Reduce tracking via NetworkManager

April 13, 2023    Article    407 words    2 mins read

NetworkManager is a program for providing detection and configuration for systems to automatically connect to networks. NetworkManager’s functionality can be useful for both wireless and wired networks, for wireless networks, NetworkManager prefers known wireless networks and has the ability to switch to the most reliable network.

If you want to reduce someone’s capabilities to track you, you should avoid broadcasting a persistent and likely unique software identifier; an empty (blank) hostname is also an option, but a static hostname of “localhost” is less likely to cause problems. Both will result in no hostname being broadcasted to the DHCP server. You can use hostnamectl to change the system hostname and related settings.

$ sudo hostnamectl hostname "localhost"

Media access control address or MAC address, also known as physical address, is an identification address unique to a device in a network. We can think of it as similar to our residential address, but for network devices.

MAC randomization is the process of choosing a random MAC address to connect to a network, and hiding the device’s original MAC address, to maintain anonymity.

That is, when a device connects to a network, a random MAC address will be passed on to other devices in the network, and connection will be established with this address.

There are several different aspects of MAC address randomization in NetworkManager, each with their own configuration flag:

WiFi scanning

[device]
wifi.scan-rand-mac-address=yes

WiFi connections

[connection]
wifi.cloned-mac-address=<mode>

Ethernet connections

[connection]
ethernet.cloned-mac-address=<mode>

Mode options

  • random: generate a new random MAC address every time a connection is activated.
  • stable: assign each connection a random MAC address that will be maintained across activations.
  • preserve: use the MAC address already assigned to the interface, or the permanent address if none is assigned.
  • permanent: use the MAC address permanently baked into the hardware.

It’s best to create a dedicated configuration file, such as /etc/NetworkManager/conf.d/99-randomize-mac.conf, to ensure package updates do not overwrite the configuration. In general, I recommend the following:

[device]
wifi.scan-rand-mac-address=yes
[connection]
wifi.cloned-mac-address=random
ethernet.cloned-mac-address=random

This configuration randomizes all MAC addresses by default. These settings can of course be overridden on a per-connection basis. After editing the file, run sudo nmcli general reload conf to apply the new configuration.

If you want to see the randomized MAC address, activate the connection in question and then look for GENERAL.HWADDR in the output of nmcli device show. This represents the MAC address currently in use by the interface, whether randomized or not.

$ nmcli device show

author

created April 13, 2023

tags #guides, #privacy

Check out some related articles: