Re: [Tails-dev] MAC Changer Concept

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: The Tails public development discussion list
Oggetto: Re: [Tails-dev] MAC Changer Concept
Hi,

(Just answering on minor points, as I personally stopped believing
baby steps were the way to go for this specific feature, and I doubt
anyone will make substantial progress on this until they've got the
means to spend at least a full week on it.)

adrelanos wrote (09 Apr 2013 12:49:54 GMT) :
> intrigeri:
>> Can we agree on this (quoting what I just added to the ticket):
>>
>> The Wi-Fi usecase is a bit different: the public / private computer
>> distinction does not make sense, but there are two main situations:
>>
>>   1. Some Wi-Fi networks restrict access to a list of known MAC
>>      addresses, so in this case, the user of a known computer wants to
>>      use their real MAC address.
>>   2. In most (all?) other cases, we want to anonymize the MAC address.


> Just quoting because that was also unanswered.


Oh, I'm sorry we did not reply to this thread after we decided we want
to go this way. See commit 64fd06692 ("Decision.") that removes the
todo/discuss tag and replaces "could" by "should".

> Applying that logic, starting with goals you suggested seems sensible to me.


I'm glad you agree.

>> changing mac gets admin attention


> Is this a realistic threat model?


In a setup with a static list of allowed MAC addresses (e.g. a LAN
with desktop computers that get fixed DHCP addresses in function of
their MAC address, and where no other computers are supposed to be
plugged in), any minimal log monitoring system will trigger an alarm.

I don't think this is unrealistic in enterprise settings, even the
combination of that setup + being able to boot from DVD/USB is
probably not that common.

>> admin looks for consistent mac


> How realistic is this threat model? Someone sitting at a desk,
> remembering users and watching their mac address on screen as they boot
> up their notebook?


> Wouldn't it be much more effective to look over their shoulder or to use
> a miniature camera to spy on them?


I've no strongly formed opinion on that specific point right now.

However a good start to discuss it would be to avoid mixing "a network
IDS automatically detects network configuration change events and
raises alerts" with "a specific user is targetted by people who
monitor his/her usage with spy gadgets". I think this only adds
to confusion.

>> admin looks out for unpopular vendor ids


> Whenever this is realistic or does not have to be asked, since macchiato
> will solve that.


... if, and only if, its lists grow substantially. Last time I've
checked, they still looked dramatically small, and using them would
probably offer attackers means to fingerprint Tails users that we'd
rather avoid. I don't mean improving these lists is impossible, but
I'm afraid we should not act as if it will come for free.

Any update on what steps are being taken to improve these lists?


Thanks for pushing this topic forward!

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc