random MAC addresses for scanning



I've changed the thread so reflect this hijacking of the original
topic.

On Fri, Jun 13, 2014 at 12:17:11PM +0200, Tom Gundersen wrote:
On Fri, Jun 13, 2014 at 12:43 AM, Dan Williams <dcbw redhat com> wrote:
On Thu, 2014-06-12 at 23:22 +0200, Mark Elkins wrote:
I hear that the latest Apple IOS uses a random MAC address when scanning
local wifi hotspots - so "people" can not track the device so easily...
seems like a good addition.

It would also be interesting if I could automatically change my MAC
address every so many configurable minutes - both on wifi and wired
interfaces... a bit like I can do with my IPv6 address...

We've been discussing this upstream with kernel developers too.  The
short answer is that yes, it can happen, but it'll take some work in the
kernel and wpa_supplicant to make that happen.  Once that's done,
NetworkManager can use it.

Note that this behavior is only for randomized MAC addresses when
*scanning*.  The device must still use a stable MAC address when it
connects to a network, and that address cannot change during the
connection without breaking the connection entirely and reconnecting.
And that wouldn't work well for hotspots, since they often cache your
"logged-in" status based on your MAC address.  For wired it would
probably greatly confuse switches and bridges, and would trigger
re-authentications for 802.1x-enabled switches.

So yeah, randomized MAC when scanning is coming.  But randomized MAC
every few minutes wouldn't work well in many normal WiFi and ethernet
cases, so that's probably not going to happen soon (if ever)...

One option would be to use a random mac address for scanning, and also
generate a random MAC address for each AP you connect to, but keep the
same MAC address as long as you are connected to the same AP (and
remember it for next time you connect).

That would break any network larger than a coffeshop or home, where
there are multiple APs connected to the same controller, or to the
same back-end network (router).

Really, MAC addresses need to be stable or lots of bad things happen
to the network and your connection to it.  There are many things in
networking that could potentially be used to track you (MAC, DUID,
Bluetooth).  If you don't like that, don't scan or connect to
untrusted networks, and keep your phone in a metal cage.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]