Dev/MAC

From Whonix
< Dev
Jump to navigation Jump to search

Development notes for adding MAC address anonymization to Whonix.

Introduction[edit]

Attempting to design a user interface for a MAC changer that fulfills all requirements mentioned in this issuearchive.org.

To better understand the problem and ensure clarity in discussions, it may be helpful to create an overview. Therefore, a table summarizing various use cases has been created below.

There are numerous different threat models and goals. This complexity might make it too difficult for the average user. Supporting all use cases would result in a massive user interface, just for deciding which MAC to use.

Use Case Overview[edit]

A public computer could be, for example, a library computer.

Public network_C could be a free WiFi hotspot in a mall.

Public network_A, public network_B, public network_D, and public network_E could be different coffee shops with free WiFi.

Number Place Past Usage Threat Model New Recommendation
1 Home computer Real MAC None Macchiato MAC random
2 Public computer Real MAC Changing MAC draws admin attention and/or breaks network access Real MAC
3 Public network_A Real MAC Admin monitors for consistent MAC addresses Real MAC
4 Public network_B Macchanger random MAC_B Admin checks for consistent MAC addresses but does not monitor Tor usage or vendor IDs Macchanger random MAC_B
5 Public network_C Never used High user volume; admin logs MAC addresses and detects uncommon vendor IDs Random Macchiato MAC
6 Public network_D Never used Admin logs MAC addresses, detects uncommon vendor IDs, and looks for consistency Macchiato MAC_D
7 Public network_E Never used Admin logs MAC addresses, detects uncommon vendor IDs, and looks for consistency Macchiato MAC_E

Legend:

  • Consistent MAC: Always the same once chosen, instead of generating a new one each time.
  • Macchiatoarchive.org
  • Macchiato MAC random: Uses a popular vendor ID, but the latter part changes randomly each time.
  • Macchiato MAC_D (or E): Uses a popular vendor ID; the latter part is randomly generated upon first use but remains consistent when selecting Macchiato MAC_D or MAC_E in the future.

Or in Words...[edit]

  1. "I am using my home computer. Give me a Macchiato MAC random. I don't really need it, but it makes me feel better. Just in case."
  2. "I am using a public computer. Don't change the MAC. Otherwise, this might attract unwanted admin attention or make the network inaccessible."
  3. "I am using public network_A. I have always used my real MAC in the past. The admin knows all users and gets suspicious if someone changes their MAC. Stick to my real MAC."
  4. "I am in public network_B again. I previously used Macchanger to get a random MAC_B. The admin checks for consistency but does not recognize that the vendor ID is non-existent. Stick to my old random MAC_B."
  5. "I am using public network_C for the first time. Many users connect here, and I believe the admin logs all MAC addresses. I also suspect the admin is aware of uncommon vendor IDs and GNU Macchanger. Since this is a popular network, the admin won’t remember me specifically. Assign me a random MAC from a popular vendor ID (Macchiato)."
  6. "I am using public network_D for the first time. I suspect the admin logs MAC addresses and recognizes uncommon ones. The admin also gets suspicious if someone changes their MAC frequently. Assign me a random MAC from a popular vendor ID, name it MAC_D, and ensure I use the same one whenever I revisit this network."
  7. "Yes, network_E is very similar to network_D. I suspect the admin logs MAC addresses and detects uncommon ones. The admin also gets suspicious if someone changes their MAC frequently. Assign me a random MAC from a popular vendor ID, name it MAC_E, and ensure I use the same one whenever I revisit this network. Don't confuse it with other MACs."

Thoughts[edit]

Supporting use cases 6 and 7 would either require persistence or require the user to remember or write down the MAC address, which is difficult.

An ideal solution should not require persistence.

A possible approach is for the user to enter a keyword, and using that keyword will consistently generate the same Macchiato MAC_D or Macchiato MAC_E.

Newer[edit]

Thesis:

Like with Tor and anonymity in general, you cannot hide the fact that you are trying to hide.

See also:

From this Tails design pagearchive.org:

  • AdvCapSniff
  • AdvCapRecords
  • AdvCapOwners
  • AdvGoalTracking
  • AdvGoalProfiling
  • AdvCapOwners
  • AdvGoalIdTails
  • AdvGoalIdMacSpoof
  • AvoidTracking
  • AvoidIdTails
  • AvoidIdMacSpoof
  • AvoidConnectionProbs

Leak-proof MAC Randomization - Technical Implementation Challenges[edit]

Leak-proof MAC randomization - ensuring that the real MAC address is never leaked - is very difficult to implement. Implementations using tools such as NetworkManager, udev, and/or the init system (such as systemd) might, in theory, leak the original MAC address. This is because these are complex code bases with intricate system interactions, where MAC randomization was not originally supported but later bolted on as an afterthought. Supporting MAC randomization at a different level, such as by the kernel, might be a more reliable approach to MAC randomization.

Related bug reports and discussions:

Related general security ecosystem-wide issues:

See Also[edit]

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!

Retrieved from "https://www.whonix.org/w/index.php?title=Dev/MAC&oldid=102938"