fria
fria So many devices nowadays have built in MAC randomization or even randomization by default that you don’t really need to worry about it.
It is great that is has become more of a standard.
yore
yore A fully randomized MAC address doesn't guarantee that the OUI portion will be set to a value that has ever existed or is quite rare. If you were to connect to Network A with a fully randomized MAC address and later to Network B with another fully random address, or even reconnect to the same network, theoretically these activities could be linked as an observer could say "Aha, it's that user with a spoofed MAC address again." Linking activities aside, it still makes it obvious that the device is spoofing their MAC and we generally don't want networks to be clearly aware of that.
In my opion both options seem reasonable to me.
And I dont't really think there is a "best" option, because of them both having trade offs.
Personally I would prefer your recommendation on MAC addresses, becase you blend in with the crowd more.
yore No worries, just wasn't sure what you meant! I see what you mean here now. Do you know of any examples of this in practice? It's my first time hearing about it so I'd like to learn more
Red Hat has a dedicated security team, while Arch Linux has one too but that is community driven.
And red Hat does security audits, while Arch Linux does not and relies on the community to check the security.
yore That's great to hear! Thanks for sharing.
It is a really cool feature, which is one of the reasons I want to switch from Fedora Workstation.
On Arch Linux you could also configure hardend-malloc apparently.