some thoughts to reduce the the probe fingerprint (wifi/wlan)
some time ago we (capulcu) published a warning (in german: "sicherheitswarnung MAC-changer") because of the problem of being identifiable due to wifi fingerprinting while using tails. see https://capulcu.blackblogs.org/
some of these issues have already been addressed at various places in the gitlab or on the website of tails:
more details can be found here:
our proposal (in our warning) was to remove the wifi card and to use usb wifi adapters only once (for publication of sensitive information). while testing we came across the following approaches to (minimize or) prevent fingerprinting.
we only used wifi adapters from the ath9k series (to minimize fingerprinting caused by proprietary drivers), because these cards do not need proprietary drivers/firmware and can be controlled via debian.
"ath9k is a Linux kernel driver supporting Atheros 802.11n PCI/PCI-E chips, introduced at Linux 2.6.27. It does not require a binary HAL (hardware abstraction layer) and no firmware is required to be loaded from userspace."
another thought was that probe request (and partial information) are not really necessary to detect access points. hence, we looked at iwd as a replacement for the wpa_supplicant, because periodic scans can be disabled via config in iwd:
Disable periodic scan for available networks
By default when iwd is in disconnected state, it periodically scans for available networks. To disable periodic scan (so as to always scan manually), create / edit file /etc/iwd/main.conf and add the following section to it:
interesting might be the cfg80211 subsystem (configuration api for 802.11 devices), which we have not tested further.
in our tests a connection setup without a probe requests works as well (by passive scans). however, there will be new probe requests by network manager after a successful connection with an access point.
the scans can be stopped by the following patch
unfortunately, 2-3 probe-requests are still being sent when the connection is established (are probe requests really needed for a connection setup?). we have not yet found a way to stop this. perhaps some other people know any workaround / solution? maybe we missed something and configured it wrong.
we have also noticed that the network manager already filters out vendor specific information compared to a connection by the wpa_supplicant.
what do you think? from our point of view it would be important to find a solution for the problem. if a solution for the last problems can be found it would be great if tails could be used with iwd / network manager (no scan) via a boot parameter (for this the macchanger for iwd has to be configured).
if the probe requests can't be stopped, there is also an alternative way via scappy (by faking the probe requests)
and (if not already configured):
wps can be disabled in wpa_supplicant config rts packets can be disabled by iwconfig
update: i tested the networkmanager (no-scan) / iwd setup again in the last days and there where only probe responses and no probe requests in the wireshark capture.
regards, one of capulcu