Tracking Protection In Wi-Fi Networks Coming Soon To Linux

prisoninmate writes: Fedora contributor and NetworkManager developer Lubomir Rintel explains how your devices are being identified on a network by a unique number that most of us know by the name of MAC address. Same goes for mobile networking, as your laptop's or mobile phone's MAC address is, in most cases, broadcasted everywhere you go before you even attempt a connection to a wireless network. And that's a problem for your privacy. The solution? Randomization of the MAC address while scanning for Wi-Fi networks. Apple is already using this method on iOS 8 and later mobile operating systems, and so is Microsoft in Windows 10, so Linux users will ["likely"] get it in the upcoming NetworkManager 1.2 release.

Turn it off.

[marnues]

Please don't. My company is building tools that help businesses understand their customers through WiFi. We're having to waste a lot of time building heuristics that determine whose MAC switched when they blip off and a new one randomly appears. We're barely off the ground with this stuff, now we're probably going to have to build new heuristics for Android devices.

I will say that the good part of this is the product managers now understand we can't track real people, which was never our intent, but was possible given the long-lived nature of MACs. I just wish they'd randomize in the middle of the night when charging.

Re:Turn it off.

[ickleberry]

You'll be able to track real people as soon as some hipster startup paid RESTful API company from The Valley starts providing this service. They will gleam this information from Apps, some ISPs will bury a provision in their T&C that allows them sell this information to the said hipster company. Static MAC addresses are bad news in this big brother-infested world. It was grand in the 80's and 90's when a machine sat on a private LAN and never left it and 'big data' was a twinkle in someone's eye but those days are gone unfortunately

Re:Turn it off.

Hi, I am actually the CEO of the OP's company, let me clarify.

The difference between a CUSTOMER (which we track) and PEOPLE (which we do not), is that the latter has legal and human rights and is worthy of respect.

But the former is just a big ole walkin' talkin' sack with a dollar sign painted on it!

Well I don't know about you, but I'm not interested in tracking a bunch of "people" with rights and dignity! That's boring!

I'm after that big old fat sack of loot with a dollar sign painted on it!

Re:Turn it off.

[cfalcon]

Don't listen to murnues, above.

> My company is building tools that help businesses understand their customers through WiFi.

No, your company is building a tracker program by trying to make use of an oversight in the spec. In fact, shit like that is why this needs to happen, and why the lifespan of announced MACs needs to be short enough to render any information you may gather useless.

Did you pay for all those phones that the businesses customers are using? Like, do you own them? Or do they belong to people who don't know you and barely know the businesses you serve, and wouldn't help you if given the chance, just as you would not help them? They aren't YOUR customers, after all. They are cattle and you are getting pissed that you won't be able to herd them as easily.

This is a good thing, and I'm sad it has taken this long. Hope this gets pushed up to Android fast enough so your company can instead do something besides trying to track people who don't owe you shit and who you don't help in any way.

Re:Turn it off.

[cfalcon]

> > their customers don't want to be fucking tracked?
> Except, that's not really true is it?

Apparently it is, because you posted AC, presumably because you don't want to be tracked.

And yes it is true, and no, the odds that anyone wants to be tracked by accidentally persistent MAC address are slim to none. Just because you put up 20 wifis and try to track me doesn't help me in any way. I'm not a user, I'm walking through an area without telling my phone to not use wifi. This is basic security.

And again, just like you don't want to be tracked, nobody does.

Re:Turn it off.

[maestroX]

You forgot the blue-eyes emoticon, BlueTrace fucker.
It is your intent to track & analyse people.

Re:Turn it off.

Who gives a rat's ass about your company. Unless we own stock or getting kickbacks how is your problem any of our concern other than you are trying to profit by tracking us. GFY

Re:Turn it off.

[AmiMoJo]

Doesn't demand for this feature kind of tell you that customers don't want to be understood through tracking their mobile devices? What do they get out of allowing it to happen?

Have you considered sweetening the deal? Offer them a discount or cash in return for connecting to your wifi hotspot to download a coupon. Or just pivot and become a manufacturer of signs that say "we don't track you" and sell them to ethical businesses (admittedly a small market).

Re:Turn it off.

[Bert64]

The default MAC is tied to the interface, but there's no reason it can't be changed in software...

Re:Turn it off.

[c]

Please don't.

While I have no sympathy for your plight, I have to admit genuine curiosity... what, exactly, did you expect as a reaction from Slashdot commenters to that request? " marnues says he needs this, so Linus, buddy, cancel that merge." ?

Re:Turn it off.

[Cinnamon+Beige]

I think the assumption is that you can offer customers more useful discounts, but honestly I'd prefer the store be explicit and give me some way to provide direct feedback on the 'personalized' discounts. Things like "Oh, I loved seeing this pop up...except I couldn't wedge it into today's budget so it wasn't used" and "Why do you keep trying to sell me bacon did you not notice I only buy kosher/halal/veg* food?" would be useful feedback for the store, and short of somebody finding out what to browse while in the store to give the tracker the hint...

Re:Turn it off.

[fustakrakich]

Doesn't matter. If you don't defend your self, you're barking up a tree without a paddle..

Re:Turn it off.

[orlanz]

I think what you are trying to do is still do able. Just that the old game of getting identifiable information without giving anything is going away. And rightfully so, there have been too many businesses that have abused what is the equivalent of dumpster diving. Asking people not to shred their trash isn't going to go anywhere.

However, why not setup an intranet at each location. Provide people the ability to scan bar codes and get pricing information on the spot on their phone (Macys). Provide a layout of the store and where they can find things (HomeDepot). Provide weekly, in store, or cart based electronic coupons. Provide the weekly ad. In return for this convenience, you get identifiable information on the user. This is a far better trade off to determine what folks are interested in, identify dead zones in your store, or how sales effect foot traffic.

Re:Turn it off.

[Holi]

". My user ID would be meaningless to you and wouldn't really reveal anything about me anyway"
I beg to differ. It would allow me to look at your posting history which would most likely tell me a lot about you.

Re:Turn it off.

[cfalcon]

> Nice bundling of independent unrelated items together to form what appears to be a cohesive argument.

My argument is as follows: You obviously understand the virtue of not being tracked, because you chose to post- TWICE- in a way to deny everyone your post history. This means that your argument is such swill that you don't even believe it for a fucking second, as evidenced by your OWN actions.

> Have you had a look at what google is tracking based on your location history on your Android device?

I can selectively choose which apps can access that in Ios, and I'm pretty sure Android is close to that capability. I can also turn it off trivially in Android or Ios. MOST importantly, if I CHOOSE to leave this on, for any app, at any time, it's because I have a REASON- I perceive convenience and functionality for ME out of allowing the phone or an app to keep that.

What we are discussing in this article is QUITE different: wifi nodes you go past being able to track who is going where. This is a much bigger concern, because my phone shouldn't be ratting me out to whichever corporate interests have a shitty router somewhere. In addition to using it NOW to spy on people, it has a big future proofing issue- the moment someone decides that they can get a lot of benefit from tracking MAC addresses it becomes incentivized, and suddenly the world becomes full of dummy wifi nodes just sitting there shitting up your list, each harvesting bullshit. Hell, I already suspect some places of advertising with network IDs.

> In any case, a "real" physical MAC address doesn't really identify a person.

Irrelevant and not as true as it should be. If MAC addresses weren't randomized, you could guess with a high degree of certainty that the same one represented the same person. Stick a few wifi hotspots around and suddenly you are tracking people over a large enough area. If any of them are actually logged into and used, now you CAN make that correlation.

Randomizing it takes away the advertising incentive, takes away the snooping incentive, takes away the tracking incentive.

> It like saying that IP addresses identify people

If anywhere you walked got a copy of your home PC's current IP address, we'd live in a more privacy-unfriendly world. This isn't much difference. Both are bad ideas for the same reasons.

> just inconvenient for a lot of system services

Again, this isn't full randomization. NO FUCKING SERVICES ARE MESSED UP. Only tracker assholes!

It would be nice if you could optionally set the MAC to be randomized even on networks you connect to, but we probably won't see that because it actually WOULD break a lot of things.

But if someone runs a wifi spot that I don't need to connect to, they don't need my MAC address. And there's no fucking "system service" that's getting dicked up. I don't even know what the fuck you are talking about there anyway. Are Windows users complaining? Iphone users? This will work just as seamlessly for Linux and Android.

Re:Turn it off.

[arglebargle_xiv]

The difference between a CUSTOMER (which we track) and PEOPLE (which we do not), is that the latter has legal and human rights and is worthy of respect.

Did you really just say that your customers have no legal and human rights and are not worthy of respect?

Ever read an EULA?

Re:Turn it off.

[KGIII]

You're right out of your fucking mind. I was setting up tracking systems back when you were playing Nintendo - maybe PS. Probably not PS 2. You have enough unique identifiers to use those nifty cameras. It has about a 3% failure rate in 2008. I assume it has improved since I sold. Why do we track? Well, we want to put the best bargains in front of you. If enough people do not follow the "proper flow" then we redesign the layout.

Re:Turn it off. Why, what do we gain?

What do we gain, what makes it worth our while to let others track us?

whats?

[dansgovindo]

what is happend here?

Re:whats?

Someone set up us the bomb.

Unless you don't use NetworkManager

Because systemd sucks.

Re:Unless you don't use NetworkManager

[caseih]

You are confused. I'm not sure why you were modded up here. NetworkManager is not part of systemd, and doesn't require systemd either. Your linux machines have been using it for years, several years longer than systemd has ever existed. Please get your facts straight before posting.

Sounds like your knee jerked and you mistook NetworkManager for networkd, which is a part of systemd. But networkd is intended only to provide simple network functionality for containers like Docker or virtual machines. networkd is not required, and I've never ever used it on my boxes and I've run systemd for years. I don't even think I have it installed (yes systemd really is modular and you can remove parts of it).

Possibly networkd could become a backend for NetworkManager, but so far I don't think that's the case. And NewtorkManager seems to handle hotplugging of devices with ease (like Wifi dongles or ethernet dongles).

NetworkManager is great for managing things like WiFi, VPNs, and multiple TCP/IP configurations. For example, I keep a special NetworkManager profile for connecting to my Ubuiquiti Wifi devices for the first time. The profile uses a static IP address like 192.168.1.10. For my normal connections, DHCP is used. NetworkManager is very powerful, and there's a nice command-line utility to interface with it as well. It used to be quite embarrassing for many years on Linux that even something as simple as plugging in a ethernet wire would not automatically bring up the interface like Windows and Mac had done for years. NetworkManager was a welcome piece of the puzzle.

Re:Unless you don't use NetworkManager

[allo]

both are poetteringware

Re:This will mess with DHCP reservation

This is automatically done when scanning for WiFi access points, which your phone or laptop or whatever is probably doing constantly. When you connect you use whatever MAC rules you normally have.

This is about not advertising your real MAC address to APs you have no intention of connecting to, so third parties (NSA and friends) cant scatter a bunch of APs around town to track your movements.

Re:This will mess with DHCP reservation

The solution? Randomization of the MAC address while scanning for Wi-Fi networks

Scanning only. It uses the real MAC address when connecting to a network.

Re:Can't lock down with random MAC addresses

[amorsen]

That is not how random MAC scanning works. The scanning is done with a random MAC, but actual traffic uses the real hardware MAC. Your MAC address based authentication is unaffected.

Real random MAC on public networks has not been implemented by any OS yet, AFAIK.

Re:Can't lock down with random MAC addresses

[DarkOx]

I can't imagine it would be either. The consequense for DCHP on IPv4 would be not great to say the least.

I would see address pool exhaustion, the concept reservations breaking entirely, any hardware based options variability failing (IE send the right pixie boot server for the device class) all becoming a total mess.

Re:Can't lock down with random MAC addresses

[DarkOx]

Damn slashdot and its lack of edit, that should be DHCP

Re:Can't lock down with random MAC addresses

[cfalcon]

No, it's not at all useless. It may not be exactly as useful as YOU want, but it's absolutely useful.

Pretend your MAC address is some number, that I'll call Larry. Without this, just walking through an area can result in your machine saying "Larry here, what networks are around?" With this, every time he asks, he'll say "$RANDOM_NAME here, what networks are around?" This is good design, because you shouldn't have to leak information like a MAC just to see what's going on.

Now pretend you want to connect, and you connect as Larry. That's fine for most people, but you want more- you want your address to connect differently each time. This is much more niche, but you CAN do it- there are hardware MAC address changers, after all, and you could automate one in Linux. Not quite sure in Windows how to do it automatically, but I'm sure you could.

I think your idea is good too, btw- but it's nowhere near as important as the one that gives your info away to networks you aren't even trying to connect to.

You can already change your MAC on linux

[Viol8]

Use ifconfig:

ifconfig eth0 hw ether

Its had this option for years. I presume it'll work for the wlan0 device though I've never tried it.

Re:You can already change your MAC on linux

The MAC randomization used here is only while scanning, not while connecting, in order to not break MAC whitelisting where it may be used.

"What seems like a viable option is randomizing the MAC address while scanning, chainging it every now and then, but still use the hard-wired MAC address for association and actual connectivity. Apple pioneered this approach with its mobile operating system, iOS version 8. Since the worst thing that can happen in an unlikely event of MAC address clash is that your AP list is incomplete for a while it seems like a fairly safe choice."

Re:You can already change your MAC on linux

[Aleph-G]

Its better to use ip: ip link set wlan0 address 66:66:66:66:66:66 (ifconfig is deprecated)

Re:Can't lock down with random MAC addresses

[amorsen]

Most of those problems would be non-issues on public Wifi, as long as the MAC address doesn't change more often than say once an hour.

If you are TFTP-booting on Starbucks Wifi you deserve what you get.

Re:Can't lock down with random MAC addresses

[Bert64]

You can already do it on Linux
ifconfig wlan0 hw ether 00:11:22:33:44:55

Did everyone forget about fingerprinting?

[xtronics]

Just won't work.

Mostly due to java creep in browsers - https://panopticlick.eff.org/

If you want to get unwarranted attention - randomly flip your MACs - makes you look like a spook.

What we really need is a browser that looks very common via finger-print - the page is not shown - only an OCR document created from the page with links that have tracking information removed. Once the OCR doc is created the instance of the browser is removed.

I really miss web sites that don't use java..

Re:Did everyone forget about fingerprinting?

[Etcetera]

This way every phone and laptop with Wifi enabled is an active radio beacon that permanently broadcasts a unique identifier. On many devices this is even the case when Wifi is turned off, but the service for Wifi assisted positioning is enabled. The craziest thing is that none of the active scanning is technically necessary, because the clients could just passively listen for the beacon frames that the access points broadcast (by default 10 times per second).

THIS. I wish I had mod points, because this deserves two. I'd love for more devices to do this passively. Be active when I hit the "Scan for Wifi Networks" button (maybe), but otherwise just listen to what's going on. For OS's that seem to think that not responding to an ICMP ping is a valuable end-user feature, you'd think more of them would offer this already.

Re:Did everyone forget about fingerprinting?

[jonesy16]

Problem is, with mobile carriers abusing us on data limits, most people are thankful that their phones will find an open network and use it to update their Facebook feeds in the background. So it's not just about maintaining a list of AP's, but also checking if you have permission to get on them.

Re:Can't lock down with random MAC addresses

[laurencetux]

my problem with this is
1 what happens when multiple orgs want to be LAST in the chain
2 an SSID only has 32 characters to begin with so if you need to use a few tags you land up with
mine_eatfresh_fred_optout_nomap as your ssid

Please make this disableable

[AntronArgaiv]

I support the idea, but please make it optional for those of us who have reasons not to want to do it. One example of why you might not want to do this: if you restrict MAC addresses on your home wifi, this will break it.

Passive scanning

[enriquevagu]

If you want to keep your privacy, you'd better employ passive scanning. Avoids any MAC transmission at all and saves some power while disconnected.

Link in Wi-fi.org

Re:Passive scanning

[AmiMoJo]

Smarter Wifi Manager for Android uses your location to keep the wifi turned off until you get to a place where you were previously connected to a known network. It saves a lot of battery power, and protects your privacy.

wpa_supplicant already does this

[arw]

Screw NetworkManager, its broken anyways and wpa_supplicant can already do everything one might want there:

Add 'mac_addr=1' and 'preassoc_mac_addr=1' to your /etc/wpa_supplicant.conf. Then your MAC-address will be randomized during the Scanning/Preassociation phase and afterwards.

For networks that need a static MAC address for filtering, add 'mac_addr=0' in the appropriate 'network' section. You also want to make sure you are using 'dhcpcd' instead of 'dhclient' (alias isc-dhcp-client). The latter can't deal with changing MAC addresses, it seems.

IPv6 SLAAC without EUI-64

[buchanmilne]

The summary was maybe bit misleading
  This is not actually abput changing your MAC address, but using a different algorithm for IPv6 StateLess Address Auto Configuration than the EUI-64 method (which is "ef80${MAC}").

This doesn't impact IPv4 DHCP or AP MAC address filters at all, and if your routers are configured to send the right eouter advertisements in response to IPv6 router solicitation, will have no impact on DHCPv6.

Re: IPv6 SLAAC without EUI-64

[buchanmilne]

Sorry, eui-64 format for host identifier is roughly "${MAC:0:7}:ff:fe:${MAC:8:15}".

Re:IPv6 SLAAC without EUI-64

[UberLord]

dhcpcd (which also works on BSD) has had support for this (RFC7217) for almost a year now, but it's now news when NetworkManager (Linux only) get's it?

Re:IPv6 SLAAC without EUI-64

[UberLord]

EDIT: over a year and a half .... can't read dates in my own source repo ...

Re: IPv6 SLAAC without EUI-64

[UberLord]

It doesn't, it relies on a 3rd party like wpa_supplicant or the kernel for that.

My initial reply to the parent was NOT about wlan discovery.

Re:IPv6 SLAAC without EUI-64

[Peter+H.S.]

dhcpcd (which also works on BSD) has had support for this (RFC7217) for almost a year now, but it's now news when NetworkManager (Linux only) get's it?

RFC7217 has been in NM for some time. The news regarding this is that it now is upstream default for IPv6 connections when using NM 1.2.

The other feature, that is the real news, is a kind of MAC randomization feature that uses the real HW MAC for connection, but "fake" MAC's for scanning for AP's. This is also default now.

NM can also randomize and spoof MAC's like the decade old GNU MAC Changer, but it isn't default since that may give problems with connecting to certain devices and services.

Re:Can't lock down with random MAC addresses

[serviscope_minor]

Just Don't use de:ad:be:ef:00 because that's my random address.

Er wait...

Re:Can't lock down with random MAC addresses

[amorsen]

Yes, you can implement it yourself quite easily on Linux for a 90% solution. Once you want notifications to the DHCP client, periodic changes of MAC address, selection of which networks to keep the factory MAC address on, and so forth, it is not so simple.

Go to war!

[emil]

I don't like being tracked, so I randomize my MAC with Pry-Fi. If you would be so kind to tell us who you work for, we can all enable the "Go to war!" mode to flood you with bogus MACs. Game?

Re:Turn it off. Why, what do we gain?

[KGIII]

As someone who has modeled pedestrian traffic, specifically for retail outlets - including stores. Well, you get things optimized and more easily found. Of course, you're rooted through the store like cattle. Ever notice how almost everyone goes in the same direction and the people who don't go the "right" way get ugly looks. There's a reason for that but, alas, I'm too ill to explain it and, frankly, I don't like you that much.

Hmm... They said this Prednizone (sp) would make me grumpy. They're right. So, seeing as I have a perfectly fine excuse - fuck you. (Don't take it personal.)

Re:This will mess with DHCP reservation

[sunderland56]

Scanning only. It uses the real MAC address when connecting to a network.

No need for that on a public network, is there?

If this is a known network, connect using a 'real' MAC address. (Which doesn't need to be the hardware one, it just needs to be constant, so static IP assignment works). If this is an unknown network, just use a random MAC address - or else they'll track you.

When adding a network to your known list, it could give you the option to use the 'real' address, or continue to use a fake one.

Re:This will mess with DHCP reservation

[cthulhu11]

It's all moot, really. This would require a Linux laptop to have a working wifi driver.