From 2d84312ac5108cd5ff6d190322f696ea1b25c082 Mon Sep 17 00:00:00 2001
From: Peter Gerber <peter@arbitrary.ch>
Date: Mon, 22 Jan 2018 01:29:01 +0100
Subject: [PATCH 1/2] Improve instructions for randomizing MAC addresses

NetworkManager, by default, uses a connection ID and a per-host random
and secret key to generate `stable` MAC addresses. The intention is to
keep a connection's MAC address stable indefinitely but for it to be
different on every host.

The current instruction mention that "`stable` generates a random
address that persists for each boot session". This is indeed true for
AppVMs using stock TemplateVMs. The reason is that the secret key doesn't
exist in the template and thus is only created when the AppVM starts.
This, however, may not be true for other VMs.

In order to ensure that MACs are always only `stable` during one boot
session, `stable-id`, which is used to generate MACs, can be adjusted.
NetworkManager's documentation suggests to use `${CONNECTION}/${BOOT}`
to ensure generated MACs are unique to a boot session and connection [1].

[1]: https://developer.gnome.org/NetworkManager/stable/nm-settings.html
---
 privacy/anonymizing-your-mac-address.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/privacy/anonymizing-your-mac-address.md b/privacy/anonymizing-your-mac-address.md
index 1ae437bb..7a92429e 100644
--- a/privacy/anonymizing-your-mac-address.md
+++ b/privacy/anonymizing-your-mac-address.md
@@ -34,10 +34,11 @@ wifi.scan-rand-mac-address=yes
 [connection]
 wifi.cloned-mac-address=stable
 ethernet.cloned-mac-address=stable
+connection.stable-id=${CONNECTION}/${BOOT}
 ~~~
 
-`stable` generates a random address that persists for each boot session.
-`random` generates a random address each time a link goes up.
+* `stable` in combination with `${CONNECTION}/${BOOT}` generates a random address that persists for each boot session.
+* `random` generates a random address each time a link goes up.
 
 To see all the available configuration options, refer to the man page: `man nm-settings`
 

From 6b3eb8fd71bf7ef4f65c52a1584f10d2b4b0f52d Mon Sep 17 00:00:00 2001
From: Peter Gerber <peter@arbitrary.ch>
Date: Sun, 28 Jan 2018 23:14:56 +0100
Subject: [PATCH 2/2] clarify description for randomizing MAC addresses

---
 privacy/anonymizing-your-mac-address.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/privacy/anonymizing-your-mac-address.md b/privacy/anonymizing-your-mac-address.md
index 7a92429e..3e7f0921 100644
--- a/privacy/anonymizing-your-mac-address.md
+++ b/privacy/anonymizing-your-mac-address.md
@@ -37,7 +37,7 @@ ethernet.cloned-mac-address=stable
 connection.stable-id=${CONNECTION}/${BOOT}
 ~~~
 
-* `stable` in combination with `${CONNECTION}/${BOOT}` generates a random address that persists for each boot session.
+* `stable` in combination with `${CONNECTION}/${BOOT}` generates a random address that persists until reboot.
 * `random` generates a random address each time a link goes up.
 
 To see all the available configuration options, refer to the man page: `man nm-settings`