Feature changed by: Stakanov Schufter (stakanov) Feature #317699, revision 3 Title: Implement a feature to randomize the MAC address(wlan) within the network-plugin openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Stakanov Schufter (stakanov) Partner organization: openSUSE.org Description: To have a "check-box" based solution in the option of the network- manager plasmoid in plasma. If selected: MAC-address changes at every connect. If not selected, default "real" MAC address is used at WLAN connect. This would allow to have both, more security on tracking and ease of network administration in settings where instead MAC filters are used to connect and a stable MAC is desirable. To be of acceptable ease of usage a check-box would be IMO best. Use Case: MAC addresses of WLAN are used to track user. Machines that connect to open WLAN networks are targeted often via the MAC address. It would be nice (and should not be overly difficult to implement if I well understood because some people do this with a CLI script) to have a "check-box" based solution in the option of the network-manager plugin in plasma. Business case (Partner benefit): openSUSE.org: Because opensuse should be a safe, privacy protecting, security orientated distribution. Because the MAC address has been shown to be a main tool to target a specific machine when connecting in a multitude of machines. As people do banking, surfing and a lot of other things that are attractive for targeting a single user in setting of public wlan, this would be a plus in security that is easily achieved. Because of various spying and spoofing activities be it of state origin or even more important of private corporations as well as criminal individuals in airports, train stations and hotel lobbies. Because iOS 8 implements this feature already. Discussion: #1: Richard Brown (rbrownccb) (2014-06-19 17:58:03) What about the (very common) use case of a network providing specific IP addresses to specific mac addresses? I like the fact you're suggesting this is a tickbox, but that still could lead to a situation where a user activates this feature, then goes onto a network and not get the expected network services. Just because iOS8 is doing it doesn't mean openSUSE should. I think I would be happier with this feature being implemented as a 'root-level' decision, the assumption being that the administrator of the workstation in question is sufficiently knowledgeable/trusted to make that decision. + #2: Stakanov Schufter (stakanov) (2014-06-19 19:25:42) (reply to #1) + The very common case is effectively the "default value". You can + overcome this by doing the tick box with a pop-up that warns the user + to switch off in case he/she/it has problems to get connected in + corporate environments. Why I would allow this for the normal user?? + Because I think who is using opensuse is not a PEBKAK generally + speaking. It is true that for SLES editions I would rather leave it to + the admin as in the "administrative clerical environment" the latter + problem seems to be more widespread ("I just liked the idea of checking + a box"). But SLES is gnome based and gnome considers even the + personalisation of the desktop such an intellectual challenge that it + has become a rather "restrictive" environment IMO. In Brussels I was + targeted several times in internet cafés. People use either MACs or + Kali-Linux machines to do that. They just did not learn up to know to + "stare" stupidly at the reactions of their victims (lol, very capable). + I therefore have a reason why I do suggest it. In a multitude the + attacker has serious problems to know your machine with this feature, + while without he just overrules the signal for your particular machine, + while not allowing the others to connect. You "could" know by BSSID, + but the BSSID is in my experience NEVER given in public places, they do + not even know what that is. Also if there is a repeater the BSSID may + change while the SSID is still O.K., so even the knowledge of the + original MAC of the access point does not help you. + Anyway if you have the "secure" permission settings, changes to wlan + connection status require already root password. You may write a + settings package for your enterprise and allow for restrictions, i.e. + user has to be part of "wheel" group or similar, to change it and then + you can also do alike the commercial counterparts and "hide" the check- + box in the "advanced settings for experts". But for a normal openSUSE + user I see this still as easy. And: a user who does that and who has + even a one time pop-up or a pop-up with another check-box "do not show + me that again" KNOWS what he is doing. If he does not even know what + the check-box is good for and what a MAC does....I would rather bet + that in the above setting he will rather not tick it. + PS. For the "itch": I never owned a mac, i-mac, i-phone or any apple + device. However, Apple is quite mainstream, so if a mac user is able to + do that, then also an openSUSE user, I am confident, will be able to + use the feature intelligently. Last but not least: just because Apple + did implement it in iOS does not mean openSUSE does not have to look at + it. -- openSUSE Feature: https://features.opensuse.org/317699