
Randomize your WiFi MAC address on Ubuntu - paulfurley
https://www.paulfurley.com/randomize-your-wifi-mac-address-on-ubuntu-1604-xenial/
======
kawsper
NSA MAC address prefix is 00:20:91, you can combine this knowledge with the
one from the article to scare your sysadmins.

~~~
emmelaich
There's probably a lot more fun ones. Complete list at [http://standards-
oui.ieee.org/oui.txt](http://standards-oui.ieee.org/oui.txt). 3.6Mb.

    
    
        $ grep 00-20-91 oui.txt 
        00-20-91   (hex)		J125, NATIONAL SECURITY AGENCY
        $ egrep -ic 'army|force|navy|secur|secret|private' oui.txt 
        461

------
conradk
I've found GNU macchanger to be the easiest way to do that kind of stuff. It's
as simple as:

macchanger -r <interface>

Interesting article about macchanger on the Arch Wiki:
[https://wiki.archlinux.org/index.php/MAC_address_spoofing](https://wiki.archlinux.org/index.php/MAC_address_spoofing)

~~~
paulfurley
I also used macchanger in the past but it seems that recent versions of
NetworkManager overwrite the changes that macchanger makes.

~~~
jandrese
Another case where NetworkManager pissed me off. A couple of years ago they
broke all third party MAC changers in favor of their built-in solution, but
the built-in solution required the bleeding edge head version of
wpa_supplicant that no vendor shipped leaving the entire system nonfunctional.
IIRC it still doesn't work on Ubuntu 16.

------
krrrh
It’s worth noting that iOS has randomized MAC addresses in WiFi probes since
iOS 8.[1] As far as I know your real MAC address is exposed upon connection.
I’m curious to what extent other vendors have implemented this strategy.

[1] [https://arstechnica.com/gadgets/2014/06/ios8-to-stymie-
track...](https://arstechnica.com/gadgets/2014/06/ios8-to-stymie-trackers-and-
marketers-with-mac-address-randomization/)

~~~
developer2
Unfortunately the iOS support is a sham. I tested myself, and the rumors that
iOS does _not_ randomize MACs turns out to be true. Not only does it not
simply change over time, it doesn't even change when you restart the device. I
walked around for a week, and my MAC never changed.

Apparently, if it ever works at all, you have to run settings that nobody uses
- including, iirc, not being connected to a cell tower. I used to spread the
same FUD of "iOS does this!", but the truth is it's a lie.

~~~
zaarn
It only uses the random MAC for Wifi probes, no router I know of records these
but they can be sniffed. Any real connection uses proper MAC.

If you want random MACs everytime I recommend Linux + a fairly recent
NetworkManager.

~~~
jandrese
Unfortunately randomizing MACs for active connections has some usability
concerns, especially with paid WiFi APs (Airports, Hotels, etc...).

The best solution would be to make up a random but persistent MAC per
connection, but that seems to be too difficult for some reason.

------
diggan
I've used
[https://github.com/feross/SpoofMAC](https://github.com/feross/SpoofMAC) in
the past, which is a simple python tool for doing just this, cross-platform.
Used it a lot in airports and can warmly recommend using it if you're usually
dealing with multiple different OSes and don't want to remember how to do it
for each.

~~~
gingerlime
Looks cool. I wish there was something like this for iPhone/iPad - which is
much more likely to be with me everywhere and leak my MAC...

side note/question: do I need to actively connect to a WIFI network for them
to know my MAC or does it leak even when my phone scans for neighbouring
SSIDs? EDIT: looks like MAC would leak even if I don't connect to any access
point, but my Wifi is on... At least according to [0]

EDIT 2: looks like iPhone and Android use MAC randomization when scanning
WIFI. (not sure after they connect though). But even this randomization can be
defeated[1]?

[0] [https://www.crc.id.au/tracking-people-via-wifi-even-when-
not...](https://www.crc.id.au/tracking-people-via-wifi-even-when-not-
connected/) [1]
[https://www.theregister.co.uk/2017/03/10/mac_address_randomi...](https://www.theregister.co.uk/2017/03/10/mac_address_randomization/)

~~~
sml156
I am pretty sure that when iPhone connects to an access point it uses the real
mac, I don't know about android but it is probably the same.

Some access points need your real mac to connect because they use that to
authorize you, I think schools/universities use this method a lot.

~~~
3pt14159
I do not understand though. Whitelisting MAC addresses is something you _can_
do, but 99.99% of the wifi spots out there don't have it enabled. Why should
my phone leak my MAC address needlessly instead of just generating a new one
every 5 minutes or so?

~~~
kpozin
If you connect to any hotspot with a captive portal, you would need to deal
with the portal again every 5 minutes.

~~~
code_duck
The MAC could remain unchanged for established connections while changing for
new connection offers.

~~~
tedunangst
What does that accomplish?

~~~
code_duck
It accomplishes what changing it in the first place is intended to accomplish
- anonymity. Changing for established connections offers no benefits.

------
racer-v
Note that your MAC address is only one part of the identifying information
your computer gives to the DHCP server. For another approach check out
DHCPcAnon:

[https://github.com/juga0/dhcpcanon](https://github.com/juga0/dhcpcanon)

You can contribute to the development of this project by helping to integrate
it with your favorite WiFi manager.

~~~
scott_karana
I wish their readme would show some examples of leaked information from
reference dhcp clients, so we could tangibly see why that's an improvement.

------
microcolonel
MAC address randomization is in fact built in to NetworkManager (edit: 1.4),
so none of this work is really necessary (edit: if you are on 1.4 or later).

NetworkManager also includes more advanced modes which make the MAC address
stable for a given hotspot, but random between them.

[https://blogs.gnome.org/thaller/2016/08/26/mac-address-
spoof...](https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-
networkmanager-1-4-0/)

~~~
paulfurley
Unless you're using Ubuntu 16.04 LTS, in which case you're stuck with
NetworkManager 1.2.

From the post: "I learned that NetworkManager 1.4.1+ can do MAC address
randomization right out the box. If you’re using Ubuntu 17.04 upwards, you can
get most of the way with this config file."

------
throwmenow_0140
Here is the code I use for my mac to randomize my mac address:

    
    
        interface="en0"
        new_mac=$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/:$//; s/./0/2') # from stackoverflow
        sudo ifconfig $interface ether $new_mac
    

Edit: What's the advantage of the solution in the post? If I just change my
mac address every time I join a network (even the same one), they can't track
me with my randomized mac addresses. So why would I prefer to keep a stable
but randomized mac address for each network I connect to for a day?

~~~
jlgaddis
Some bits of the MAC address are significant. You're generating all 48 bits
randomly which could have some side effects.

~~~
throwmenow_0140
Would love to know which side effects there are. I've never encountered any
problems in all those years I use those randomly generated mac addresses.

------
dbolgheroni
In OpenBSD, it's just:

    
    
      # ifconfig iwn0 lladdr random
    

Of course, _iwn0_ is your interface.

~~~
paulfurley
There's probably a one-liner in Linux too, but not one which satisfies the
three caveats in the post.

~~~
microcolonel
The necessary infrastructure exists in wpa_supplicant, but only in a newer
version than is distributed with Ubuntu 16.04. OpenBSD is more integrated, so
advanced functionality like this tends to be easily accessed through ifconfig.

------
microcolonel
On systemd-networkd, you can add

    
    
        [Link]
        MACAddressPolicy=random
    

and (for RFC 7844[13] DHCP Anonymity Profiles)

    
    
        [DHCP]
        Anonymize=true
    

to your network unit or link.

------
bgaluszka
Here [https://blogs.gnome.org/thaller/2016/08/26/mac-address-
spoof...](https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoofing-in-
networkmanager-1-4-0/) is how you can do it with newer NetworkManager.

~~~
paulfurley
If anyone here's involved developing NetworkManager, it would be brilliant to
see a 'stable-for-n-days' type setting. This would prevent a WiFi network
tracking you over time, as well as between networks.

------
JepZ
Btw. if you want to use a random mac address just for one specific network you
can simply add the following to the [wifi] section of the config file for that
network (/etc/NetworkManager/system-connections/):

    
    
      cloned-mac-address=random
    

That way every time you connect to that network you will have a new, valid mac
address.

~~~
paulfurley
I look forward to it when Ubuntu LTS includes a more recent NetworkManager :)

“I learned that NetworkManager 1.4.1+ can do MAC address randomization right
out the box. If you’re using Ubuntu 17.04 upwards, you can get most of the way
with this config file.”

------
larrykwg
This seems like a good idea until you realize that you are the only one using
a random mac address. (There is a vendor prefix at the beginning of every mac)
Better would be to take a bit more care in choosing a more realistic address.

~~~
throwmenow_0140
I think it's not a good idea to change your mac address as your only
precaution against tracking. The DNS requests you'll make will reveal which
sites you frequent.

I would advise to use a VPN connection. In this case it doesn't matter that
you've randomized your mac address in a way which can be clearly identified as
random. And even then you can see the VPN server IP in the logs so you should
also make precautions and buy your VPN connection anonymously (and even then -
you'll never know if you're really anonymous).

Changing your mac address seems to be sufficient (in addition to the VPN
usage) to prevent easy tracking through something unique like your real mac
address. But I agree that this is just 1-3 lines of code for realistic mac
address generation so it should be unproblematic to add.

Edit: If you have fears of being uncovered by random-looking mac addresses
without vendor prefixes, changing your mac address will probably not help you.
Your threat model is different - maybe APT-level - and you have to do way more
than changing your mac address.

~~~
tinus_hn
Your adversary probably isn’t the NSA, it’s commercial tracking services.
Their business is tracking the general public, they don’t care about one weird
person.

Unless avoiding this becomes common practice and then the whole story changes.

~~~
throwmenow_0140
Yes, this is also my reasoning.

> Unless avoiding this becomes common practice and then the whole story
> changes

If that means that everyone starts to use random mac addresses, you still
can't identify specific persons based on their randomized mac addresses when
they change them every time they reconnect.

~~~
tinus_hn
No but it would make more sense to start tracking then based on their other
behavior.

------
buildbuildbuild
Be aware that this technique could be illegal or appear suspicious in some
jurisdictions. MAC address randomization was mentioned in Aaron Swartz's
indictment for wire fraud.

See page 7:
[https://www.wired.com/images_blogs/threatlevel/2012/09/swart...](https://www.wired.com/images_blogs/threatlevel/2012/09/swartzsuperseding.pdf)

~~~
lowglow
Can you show me where changing your MAC address is illegal?

~~~
CJefferson
The law cares about intent.

Changing your Mac address, or wearing a fake beard, are both fine.

Changing your Mac address to trick a Wi-Fi hotspot which gives out one hour
free per device per day, or using a fake beard to trick a shop keeper into
letting you get "one free bagel per person" twice, is a crime.

~~~
lowglow
This is what I was getting at.

------
partycoder
Your router MAC address is tracked by Google Location services. They do this
with their wardriving vehicles and from Android phones.

~~~
chatmasta
Yes and even if you changed your Mac every day, your neighbors probably
wouldn’t. So google can still see the three routers around you, look up the
gps those routers have been seen concurrently with, and know where you are.

~~~
paulfurley
Not sure if I'm missing the point here... if I were using Google Location
services, wouldn't that mean I was giving Google my location directly? Why
would they need to use my MAC address?

~~~
chatmasta
Theoretically you don't need to be using Google location services. You just
need a phone with a google app that has permissions to discover nearby wifi
hotspots.

------
PascLeRasc
Will these new randomized MACs also be lookupable [1] to find the model? If
I'm the feds running honeypot wifi and I see a different Dell Chromebook doing
things interesting to me every day, this isn't a good cover.

[1] [https://www.macvendorlookup.com/](https://www.macvendorlookup.com/)

~~~
paulfurley
No, because they use the 'locally administered' prefix [1]. This is deliberate
in order not to collide with real existing MAC addresses. (The original
version of the post used real, Intel MAC prefixes [2] and you can look in the
gist revision for that code if you prefer.)

BTW if it's really the feds you're worried about, this article probably isn't
for you.

[1]
[https://en.wikipedia.org/wiki/MAC_address#Universal_vs._loca...](https://en.wikipedia.org/wiki/MAC_address#Universal_vs._local)

[2]
[https://github.com/paulfurley/www.paulfurley.com/commit/bebc...](https://github.com/paulfurley/www.paulfurley.com/commit/bebcacfafc1a21a9dc367889b7c2beddb3285485)

------
just1nn
Where would MAC address capture occur on the network? MACs are local to L2
traffic, so once a frame turns into a packet and is routed, the sMAC of your
PC is no longer present in the data. If you're on your home network, this has
no impact what so ever.

~~~
rlpb
Actually, this is no longer true. An autoconfigured IPv6 address can leak your
MAC address, depending on your settings, as one mechanism for
autoconfiguration embeds your MAC address right into your IPv6 address.

~~~
just1nn
I have Fibre to the Home at 1Gb/sec, but so far, they do not support IPv6.
That's something interesting for me to look into though, so thank you. I was
providing ADS-B flight data to a website, and then I realized that they were
posting my MAC, my NAT'd IP, and my GPS location to the world. That L7 will
get ya every time.

------
mobilemidget
Are there any lawyers here that can speak about the legal side of this? I
could imagine a wifi provider that offers 30 minutes free wifi e.g. airports,
has this covered in their terms and conditions or a country that could
consider this as fraudulent?

~~~
izacus
iPhones and Android phones do this for awhile already. If you read the article
you'll notice that the MAC stays the same for a SSID for a working day. This
makes sure it doesn't break networking and as a side effect captcha portal
limits still work.

~~~
propogandist
FYI re:

iPhone - "Researchers Break MAC Address Randomization and Track 100% of Test
Devices"

[https://www.bleepingcomputer.com/news/security/researchers-b...](https://www.bleepingcomputer.com/news/security/researchers-
break-mac-address-randomization-and-track-100-percent-of-test-devices/)

Android - "Only an estimated 6% of Android phones randomize MACs, and they do
it poorly."

[https://arstechnica.com/information-
technology/2017/03/shiel...](https://arstechnica.com/information-
technology/2017/03/shielding-mac-addresses-from-stalkers-is-hard-android-is-
failing-miserably/)

------
pedrocr
This seems like it should be a default indeed. It does make it harder to
assign fixed addresses to your devices in your home network. At least openwrt
only seems to have static DHCP leases based on MAC and not on the advertised
DHCP name. For most devices this doesn't matter as it does add a DNS entry
with whatever IP it assigned. But when you then want to add a firewall rule to
port forward something to a device a fixed IP is much nicer.

~~~
evilDagmar
What makes it easier is having fixed goals in mind, because I am seeing a lot
of people in this thread arguing because they're all solving _different
problems_ which is obviously going to mean _different solutions_.

If your only concern is passive tracking, then a randomized MAC being used for
SSID probes (because whitelist-only hidden SSIDs are rare enough that those
people can manually connect) will be sufficient.

If you're looking to keep an open Wifi provider from tracking you over the
course of days, then using a different MAC for each connect is going to be
sufficient.

If you're looking to avoid tracking by people doing traffic analysis to
correlate by behaviour __no amount of MAC trickery will help you __.

If one is looking to avoid having to pay for overstaying their visit at a
coffee house or similar capture portal, maybe what needs to be changed is
one's _sense of ethics_ , and changing a MAC won't help with that.

So, you can say "it should be a default" all you like, but everyone's going to
have a different idea of what the default is for and they're going to throw a
fit about it not being "the right default". Better to be conservative like
Android and avoid inciting the newbs.

~~~
pedrocr
Your different problems with different solutions have at least a part that
everyone agrees on like iOS doing it for probes. We can definitely argue what
the right default is but will probably agree that no randomization at all is
not a good one and move to at least some. Ubuntu currently does none.

------
throwaway613834
Confused, I thought many chips (like some/many Intel ones) don't let you spoof
the MAC address?

~~~
Avery3R
There's a prefix or suffix for Mac addresses that means self administered. A
lot of them will let you change it if you use that

------
andrewshadura
Unfortunately, this isn't compatible with a bunch of popular wireless cards,
mostly from Realtek.

~~~
paulfurley
Damn, I didn't know about these. Do you know what it is that makes them
incompatible? And is there a list of cards you can avoid?

~~~
andrewshadura
Here:
[https://bugzilla.gnome.org/show_bug.cgi?id=777523](https://bugzilla.gnome.org/show_bug.cgi?id=777523)

------
jimmaswell
I recently noticed that Windows 10 has that feature too, which came as a
surprise to me

------
emmelaich
What about bluetooth? And does NFC have an hardware address?

------
SubiculumCode
Is there a good (trustworthy) one for android?

------
L_user6871
How do you do that? </p>

