Kevin Kofler via devel writes:
Sam Varshavchik wrote: > The ostensible reason for this is that you cannot be tracked by your fixed > MAC across different APs. But different APs will typically be operated by different people, who have no access to each other's MAC address logs anyway. So what is the point of sending them a different made-up MAC?
I'm not advocating for it. I also think this is dumb. I'm just the messenger, this is just the argument for that.
The threat vector is different APs that are covertly managed by the same entity. Geographically discrete APs that can be used to track the target using the target's fixed MAC address.
Many SSIDs are well known, McDonals, etc… Presuming that the target's device knows the AP and auto-connects to the SSID a threat actor can covertly track the target by setting up rogue APs, in different geographic areas.
> Yes, your visits to the same AP can still be tracked by that AP, but > that's as far as it goes. And the reason for using the same MAC with the > same AP is to still make it possible to do MAC address filtering. Sure, I understand that. But it is inherently impossible to allow MAC address filtering while blocking MAC address tracking. They are basically two use cases of the same thing.
Not if the MAC is randomized per AP. The randomized MAC will remain fixed for that AP only, hence MAC filtering is still possible.
Attachment:
pgp7H1geZaM_l.pgp
Description: PGP signature
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
