hey @bcotton can wifi mac address randomization can be added in fedora next
having macid randomization somewhat gives a basic level of security
usecase
it is all about privacy enhancement while connecting to public wifi it is helpfull for having an option for mac id randomization for wifi in various areas like coffee shop Starbucks to McDonalds airport plains trains even railway station to school and college wifi usage mac id for user tracking and other stuff if we can have a feature by default like android and grapheneos that will change macid on each session of usage. it will greatly increase the privacy and security.
First… I assume you are pinging Ben because you see his name on new feature proposals and announcements. It does not really work that way — in his role as Fedora Program Manager, Ben oversees the Changes Processes and acts as the “change wrangler”. But that means that he shepards the process, not that he decides or gate-keeps what features go on.
Second, even if he did… how would this work? Would you expect Ben to write that code? Or hire someone to do it? That’s not how open source projects work. If you have an idea like this, it’s better to start from the ground-up — find someone close to the code, and look for existing interest from people who could implement.
But finally… NetworkManager, the tool we have used in Fedora for a long, long time already supports this, and you can find the option in the settings app in GNOME:
yes but it is not turned on by default like android i was asking for to have this feature turned on all the time.
in this case i dont think it need a lot of coding as it is present we need to just have this feature turned on always.
i find fedora 38 is actually working on some security from better secure boot to sha1 so using random mac by default is good start.
Why do we always have to mess with running systems? Users are used to “preserve” and some may use MAC addresses for IP assignment and authentication.
The change is literally one click away. Please don’t break the experience by changing defaults that are not required (though remain available to whoever wants it).
i am not asking to override on existing systems but for systems that does not change mac they can have the benefit of mac-random and on new connections it can be enforced.
But if this was enabled by default, one could still set a fixed MAC on a specific network and disable the randomization.
Actually, as this is not often the case having this as an opt-in would be way better.
I also assume affected companies etc could just preset this setting on clients PCs.
[device-mac-randomization]
# "yes" is already the default for scanning
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
# Generate a random MAC for each Network and associate the two permanently.
ethernet.cloned-mac-address=stable
wifi.cloned-mac-address=stable
This would at least create a new mac for every network and always use that MAC. This is still not private in any way, but doesnt spam DHCP and allows to permanently identify clients with that MAC in any network.
Unless a good specific way to opt-out of randomization is implemented, this is the sane method. I would highly prefer complete randomization too, but this means your home/work/whatever DHCP will get flooded with MAC addresses and things like Repeaters may break. I had this issue before with GrapheneOS
