Feature #6453
Protect against fingerprinting via active Wi-Fi networks probing
100%
Description
Even once feature/spoof-mac is merged, Tails does not protect against AdvGoalTracking and
AdvGoalProfiling due to "active probing" performed by NetworkManager
for Wi-Fi connections. This puts AvoidTracking at risk, especially when using the NetworkManager persistent connections feature.
Subtasks
Related issues
Associated revisions
MAC spoofing design doc: clarify that at most five SSIDs from stored connections are used for directed Probe Requests.
refs: #6453
History
#1 Updated by intrigeri over 4 years ago
- Description updated (diff)
#2 Updated by BitingBird about 4 years ago
- Related to deleted (Feature #5421: Spoof MAC address)
#3 Updated by BitingBird about 4 years ago
- Related to Feature #7380: Randomise MAC address when scanning for Wi-Fi networks even when MAC spoofing is disabled added
#4 Updated by BitingBird over 3 years ago
- Related to Feature #6549: Prevent MAC address leak for non-root users added
#5 Updated by intrigeri over 3 years ago
- Related to deleted (Feature #6549: Prevent MAC address leak for non-root users)
#6 Updated by BitingBird over 3 years ago
One of the upstream tickets linked on the blueprint is fixed, the other is "fixed-upstream", the third is wontfix.
#7 Updated by intrigeri over 2 years ago
- Related to Feature #11293: Check if/how we should use NetworkManager's new MAC address spoofing capabilities added
#8 Updated by BitingBird about 2 years ago
- Status changed from Confirmed to In Progress
#9 Updated by intrigeri almost 2 years ago
- Subject changed from Protect against fingerprinting via active Wi-Fi networks probling to Protect against fingerprinting via active Wi-Fi networks probing
#10 Updated by intrigeri over 1 year ago
BitingBird wrote:
One of the upstream tickets linked on the blueprint is fixed, the other is "fixed-upstream", the third is wontfix.
I see nothing about this topic on the blueprint, so I guess the current state of the art is documented on https://tails.boum.org/contribute/design/MAC_address/, in the "Active probe fingerprinting" section (which doesn't point to any upstream ticket actually).
#11 Updated by u about 1 year ago
- Status changed from In Progress to Confirmed
- Assignee set to intrigeri
It's unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you're not going to work on this.
Maybe this should simply be documented or added to the design documentation?
#12 Updated by intrigeri about 1 year ago
- Blueprint changed from https://tails.boum.org/blueprint/macchanger/ to https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting
#13 Updated by intrigeri about 1 year ago
- Description updated (diff)
#14 Updated by intrigeri about 1 year ago
- Assignee deleted (
intrigeri)
u wrote:
It's unclear to me what the next steps on this ticket are. Can somebody from the foundations team please clarify this. Unassign yourself afterwards if you're not going to work on this.
Maybe this should simply be documented or added to the design documentation?
https://tails.boum.org/contribute/design/MAC_address/#active-probe-fingerprinting says "active scanning should be disabled in NetworkManager when MAC spoofing is enabled". I guess next step is to implement an option in NM to allow this.