Check if WPS' UUID-E allows passive attackers to recover the "real" MAC address despite MAC spoofing
The A Study of MAC Address Randomization in Mobile Devices and When it Fails paper reads: "Universally Unique IDentifier-Enrollee (UUID-E) which is used to establish WPS connections. The flaw that Vanhoef et al.  discovered is that the UUID-E is derived from a device’s global MAC address, and by using pre-computed hash tables an attacker can simply lookup the UUID-E from the table and retrieve the global MAC address [22, 16]".
Anyone interested in checking if Tails is affected? (adding as watchers a few friendly security people who might get excited, feel free to tell me to drop you from the list of watchers if you're not interested and don't want to do it yourself :)