Why is a devices MAC address important enough to cause operating systems like Apple and android to spoof or hide a MAC address when not connected to WiFi? Why is a big deal for another device to see your actual MAC address?
A MAC address is a physical ID that is unique to your network card (Ethernet or wifi). This ID is used to identify yourself on the network and/or internet.
Imagine this another way, lets pretend that instead of having a phone number and email address, they were both just your government ID number (SIN/SSN for Canada/US, for others I am not sure, but I bet you have some number(and yes I know SIN and SSN is not a government ID.. just lets move on)). And you had to use that number, and you could NEVER change it. So if someone knew your ID number, they could forever contact you, no matter where you went or what you did.
Sounds scary, and easily abused? Well this is kind of how MAC ID’s work. Luckily we figured out pretty quick that this is a terrible idea, and you can now spoof and hide your true MAC ID. Which is basically the same as signing up for a gmail email address instead of giving out your SSN to everyone you meet.
Why is this marked nsfw?
It’s the fingerprint.
You don’t give out your fingerprint to people.
Same with a Mac address.
Imagine your MAC address as your conplete legal name. You can let other people know what it is. But do you really want other people to look you up in social media sites and stalk you? Just give them your nickname.
The issue with a static MAC address is that it could be used as an identifier to detect/log the presence of a specific device. By extension, it could in theory to be used to detect/log the presence of a specific person known to be in possession of that device.
Since it’s easy enough to randomize it in specific cases, there’s little reason not to unless it breaks compatibility with a specific usage scenario.