- Edited
PaulDavis yeah but in a ton of countries it is needed. And roaming is a security mess too! So I would need to move
NOTE: You may want to turn off full MAC randomization
I did this for a hotel stay which only allowed a limited number of devices to connect. With randomized MAC, each connection is a "device." Helpfully, you can adjust these settings on a per network basis without changing your default.
a month later
I set my home router to disallow new connection to the main WiFi network for security reasons. I need to disable this setting manually to allow new connections. This lead to issues with GrapheneOS because it kept registering to the router as a new device because of the MAC randomization.
I solved this issue by connecting the phone to the guest network and keeping a Wireguard connection to the home network open. I would love to have an option to set a static MAC for trusted networks.
CuriousFox okay? Just set it to use device MAC, problem solved.
DeletedUser87 or per-network randomised instead of per-connection to avoid leaking your device MAC which cannot be changed.
DeletedUser88 it doesn't really matter if you use it only in your home network. It's still a unique MAC used in no other network. This would only be a problem if physical security was involved.
There are 3 options, either "per network randomized mac" or "per device mac" will use single MAC on a single router.
- Edited
Xtreix I'm seeing a lot of stuff in there about privacy, but not much about security. The mobile network making location tracking easy is a problem for privacy, but bad privacy doesn't mean insecure.
Insecure protocols doesn't mean you're putting yourself at risk whenever you use them. Insecure protocols in this case means nothing is stopping a third party from being able to view the data being transmitted, and potentially interfering with it. This is explained in the FAQ article you link, and the same risks apply when connecting to a wifi network not owned by you. As is explained in that same article, simply using HTTPS is enough to avoid that problem. For anything else (old apps or websites that never upgraded to using encrypted communications), use a VPN like you would on any untrusted network.
It should be noted that using a VPN for unencrypted communications means you'll be trusting the VPN provider with your unencrypted data instead, so you might prefer to avoid apps or websites that don't do encryption instead.
If you live in a country where you really can't afford to have your location tracked, then yeah, cellular network would be a security risk. but otherwise it would be nice if people stopped equating privacy with security. We can't come up with the right solutions to problems unless we properly differentiate the two (or you end up with garbage like Librewolf and Ungoogled Chromium claiming to be more secure browsers...)
2 months later
- Edited
DeletedUser88 where can I find the setting for "per network randomized"?
Ammako I may be wrong but I don't think if it was secure Graphene would have an option to only allow LTE for reducing attack surface because. Historically it was used to attack a lot of devices with NSO software etc.
missing-root back in the day, anti cheat companies used to serve bans to hackers and cheaters in certain video games based of MAC address. Was referred to as a Hardware ban.
Sucked to see that as a pre teenager, knowing u could never play that game ever again.
CuriousFox In Settings > Network and Internet > Internet > Saved networks > click on the Wi-Fi network you want to change > Privacy > select "Use per-network randomized MAC".
Ammako Cellular networks are neither secure nor private. There is abundant scientific literature on the topic.
ToffoliGate Thank you! That did the trick!!
missing-root This might have solved the weirdest WiFi issue I was having. Even with Cisco hardware (admittedly old). Why would the WiFi controller store all the MAC addresses for old sessions? Never would have guessed.
Carpool7341 Cisco hardware
Can you feel the pain already?
Jokes aside, hardware, especially when it's a little older, doesn't know the concept of MAC randomization. Some (most) DHCP implementations use MAC addresses to recognize devices, so that they can reserve an IP per device. This of course leads to DHCP pool flooding/DHCP starvation where the whole address pool gets eaten up by "dead" leases. Especially with longer lease times, this can lead to constant issues.
Can you feel the pain already?
I really do, lol. It wasn't IP exhaustion, the DHCP server is a pfsense router and it definitely had plenty available. There are multiple access points with roaming between them and the controller would just crash sometimes.
We'll see if the issue is solved, it's only been a couple of days...
Carpool7341 ah, didn't know it was roaming related. 802.11r relies on MAC address tables afaik, so it would be my conclusion that they become unresponsive when they're flooded with MAC addresses. (I can also just assume they're stored way longer than DHCP leases). At least it's solved.
I was just mentioning DHCP starvation because that is what I "did" to our company network when I hadn't noticed that my GOS phone was on "per connection" randomization. And our address pool is around 400 IPs for around 250 people (please don't ask who set it up like this lol)
Carpool7341
Nevermind, that didn't solve it. Guess it's just time to replace the hardware...
Back to the original post. Forgive my lack of knowledge on the matter. Would having your DHCP lease time set to one day not eliminate the issue? Supposing your home router does not see the same "device" in 24 hrs, would it not recycle the IP address?