For clarity, WIFI MAC randomization is the default in 4.1, per network: enable MAC randomization for wifi connections by default by marmarek · Pull Request #297 · QubesOS/qubes-core-agent-linux · GitHub
Consequently, you will see NetworkManager configuration file under templates:
/usr/lib/NetworkManager/conf.d/31-randomize-mac.conf
Duplicate of:
As for hostname randomization its documented at: Contents/docs/privacy/anonymizing-your-mac-address.md at master · Qubes-Community/Contents · GitHub
That documentation says to either add a configuration file to prevent hostname to be sent either globally or per connection settings (which again would need persistence if using disposable sys-net option per install or salt recipe application post-install: not recommended for the same reasons detailed below which should be replaced per proper habits).
It is not uncommon to see dhcp requests without hostnames being sent. If using disposable sys-net, you would need to setup persistence in the disposable template, which I would not recommend personally.
I receive this question often: “How can I have disposable sys-net remember my passwords”, which for me doesn’t make any sense. Why having disposable sys-net if one wants it to add persistence, even more to add persistence of sensitive information unrelated to a specific use case (login to hotel hotspot) that could leak other network login informations if sys-net was momentarily successfully exploited to leak only that hotel hostpot?
If you pick up the habit of opening your vault’s KeepassXC on a clean boot to login where needed, and add copy pasting your needed Wifi login information as first step after booting when you, and only when you require network, copy pasting your needed wifi credentials to connect to needed wifi is a better approach then having sys-net contain all your previous wifi login information, including the wifi information to be part of your work network or anywhere else. Bonus, using disposable sys-net will not auto-login on networks you previously logged in before. This is a security advantage, since you now have the control of deciding when you want to login on the network, to login only when you need to be online without sys-net having booted doing that choice instead of you.
Randomizing WIFI MAC is already there by default. I am not sure why hostname leak prevention is not pushed as a default as well, and poked the @adw at MAC Randomization for iwlwifi · Issue #938 · QubesOS/qubes-issues · GitHub. I invite you to do so as well if this is not prioritized.
Edit: It may as well be already fixed? I do not see on network hotspots I control any sys-net anymore in hostnames?
- I do not see any Qubes configuration file implementing this automatically, but can confirm other devices on my network sneding their hostnames as part of dhcp requests, but no more sys-net. Who fixed this?
- Some issues were opened upstream, referencing to sub-issues that were automatically closed: