Private Mac addresses in IOS14
-
Again, the MAC address is completely irrelevant beyond the first router. So, if you're running your own router, not even your ISP will see your phone's MAC address. The snooping must be done no later than that first router. It's definitely tinfoil hat time!
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
While it is possible that use of a different mac (what apple is calling "private") could cause you issues on your local controls. Be it a captive portal, or dhcp reservations not working so you can filter or route specific IPs based upon that device always getting the same IP via its reservation.
The privacy aspect of this is really meant for when you bounce around using different wifi networks. So for example you use the same mac at Starbucks and you do at McDonalds - from this it would be possible for "someone" to know that hey the same device was both at starbucks and mcdonalds.. While this mac doesn't really tell them who is person was - from info given to say access the captive portal.. It could allow for tracking of billy across multiple networks - if the operator/owners of these networks share information about what mac addresses are accessing their network.
As mentioned a few times already - mac are only seen at the L2 you are directly connected to.
For control and routing of these devices on your own local network, would suggest you disable use of these so called "private" mac on your own local networks. So that your dhcp assignments still work, and captive portals and or policy routing function how you want them too.
-
@JKnott said in Private Mac addresses in IOS14:
Again, the MAC address is completely irrelevant beyond the first router. So, if you're running your own router, not even your ISP will see your phone's MAC address. The snooping must be done no later than that first router. It's definitely tinfoil hat time!
Not sure why you keep saying this, what Apple term as private MAC addresses are really only designed to be used away from home.
It’s really only of use when you are using free wifi and don’t want your MAC address to be registered whenever you connect away from home
-
Yeah, this could be painful initially when those devices send a different MAC but it's not random every time they connect back to the same SSID.
Android does this now too: https://source.android.com/devices/tech/connect/wifi-mac-randomization
Steve
-
I just checked my Pixel 2 with my guest SSID and see it does use a random MAC for new SSIDs. However, anything I had set up on previous phones uses device MAC. I hadn't even known about that setting.
-
Ah that's good to know.
It was also unclear if it does this now by default on either OS but I think it does.
Steve
-
My Pixel 2 with Android 10 has it, but not my Asus tablet with Android 7. Random is default, except for previously configured connections. So, any that were inherited from my Nexus 5 use the device MAC.
-
@stephenw10 said in Private Mac addresses in IOS14:
It was also unclear if it does this now by default on either OS but I think it does.
It certainly turned on by default on my iPad Pro and iPhone 11 Max.
-
@Vollans said in Private Mac addresses in IOS14:
@stephenw10 said in Private Mac addresses in IOS14:
It was also unclear if it does this now by default on either OS but I think it does.
It certainly turned on by default on my iPad Pro and iPhone 11 Max.
I upgraded last night just to see what's about ... seems like much to do about nothing even if turned on by default.
-
Yeah not sure who it would cause headache for - other than someone that doesn't under how dhcp reservations work..
So it turned it on for networks your phone had already been connected too?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@johnpoz said in Private Mac addresses in IOS14:
So it turned it on for networks your phone had already been connected too?
My understanding is it picks a new random MAC when connecting to a new SSID. It shouldn't change when you connect again.
-
@johnpoz yes, my pre-existing learnt networks have it switched on automatically. For me, that's not a problem.
-
Apple seems to have a pretty good POLA violation on their hands here, IMHO. Considering it uses the same MAC address every time it connects to the same network it shouldn't break things like Captive Portals or DHCP pools. But static mappings, etc will certainly break.
The user should have at least been asked if they want new MAC addresses for existing networks, while the blank stares at the screen from the majority would be funny to montage.
-
@Derelict said in Private Mac addresses in IOS14:
The user should have at least been asked
Yeah no shit ;) First thing I had to go and turn off on my 3 apple devices as I updated them to 14 the other day.. Not a peep from the thing that it was doing this..
Why do these OS makers continue to treat their users like idiots.. The last sort of thing that was pissing me off is windows with its update to 2004.. Just saying your machine is not ready -- well why and the F not?? Clearly you know why its not updating, because your not letting it... But what is the specific reason.. So possible it can be corrected.
Finally had to just do a freaking clean install.. Works fine..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.03 | Lab VMs 2.7.2, 24.03 -
@johnpoz said in Private Mac addresses in IOS14:
Why do these OS makers continue to treat their users like idiots..
-
@johnpoz said in Private Mac addresses in IOS14:
Why do these OS makers continue to treat their users like idiots..
Maybe because they bought iPhones.
<ducking>With Android, it appears to generate a random MAC when first connected to an SSID and then use it for all future connections.
-
@JKnott said in Private Mac addresses in IOS14:
@johnpoz said in Private Mac addresses in IOS14:
Why do these OS makers continue to treat their users like idiots..
Maybe because they bought iPhones.
<ducking>With Android, it appears to generate a random MAC when first connected to an SSID and then use it for all future connections.
LOL no ****, it’s in the interest of Google to be able to track you by MAC address when ever you join a Wi-Fi network if the MAC stays consistent per SSID they are sorted.
-
Both Android and iOS appear to do the same for new networks; use a random MAC but that keep using that for re-connections to that same network.
The only thing that seems unclear is their behaviour when connecting to already known networks.
It seems iOS is using a random MAC there too potentially breaking stuff.
Android seems to retain the real MAC for existing networks as reported above.Steve
-
Yes, when I got my Pixel 2 and synced it to my previous phone, it also received my WiFi connections. They use the hardware MAC. A connection I set up a couple of weeks ago uses the random number.
-
It is so funny to see some Netgate forum members always bring up TIN FOIL HAT every time someone asks or says about privacy & security.
@bcruze, Mac Private address is just a layer of security. The same as T2 chip and read-only system volume in Catalina. Apple is aware that their previous devices were easy target for hacking. Not to mention the leaking on intel chip issue.
