On 24/12/2023 04.45, Sam Varshavchik wrote:
Kevin Kofler via devel writes:
Sam Varshavchik wrote:
> Christopher Klooz writes:
>
>> Btw, does anyone know if this (in the practically-same manner) is
really
>> already introduced in Windows, Mac, Android by default? Globally?
This
>
> Most recent Android phones, and iPhones do this by default.
>
> What they do is pin each randomized MAC address per AP. They're not
> randomizing MACs for each connect, but basically generate a
randomized MAC
> for each AP known to the phone.
What is this actually good for? Any AP you connect to can still track
you
this way, and anything further uplink should not get your MAC address to
begin with anyway (only your IP address).
The ostensible reason for this is that you cannot be tracked by your
fixed MAC across different APs. Yes, your visits to the same AP can
still be tracked by that AP, but that's as far as it goes. And the
reason for using the same MAC with the same AP is to still make it
possible to do MAC address filtering.
The majority of privacy issues when it comes to tracking take place on
higher layers. The providers that are able to collect massive amounts of
information about you have no access to your MAC. E.g., when using
Google services. If a hotel chain can track me throughout its hotels, it
can get more information than otherwise. However, they still get much
less information than most web services that make money with tracking,
especially since most is HTTPS today. There is an advantage with MAC
randomization, but it is a small one, and I am not convinced if it is
worth the efforts: for both developers and the users who have to handle
some issues - or beginners who possibly end up in a "denial of service"
because they have no idea what the problem is and how to respond (if
people get a new notebook, those who use filtering for
whitelists/blacklists or content filters for problematic content, e.g.
if they have kids, will likely understand that something has to be done,
but this proposal is not a case where a new notebook or so is introduced
- thus, non-advanced users might not be able to understand WHAT to do
and thus remain with the issue; some examples are in [1]).
However, if there is a RFC that is already implemented by Apple,
Microsoft and Android, I tend to change my mind and say let's keep
consistency among operating systems: at least if the big three do it, I
expect that vendors of hardware (for home routers and such) will respond
to that also in favor of beginners (hopefully...). In any case, we then
might at least ensure that users experience the issue on all systems
roughly at the same time... That might serve as a small but existing
mitigation.
[1]
https://discussion.fedoraproject.org/t/f40-change-proposal-wifi-mac-randomization-system-wide/99856/15
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
