How is a site able to track you?

Solution 1:

Websites cannot track your hardware or your MAC address. What they could track is:

• Your browser (Chrome, Firefox, Safari, etc.)
• Your OS (Windows, OS X, etc.)
• Your language
• Your screen resolution

Note: This is true of you are visiting a page assuming it's just viewing a normal page without running any flash content, running Java applets, etc. If you are, then it may be possible for websites to track your hardware.

Solution 2:

You'd be surprised at how much information is available to help track you. Panopticlick mentions these notable data:

• Screen resolution and color depth
• Canvas fingerprinting, which takes advantage of tiny differences in image rendering - different video stacks will produce slightly different images when used to draw simple shapes on a <canvas>
• WebGL fingerprinting, which is like the above but uses WebGL, giving the script more control over what goes on in your GPU
• All Chrome plugins (not extensions) and their versions
• Time zone (accessible via JavaScript)
• The HTTP_ACCEPT header, which can include installed languages and their order of preference
• OS family (e.g. Win32)
• User agent, which identifies the browser version and can include the exact OS version
• Whether your device has touch support
• Some installed fonts (only via Flash - doesn't work in incognito)

Web sites cannot get any hardware details beyond what the browser reports. Your MAC address never leaves your subnet (i.e. never goes beyond your router). In a sense, the canvas and WebGL fingerprints identify your graphics hardware (but not the specific card), since it's differences in the drawing that allow the fingerprinting.

If, however, the site can run arbitrary code on your machine (via a Java applet, usually), it can gather any details it wants, including machine SID, MAC address, a full hardware profile, or any files on the drives.