Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled
Apparently, Apple is going to introduce that: https://twitter.com/lmjabreu/status/475594066907111424/photo/1.
Of course, they're going to spoof MAC only for proble requests, not when actually connecting to an AP.
It might be good for Tails to do that when MAC spoofing opted-out from in the Greeter: then, you reveal your real MAC address to the AP you actually connect to, but not to others. This way, users get the benefit of not spoofing, when they need to disable it (e.g. to connect to a filtering AP), but without the drawback of broadcasting their real MAC address around.
#2 Updated by anonym over 5 years ago
- Status changed from New to Confirmed
- Assignee deleted (
- Type of work changed from Research to Discuss
Since Tails has MAC spoofing enabled by default we already achieve what I suppose is the main goal of this feature, i.e. protecting our users against dragnet WiFi tracking. When explicitly opting out from MAC spoofing the user may have a good reason for doing so (e.g. avoiding chipset/driver issues when MAC spoofing, avoiding suspicion, which OTOH probably becomes less if iOS starts doing it) and I fail to see why we should go only half-way there.
I say we reject this.
#5 Updated by intrigeri almost 5 years ago
Just for completeness, Linux 3.19 supports this al least for some Wi-Fi drivers: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ad2b26abc157460ca6fac1a53a2bfeade283adfa
#6 Updated by sajolida over 3 years ago
Note that in the UX design that I proposed on https://tails.boum.org/contribute/how/promote/material/slides/IFF-20160306/, the decision of enabling or not MAC spoofing would be done for each network (and not for each working session anymore). So scanning for networks should be done before choosing MAC spoofing, and thus always spoofed if possible.
If the hardware doesn't allow spoofing at all the UX should be different of course.
If we go this way we should reconsider the decision made on this ticket.