TRY to make your stats more accurate or to keep an open mind on suggestions to make your service that much more better for your users.

Just a suggestion....

Hope it helps to further enhance your service for the better benefit of your users.
If you want further information on how to accomplish this safely while all the time maintaining the integrity of the users information and keeping everything secure... just ask.

If you can show me how it is technically possible to get that information from a php script please do, I'd be only too delighted to start using a system like that. I don't think it is technically possible. But please prove me wrong.

What system are you on? Both Unix Clones and Windows? Just windows or Just Unix Clones.... ?

the entire statcounter system runs entirely on linux

Now, do realize that this is just coming from knowledge and has not been tested.... there are numerous ways to retrieve a MAC address or a physical address, this is just one way to retrieve it.

When a person logs onto your webpage or requests your webpage they are logging onto your network to view that webpage.

When they log onto your network you can request that information from them.... when you receive that information you can then use that on your server to track... You do not have to display the information you use to track... IE MAC 006F-etc etc etc... all the user needs to know is the IP but in the background you can keep the AOL USER MAC in a table and everytime that MAC comes up you can output the IP address to the correct spot..

The ending result would be:

On your server in your program that nobody else sees
MAC ADDRESS IP ADDRESS Hostname
00-80-00-02-20-EF 68.43.22.172 AOL.etc.etc
68.43.24.178 AOL.etc.etc
68.42.28.196 AOL.etc.etc

-----------------------------------------------------------------------------------
00-07-22-02-20-EF 172.28.194.77 PROXY.IT.etc
204.77.154.79 PROXY.IT.etc
219.97.124.89 PROXY.IT.etc
232.125.14.19 PROXY.IT.etc

-----------------------------------------------------------------------------------


Every time you see the mac address you have it add that IP to that block or table and you only report to the user the IP ADDRESS that is involved. This will solve your problem with the AOL User changing the IP and your tracker not knowing about it. This would also get you away from using cookies to track or referrer agents which are only half effective. Are they the best thing that is out there right now....... well, currently until there is something that is designed to track the MAC address ;-)

Now, let's say for some reason; because I have not taken the time to test these as I have not been hired to create the program you will need, I am merely making a suggestion of what you can do; that there is something that I am overlooking.... Then there are OTHER ways available to retrieve a users MAC address such as an ARP request.... we could go one step prior to that and go to the cisco router... Do you own your own router.... well look at the tables, it automatically records the MAC address from EVERY packet that travels through it..... You can have that fowarded to your server along with everything else and write it out to a text file.... you can then retrieve that information very easily from PHP.... let's go one step further.... break down the OSI model and you can grab the information on different layers and have that sent to you right from the layer instead of waiting for it to unpack all the way..... there are many different ways to get a MAC address.... you just have to be willing to spend the time in order to do it....

And the above are the simple ways.... There are even more methods that I can think of after giving this further thought that you can utilize; some more ethical than others.

Since you are running on a Unix clone I presume that you are using bsh on your server; if this is the case then you do have an nbtstat command and an ARP command and you are not as limited as you would be in a windows environment.

All of the users here at statcounter have diagnosed the problem now and in the past. I have now offered you many solutions to that problem... it is up to you whether you want to utilize that information or let someone else who reads this post do it and come out with a more accurate tracker.

Hope it helps.

You guys are in a unique scenario, not because of the MAC Address, that is easy to grab as I have already shown you. Your problem lyes in the fact that this is everyone elses hosting company and geocities is not going to let you install a program onto their server not to mention that other hosting companies charge $65.00 or more to set up new programs and they would have to approve it.....

To be a little more specific on how you can attempt this...
In theory, you set up the tracker via a PHP script which an associate of mine and I have working right now... we have a few more tests to run and it will be complete.... From the PHP script you can call your program that you create to run the above so that should stop you from having to install your program on everyone's server...... don't know about that because I have not tested it however where there is a will there is a way.

Why set it up via PHP? This way nobody has the pathway to your program.

Will it work? This I cannot answer without testing it however there is a way to do ANYTHING on the Internet, all it consists of is sending data.... since the data can be had... it can be sent.

Will it work with how you have statcounter set up right now? Nope


You should also be able to pick this information up with an ActiveX script however that MAY throw up a warning and if people have activex turned off then it will fail..... so that is just an alternative. These are just a few things off the top of my head. If you would like to brainstorm more we can do this later. I have to run....

Hope It Helps

Here is something that if you are willing to look into it you may be able to use.... This tool scans for a MAC address from a given IP address... If someone can do this in a piece of software it certainly can be done over the Internet. Currently the tool is set up to scan over a LAN but there is no reason why it cannot be made to scan over a WAN. Just yet another way to get a MAC address.....

http://www.netpenguin.net/

The only problem I see is the IPs protected by firewalls however then it should return the MAC of the firewall.... so you can still track....

So now, in theory, you get the IP address when the user hits the website just like you are doing now... you dynamically enter it into this tool and get the return of the MAC address and use that in the same table as I described above..... I don't think I can make it any easier than that..... or you reverse engineer it.... or even write them and tell them you ONLY want the MAC scanner portion.... whatever, however you do it... there it is....

Where there is a will there is a way. That is such a funny saying.... it's like saying "So, ultimately if we don't see it happen should we presume that there is no will?" :lol:

Hope it helps

that's a tool for a local network. Thanks for the idea but it is not possible for the internet.

Hence, why I mentioned that it is currently a LAN device however it you can scan a LAN you most certainly can scan a WAN, which as we all know is exactly what the Internet is.... the mother of Networks... A composite of WAN's, MAN's and LAN's and even the extremely rare findings of the PAN's.

Here is a port scanner that scans for a open port... now, read about obtaining the MAC address from a source machine. Now, this is one of those less ethical ways that I was talking about earlier of obtaining a MAC address however the point here is that it IS possible.....
http://www.codeproject.com/internet/NagTPortScanner.asp

Just whether or not someone wants to spend the time to get it done.

Just a suggestion to the first person that wants to act on it.

Wayne - we are not going to start scanning our visitors computers for open ports so we can detect their MAC address. That is such a nasty and invasive suggestion. I can't believe you're actually suggesting it.

We ONLY record the public available information that is sent with your browser when you make requests to webpages. And that is all we record. We are not to going to go down the route of spyware/scumware/privacy invasion etc. etc.

This would go completely against our privacy policy, and although it is still technically completely impossible on a wide scale basis as most users would hopefully have good firewalls to prevent this, there is no way we would ever even consider attempting this.

Once Again, you did not read everything I said in there or only were attentative to what you wanted to read. I was not suggesting in the least bit that you start doing that..... the topic of discussion was that you cannot get a persons MAC address.... yes you can..... through ethical means and NON-ethical means....

The whole point to any of it is the following:
1. A MAC address is data.
2. This data is available
3. You can retrieve this data without using unethical methods
4. You can better your service for your people by retrieving this data and utilizing it in the table that I have suggested above.
5. You can either use that to better your service or not..... Someone will come out with a tool that tracks by MAC, I would like to see it be you guys.

All of the points above have been proven, it is up to you to utilize them or not.

Hope they help....

Okay this just occurred to me....
1. Do you know anything about networking?
2. Do you understand how the TCP/IP stack works and how data transfer is possible over the Internet?

This whole time I am presuming that you do. However; judging by some of your answers and lack of reading thoroughly on specific parts that I point out to you it is becoming more clear that you may not understand the OSI model or the TCP/IP model which would explain why you think that it is not possible to track by MAC or get MACS by ethical means.

As well, it would explain why you, as you have stated earlier are limited to just the Internet Level for tracking.

Is that the case here.... If so enough said.... If not then you should be able to understand how easy retrieving the information actually is (single computer) and doing this in an ethical manner that will not violate any of your policies. Again, getting them from multiple computers is a little harder but not impossible.

3. You can retrieve this data without using unethical methods

Please show me one ethical way of doing this outside of your own local network.

If you would like to hire me to write the program that you will need in order to do this I would be happy to discuss a price for services.... until then I have given you everything that I can possibly think of without going into great detail or spending weeks upon weeks of researching and testing... go back and read some of the posts... I have given you tons of ideas..... and tons of ethical ways that you can retrieve this data...... all you have to do is get the data from one place to the next.... the data is available.... just move the data.

MAC Address is Data
Certain Piece of equipment records MAC Addresses
Write Program to transfer data from one place to another.
Finally Get Data to Server
Transfer Data to PHP Scripts
Better Tracking Available

The hardest part you guys is going to be getting this information from multiple machines that you don't control. This is hard NOT impossible. Here are a couple of ideas:

1. Write a program that the people will have to install on their server.... this is not very feasible as you will not be able to get this onto any of the free servers out there.

2. Check into ActiveX as I believe it can control ARP requests and then use that data to send towards you.

3. See if there is alternative to ActiveX out there that can do the same thing without having to write a C++ or Variant program.

When someone requests a webpage they are logging onto that server, at that moment in time their packet request containing their MAC address for whatever they are connecting to the Internet with is passes through the Cisco Routers on the pathway to that webpage. You could also make a request to that router (This would be very time consuming however and probably not very productive BUT it would work) to pick up that information. That information is still in the packet when it hits the server where the request is being made.... The packet gets taken apart at different levels of the TCP/IP stack..... If not requested for use, some of that information is discarded or dropped..... however it can be requested.... your part now is to figure out how to transfer that data from one place to the next.... it is no different then pulling log files...... a very ethical method

The best way that I see is if people want more accurate data than what you already provide... then you could add it onto your e-commerce or add it on as an upgrade and they will have to install a program onto their server that will provide this information..... I see no way of getting the FREE hosts, IE foruntecity, geocities, etc etc etc to let their users install this program onto their servers..... This means that people there would be left out however, I may be mistaken but I believe that your e-commerce clients would benefit the most from this program anyway....... Your eccommerce clients either own their own server or host with a company that will allow them to install scripts onto the server for a price. Yes, I understand that the people that are on free hosts would be left in the dark on this one but that again, is the limitation of the free host not you. The free hosts are very limited in what you can do and very strict in what you cannot do. They don't allow anything out of the ordinary... (I say this in a general sense).

As you requested there is 1 ethical method for you where you don't have to be on the local network..... I am sure there are others if you would stop denying it and just sit down and think about it. This kind of sounds like to me that you want to deny it so you don't have to implement it. I could be wrong but that is all I have heard this whole time especially when I go back and read the posts. I have not heard... hey you know... that might work.... what about if we did this?? Would that work? I have not heard..... hey, I have an idea from what you have said.... I could do this... All I have heard is deny deny deny.... that sounds like to me that you could care less about getting something that works better and more accurate for your users especially something that your users have been requesting.... It doesn't matter to me.... I like your system.... I am just trying to give you ideas to make it better... I get nothing from trying to help you out other than hey, I helped them come to that... kudos for me.

A 2nd Ethical method is by using the PERL script I gave you earlier. As we have already established that when someone requests a webpage they are logging onto that server and sending a packet of information that contains their MAC address. You can write it out to a .txt file onto your server and pull it from there with just a few modifications of that script.... that will be your easiest way...... however; once again some of those free hosts do not allow PERL or CGI.

I have not put a lot of thought into this.... Everything here is either off the top of my head or just a quick search on google for referencing of webpages......

Again, if you would like to hire me to write the program you will need or find exact ways that you will be able to do this I would be happy to discuss a price for services. If you don't care about making your service more accurate for your users or you want to continue to deny that this is possible even with the overwhelming evidence proving that it is.... I respect that as well. If you would like the name of some phenomenal programmers that can do this for you I have those names as well just ask.

Hope it helps.

I'm not sure what you were suggesting for the first ethical method. But it is unacceptable to have to use our visitors' ip addresses to send additional requests back to them so we can find out their MAC address.

The second ethical method you suggested with the perl script using nbstat will only work for computers on your local network which have access to Address Resolution Protocol that is used to map IP addresses to MAC addresses.

If you can write me a php script that will instantly record the mac addresses of all users without being invasive or requiring an additional request being sent to the user i will give you $500 for it. There's a challenge for you now.

Of course no other ethical web stats program out there at the moment uses MAC addresses. Not even the ones that cost $1,000's a month. There might be a good reason for that. But that $500 is up for grabs if you can do it ethically. Thanks.

Okay apparently there is some miscommunication here... obviously...

1. You will not get this information via PHP.. You cannot get this information from the Internet Level.

2. When a user requests a webpage, they ARE ON THAT NETWORK even temporarily. Their packet of information contains the MAC.

While they are viewing that webpage they are on that network....
You can request information while they are viewing that webpage...
One of the pieces of information that you can request is the MAC address...
Are they on the network while they are viewing the webpage? YES...
Can you get that information from a packet request? YES.....
Can PHP do this? NO
You will need another language to retrieve this information.....
IE. C++,PERL,VBScript, etc. etc. etc.

3. My time and energies are worth a lot more than $500.00. Perhaps I can send you over to one of these places where you bid for programs to be written for you and someone there can write it for you. I have seen some programmers there do some stuff for an inexpensive price as that. As I said IF you want to discuss a price, I have no problem with that but don't insult me.

What price would you like to be paid to develop it - how long is it going to take?

This is where the topic stops in the forum and we can discuss more via either the phone or via e-mail..... I will write you an e-mail with further details.

This is where the topic stops in the forum and we can discuss more via either the phone or via e-mail..... I will write you an e-mail with further details.
Awww! Just when it was getting really interesting! :lol:

lmao Christina. I still absolutely adore your image sig......

lmao Christina. I still absolutely adore your image sig......
STILL? Good, I wouldn't want the novelty of it to wear off too soon ... ;)

Okay, I am sure that everyone is wondering about the final outcome....

Thus far, Statcounter and I have figured a way possible to ethically get a MAC address from your users. This can be done without installing any extra software onto your servers or inserting a PERL/CGI script for you free hosting users. Statcounter currently, getting their program to be the best on the Internet, has their plate full and will be able to get around to checking into this after some tasks that have more priority than this are accomplished. You can expect a minimal of a 6 month waiting term in the meantime.

After a way is written it then has to be configured to the statcounter current system and integrated in for frames and other sorts so after they are able to check into this I would give it 1 more year before implementation.

The dates are just guestimates however for those of you that have already been here since the beginning than it is not that long to wait. Perhaps the outcome will be we will have the ONLY tracker system on the Internet that provides tracking by MAC which for the time being will be the most accurate tracking system.

:wink:

I would have said "to be continued".

okay.... to be continued everyone upon further review.... see above post for guestimated time frame :lol:

Can you imagine the advertising...

Just in the fact that you can say at that point in time.. We are the best because "We do Provide the absolute without a doubt most accuracy on statistics on the Internet" Whew..... that is a strong statement that will have people fighting over who gets to get in your doorstep first.

We're getting 600 new accounts a day at the moment - we're doing alright as is. But I'm going to keep developing this until it is the best, then when it is the best, I'll try to make it better again - and add more features from all the suggestions we get from our members :)

That is what I am talking about right there... someone asked me earlier, why don't I just make a program and do it myself..... I don't think they understand how much time you have already put into this... there is no sense in me remaking the wheel when it is already available at such a reasonable rate......

If anyone that is ecommerce has not switched over to your paid service I think they need to check out the prices on some of your competition...

$900 per month
$1500.00 per month
$400 per month
$15,000 for the enterprises version of the program
$19,000 for the pro version of the program

And although I must give them the interface... their interfaces currently blow this one away, however; the amount of data is not better than what you get here, other than the fact that they store everything for months.... I can go back to my urchin 5.0 account and see all the keywords from 6 months ago on whatever day I want. In some cases the data here is better.....

And none of them report page per page tracking via the title or the URL..... This is the only counter I found that tracks session IDs and does not cut off after the ? in the URL.

Anybody with dynamic ecommerce websites that use session IDs know how important this feature is.

When you are ready to get into java applets for the interfacing I know of a few java writers as well..... Those make the best interfaces I have seen thus far, however you could go one step better and make them flash.... That would impress the socks out of anyone. I know some of the top of the line flash designers on the Internet today that are very reasonable with their design and integration prices.

Just a few more ideas when you get up to those points.

Hope it helps

That is what I am talking about right there... someone asked me earlier, why don't I just make a program and do it myself..... I don't think they understand how much time you have already put into this... there is no sense in me remaking the wheel when it is already available at such a reasonable rate......

Hmmmm, that was me and I was referring to your idea of a MAC-tracking module, not the entire Statcounter thing.

And yeah, the Statcounter rate is as reasonable as can be: free for so many of us :) Any more reasonable, we'd be getting paid to use it ;)

I've never been much good at estimating time something may take to do - if I feel I can do it or if I have to do it, I just up and do it and that's that. But then I don't run a business either. :)

Now, I didn't mention ANY Names at all... I purposely left names out..... lol You tattled on your own self with that one however you were not the only one to mention that to me.... Someone indicates 1 person however that does not mean that I was not talking about one of the other people. :D

I was referring to the ecommerce websites... if they are still on the free version of statcounter... then they need to switch over to the paid service.

your image sig is soooo cool..... I want it.... lol of course I could never use it because you use it..... now, If we could make one with a koala bear that would be nice, I would use that.... :)

That's OK, Wayne, I don't mind tattling (is that a real verb?) on myself :)
My bosses know of this flaw I have .... so they don't ask for an estimate - they order a job done :P

Well I guess the poll should have a third option now. Track by MAC Address :D

I am doing some more checking into this to see if it is feasible now.
The first step was to see that it is possible.
Now let us go onto the next step; to see if it is feasible.

The problem we may run into, which may be why nobody else is doing it; not because it cannot be done ethically. The problem lyes in how a network is governed.

When the packet is broke down on the OSI model, I beleive that the MAC address is replaced with that of the last gateway it passed through, if this is the case then it is not feasible to even go any further as you would be picking up your MAC address from your gatreway everytime. There would be no MAC to IP resolution. There would be no Tracking Enhancement.

For any of the non networking people out there here is a chart below:


Mac Starts------->Mac changes---------->Mac Changes Again-------->
---------- ------------- --------------------
| packet | | Goes | | Goes through |
| starts |------->| through |--------->| 6 hops |-------->
| here | | Proxy | | |
---------- ------------- --------------------

Mac Changes Again------------>Packet Analyzer
--------------------- ---------------------
| Goes Through | | This would |
| Gateway |--------->| Collect the mac |
| to server | | from the last |
--------------------- | gateway?? |
---------------------


When a computer views a webpage it sends a request. This is called a packet request.
a proxy for this conversation is AOL.
This packet request has to travel to that computer it is trying to view the webpage from... It may have to go through 6 or more devices to get there. Each time it travels through one of these devices that is called a HOP
The Server is where the webpage is being held and viewed from
A Gateway; just think of it as a door to your house from the outside. You travel in and out to get inside and to get outside... same concept.
The Packet Analyzer is the piece of software that detects the MAC address from your users packet request.

Extra Notes:
The OSI model is the fundamental basis of why you are able to read this right now. Just think of it as the rules a computer has to follow.

The MAC address is the physical number on the bottom of your internet connection device. Usually found on a sticker. 12 hexadecimal digits long.

The theory behind tracking by MAC address is that MAC addresses don't change. Users are not changing a MAC address in a proxy. IP addresses do change. So, if you track by MAC then in theory you should have more accurate tracking.

If the above it true, the the MAC address will change every time it goes through a hop.... So, although tracking by MAC IS possible after a lot more further review, it may not be feasible....

to be continued.......

One thing to possibly look into if it gets into feasibility would be motherboard NIC/RJ45 interfaces. To throw a bump into it all :)

Similar to AOL using a proxy farm that causes IPs to be very dynamic, at least with my mobo when it has a hard restart (i.e. power button instead of shutting down windows) the MAC address would change. I know this because at school our subscription to the net was monitored by MAC address because it changes very little (as already noted) so when I had the first hard restart on my new computer I had to get my MAC address in their database changed so I could get online again. This happened until I put in my old NIC card.

Of course this is one of the few if not the only way the MAC could change (other then along the hops). MAC tracking would still be way more accurate then by IP or cookie. But I figured I would throw up one of the hiccups in tracking that could occur if we (read Wayne, Aodhán and Martin) get this to work.

I have confirmed the hop change...... this would return your gateway every time.... this would not be good....

There is another alternative that I am looking into....

I am not sure if this will work however when AOL packets are sent out I believe that they are sent out with their username......

now the down side to this is IF the packet does not have a username in it.. then it would go back to tracking by only IP.... however IF the ones in question are indeed AOL, Proxies, dynamically changing IPs....
then most of those require a user to log into their account before signing on, IE AOL, Juno High-Speed (If you can call it that),

I don't know about these internet proxy surfs.... I don't think they require logging in.... you just go to them and use them....

the ones we are not concerned about are comcast or any type of DSL. most of those, yes they are dynamic but they have a system in place that is dynamic for the routers and ACL's but it keeps you with pretty much the same IP at least for 1 day.....

I have seen my IP not change for months and clients that I use VNC with that are with Verizon still have the same IP has 2 years ago.......

Since that is the main question, we could track the username.... That most certainly would not change??

looking into it........

Further invesitgation confirms that AOL users no longer send their username along with their packet however their IS information available that allows tracking an individual back to the source machine. This same information can be used for tracking the AOL users while the username can be used for tracking other ISP's......

I have to do some more investigatory work in order to find out what this information is and if it is different for every client.... in theory it should be.

One of the things I do like most when surfing the internet, is the privacy it offers. Your IP is shifting (at my ISP every 36hrs as a security measure), so unless local authorities force your ISP to give the IP that was assigned to you at a given time, it would be impossible to know exactly who whas where and when.

A MAC-adres if I did learn my lessons well, is indeed hardly ever changing, now, there is one thing I got in mind when reading all this. If people are being told not to give away their home adres, not to talk to strange people, and not to display their banc accounts THEN WHY should we allow people to collect our MAC's, even if they shift from time to time? Yes off course, at first it's about improving trully innocent stuff. Sure. But then? What follows?

I dare to say here, that if MAC's are indeed collected, I'll start searching for solutions to make sure that won't happen with mine. And the day a solution is avaible to me, I shall be ready to have it installed right away. Why do we use things like Ad-aware and stuff? Because we all don't like the idea of people tracking what we visit! Now, how do you all think people will react if this became a widely used thing? I think the idea is offending, and strangely enough, somehow I associate it with something called "the Patriot act", same intrusion of privacy.

Sorry, I'm not saying that I wouldn't be great. It's just that it will be used really soon enough to serve "other" purposes.