MAC address anonymization

I would like to raise community awareness on MAC address anonymization. Tails project actually documents various threats at Tails - MAC address anonymization

Most concerning to me actually is “Active probe fingerprinting” documented at Tails - MAC address anonymization

While using Wifi is generally recommended against, I guess people use it and from my perspective we should closely follow what Tails is going to release here (currently in testing) to actually protect the host operating system we use for the Whonix VMs. Hope it’s appreciated to point you to afore mentioned resources here.

Marvelous what they came up with. Anyone (you?) please port this to non-Tails environments.

Feel free to discuss Tails. Both projects are civilized enough to discuss the other one in their channels.

I actually use Tails on a very regular basis and I’m currently waiting for their 0.22.1 release. Afaik, Tails 0.22.1 will (hopefully) include a reference implementation for the very first time. That said, I’m definitely interested in that very feature and I’ll anyways try to thoroughly understand how everything works together in order to push it into a Debian (which Tails also is based upon) host operating system serving Whonix.

That said, I have to say, that despite the Linux/Debian system administration experience that I have, I have a whole lot of respect of what both you and the Tails developers do on a regular basis. I mean, people’s utmost security is dependent on your work. I’m pretty confident that I’m capable to get my hands wet here. I’d like to have a thorough triple-check from 3rd parties (you?) though before we tell people to use it with their host operating systems and depend on it. I guess you know what I mean.

The reference implementation is already in their current test version?

I know what you mean. I’ll look into it before using it.

They recently got started to release “feature builds” available at http://nightly.tails.boum.org/build_Tails_ISO_feature-spoof-mac/

I don’t know if the most recent “stable branch rc” 0.22.1~rc1 also include it just yet. I (this time) have tested neither the “feature build” nor the most recent “stable branch rc” (yet) due to time constraints.

I hope that the new stable 0.22.1, due to be released end of January, will include the feature. That’s when I’m definitely going to upgrade.

UPDATE: JFYI, I joined OFTC #tails and found, that spoof_mac feature is supposed to land in Tails stable with 0.23+, not with 0.22.1. See https://labs.riseup.net/code/projects/tails/roadmap#Tails_0.23

Until then, we certainly (still) have an opportunity to follow afore mentioned “feature builds” based upon 0.23-devel.

Upgraded to Tails 0.23~rc1 today and it’s finally there - I feel so secure :stuck_out_tongue:

I’m currently too busy with Whonix Forum - it’s on my radar though. That is to say, if anyone else would like to take it, by all means … go for it!

Just wanted to raise awareness that Tails finally managed to get it out the door!

EDIT: LOL, I’m just wondering … why is my fucking mac address changing all the time? As if i’d be randomized ;D

Two questions:

  1. I know it has been a while, but curious . . . any updates on this one?
  2. If a MAC address is truly random, would this not raise “red flags” to a party monitoring the network? For example: say I create a purely random MAC address that does not link up to any known type of hardware to exist, would this not raise questions by the monitoring network? The idea behind my question is that the adversary would know that my MAC address did not link up with any real existing hardware and therefore I would become a target for heightened surveillance.

Regarding (2): assuming my thinking is correct, it seems to me that true MAC address randomization would be not as good as some type of pseudo-randomization of the MAC address (i.e. generating random MAC addresses based upon a very popular network controller).

Interested in any thoughts anyone has to add on this . . .

No updates.

Do you know Computer Security Education - Whonix already?

Truly random MAC is problematic indeed:

Tails developers have a good design paper where they also exactly discuss that issue and solutions:
https://tails.boum.org/contribute/design/MAC_address/