Let’s say, I sit down in a mall, open my laptop and connect to a secured mobile hotspot. Then I do it again next week after a reboot. What information would a nearby shop or a passive malicious hacker be able to find about my device? Does my device send out identifying information before joining, like a MAC address? Is this persistent, or randomized?
I intentionally haven’t specified a distro, so if something only applies to some network managers, give some details.
Bonus points: what about Android phones?
Most compromised routers scrape the hostname (both regular and mDNS) and MAC address. What you do is disable mDNS related daemons like kdeconnect and avahi (until you want them) and put this in
/etc/NetworkManager/NetworkManager.conf:[main] hostname-mode=none [device] wifi.scan-rand-mac-address=yes [connection] ethernet.cloned-mac-address=random wifi.cloned-mac-address=random connection.mdns=0 connection.llmnr=0(yes, the mdns bit above is a bit redundant, but systemd has something related that might read it and better be safe than sorry)
This won’t protect you if the router is a bit smarter and can see your NTP server (usually like “x.archlinux.pool.ntp.org” instead of just “x.pool.ntp.org”), your connectivity check (same as NTP) and other servers your machine connects to (like Tor nodes if you have the daemon running and oftc.net if you have an IRC client). The good news is that none are known to check that (at least to me).
If you and the attacker share the same network the attacker can get all sorts if info.
Tools like nmap show things like ip, mac, ports and os detection.
You can use macchanger to randomize your mac. I think there is a setting in networkmanager to do this. Been a while since I looked in the settings.
To add to this, I’d be more worried about traffic collection. DNS requests (if your browser isn’t using dnssec then you may not be aware), IPs visited, and other stuff.
I might be wrong on this or might be missing your point, but I thought dnssec was for validating integrity of the request, not to encrypt it like DoT or DoH.
Sorry my bad, you are correct and I meant DoT or DoH.
not only the browser, other programs and system services too
I have no idea about Linux but on GrapheneOS the MAC address is randomized with each connection.The phone appears to be a different device each time.
This is actually an Android feature. iOS, too. It’ll give a random MAC or device MAC depending on what you want.
My MDM at work for Android-based handhelds I’ve configured to device MAC so I can geofence devices and keep track of them. If an employee connects to the employee network (which has to be configured by IT) we set it up with with device only MAC so we can add that device to the allowed list. Apple warns “it enables tracking” but if they ask I tell them in public it might be configured that way but we don’t care nor monitor that closely. If someone shares out the WiFi password by digging through settings, it wouldn’t matter as it’s not allowed.
Anyway, just thought I’d share both mainstream OSes do this now for a few years now.
Is this why my GOS phone does not connect back to my home wifi every time i leave and come back?
Mine connects if I don’t turn off WiFi in the phone settings. Not sure why yours isn’t.
probably bc im stupid and didnt realize I have set it to turn wifi off automatically if it stays disconnected from any router for 10min
Forgetting something doesn’t make you stupid.
very kind of you, thank you :)
if you are using fedora they randomize your mac address
