Recently in the leaked 0-day exploit for Tor browser, whole shellcode's purpose was getting user's MAC address and sending it to the servers which people are suspecting that exploit was developed by Law enforcement to unmask some TOR users real identity.
My question is, these days everyone is behind some kind of ADLS/VDSL/Fios router. So 99.9% of internet users are behind NAT. So if I'm behind my router, my MAC address AFAIK would never leave my network. So considering that, what's the benefit of sending MAC address of my PC inside my network to outside? Who and how they can track that MAC address to me?
Maybe my main question is, why and how my NATted device's MAC address is transferred to lets say ISP or internet? Please explain what am I missing. I know ARP packets carry these messages, but I assume NATted devices ARP packet won't reach ISP.