I installed Qubes and I expect my MAC will be randomized by default as described in help files. This doesn’t happen.
I am checking the MAC of my cubes via terminal in main menu for each template I tried dom0 and networking one, but also others.
cat /sys/class/net/*/address
It is always the same for all templates and between reboots. I am connecting through WiFi. Why it is not working?
Are you sure?
In sys-net, with a Debian template, I see a different address each time.
This is confirmed at the router.
If you restart sys-net, and reconnect to WiFi, do you not see a
different MAC address on each reconnection?
(Incidentally, you havent said which version of Qubes you installed. Can
you confirm?)
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I’m on 4.2.4.
Ok, you are right, I see it is changing on sys-net. Previously I was checking on apps and templates, like whonix and whonix-gateway, and it is always the same. I shouldn’t worry about that as only sys-net cube will be exposed to the web, correct? Sorry for my noob questions, I’m still very new to Qubes.
One more question: output on mac addresses on sys-net gives four addresses like
12:32:85:65:45:54
00:00:00:00:00:00
fe:ff:ff:ff:ff:ff
98:45:56:65:54:78
and only the last is changing, even though I checked with all interfaces disconnected, both ethernet and wifi. Why only the last?
ip a will provide additional details on your interfaces. Presumably the final entry on this list has a name that begins with wl for wireless interface, which is the MAC you will care about randomizing. 00:... and ff:... are the loopback and virtual interface MACs, which you want to be static.
thank you, that was exactly wl interface
Not quite correct. MAC addresses will not leave your local network. Your sys-net MAC address will be visible to the router and your (W)LAN but not to the Internet. This is generally what people are concerned about. If you connect to a coffee shop then a hotel or university, they will see different MAC addresses (the Internet should never see your device and its MAC address).
Though it is possible for attacker to get the MAC address of a qube,
and that could be stored for identity confirmation.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Yes, the OP could want to be concerned with every qube’s identifiers, such as MAC address and qube hostname. Exploiting web browsers or other exploits to get system information is a real threat to anonymity and privacy. Given that prior discussion was focused on MAC address randomization and sys-net, I didn’t want to muddy or derail the discussion.
Generally speaking, the qube that is directly connected to potentially hostile wireless environments is the qube that needs, or would want, MAC address privacy. And, normal network protocol implementations should not leak MAC addresses beyond the WLAN (to the Internet).
It is possible that some commercial products or wireless network operators are harvesting MAC addresses and hostnames then sending them somewhere (on the Internet) but that wouldn’t be normal network protocol behavior and the OP didn’t indicate this being a concern.