< Changes
No edit summary |
(adding release notes tracker) |
||
| (10 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name. This keeps all change proposals in the same namespace --> | <!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name. This keeps all change proposals in the same namespace --> | ||
= | |||
= Assign individual, stable MAC addresses for Wi-Fi connections = | |||
== Summary == | == Summary == | ||
Adopt stable-ssid as the default | Adopt stable-ssid as the default mode for assigning individual, stable MAC addresses to Wi-Fi connections in NetworkManager for Fedora 40, enhancing user privacy without compromising network stability. | ||
| Line 16: | Line 19: | ||
== Current status == | == Current status == | ||
[[Category: | [[Category:ChangeAcceptedF40]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | ||
| Line 27: | Line 30: | ||
* Targeted release: [https://docs.fedoraproject.org/en-US/releases/f40/ Fedora Linux 40] | * Targeted release: [https://docs.fedoraproject.org/en-US/releases/f40/ Fedora Linux 40] | ||
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | * Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | ||
* [ | * [https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org/thread/R6PF344C3KCX4O7L4RNMS7GAC4SXHO6A/ Announced] | ||
* FESCo issue: | * [https://discussion.fedoraproject.org/t/f40-change-proposal-wifi-mac-randomization-system-wide/99856 Discussion thread] | ||
* Tracker bug: | * FESCo issue: [https://pagure.io/fesco/issue/3136 #3136] | ||
* Release notes tracker: | * Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2258088 #2258088] | ||
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/1073 #1073] | |||
== Detailed Description == | == Detailed Description == | ||
The change involves adding a new file, /usr/lib/NetworkManager/conf.d/22-wifi-mac-addr.conf. This file sets `wifi.cloned-mac-address=”stable-ssid”` as the default mode for MAC address | The change involves adding a new file, /usr/lib/NetworkManager/conf.d/22-wifi-mac-addr.conf. This file sets `wifi.cloned-mac-address=”stable-ssid”` as the default mode for MAC address selection in Wi-Fi connections within NetworkManager for [https://docs.fedoraproject.org/en-US/releases/f40/ Fedora Linux 40]. The `stable-ssid` mode selects a different MAC address based on the network's SSID and the machine ID and is aimed at enhancing user privacy. This new default value will apply to Wi-Fi profiles in [https://docs.fedoraproject.org/en-US/releases/f40/ Fedora Linux 40] and later that do not override the default. | ||
The content of the added file is: | The content of the added file is: | ||
[connection.22-wifi-mac-addr] | [connection.22-wifi-mac-addr] | ||
| Line 44: | Line 49: | ||
For further details, please refer to `man NetworkManager.conf`. | For further details, please refer to `man NetworkManager.conf`. | ||
With this config file, the MAC addresses for the Wi-Fi interface will usually change once which can cause problems to connect to wireless networks that restrict access based on MAC addresses and can lead to getting the connecting device to obtain a different IP address. Therefore the settings on the Wi-Fi router might need to be adjusted correspondingly. Alternatively, the profiles or the system can be changed to the previous behavior (see [[#Upgrade/compatibility impact]]). | |||
== Benefit to Fedora == | == Benefit to Fedora == | ||
Latest revision as of 19:56, 28 February 2024
Assign individual, stable MAC addresses for Wi-Fi connections
Summary
Adopt stable-ssid as the default mode for assigning individual, stable MAC addresses to Wi-Fi connections in NetworkManager for Fedora 40, enhancing user privacy without compromising network stability.
Owner
- Name: Stanislas FAYE, Till Maas
- Email: <sfaye@redhat.com>, <till@fedoraproject.org>
Current status
- Targeted release: Fedora Linux 40
- Last updated: 2024-02-28
- Announced
- Discussion thread
- FESCo issue: #3136
- Tracker bug: #2258088
- Release notes tracker: #1073
Detailed Description
The change involves adding a new file, /usr/lib/NetworkManager/conf.d/22-wifi-mac-addr.conf. This file sets wifi.cloned-mac-address=”stable-ssid” as the default mode for MAC address selection in Wi-Fi connections within NetworkManager for Fedora Linux 40. The stable-ssid mode selects a different MAC address based on the network's SSID and the machine ID and is aimed at enhancing user privacy. This new default value will apply to Wi-Fi profiles in Fedora Linux 40 and later that do not override the default.
The content of the added file is:
[connection.22-wifi-mac-addr] match-device=type:wifi wifi.cloned-mac-address=stable-ssid [.config] enable=nm-version-min:1.45
For further details, please refer to man NetworkManager.conf.
With this config file, the MAC addresses for the Wi-Fi interface will usually change once which can cause problems to connect to wireless networks that restrict access based on MAC addresses and can lead to getting the connecting device to obtain a different IP address. Therefore the settings on the Wi-Fi router might need to be adjusted correspondingly. Alternatively, the profiles or the system can be changed to the previous behavior (see #Upgrade/compatibility impact).
Benefit to Fedora
This change enhances user privacy by addressing the issue of MAC address tracking method used by network operators and advertisers to gather data about users’ movements and device usage patterns. By randomizing MAC addresses, Fedora reduces the potential for this type of passive surveillance, thereby enhancing individual privacy. It aligns Fedora with privacy-focused features present in other modern operating systems. The generated MAC address under the stable-ssid mode is derived from the network’s SSID, a per-host key (from /etc/machine-id and /var/lib/NetworkManager/secret_key), and a per-interface identifier.
Scope
- Proposal owners:
The merge request is already merged upstream.
- Other developers: N/A
- Release engineering: #Releng issue number
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
With the adoption of stable-ssid as the default in Fedora 40, existing users may experience changes in their Wi-Fi connection behavior, particularly those whose network setups depend on fixed MAC addresses. It’s crucial for users to be aware that upgrading to Fedora 40 will apply this new MAC address randomization by default. Users needing to maintain consistent MAC addresses for specific networks can address this by following one of these steps:
1. Manually set wifi.cloned-mac-address to permanent for specific profiles using
nmcli connection modify [$PROFILE] wifi.cloned-mac-address permanent
2. Create a custom configuration file in /etc/NetworkManager/conf.d/22-wifi-mac-addr.conf, which can be empty or contain specific configurations. This will prevent the default file in /usr/lib from being loaded.
3. Create a higher priority .conf file like /etc/NetworkManager/conf.d/90-wifi-mac-addr.conf with:
[connection-90-wifi-mac-addr-conf] wifi.cloned-mac-address=permanent
For details on the order in which configuration files are loaded and their priority, refer to man NetworkManager.conf
How To Test
- Upgrade NetworkManager to version 1.45 or newer implementing the stable-ssid mode
- Connect to Wi-Fi network using nmcli or the GNOME network settings
- Use
ip link show(replacing [device] with your Wi-Fi device’s name) to check the MAC address assigned to the device. - Note the MAC address and reconnect to the same network to confirm that the MAC address remains consistent across sessions.
- Connect to different Wi-Fi networks and observe the MAC address for each connection.
- Ensure that the MAC address is derived from the network’s SSID.
- Manually override the MAC address for a specific Wi-Fi profile using
nmcli connection modify [profile] wifi.cloned-mac-address [your-mac-address]to set a specific MAC address - Reconnect to the network and use
nmcli device show [device]to verify that the specified MAC address is being used.
User Experience
Users will experience an additional layer of privacy without any required action on their part. The change is transparent, with minimal impact on the day-to-day user experience. However, for those with specific network configurations reliant on static MAC addresses, this update may require manual adjustments to network profile settings. Users in such scenarios will need to be aware of the change and how to revert to a fixed MAC address if necessary, ensuring their network connectivity aligns with their requirements.
Dependencies
N/A
Contingency Plan
- Contingency mechanism: Revert to previous MAC address handling if significant issues arise.
- Contingency deadline: Beta freeze of Fedora 40.
- Blocks release? No
Documentation
No documentation change is required.
Release Notes
The change will be mentioned in the Release Notes.