Random MAC-adresses for each new connection with wifi and Multi-Use of vouchers
Hi,
today I read that with iOS 14 apple is changing the behavior of MAC adresses used for wifi-connection. Each new connection (to the same wifi) another random MAC adress will be used. I already noticed this behavior with some android phones, especially China brands.
Currently we are providing wifi to users with the EAP APs and the central controller software. Our vouchers are valid for a specified period (eg 7 days) and multi-use is set to 1 device. We don't want to have to user to be online with more than one device at the same time.
In the past some users reported that they cannot connect after a period of time. I figured out that most time the new MAC adress seems to be the reason.
How does the controller determine if its the same or another device which connects to our wifi the the voucher-code? Do random MAC adresses will cause any trouble with the multi-use option? Is there any way for the user to actively "logout" of the current session so a stored MAC adress will be deleted on the controller?
kind regards,
Christian
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
indigo wrote
today I read that with iOS 14 apple is changing the behavior of MAC adresses used for wifi-connection. Each new connection (to the same wifi) another random MAC adress will be used.
If I understand this technical note from Apple correctly, a randomized MAC address will be used for each different network, but not for each different connection (that would break all existing sessions while roaming and it would introduce a lot of other issues):
https://support.apple.com/en-us/HT211227
However, even Apple seems to not be sure about the possible implications of their new feature, else they wouldn't recommend to casually turn off this privacy extension if things are not working. IMO they go crazy now, because MAC randomization once was specified for WiFi surveys only as described in the white paper for MAC randomization (and this makes sense to avoid tracking of clients just passing by a nearby WLAN, but not connecting to it at all).
IMO MAC randomization makes no sense for persistent connections to a specific WLAN selected during such a survey, even if the user connects to the same WLAN next day, especially if the WiFi hostname of the device is something like »John Doe's iPhone« which can still be tracked by its name and even reveals more than a MAC address does.
If WLAN hotspot providers can't identify the device in their own WLAN, they cannot offer certain functions expected by hotspot users such as authorization, roaming etc.
Albeit I cannot answer your followup questions about how users can invalidate vouchers, my opinion is that Apple users have to take care of this if they want a seamlessly working WLAN connection.
- Copy Link
- Report Inappropriate Content
I think it is absurd that Apple has enabled this "feature" by default and didn't publicize it in any meaningful way. I have a lot of iOS equipment and frequent all of the iOS related technical sites and blogs, and this feature took me completely by surprise.
That said, I've not seen any issues with it on my home network. But seriously who is tracking MAC addresses from Wifi network to Wifi network to localize people's devices (other than the government).
A total unnecessary and potentially disruptive feature. I guess I better find my tin foil hat, next.
This definitely seems like a feature people should be opting into, rather than opting out of.
- Copy Link
- Report Inappropriate Content
I've seen numerous reports of the interaction of this new feature, together with making Wi-Fi calling calls, causing kernel panics in the Apple Airport and Airport Extreme AP.
Comcast has also put out a notice in the US about potential issues between this new feature and Comcast internet service.
- Copy Link
- Report Inappropriate Content
JSchnee21 wrote
But seriously who is tracking MAC addresses from Wifi network to Wifi network to localize people's devices (other than the government).
Shops and warehouses do so. They track customers to find out from which rummage table customers go to which other rummage table. This is even offered by some big WiFi manufacturers as a ready-made software solution in their products.
And you probably noticed that smartphones fire up geolocation services if you search for nearby WLANs. Map services of the usual data collectors (Apple, Google) create SSID-to-GPS mappings to make the map services more precise. This way, they also get detailed motion profiles which are then used to bomb you with personalized ads. Of course, they don't cut you in on their profits they make from those ads using your devices. But I guess they don't use MAC addresses at all when they can collect the phone's IMEI number.
BTW: better than MAC randomization is a portable Faraday cage. Also good as a protective cover against rain while riding a motorcycle.
I like this gadget :-)
- Copy Link
- Report Inappropriate Content
Good point. I had assumed (likely incorrectly) that by not associating with the wifi networks as shops that they probably weren't tracking me. But I honestly hadn't given it much thought. I'm not opposed to tracking / big brother, per se. I don't have anything to hide.
While I'm aware of these technologies -- such as Bluetooth beacons, facial recognition, etc -- my experience, in the USA at least, is that most companies / organizations are so poorly run from an IT perspective due to outsourcing, departmental silos, and other issues that the ability to muster a coordinated user data tracking effort in store or store to store seems highly unlikely. Unless you're a really big high profile brand like Apple, Microsoft, BestBuy, Target or similar.
Honestly with Amazon these days, other than the grocery store, I don't really frequent shops very often. Online tracking is so much more ubiquitous, pervasive, insidious, I kindof considered physical tracking to be rather passe (-:
- Copy Link
- Report Inappropriate Content
"portable Faraday cage"
That definitely has merit for midnight (or afternoon) "rendezvous"
You could also just turn your phone off or put it in Airplane mode -- assuming off is really completely off -- which isn't always the case with Apple products.
But with toll plaza, police car, and red-light/traffic cam license plate OCR -- you're still not home free.
If your in a major city (e.g. London) forget it, you're on a different camera every 1000 feet or so.
Privacy, regrettably, is an illusion, and we are all Winston Smith
- Copy Link
- Report Inappropriate Content
JSchnee21 wrote
I don't have anything to hide.
So, you run naked through the streets? Bravely!
You could also just turn your phone off or put it in Airplane mode -- assuming off is really completely off --
Wrong assumption.
the ability to muster a coordinated user data tracking effort in store or store to store seems highly unlikely.
Again wrong. From their white paper:
red-light/traffic cam license plate OCR
Motorbikes have no front license plate. I've never been fined for being flashed when I was a bit too fast, but of course I'm not tired of life and do stop on red traffic lights.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 3240
Replies: 7
Voters 0
No one has voted for it yet.