Thanks for the great discussion on this topic. A real world anecdote:
When I login to TAILS on my msi brand netbook, the wireless device does not appear in network-manager and I must use the keyboard hotkey to disable and then re-enable the wireless device before network-manager shows any "wireless connections are available" message. So I am worried that in this example, the MAC will not be spoofed correctly prior to the initial wireless "scan" sent out to find access points. On 10 October 2013 07:01, <[email protected]> wrote: > On 10/09/2013 07:32 PM, anonym wrote: > > > > ## Using Tails at home > > > > First, note that the user's relation (owner, family member's, > > friend's, work's, borrowed, etc.) to the computer running Tails > > doesn't matter; the location is already directly related to the user's > > identity. Similarly, because of this, MAC spoofing is of very limited > > value for both AvoidTracking and AvoidIdTails value. > > > > MAC spoofing could hinder AvoidSuspicion if detected by the ISP's > > hardware (i.e. no trusted router in the way). Similarly, ISP-provided > > hardware may employ some sort of MAC address white-listing (e.g. only > > X unique ones are allowed) that can prevent AvoidConnectionProbs. > > > > Summary: MAC spoofing should be avoided but isn't terribly dangerous > > if enabled. > > > > That's a very thorough and interesting analysis on changing mac address, > thanks. > > I want to argue on "MAC spoofing should be avoided but isn't terribly > dangerous if enabled." when using Tails at home. I wouldn't say that > AvoidIdTails is negligible. > > As you correctly write spoofing MAC could raise suspicion. On the other > hand, if user is under surveillance for whatever reason, and an > adversary's goal is to link the user to a certain internet persona, for > example a nickname in an IRC room. Adversary is monitoring user's local > router and correlates the following : > > - a MAC address connects to the router > - that PC starts using Tor > - a certain nickname shows up in the IRC room > > After a period of time that the adversary monitors the above events and > seeks for correlation, is able to be certain that user is the one using > that nickname. > > All the adversary has to do now, is prove that the MAC address is owned > from that user. > > Of course if adversary is constantly monitoring user's connections and > router, will be alarmed when a random MAC will appear. Nevertheless that > MAC does not provably belong to the user. > > Interestingly a similar case is described in Hammond Jeremy's complaint, > page 29 [1], when FBI agents used wireless traffic sniffing, MAC address > logging to correlate Hammond to a certain persona. > > So, weighing the "not spoofing MAC so as not to raise alarm" and > "spoofing MAC so as not certain connections can be tracked to user's > NIC", I would say the latter is preferred. > > Summary : MAC spoofing could be used under certain circumstances. > > Greetings > > > [1] > www.wired.com/images_blogs/threatlevel/2012/03/Hammond-Jeremy-Complaint.pdf > _______________________________________________ > tails-dev mailing list > [email protected] > https://mailman.boum.org/listinfo/tails-dev >
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
