Feature #7380: Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled

Feature #7380

Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled

Added by intrigeri 2014-06-09 03:58:54 . Updated 2016-10-02 18:03:10 .

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Spoof MAC

Target version:

Start date:

2014-06-09

Due date:

% Done:

Feature Branch:

Type of work:

Discuss

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Apparently, Apple is going to introduce that: https://twitter.com/lmjabreu/status/475594066907111424/photo/1.
Of course, they’re going to spoof MAC only for proble requests, not when actually connecting to an AP.

It might be good for Tails to do that when MAC spoofing opted-out from in the Greeter: then, you reveal your real MAC address to the AP you actually connect to, but not to others. This way, users get the benefit of not spoofing, when they need to disable it (e.g. to connect to a filtering AP), but without the drawback of broadcasting their real MAC address around.

Subtasks

Related issues

Related to Tails - Feature #6453: Protect against fingerprinting via active Wi-Fi networks probing

Confirmed

2013-11-29

History

#1 Updated by intrigeri 2014-06-09 04:00:23

Assignee set to anonym

anonym, may you please have a quick look, and set status to Confirmed + empty assignee, if it seems to be a good idea to you?

Then, the bit of (low-priority) needed research will be: can we actually do that with Linux Wi-Fi drivers?

#2 Updated by anonym 2014-06-09 04:30:10

Status changed from New to Confirmed
Assignee deleted (~~anonym~~)
Type of work changed from Research to Discuss

Since Tails has MAC spoofing enabled by default we already achieve what I suppose is the main goal of this feature, i.e. protecting our users against dragnet WiFi tracking. When explicitly opting out from MAC spoofing the user may have a good reason for doing so (e.g. avoiding chipset/driver issues when MAC spoofing, avoiding suspicion, which OTOH probably becomes less if iOS starts doing it) and I fail to see why we should go only half-way there.

I say we reject this.

#3 Updated by BitingBird 2014-06-09 10:18:30

related to Feature #6453: Protect against fingerprinting via active Wi-Fi networks probing added

#4 Updated by sajolida 2014-08-03 20:59:16

Status changed from Confirmed to Rejected
Priority changed from Low to Normal

#5 Updated by intrigeri 2015-02-12 16:13:27

Just for completeness, Linux 3.19 supports this al least for some Wi-Fi drivers: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ad2b26abc157460ca6fac1a53a2bfeade283adfa

#6 Updated by sajolida 2016-10-02 18:03:10

Note that in the UX design that I proposed on https://tails.boum.org/contribute/how/promote/material/slides/IFF-20160306/, the decision of enabling or not MAC spoofing would be done for each network (and not for each working session anymore). So scanning for networks should be done before choosing MAC spoofing, and thus always spoofed if possible.

If the hardware doesn’t allow spoofing at all the UX should be different of course.

If we go this way we should reconsider the decision made on this ticket.