Change Details

WARNING: This doesn't currently work due to https://tracker.pureos.net/T775 # Introduction Untrusted endpoints (e.g. your free coffee shop wifi) can recognise and track your device using your device-specific MAC address. The following procedure will cycle your MAC address by default, preventing device tracking by arbitrary access points. It will also demonstrate how to declare a stable MAC address for trusted access points (e.g. your office ethernet). This is used, for example, by a trustworthy syadmin to assign you a permanent IP address. (This technique is sometimes called "MAC address spoofing".) # Steps 1. Install macchanger. When prompted, answer "Yes" to cycle your MAC address. ``` sudo apt install macchanger ``` 2. List all known connections ``` nmcli connection show ``` 3. Enable a stable address for trusted connection (replace "Office Wi-Fi" with the name of the trusted connection). ``` nmcli connection modify "Office Wi-Fi" \ wifi.cloned-mac-address stable ``` 4. Repeat step 3 for all trusted connections. 5. Make a connection 6. List all known connections and note the Device of the active connection ``` nmcli connection show ``` 7. Confirm that your "current" and "permanent" MAC addresses are different (replace DEVICE with the value from step 6) ``` macchanger --show DEVICE # for example, macchanger --show wlp1s0 ``` **Notes:** * macchanger runs with the `--ending` setting, so vendor bytes remain the same * For trusted connections a third, stable address will be used. This can be confirmed in Network Settings under the "Identity" tab. The "Cloned address" field will show "stable". Use the following command to find out the MAC address (replace "CONNECTION NAME" with the connection name): ``` nmcli connection show nmcli connection show "CONNECTION NAME" | grep mac-address ``` * Tested with the following versions: * `macchanger-1.7.0-5.4` * `network-manager-1.14.6-2` **References:** * https://perot.me/mac-spoofing-what-why-how-and-something-about-coffee * https://packages.debian.org/stable/macchanger * https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/

WARNING: This doesn't currently work due to https://tracker.pureos.net/T775 # Introduction Untrusted access points (e.g. your free coffee shop wifi) can recognise and track your device using your device-specific MAC address. The following procedure will cycle your MAC address by default, preventing device tracking by arbitrary access points. It will also demonstrate how to declare a stable MAC address for trusted access points (e.g. your office ethernet). This is used, for example, by a trustworthy syadmin to assign you a permanent IP address. (This technique is sometimes called "MAC address spoofing".) # Steps 1. Install macchanger. When prompted, answer "Yes" to cycle your MAC address. ``` sudo apt install macchanger ``` 2. List all known connections ``` nmcli connection show ``` 3. Enable a stable address for trusted connection (replace "Office Wi-Fi" with the name of the trusted connection). ``` nmcli connection modify "Office Wi-Fi" \ wifi.cloned-mac-address stable ``` 4. Repeat step 3 for all trusted connections. 5. Make a connection 6. List all known connections and note the Device of the active connection ``` nmcli connection show ``` 7. Confirm that your "current" and "permanent" MAC addresses are different (replace DEVICE with the value from step 6) ``` macchanger --show DEVICE # for example, macchanger --show wlp1s0 ``` **Notes:** * macchanger runs with the `--ending` setting, so vendor bytes remain the same * For trusted connections a third, stable address will be used. This can be confirmed in Network Settings under the "Identity" tab. The "Cloned address" field will show "stable". Use the following command to find out the MAC address (replace "CONNECTION NAME" with the connection name): ``` nmcli connection show nmcli connection show "CONNECTION NAME" | grep mac-address ``` * Tested with the following versions: * `macchanger-1.7.0-5.4` * `network-manager-1.14.6-2` **References:** * https://perot.me/mac-spoofing-what-why-how-and-something-about-coffee * https://packages.debian.org/stable/macchanger * https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/

WARNING: This doesn't currently work due to https://tracker.pureos.net/T775 # Introduction Untrusted endaccess points (e.g. your free coffee shop wifi) can recognise and track your device using your device-specific MAC address. The following procedure will cycle your MAC address by default, preventing device tracking by arbitrary access points. It will also demonstrate how to declare a stable MAC address for trusted access points (e.g. your office ethernet). This is used, for example, by a trustworthy syadmin to assign you a permanent IP address. (This technique is sometimes called "MAC address spoofing".) # Steps 1. Install macchanger. When prompted, answer "Yes" to cycle your MAC address. ``` sudo apt install macchanger ``` 2. List all known connections ``` nmcli connection show ``` 3. Enable a stable address for trusted connection (replace "Office Wi-Fi" with the name of the trusted connection). ``` nmcli connection modify "Office Wi-Fi" \ wifi.cloned-mac-address stable ``` 4. Repeat step 3 for all trusted connections. 5. Make a connection 6. List all known connections and note the Device of the active connection ``` nmcli connection show ``` 7. Confirm that your "current" and "permanent" MAC addresses are different (replace DEVICE with the value from step 6) ``` macchanger --show DEVICE # for example, macchanger --show wlp1s0 ``` **Notes:** * macchanger runs with the `--ending` setting, so vendor bytes remain the same * For trusted connections a third, stable address will be used. This can be confirmed in Network Settings under the "Identity" tab. The "Cloned address" field will show "stable". Use the following command to find out the MAC address (replace "CONNECTION NAME" with the connection name): ``` nmcli connection show nmcli connection show "CONNECTION NAME" | grep mac-address ``` * Tested with the following versions: * `macchanger-1.7.0-5.4` * `network-manager-1.14.6-2` **References:** * https://perot.me/mac-spoofing-what-why-how-and-something-about-coffee * https://packages.debian.org/stable/macchanger * https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-networkmanager-1-4-0/