πŸ“‘ πŸ–₯️ WiPri: machine-id Randomization

πŸ“‘ πŸ–₯️ WiPri: machine-id Randomization

Nov 14, 2022

New WiPri Feature: Machine-ID Randomization


WIPRI: used via either boot and / or commandline use, wipri offers privacy enhancement options, from mac randomization (real valid OUI for blending in), hostname / restoration, signal strength, and coordinated changes.


WHY WIPRI?

Before I started working on wipri, I was concerned by experiences, and various reports of mac changing options creating mac address leaks, firmware crashes. Past bug in NM revealed permanent mac address leaks (without users realizing it). See: here

It's worth mention, one of the events experienced inspiring wipri...

EXCERPT FROM DISCUSSION

(wipri service prevents leak at boot)


If you, like me, want to prevent permanent mac address leaks (permanently), wipri could be something you'd like to try.

This is the goal. Prevent leaks, mitigate unique value of content.

Another thing I'd rather not worry about. The install.sh makes it simple to add it to new devices (and change current boot flags / upgrade).

TIP: Some may like to install wipri before even allowing new Linux devices to connect to the network (in cases like these: copy wipri package to that device, run install.sh). Store it on a usb for setting up new devices.

Check Status: sudo systemctl status wipri


Have Ideas (for improving wipri)? πŸ“© email

Contributions welcome at wipri on Gitea Onion (πŸ§… Use Tor Browser)

If it makes sense / improves it, happy to merge.


(I use wipri on Pinephone (works on Librem5 / other Linux phones), various servers, routers, tablets, laptops, desktop)


HISTORY / PATTERNS

MAC Addresses (wifi) and other identifiers are mapped out. Worldwide. See Wigle for examples.

Analysis / databroker sales are more widespread than what is found publicly.

Even if you use something, that in itself may provide its own unique identifiers (see below ex).

Many smartphones generally use specific format for their mac randomization feature. This includes devices that use a '2' or '4' on second octet (Apple).

Devices generally use following format ('highlighting' them in the crowd as randomized mac addresses):

x2-xx-xx-xx-xx-xx
x6-xx-xx-xx-xx-xx
xA-xx-xx-xx-xx-xx
xE-xx-xx-xx-xx-xx

In contrast, wipri uses official IEEE valid brand OUI lists, to blend in with neighboring devices.


Have you checked if your setup leaks?

ISP's can collect / sell your personal device identifiers (as has been reported).

Phones can act as wardrivers. Who knows how many parties see various device identifiers surrounding you (ie: wireless).

Databrokers want to know who is doing what on said device, and where they are doing it.

You didn't think more expensive "stingray" tech was the only thing used to track users, did you?

Dept stores, malls, businesses, all use tracking beacons to map out your activity in shopping areas.

In the past an advertising company even implemented drones to capture and track devices by wifi mac address.

Check for leaks at boot by running a sniffer, or kismet.


Goal was to find a controlled option to manage concerns of unique identifiers, in dedicated, "set and forget", start at boot, automated, leak prevention, long term way.

Added various features I wanted to see, and came up with some concepts based on device tracking.

Deciding static flags should 'hold' mac to prevent leaks (and enforce wipri chosen mac).

This is the solution I wanted. Hope you find useful.


Latest found (only) on πŸ§… Gitea Onion (shows up here first).


⭐ NEW FEATURE ⭐

Now each time wipri command (or boot) is run, old machine-id is removed, and a new machine-id will be generated (in case collected by apps, or in bad practice, shared over network of any type).


This 'machine-id' carries over, even if you change hardware. It's of narrow usage, unnecessarily static and permanent in consequence.

(those not interested in random machine-id: comment out section carrying machine-id information)


πŸ“‘ (-w) TURN OFF WIFI RADIO AUTOMATICALLY AFTER DISCONNECTED FOR MULT MIN

Previously covered -w flag which covers you (turns off wifi radio automatically) for those who want wifi radio turned off automatically.

Using -w doesn't interfere with your connection (no disconnects), and using a series of timers to prevent current network interruptions.

WHY? wifi shares saved SSID list (can be used for patterns of life tracking). I discussed other ways you can thwart this in previous content (adding -w flag on wipri is most automated / straight forward long term solution).

And all other potential wireless identifiers.


πŸ“ USAGE ADVICE

You can combine -w flag with any other flags (and set flag combo at boot with install.sh)

This allows you to make the most of identifier disinfo, while also (optionally with -w) turn off wifi radio once minutes after disconnected from your saved wifi accesspoint.

Each flag has a purpose.

WiPri can also be used for ethernet changes.


The entire point of wipri is using disinfo to 'poison' the pool of tracking identifiers, and misdirect from permanent identifiers.


MACHINE-ID Randomization


EXAMPLE RUN (SHOWS ALL FLAGS):

(view above screenshot for all flag combinations you can use - use what works for you)


CURRENT FLAGS (COMBINE AS YOU LIKE)

-d <device> [set device name for each run]

-w turn off wifi radio when you are disconnected after x seconds [prevent potential identifer leaks when traveling]

-a anonymous / ghost mode [sets continually changing time period, coordinated changes of hostname, mac address, tx signal strength]

-p static smartphone MAC address mimic [sets random valid OUI smartphone MAC Address and prevents mac address leaks {unique feature to wipri}]

-P changing smartphone mac mimic [sets randomly generated, yet valid OUI smartphone brand name, at continually changing times, it changes to new smartphone mac address]

-r randomly change mac address (to valid OUI addresses) at continually changing times, continually changing valid addresses [all brands]

-m set static mac address of your choice [takes advantage of unique wipri leak prevention - added after default mac changing in NM had a bug in previous causing mac leaks - they fixed that bug, but could happen again]

-i set valid OUI random mac identity [hold randomly chosen valid mac, prevent leaks]

-h set random generic hostname [original hostname saved first wipri run and can be restored with -R]

-s random signal strength [experimental: tx power randomization - device direction/location can be tracked by signal strength]

Above flags are the main. Install any of which with the install.sh script.

The latest install.sh allows upgrades, and easy change of boot flags (systemd required for boot automation)


πŸ–₯️ MACHINE-ID πŸ›°οΈ

For those unaware, machine-id is a unique identifier stored at: /etc/machine-id.

This extremely unique machine-id could be used for tracking / surveillance capitalism.

Previously, Devuan Linux began randomizing machine-id. Although this feature is not widespread in Linux distributions. Also discussed on this Nitter thread.

Incorporated machine-id concerns into wipri, to automate more privacy concerns.


πŸ’¬ DISCUSSION

SOURCE: here (above screenshot discussion)


πŸ“ DOWNLOAD WIPRI (πŸ§… TOR BROWSER LINK)


Decided I wanted all of this automated on my own devices.

Thought you might like it, too. 😎


πŸ—¨οΈ If You Have Questions, Leave Comment / Send πŸ“© email

Enjoy this post?

Buy πŸ₯· (RTP) Privacy Tech Tips πŸ“‘ a coffee

More from πŸ₯· (RTP) Privacy Tech Tips πŸ“‘