Feature #6453

Protect against fingerprinting via active Wi-Fi networks probing

Added by intrigeri 2013-11-29 02:59:17 . Updated 2017-06-29 15:28:28 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Spoof MAC
Target version:
Start date:
2013-11-29
Due date:
% Done:

100%

Starter:
0
Affected tool:
Deliverable for:

Description

Even once feature/spoof-mac is merged, Tails does not protect against AdvGoalTracking and
AdvGoalProfiling due to “active probing” performed by NetworkManager
for Wi-Fi connections. This puts AvoidTracking at risk, especially when using the NetworkManager persistent connections feature.


Subtasks

Feature #6454: Evaluate how hard it would be to disable active probing in NetworkManager Resolved anonym

0


Related issues

Related to Tails - Feature #7380: Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled Rejected 2014-06-09
Related to Tails - Feature #11293: Check if/how we should use NetworkManager's new MAC address spoofing capabilities Confirmed 2016-03-31

History

#1 Updated by intrigeri 2014-02-21 11:05:51

  • Description updated

#2 Updated by BitingBird 2014-06-09 10:18:23

#3 Updated by BitingBird 2014-06-09 10:18:30

  • related to Feature #7380: Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled added

#4 Updated by BitingBird 2015-01-02 18:36:21

  • related to Feature #6549: Prevent MAC address leak for non-root users added

#5 Updated by intrigeri 2015-01-03 11:26:36

  • related to deleted (Feature #6549: Prevent MAC address leak for non-root users)

#6 Updated by BitingBird 2015-04-10 15:04:49

One of the upstream tickets linked on the blueprint is fixed, the other is “fixed-upstream”, the third is wontfix.

#7 Updated by intrigeri 2016-03-31 09:39:09

  • related to Feature #11293: Check if/how we should use NetworkManager's new MAC address spoofing capabilities added

#8 Updated by BitingBird 2016-06-26 11:01:58

  • Status changed from Confirmed to In Progress

#9 Updated by intrigeri 2016-08-28 03:47:18

  • Subject changed from Protect against fingerprinting via active Wi-Fi networks probling to Protect against fingerprinting via active Wi-Fi networks probing

#10 Updated by intrigeri 2017-01-30 17:41:12

BitingBird wrote:
> One of the upstream tickets linked on the blueprint is fixed, the other is “fixed-upstream”, the third is wontfix.

I see nothing about this topic on the blueprint, so I guess the current state of the art is documented on https://tails.boum.org/contribute/design/MAC_address/, in the “Active probe fingerprinting” section (which doesn’t point to any upstream ticket actually).

#11 Updated by Anonymous 2017-06-29 10:17:45

  • Status changed from In Progress to Confirmed
  • Assignee set to intrigeri

It’s unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you’re not going to work on this.
Maybe this should simply be documented or added to the design documentation?

#12 Updated by intrigeri 2017-06-29 15:25:40

  • Blueprint changed from https://tails.boum.org/blueprint/macchanger/ to https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting

#13 Updated by intrigeri 2017-06-29 15:26:08

  • Description updated

#14 Updated by intrigeri 2017-06-29 15:28:28

  • Assignee deleted (intrigeri)

u wrote:
> It’s unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you’re not going to work on this.
> Maybe this should simply be documented or added to the design documentation?

https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting says “active scanning should be disabled in NetworkManager when MAC spoofing is enabled”. I guess next step is to implement an option in NM to allow this.