Check if/how we should use NetworkManager's new MAC address spoofing capabilities
Originally created by @intrigeri on #11293 (Redmine)
As https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks/ sums up, NM 1.2 + wpasupplicant 2.3 allow (opt-in) to randomize MAC address used for scanning for Wi-Fi networks (that we’ve rejected in #7380 (closed)), and also to spoof the MAC address used for connecting to all Wi-Fi networks (needs to be verified, the blog post is unclear; previous NM versions allowed to configure a spoofed MAC address per network). NM 1.4 improves this further (announce blog post, NEWS entry.
Does this work on all hardware? The code suggests that this might rely on per-device capabilities.
What shall we do about it?
Feature Branch: wip/feature/11293-network-manager-spoof-mac
How it could work
-
We remove the modules blacklist logic.
-
We set up a boot-time firewall that blocks all outgoing connections to non-loopback interfaces.
-
Once the user has made their decision wrt. MAC spoofing (that is, in tails-unblock-network, run by PostLogin, just as it is now):
- We record that decision in some place where all legitimate interested parties can check it out.
- We configure NM accordingly.
- We replace the boot-time firewall with the production one.
- We start NetworkManager.
Here again, hotplugged interfaces are not as well protected against permanent MAC address leaks as the coldplugged ones. But this is a compromise we are already doing in our current design.
Related issues
- Related to #6453
- Related to #11856 (closed)
- Related to #11931 (closed)
- Related to #10491 (closed)
- Related to #17115
- Related to #17128
- Blocked by #10289 (closed)