mac_spoofing.mdwn 4.24 KB
Newer Older
[[!meta title="MAC address spoofing"]]

# Background

5 6 7
Every network device (wired, Wi-Fi/wireless, 3G/mobile) has a so
called [[!wikipedia MAC address]], which is a unique identifier used
to address them on the local network. Broadcasting a unique identifier
Tails developers's avatar
Tails developers committed
in this manner introduces a couple of potential privacy issues for
Tails developers's avatar
Tails developers committed
Tails users. Geographical location tracking is the main one;
10 11
observing a MAC address at a particular location and time ties the
corresponding device to the same location and time. If the real
Tails developers's avatar
Tails developers committed
identity of the device's owner is known, his or her movements can be
13 14 15
determined. To prevent this one can temporarily change the MAC address
to something random at each boot, which is referred to as "MAC address

17 18 19 20 21 22
As mentioned above, MAC addresses are normally only used on the
*local* network, and are not supposed to ever reach the Internet.
However, [[!wikipedia captive portals]] may send MAC addresses of
users accessing its services to authentication servers. In any case it
should be noted that the location tracking issue we are talking about
here ha no effect on Internet anonymity, like Tails' web-browser.

# When to keep MAC address spoofing enabled

26 27 28 29 30
Tails spoofs the MAC addresses of all network devices **by default**.
It can be disabled by unchecking the corresponding option in Tails
Greeter but in general it is beneficial (or of little or no
consequence) to keep it enabled even if one doesn't care about hiding
one's geographical location.

32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90
Here are a few examples of when you may want to leave this option
enabled in order to hide you geographical movement while using Tails:

* **Running Tails on your computer on an *open* public network**. With
  an "open" public network we mean a network that doesn't require any
  kind of registration (with you real identity) in order to access.

* **Running Tails on your computer at a friend's place**. This rule
  also applies to "workplace", "school/university" or other locations
  you have a strong relationship with. The relationship ties you to
  the location any way but sometimes one may want to not be associated
  to the place at a *particular* *time*, which makes keeping this
  option enabled worthwhile.

# When to disable MAC address spoofing

In some situations MAC address spoofing won't add any benefits but
instead only cause suspicious network activity or connection
issues. Therefore, in the following situations we recommend disabling
this option:

* **Running Tails at home**. The deep association to the location
  makes this essentially meaningless, and may cause connection issues
  (some ISP-provided modems or routers restrict access based on MAC

* **Running Tails on a public computer**, like a library
  computer. Since it's not your device, it's not associated to you
  directly, so spoofing its MAC address is pointless. Not only that,
  it can cause connection issues, or worse, attract suspicion from the
  network administrators, so it should really be avoided.

* **Running Tails on your computer using a *restricted* public
  network**. As opposed to an "open" public network, with "restricted"
  we mean that real identity registration is required.

* **When you experience network issues** due to MAC address
  restrictions on the network, or problems with your network devices
  (or its driver). In this case MAC address spoofing simply isn't
  available, so disabling it is the only way to get a working network
  connect. However, disabling it brings back location tracking, so if
  that is of importance the only option may be to either use a
  different network device, or move to a location without MAC address
  restrictions, depending on which of them that caused the issue.

# Other considerations

* We urge users to disable [[!wikipedia Intel AMT]] since it may leak
  the *real* MAC address before Tails starts and is able to do
  anything about it.

* If you have MAC address spoofing enabled and then reboot your
  computer to another operating system (like Windows or Mac OS X) you
  will give away your geographical location any way.

* Otherwise "open" public networks should perhaps be considered as
  "restricted" in case heavy video surveillance (or similar) is
  employed. Note that you may want to consider the memory of employees
  or other regulars at the place as surveillance.