Feature #6453
Protect against fingerprinting via active Wi-Fi networks probing
100%
Description
Even once feature/spoof-mac
is merged, Tails does not protect against AdvGoalTracking and
AdvGoalProfiling due to “active probing” performed by NetworkManager
for Wi-Fi connections. This puts AvoidTracking at risk, especially when using the NetworkManager persistent connections feature.
Subtasks
Feature #6454: Evaluate how hard it would be to disable active probing in NetworkManager | Resolved | anonym | 0 |
Related issues
Related to Tails - |
Rejected | 2014-06-09 | |
Related to Tails - Feature #11293: Check if/how we should use NetworkManager's new MAC address spoofing capabilities | Confirmed | 2016-03-31 |
History
#1 Updated by intrigeri 2014-02-21 11:05:51
- Description updated
#2 Updated by BitingBird 2014-06-09 10:18:23
- related to deleted (
)Feature #5421: Spoof MAC address
#3 Updated by BitingBird 2014-06-09 10:18:30
- related to
Feature #7380: Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled added
#4 Updated by BitingBird 2015-01-02 18:36:21
- related to Feature #6549: Prevent MAC address leak for non-root users added
#5 Updated by intrigeri 2015-01-03 11:26:36
- related to deleted (
Feature #6549: Prevent MAC address leak for non-root users)
#6 Updated by BitingBird 2015-04-10 15:04:49
One of the upstream tickets linked on the blueprint is fixed, the other is “fixed-upstream”, the third is wontfix.
#7 Updated by intrigeri 2016-03-31 09:39:09
- related to Feature #11293: Check if/how we should use NetworkManager's new MAC address spoofing capabilities added
#8 Updated by BitingBird 2016-06-26 11:01:58
- Status changed from Confirmed to In Progress
#9 Updated by intrigeri 2016-08-28 03:47:18
- Subject changed from Protect against fingerprinting via active Wi-Fi networks probling to Protect against fingerprinting via active Wi-Fi networks probing
#10 Updated by intrigeri 2017-01-30 17:41:12
BitingBird wrote:
> One of the upstream tickets linked on the blueprint is fixed, the other is “fixed-upstream”, the third is wontfix.
I see nothing about this topic on the blueprint, so I guess the current state of the art is documented on https://tails.boum.org/contribute/design/MAC_address/, in the “Active probe fingerprinting” section (which doesn’t point to any upstream ticket actually).
#11 Updated by Anonymous 2017-06-29 10:17:45
- Status changed from In Progress to Confirmed
- Assignee set to intrigeri
It’s unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you’re not going to work on this.
Maybe this should simply be documented or added to the design documentation?
#12 Updated by intrigeri 2017-06-29 15:25:40
- Blueprint changed from https://tails.boum.org/blueprint/macchanger/ to https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting
#13 Updated by intrigeri 2017-06-29 15:26:08
- Description updated
#14 Updated by intrigeri 2017-06-29 15:28:28
- Assignee deleted (
intrigeri)
u wrote:
> It’s unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you’re not going to work on this.
> Maybe this should simply be documented or added to the design documentation?
https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting says “active scanning should be disabled in NetworkManager when MAC spoofing is enabled”. I guess next step is to implement an option in NM to allow this.