In Tails, the effort to hide the device’s hostname (by omitting DHCP Option 12)
is a key step in reducing the chance of fingerprinting. Hostname is typically a
unique identifier that can be used to track a device across different networks.
By omitting the hostname, Tails ensures that this piece of information is not
easily tied back to a specific user. However, this action inadvertently makes
the device more recognizable because most devices do however broadcast the
hostname.
This makes you more unique in logs since all one has to do is see all devices
connected/ing that don't have a hostname. Then the fact that they all have the
same OUI makes it trivial to identify. One could easily see its the same device
connecting on either a home network or public wifi since looking at logs you
could narrow it down to devices with no hostname and same OUI.
This feels like a inconsistency of the current privacy measures since the goal
of Tails is to minimize the amount of unique identifying information that a
device broadcasts. If you’re going through the effort of hiding the hostname
(which is amnesia which is also unique), it’s inconsistent to leave the OUI
exposed. This creates an anomaly in the device’s behavior, you're concealing
one identifier, yet still broadcasting another identifier (OUI) that is often
tied to the physical hardware vendor. If your intent is to increase privacy,
exposing the OUI contradicts this effort, as it makes the device identifiable
in certain circumstances. In a worst-case scenario, this could lead to the
de-anonymization of the user, as it becomes easier to link the same device
across different locations.
Given this issue, it would make sense to fully randomize the MAC address. If
the goal is to anonymize the device, why not take the extra step to ensure that
the OUI is also randomized? This would eliminate the possibility of an observer
correlating the MAC address with a specific manufacturer, thus protecting
against the leakage of identifying information.
Moreover, if Tails were to fully randomize the full MAC address might want to
add a check that checks that the OUI is not same as all looped through
interface names to avoid leaking that also possibly the same as the NIC check
functionality that currently exists.
To my knowledge to be fair when I looked with wireshark I didn't see certain
DHCP options that could be fingerprinted other then DHCP option 55 Parameter
Request List and 61 (OUI in Client Identifier). Since NetworkManager is set to
use Internal it could be seen as or rather fingerprinted as Linux which is
specific as I recall the length is same and number order is also. I don't know
if this is ideal but maybe could looked into or if someone know exactly if what
I'm about to say is correct, which is maybe looking into low level DHCP
spoofing? Android/Windows sends a custom Vendor Class Identifier (option 60)
and Parameter Request List (option 55) I know you can set the Vendor Class
Identifier in NetworkManager but I'm not quite sure you can set the option 55?
However I do recall reading you could set the Parameter Request List with dhcpd
which I do believe Android uses.
In closing thoughts or summery I would say if Tails is already gonna go out of
its way to hide the hostname (amnesia) then it would make sense to also hide
the OUI part of the MAC Address with Full mac spoofing. I think trying to blend
in with other DHCP clients might be to hard to do or require constant updates I
just thought I would mention as many may not know about DHCP fingerprinting
which Tails does good job of avoiding but should hide the OUI in 61 (MAC
Address) being sent.
Thanks,Shinz
_______________________________________________
Tails-dev mailing list
[email protected]
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
