Project

General

Profile

Feature #6453

Protect against fingerprinting via active Wi-Fi networks probing

Added by intrigeri almost 6 years ago. Updated about 2 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
Spoof MAC
Target version:
-
Start date:
11/29/2013
Due date:
% Done:

100%

Starter:
No
Affected tool:

Description

Even once feature/spoof-mac is merged, Tails does not protect against AdvGoalTracking and
AdvGoalProfiling due to "active probing" performed by NetworkManager
for Wi-Fi connections. This puts AvoidTracking at risk, especially when using the NetworkManager persistent connections feature.


Subtasks

Feature #6454: Evaluate how hard it would be to disable active probing in NetworkManagerResolvedanonym


Related issues

Related to Tails - Feature #7380: Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled Rejected 06/09/2014
Related to Tails - Feature #11293: Check if/how we should use NetworkManager's new MAC address spoofing capabilities Confirmed 03/31/2016

Associated revisions

Revision c6097c52 (diff)
Added by intrigeri over 2 years ago

MAC spoofing design doc: clarify that at most five SSIDs from stored connections are used for directed Probe Requests.

refs: #6453

History

#1 Updated by intrigeri over 5 years ago

  • Description updated (diff)

#2 Updated by BitingBird over 5 years ago

#3 Updated by BitingBird over 5 years ago

  • Related to Feature #7380: Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled added

#4 Updated by BitingBird over 4 years ago

  • Related to Feature #6549: Prevent MAC address leak for non-root users added

#5 Updated by intrigeri over 4 years ago

  • Related to deleted (Feature #6549: Prevent MAC address leak for non-root users)

#6 Updated by BitingBird over 4 years ago

One of the upstream tickets linked on the blueprint is fixed, the other is "fixed-upstream", the third is wontfix.

#7 Updated by intrigeri over 3 years ago

  • Related to Feature #11293: Check if/how we should use NetworkManager's new MAC address spoofing capabilities added

#8 Updated by BitingBird about 3 years ago

  • Status changed from Confirmed to In Progress

#9 Updated by intrigeri about 3 years ago

  • Subject changed from Protect against fingerprinting via active Wi-Fi networks probling to Protect against fingerprinting via active Wi-Fi networks probing

#10 Updated by intrigeri over 2 years ago

BitingBird wrote:

One of the upstream tickets linked on the blueprint is fixed, the other is "fixed-upstream", the third is wontfix.

I see nothing about this topic on the blueprint, so I guess the current state of the art is documented on https://tails.boum.org/contribute/design/MAC_address/, in the "Active probe fingerprinting" section (which doesn't point to any upstream ticket actually).

#11 Updated by u about 2 years ago

  • Status changed from In Progress to Confirmed
  • Assignee set to intrigeri

It's unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you're not going to work on this.
Maybe this should simply be documented or added to the design documentation?

#12 Updated by intrigeri about 2 years ago

  • Blueprint changed from https://tails.boum.org/blueprint/macchanger/ to https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting

#13 Updated by intrigeri about 2 years ago

  • Description updated (diff)

#14 Updated by intrigeri about 2 years ago

  • Assignee deleted (intrigeri)

u wrote:

It's unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you're not going to work on this.
Maybe this should simply be documented or added to the design documentation?

https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting says "active scanning should be disabled in NetworkManager when MAC spoofing is enabled". I guess next step is to implement an option in NM to allow this.

Also available in: Atom PDF