Anonymity with open access points

[IDNeon]

I'm trying to figure out how anonymous (quantitatively) an open access point such as a starbucks wifi or etc really is and I'm stuck.

The computer forensics book I'm reading mentions ARP but goes on to say ARP caches are only saved for 10 minutes. So now I'm confused.

If a person uses an open WIFI AP then their hardware which is given a pseudo-unique MAC address (correct?) Is given by that wifi a unique IP Address (correct?).

But without an ARP cache how does an investigator trace the IP to an actual computer to later show as evidence that such hardware was indeed likely the hardware of that access point at that time?

Is there another way to trace the IP through the access point to a specific computer that I'm missing?

I was thinking that that if you find that MAC Address(?) You can compare it to local ISPs and find a person with that address who has an Internet and thus billing account? Is that correct?

If not then what's the actual method? Am I way off and have to go back to the books so to speak?

Because right now the only thing I can conclude from the chapter is that without an ARP cache the trail is cold and the only way to then move forward is to examine security footage for clues? So if that's wrong Id like some tutoring.

[cyberdrain]

I do not know much about networking, but I do know a bit. MAC addresses usually aren't random and therefore are specific to the device used to connect. That doesn't mean you can follow them always everywhere, two problems arise. As far as I know, the MAC addresses do not leave the local network. This would mean connections from open APs probably cannot be traced to a home connection/ISP. The second problem is that MAC addresses can easily be spoofed, it's built right into most if not all operating systems.

In regards to data tracking: a Wifi router saves information about which MAC address had which IP at a certain time. How much logging is usually done and how this relates to the ARP cache, I wouldn't know. As MAC addresses can be spoofed and are hard to trace and IPs are temporary and random, the best bet to actually finding someone would be identifying traffic. WallShadow had a great post about it here.

[pretentious]

tried to address everything but rage quit when i realized i was a bit off base, basically:
MAC addresses don't change during normal network access but can be spoofed
I.P addresses are usually subject to change and don't mean a great deal the next day
ARP listings are designed for practical 'at the time' use due to above and wouldn't be used for historical anti forensics
For that, you would use logs that ISP's and Routers keep.

Just throwing it out there. If the whole world adopted IPv6 and removed NAT, it would be an entirely different playing field.

[IDNeon]

Agreed about IPv6...I'm going to post my findings in a new thread because apparently this anonymity rabbit hole is extremely deep and beyond the scope of the OP.

[danishkh56]

I would say all the things are depended only with the help internet. I have found that writing information can be only helpful if you have the internet content only.I have checked some of the writing information on the https://essayontime.com.au/childcare-assignment-help site where I got the help related to the writing purpose only.

[reviyo1238]

I like want to more about the Who invented the internet