Re: [Tails-dev] MAC Changer Concept

Borrar esta mensaxe

Responder a esta mensaxe
Autor: adrelanos
Data:  
Para: tails-dev, tailshelper
Asunto: Re: [Tails-dev] MAC Changer Concept
intrigeri:
> We just spent time cleaning this ticket so that it is lean and has
> a clear way forward.


Yes, it has a sane roadmap.

> Thanks! I'd rather not maintain a duplicate of your use cases page,
> so I've linked to yours in our "Use cases" section.


Understand this.

> I guess we'll want to review adrelanos' use cases summary and merge it
> (in part or entirely) with our own ones, when we tackle the first task
> of the roadmap: "Decide which use cases we want to support and how to
> deal with them".


Also quoting you from: Re: [Tails-dev] MAC Address changing problem

intrigeri:
> Can we agree on this (quoting what I just added to the ticket):
>
> The Wi-Fi usecase is a bit different: the public / private computer
> distinction does not make sense, but there are two main situations:
>
>   1. Some Wi-Fi networks restrict access to a list of known MAC
>      addresses, so in this case, the user of a known computer wants to
>      use their real MAC address.
>   2. In most (all?) other cases, we want to anonymize the MAC address.


Just quoting because that was also unanswered.

To move this ticket hopefully forward, some thoughts...

Is this a perfect solution?
No.

Does it cover all imaginable use cases?
No.

Is it better than the current situation?
Yes. Don't let the perfect be the enemy of the good.

Applying that logic, starting with goals you suggested seems sensible to me.

Quoting myself.
> https://sourceforge.net/p/whonix/wiki/MAC/


I didn't want to overthink things with that overview. Just thought
without considering it and writing it down, it becomes and endless
discussion what should be supported and what shouldn't, while people
aren't likely to talk about the same things.

> past usage


I suggest not to care what was used in past to simplify things.

> changing mac gets admin attention


Is this a realistic threat model?

> changing mac network breaks


I think this is definitively realistic.

> admin looks for consistent mac


How realistic is this threat model? Someone sitting at a desk,
remembering users and watching their mac address on screen as they boot
up their notebook?

Wouldn't it be much more effective to look over their shoulder or to use
a miniature camera to spy on them?

> admin looks out for unpopular vendor ids


Whenever this is realistic or does not have to be asked, since macchiato
will solve that.