Latest phones are great at thwarting Wi-Fi tracking. Other devices, not so much – study In 2017, US Naval Academy researchers found that MAC address randomization in mobile devices was largely worthless as a privacy defense. Three years later, the same research group took another look and found that while there's been meaningful improvement, many phones still fail to effectively prevent MAC address-based tracking …
My elderly Moto device should worry me, However, as I wander the fields and lanes dog walking, all tracking efforts appear to result in major location errors. I doubt my mobile phone data has much value to anyone seriously into tracking data. Travelling more or less the same route in the morning produces wildly different logs of distance, speed and almost everything. I am interested in the so called 'fitness data', but I really wonder if it has any grip on reality.
I wonder how much influence the 5 eyes had in making it so phones attempt to connect to nearby Wi-Fi networks even when Wi-Fi is switched off?
As if i am switching off Wi-FI then its for a reason, I don't want my phone to be connecting to Wi-Fi. Not because i like flipping toggle switches on my phone for fun that my phone just then ignores.
Difficult to get much info from a M.A.C. address, unless you also compromise the login system, and it requires the users have entered legit information (not a given). There is also the problem that to get a complete picture of someone's whereabouts, you would need to break into the login systems of potentially many other Wifi providers.
Now, with mobile access, you still need to hack the provider, but once you do, you have *verified* information on the user, including a billing address. You also only have to hack one provider..
Wasn't able to connect to my home WiFi a few days ago. Turns out a software update on my phone enabled MAC randomisation. This in general it a good thing. Sad part though is home WiFi here is a block of flats and access is granted based on registered device (ie MAC address). Guess I'll have to turn off WiFi or re-enable the MAC randomisation every time I go outside (hah!).
I think that is the point of the discussion about per-connection addresses - reusing the same address when reconnecting to the same network. If you can find the address used when the first attempt to connect is made, and authorize that one, subsequent attempts should use the same (random) MAC address.
The article talks about a difference between Android and IoS in whether this is per-SSID or per-SSID-and-access-point. In the latter case you would need to authorize the addresses used with all the access points.
I just checked my phone after reading the article - I can turn off MAC randomisation on a per-network basis. I went ahead and turned it off for my home network (so I can easily identify the phone in the router's list of connections), but it should still be random for any other network.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
