Sam Varshavchik wrote:
> The ostensible reason for this is that you cannot be tracked by your fixed
> MAC across different APs.
But different APs will typically be operated by different people, who have
no access to each other's MAC address logs anyway. So what is the point of
sending them a different made-up MAC?
> Yes, your visits to the same AP can still be tracked by that AP, but
> that's as far as it goes. And the reason for using the same MAC with the
> same AP is to still make it possible to do MAC address filtering.
Sure, I understand that. But it is inherently impossible to allow MAC
address filtering while blocking MAC address tracking. They are basically
two use cases of the same thing.
For the randomization implementation, there are actually 2 possibilities to
get a stable MAC per AP: hash the text SSID, or hash the BSSID. Which does
NetworkManager use? The text SSID will be the same for all APs belonging to
the same large network, so hashing with that will not prevent such large
networks from tracking you, down to knowing pretty accurately where you are
geographically (because they know which of their APs you connected to).
Hashing the BSSID instead prevents that (unless the operator manages to
spoof the same BSSID everywhere, which I guess you cannot really prevent on
the client side either, though it will fail them if the AP's ranges
overlap), but it also means that network-wide MAC address filtering will no
longer work.
Blocking tracking also blocks filtering, and the other way round.
Kevin Kofler
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
