A bank’s privacy policy lists a lot of data they collect, including customers’ MAC addresses. I was dumbfounded. How is that possible? The router on your LAN obviously knows your device’s MAC address. And I guess the ISP’s router would know your gateway’s MAC address. But from there wouldn’t the bank only see your IP address from the WAN?
Then it occurred to me-- the bank has a smartphone app. So the app likely demands perms to get the phone’s MAC. But then what would the likely purpose be? To check vendor consistencies (to block VMs) and raise impostor flags if your MAC changes?
(update) Another question: instead of using the bank’s shitty phone app, you use their shitty web app instead. I would assume the JavaScript engine is naturally blocked from obtaining your MAC address and transmitting it. But I would like a sanity check.. anyone know for certain?
Sorry for the late reply. But for the record I must say Tails does not do what I want because Tails gives clearnet access. The UI discourages it, but the possibility is there to open a browser on clearnet.
You may be right about Whonix.. I have yet to tinker with it.