How are they tracking him? Page 1 / 2

friendly_prawn, Mar 13, 9:41am
A friend of mine had his facebook acc closed for security reasons apparently, then they asked for evidence of who he was. He sent photo id. Weeks went on and they still wouldn't enable his account which was frustrating as it had his business acc attached to it. Getting annoyed he made another account. Not long after they shut that down. He has made several since and all have been shut down.

He's almost given up on facebook. He is scratching his head as to how they are tracking him. It cant be through cookies as he has cleaned his pc out, temp files, cookies etc.He has even tried different browsers.

It cant be through his ip address as he has tried vpn / proxy server and they still busted him. . I got him to use a different pc so as to change the mac address just in case they were using that to track him some how.

They still busted him.

So now Im thinking the only logical conclusion can be they must be checking the mac address of his modem. I have suggested he tries tethering a different pc to his smart phone and see how that goes.

How are they tracking him? Every time he makes a new account in no time they shut him down. Am I on the right track with modem mac address being tracked?

Any thoughts guys?

gyrogearloose, Mar 13, 10:13am
Is he using the same email address?


king1, Mar 13, 10:51am
what business is he in?

just_looking_, Mar 13, 11:55am
Try a virtual desktop (AWS).

I'd be interested if they could track him then.

Unless his usage patterns/footprints are basically the same every time, in which case I imagine it doesn't take long for Facebook to identify him then.

suicidemonkey, Mar 13, 12:01pm
I've never heard of Facebook shutting anyone's account down unless they're using a stupid name that's obviously fake.

friendly_prawn, Mar 13, 1:10pm
I had thought of that but I see two issues, due to him using older an older machine, i suspect it would probably slow things down to much. And the fact I think they are checking out the mac address of his modem to indentify him would make it a pointless exercise. Unless of course Im wrong about that. But then why are they still deleting accounts when he uses a completely different pc.

friendly_prawn, Mar 13, 1:15pm
Its common. Many reasons. Google it. Here is a classic example.

https://www.blackhatworld.com/seo/facebook-keeps-disabling-my-new-account.971252/

black-heart, Mar 13, 1:18pm
If he's gone through a VPN, then it wont be the mac, most likely the details hes using in the facebook account creation, email address / first last name stuff. Or it could be the md5 hash of the uploaded photos, like above.

zak410, Mar 13, 1:24pm
Or it could be the contents he posts that's deemed inappropriate. same topics, same 'friends'.

jeffm13, Mar 13, 3:27pm
Late last year I had an account nuked within 48 hours and I hadn't posted anything that violated the policy. I was using my real name, real photo and real date of birth. The bastards also blocked me from signing up with my mobile number. It was so sneaky - they asked for me to verify my mobile, and then they ban my number from ever registering again!

It's probably because I was associated with a group called Fashy Dreams The New Reich, a group with 10k members and numerous memes about World War 2 stuff. So, they will ban your account even if it's real - so long as they can trace you back to a banned group. Funny thing is, I made an account just recently and it was fine but I got bored and deleted it. Too many distractions. Honestly who cares about Facebook? Make your own forum or something, use Google Hangouts or Mastodon. Anyone who thinks that they "need" Facebook is mentally ill. You don't need Facebook for anything. I use Google Hangouts for uni stuff.

mr-word, Mar 13, 3:44pm
People have multiple facebook accounts their own name but they have different photos of themselves. Maybe if they got hacked.

just_looking_, Mar 16, 12:23pm
As black-heart alluded to (and which you said you've tried), the MAC address won't be available via a VPN.
The MAC address is discarded once it moves outside of a subnet anyhow. Typically the MAC address from the originating node is not retained in the many hops to it's intended IP destination (assuming we're talking about routing over the internet). The only way the MAC address would be remembered is if it was sent in the payload (not the headers), which would be an application specific implementation.
The AWS suggestion would've dealt with the case of an application specifically storing the MAC address in a message/response back to Facebook (assuming this was even happening).

friendly_prawn, Mar 16, 4:51pm
Wasnt talking pc mac address as I know this is stripped out of the packet before being sent on. I was talking about the router / modem mac address.

So even if using a virtual PC, that wont stop the mac address from the modem / router from being still seen. The part i was confused on is whether it was still possible to see the modem mac address even if running through a proxy server. I know some of the hackers softare is amazing at tunneling down to your router and coming up with details, not only of the router, but of the whole network. But yes now understand if modems mac address is behind vpn / proxy server it shouldnt be seen. Thats the part I was getting confused with.

just_looking_, Mar 16, 6:31pm
Curious. So, how does that work exactly?

An Ethernet 2 header is comprised of 14 octets:-
* 6 octets for the destination (MAC) address
* 6 octets for the source (MAC) address
* 2 octets for the type

After the header we have the rest of the frame, which is typically an IP packet (usually comprised of a TCP packet if we're sending stuff over the internet).
There can be ARP requests (for mapping a MAC address to an IP address on the _same_ subnet/domain), or DNS requests for mapping hostnames to IP addresses.

The source and destinations addresses are changed on every hop - every time we switch to a different subnet. This is just how ethernet works. Tables are maintained that map addresses to nodes on the subnet so that link layer switching sends the right packet to the right node (more or less).

So, the specific question I have is:
Q: Exactly where does this persistent router/modem MAC address live in the ethernet frame that is sent from your mates PC to Facebook?
Bearing in mind that both IP and TCP have no concept of a MAC address.

friendly_prawn, Mar 16, 7:00pm
Not saying it was sent. I was thinking more about them tunneling down in to your router / modem and using the mac address to identify if its the same modem thats attached to the new facebook account. been a long time since i have played with this but im fairly confident if you give me your ip address I can supply you with your modems mac address.

So thats what I was talking about.

ross1970, Mar 16, 7:36pm
I was tempted to give you the ip of the vm I just set on on GCP and add a custom http response header in the default apache page it's serving with a dummy value resembling a mac address and tell you I'd just written a wee bit of code to extract and send macs this way .

vtecintegra, Mar 16, 7:42pm
lolwut

just_looking_, Mar 16, 7:44pm
Again:
Q: Exactly how do they get that MAC address?

ross1970, Mar 16, 7:48pm
For tcp ( and udp ) you can take that one step further in that they have no concept of Ip addresses let alone macs.

friendly_prawn, Mar 16, 8:03pm
The software is freely available. You sound very clued up. Google it. It should take you all of 2 minutes to find it.

just_looking_, Mar 16, 8:07pm
Correct (I forgot all about UDP).

just_looking_, Mar 16, 8:19pm
You're the one making the assertion that it's the MAC address.
I've just explained how that it seems highly unlikely (in hopefully relatively straight forward terminology).

I've asked how this MAC address tracking mechanism works - twice.

Either you actually know how it works, or you read about it in some forum, or you're just making it up (?)

Why is it so hard to explain the mechanism? (your first post implies you have a reasonable understanding of basic networking)

friendly_prawn, Mar 16, 9:34pm
No I never made the assumption. I was simply asking.
If i had the answers would I be in here asking? And please quote where i have implied I'm a networking guru? I have never stated my level of competency.

As said, some how they are keeping an eye on him. Im not talking about having any fixed link to his router. If you want to find out if its the same person, that has made a new account as say the one you just deleted and they have changed their ip address, how can you prove its the same person. You use the new ip address they are using to access to check the modems mac address, using third party software. If the modem mac address is the same, voila, its the same person. Or at least coming from the same modem. That was my thoughts.

friendly_prawn, Mar 16, 10:41pm
just_looking the reason for starting this thread was to try to figure out why they keep shutting down accounts he makes. Do you actually have any thing to contribute as to how they seem to be able to know what he's up too?

vtecintegra, Mar 17, 9:42am
The ?

Share this thread

Buy me a coffee :)Buy me a coffee :)