A more politically controversial example would be social media/'platforms', IMO. Google and Facebook are allowed to be in possession of CSAM, as long as someone else put it there.
Of course. But "someone sit there for an hour downloading torrents" is not something they'd bother to chase vs "this guy seems to be downloading 854 torrents in last 24 hours"
Your coffee shop could turn over MAC addresses if the police showed up with a warrant - especially all of the 3rd party managed solutions with logging.
When you actually connect to the wifi network the mac addresses stay consistent and stable on macOS / iOS at least over multiple sessions. If they didn't do that, then a bunch of stuff would probably break.
There’s this silly HN conceit of these super sophisticated adversaries when the reality is most people don’t know the first thing about technology or network topology and wouldn’t know why they should obfuscate their MAC in the first place. It wouldn’t catch the 1% of sophisticated black hats but that describes a small fraction of actual people doing stuff online.
MAC addresses are useless to track, you can change it, randomize it (I think even Microsoft windows has that feature built in too), or simply just throw away that wireless adapter used. It would be useful if for example these MAC addresses are tied to your identity, say when you buy a laptop/phone, you have to go in the process of adding these MAC addresses to be linked to you of some sort.
