From bd8765f1a4378c29274abe3f73130310491cec40 Mon Sep 17 00:00:00 2001 From: tasket Date: Thu, 13 Oct 2016 12:06:16 -0400 Subject: [PATCH 1/3] Add section for Network Manager on Debian 9 --- privacy/anonymizing-your-mac-address.md | 37 +++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/privacy/anonymizing-your-mac-address.md b/privacy/anonymizing-your-mac-address.md index ea3b623a..0e7bd9b4 100644 --- a/privacy/anonymizing-your-mac-address.md +++ b/privacy/anonymizing-your-mac-address.md @@ -9,10 +9,41 @@ redirect_from: Anonymizing your MAC Address ============================ -Changing the default [MAC Address](https://en.wikipedia.org/wiki/MAC_address) of your hardware is [crucial in protecting -privacy](https://tails.boum.org/contribute/design/MAC_address/#index1h1). Currently, Qubes OS *does not* "anonymize" or spoof the MAC Address, so until this is implemented by default you can randomize your MAC Address with the following guide. +Although it is not the only metadata broadcast by network hardware, changing the default [MAC Address](https://en.wikipedia.org/wiki/MAC_address) of your hardware could be [an important step in protecting +privacy](https://tails.boum.org/contribute/design/MAC_address/#index1h1). Currently, Qubes OS *does not* automatically "anonymize" or spoof the MAC Address, so until this is implemented by default you can randomize your MAC Address with one of the following guides using either Network Manager or macchanger... -## Configuring Qubes +## Upgrading and configuring Network Manager in Qubes + +Newer versions of Network Manager have a robust set of options for randomizing MAC addresses, and can handle the entire process across reboots, sleep/wake cycles and different connection states. In particular, versions 1.4.2 and later should be well suited for Qubes. + +NM 1.4.2 is currently available from the Debian 9 (testing) repository, and has been tested in Qubes using a Debian template [upgraded to version 9.](https://www.qubes-os.org/doc/debian-template-upgrade-8/) + +In the Debian 9 template you intend to use as a NetVM, check that Network Manager version is now at least 1.4.2: +```https://www.qubes-os.org/doc/anonymizing-your-mac-address/ +$ sudo Network-Manager -V +1.4.2 +``` + +Add the settings in /etc/NetworkManager/NetworkManager.conf. The following example enables Wifi MAC address randomization both while scanning (not connected) and while connected. + +``` +[device-scan] +wifi.scan-rand-mac-address=yes + +[connection] +wifi.assigned-mac-address=stable +``` + +To see the available configuration options, refer to the man page: `man nm-settings` + +Next, create a new NetVM using the new template and assign network devices to it. + +Finally, shutdown all VMs and change the settings of sys-firewall, etc. to use the new NetVM. + +You can check the MAC address currently in use by looking at the status pages of your router device(s), or in the NetVM with the command `sudo ip link show`. + + +## Configuring Qubes with macchanger and scripts First thing you need to do is install **macchanger** package by opening your `fedora-23` TemplateVM and typing From 27dcc6f142d627293d7788cbd5610b4f6b4f2df5 Mon Sep 17 00:00:00 2001 From: tasket Date: Thu, 13 Oct 2016 15:39:30 -0400 Subject: [PATCH 2/3] Update anonymizing-your-mac-address.md --- privacy/anonymizing-your-mac-address.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/privacy/anonymizing-your-mac-address.md b/privacy/anonymizing-your-mac-address.md index 0e7bd9b4..dd09658a 100644 --- a/privacy/anonymizing-your-mac-address.md +++ b/privacy/anonymizing-your-mac-address.md @@ -31,7 +31,7 @@ Add the settings in /etc/NetworkManager/NetworkManager.conf. The following examp wifi.scan-rand-mac-address=yes [connection] -wifi.assigned-mac-address=stable +wifi.cloned-mac-address=stable ``` To see the available configuration options, refer to the man page: `man nm-settings` From 0fb17b62bab206bf5cf55d922a0ab1909aa05b84 Mon Sep 17 00:00:00 2001 From: tasket Date: Thu, 13 Oct 2016 15:47:53 -0400 Subject: [PATCH 3/3] Change section titles to match macchanger --- privacy/anonymizing-your-mac-address.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/privacy/anonymizing-your-mac-address.md b/privacy/anonymizing-your-mac-address.md index dd09658a..c57a71ad 100644 --- a/privacy/anonymizing-your-mac-address.md +++ b/privacy/anonymizing-your-mac-address.md @@ -178,14 +178,14 @@ Your MAC address should now randomize each time you restart your computer or res --- -## Usage Notes +## Usage Notes - Macchanger This approach to MAC Randomizing has been tested and used by some users as well as some of the Qubes team. Observations that are to be expected are: - This does not randomize your MAC Address on sleep and wake state (only on restarting the `sys-net` VM) - The `sys-net` networking VM takes longer for device drivers to start up than usual, this delayed startup may cause the first attempt of `sys-whonix` to connect to Tor to fail -## Disabling / Uninstalling +## Disabling / Uninstalling Macchanger To disable MAC Randomizing if you find that a network connecting to does not like changing MAC Addresses, you can disable temporarily or if you want to permanently remove this solution, do the following: