_Originally created by @intrigeri on _[_#11293 (Redmine)_](https://public-redmine-archive.tails.boum.org/code/issues/11293) As https://blogs.gnome.org/lkundrak/2016/01/18/networkmanger-and-tracking-protection-in-wi-fi-networks/ sums up, NM 1.2 + wpasupplicant 2.3 allow (opt-in) to randomize MAC address used for scanning for Wi-Fi networks (that we’ve rejected in tails/tails#7380), and also to spoof the MAC address used for connecting to all Wi-Fi networks (needs to be verified, the blog post is unclear; previous NM versions allowed to configure a spoofed MAC address per network). NM 1.4 improves this further ([announce blog post](https://blogs.gnome.org/lkundrak/2016/08/24/networkmanager-1-4/), [NEWS entry](https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.4.0\)). Does this work on all hardware? The code suggests that this might rely on per-device capabilities. What shall we do about it? Feature Branch: wip/feature/11293-network-manager-spoof-mac # How it could work 1. We remove the modules blacklist logic. 2. We set up a boot-time firewall that blocks all outgoing connections to non-loopback interfaces. 3. Once the user has made their decision wrt. MAC spoofing (that is, in tails-unblock-network, run by PostLogin, just as it is now): 1. We record that decision in some place where all legitimate interested parties can check it out. 2. We configure NM accordingly. 3. We replace the boot-time firewall with the production one. 4. We start NetworkManager. Here again, hotplugged interfaces are not as well protected against permanent MAC address leaks as the coldplugged ones. But this is a compromise we are already doing in our current design.