GNOME Bugzilla – Bug 705545
add support for changing MAC addresses randomly using macchanger
Last modified: 2016-06-30 06:45:31 UTC
Please add support for changing MAC addresses randomly using macchanger: http://packages.debian.org/sid/macchanger There should probably be global options and per-network options to turn this on. Usage examples here: http://www.ubuntugeek.com/macchanger-utility-for-manipulating-the-mac-address-of-network-interfaces-included-gui-utility.html
Could this be implemented by a NetworkManager plugin? If so, do you have any direction on how to do so?
There is already a configuration option to set the MAC address to a specific value. What other use-cases do you want to support? Only randomized mac-addresses? Then it seems simpler just to implement that directly in NetworkManager, without relying on macchanger. Did you try creating a dispatcher script to invoke macchanger from there? See `man NetworkManager`. Is there a problem with that?
> Only randomized mac-addresses? Then it seems simpler just to implement that directly in NetworkManager, without relying on macchanger. Yes. > Did you try creating a dispatcher script to invoke macchanger from there? Quote https://tails.boum.org/contribute/design/MAC_address/ "NetworkManager hook: NM doesn't trigger events equivalent to if-pre-up, so this isn't possible. See the commented parts in: /etc/NetworkManager/dispatcher.d/01ifupdown. Note that NetworkManager 0.9.10 introduces pre-up hooks, but they're used to "allow scripts to execute before NetworkManager announces connectivity to applications" (according to a blog post http://blogs.gnome.org/dcbw/2014/06/20/well-build-a-dream-house-of-net/ by Dan William), that is, after network activity (e.g. DHCP requests) has already occurred."
(In reply to Patrick Schleizer from comment #3) > > Only randomized mac-addresses? Then it seems simpler just to implement that directly in NetworkManager, without relying on macchanger. > > Yes. Then we probably should add a ethernet.mac-address-randomization property with values [never|always|default], as done for wifi.
branch on review: th/device-inital-mac-addr-bgo708820
does anybody here care about macchanger's --bia option? Or any other options beside --random, like --ending and --another?
I expect most people will want --bia enabled, otherwise it will be obvious that their MAC is fake. Reading through the Tails doc there is a lot more to enabling MAC address privacy than just using a fully-random MAC, you need to also not arouse suspicion, which a fully-random MAC does. I think that MAC address privacy is a complicated feature that completely depends on the user and the scenario in which they are using the network. Some users only want a new random MAC to connect to 30-minutes free WiFi for a bit longer. Some users want the same but to not arouse suspicion by using vendors that don't exist. Some might even want to avoid MACs for mobile phones when using their laptop. Some might want to use specific vendors only sold in specific regions.
TLDR: The Tails features are rather controversial. I think simple mac randomization would already be a huge step forward and a big step into the right direction. Please do not let the perfect be the enemy of the good. Please go forward with this ticket. Long: The "extra" that Tails does with mac randomization has not been agreed by other security focused projects, see the following discussion: [Secure Desktops] MAC changer "blend into the crowd" by only using common manufacturer MAC (OUI part) addresses broken by design? https://secure-os.org/pipermail/desktops/2015-November/000047.html Here is a list of links to discussions on other aspects of what Tails does wrt mac changing: https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-159990137 There has also been quite some discussion on this topic at the Qubes project: https://github.com/QubesOS/qubes-issues/issues/938
(In reply to Patrick Schleizer from comment #8) > TLDR: > The Tails features are rather controversial. I think simple mac > randomization would already be a huge step forward and a big step into the > right direction. Please do not let the perfect be the enemy of the good. > Please go forward with this ticket. I agree with this, that the actual benefit of this is controversial. But since many seem to have strong feelings about that (whether justified or not), I just implemented it to make it fully configurable. https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=th%2Fdevice-inital-mac-addr-bgo708820 >> all: make MAC address randomization algorithm configurable
Awesome!
branch now merged as https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=9a354cdc906a8d04d6541f1275e80540b7c3d567 This does not add support for macchanger (because I don't think we want to call to another process to set the MAC address), but it allows to configure most of the options that macchanger supports. See https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=96cabbcbb8f484f74fe69305b425b5109608e9d7