FR: enable per-network MAC Address randomization

[device-mac-randomization]
# "yes" is already the default for scanning
wifi.scan-rand-mac-address=yes
 
[connection-mac-randomization]
# Generate a random MAC for each Network and associate the two permanently.
ethernet.cloned-mac-address=stable
wifi.cloned-mac-address=stable

I would really like to see Fedora implementing this by default. It is a good privacy/usability solution, as the usability issues = none.

Full MAC Randomization is problematic in any networks you trust, as you spam the DHCP channel.

But what this does is simply create a random ID and permanently use that. This will avoid using a device MAC, which leaks your Identity very likely.

I didnt want to put this in the Project Discussions.

What do you think of that? I think its very important for Linux Distros to implement basic privacy out of the box. Scanning is already anonymous which is great and sane, but connections should be too.

Only problem could be networks that use Radius or some MAC-driven identifier. But this would now affect most users, as most use DHCP and a password, thats it.


Another thing here of course is to set the hostname as “PC” or something generic. Currently it is Fedora, and I dont see the reason for that “flex”. It is an unnecessary privacy risk, and presetting the hostname to “PC” in Anaconda would be very good for out of the box privacy.

1 Like

It would negatively affect every user who uses a fixed MAC to define a reserved IP with DHCP on the network.

My network is fairly small and I have 5 devices with fixed (reserved) IPs. Having the MAC address be randomly generated would require that I manually set a fixed address on each of those devices instead of using dhcp. It also would likely interfere with proper management of wifi from the AP.

While it may be better for security when mobile it could easily become a nightmare for fixed networks and would serve little purpose in an enterprise or home environment where there is often a private network IP range used.

Hmm, you have to see, this sounds like a special problem for some rare cases. If you have such a setup, you can just add an override to /etc/NetworkManager/conf.d/. This is totall doable.

But regular users have regular routers without IP ranges or even fixed IPs, they use DHCP and should not need this.

Also as I mentioned, this setting is not private but just avoids leaking your device MAC. You have one mac, once randomized, that is then static. So you could just use that MAC and don’t bother anymore, or for in-company PCs you could add an easy override conf just disabling the randomization

So in the end I guess in such a network the Router has to allowlist random MAC addresses once anyways. This would just mean that the MAC addresses wouldnt be device macs but the random static ones. Allow these, done.

1 Like

This will happen in Fedora 40.

https://pagure.io/fedora-workstation/issue/350#comment-884894

EDIT: it will happen for Wi-Fi only.

What about those who have networked printers – if the address changes because of a MAC address change?

Same comment for networked servers whose address may change ? Setting the reserved address in a dhcp server may not work with random MAC address assigned.

Enterprise networks and the IT admins can manage it, but what about the less experiences users at home?

It would not be a problem for those more experienced, but for new users it may make things much harder

1 Like

And this is expected to be seamless? What about the wifi only printers and servers for the home users. It might become a headache. I have only wifi networking, as do many who reside in apartments or newer homes.

The transition would be simple if there is cooperation between the dhcp server to identify a particular system by more than just the MAC when a reserved IP is configured. Otherwise a wifi printer with a new random MAC would no longer be assigned the same IP by the dhcp server and would become an admin nightmare.

As long as this is implemented then it seems workable, but I was also concerned that changing IPs would force reconnections to the many portals that are currently in use – particularly banking and medical – where a user should not have to always create a new login and confirmation from their home PC with every time the portal is accessed. A new IP would mean that stored cookies for the browser or app would no longer be valid.

Mobile connections would be managed totally differently as they are now since it would be on different networks anyway.

(Stable-) Randomizing the MAC address will benefit most users. Few will be affected, but some will. Yes, the MAC address will change, and so might IP addresses from DHCP. People who are affected, have multiple, easy ways to opt-out.

It also seems common on other OS and Fedora/Linux is behind on this (random google link: https://datatracker.ietf.org/meeting/118/materials/slides-118-madinas-mac-address-randomization-current-state-of-affairs-00 )

No default is perfect for everybody. If it were, the option would not be configurable in the first place. In this case, we will change the default. It will not only change the behavior for newly created profiles, but for all existing NetworkManager profiles that don’t explicitly set wifi.cloned-mac-address property (most don’t set it).

Whether this choice is best, is a matter of opinion. It’s clear, that no choice will be best for everybody.

2 Likes

The best choice is one that protects new/inexperienced users who may not know about MAC address randomization or, if they do, how to enable it.

1 Like

this is great news, thank you! What does “Wifi only” mean, no bluetooth? does Cell data even use MAC addresses?

it means, on Fedora-40 the default for wifi.cloned-mac-address will change from preserve to stable-ssid.

in particular, it does not change the default ethernet.cloned-mac-address=preserve.

NetworkManager has no comparable setting for bluetooth profiles. I don’t know, whether that would make sense.

1 Like