Linux NetworkManager And Anti-Privacy default settings: Call For Action
NetworkManager is a top Linux application, available in each major Linux distributions and heavily used on laptops, desktops, and since Pinephone and Librem 5 - on Linux phones too. Networking and user privacy are important more than ever, and there are some questions related to the last.
MAC address randomization
In 2017, NetworkManager devs changed the default "do not touch" rule to "preserve" for MAC addresses, mainly for making life easier for
macchanger and similar external tools. NetworkManager randomizes MAC only when scanning area in search for available Access Points (AP). To improve the situation and always randomize MAC address, add next lines to
[device] [device-mac-randomization] # now enabled default wifi.scan-rand-mac-address=yes [connection-mac-randomization] # still not enabled by default ethernet.cloned-mac-address=random wifi.cloned-mac-address=random
Why does randomization matters? MAC address is the number one identifier for Internet and is critical for privacy: people can be tracked in parks, restaurants, McDonald's; also there's MAC address registers can be helpful in identifying user's device and even model numbers.
Still saving passwords in plain text? Yes!
NetworkManager stores all passwords in plain text inside the configuration files:
# grep -r 'psk=' /etc/NetworkManager/system-connections/
They are, of course, under permission
0600 and can be read by root only, but it will definitely not cover cases like stolen laptops without SSD encryption.
Best way to save Wi-Fi passwords is using local keyrings, like available in GNOME and KDE. Why this is still not default - the truly miracle. It will definitely not be hard to add automatically check if local keyring is already installed and ask users to install it or put big red banner "Insecure!" and let them save their passwords in plain text.
It is preferable to save the passwords in encrypted form in a keyring instead of clear text. The downside of using a keyring is that connections have to be set up for each user.
For saving encrypted Wi-Fi passwords in local keyring, click on network connection profile, then
Wi-Fi Security tab, find a password input field, click on the right icon of password and check
Store the password only for this user.
Why not use an option like "Encrypt Wi-Fi passwords - Yes/No"? Well, still unknown. Maybe too easy and still doesn't fit in GNOME or Red Hat Interface Guidelines.
To ensure if a connection is actually connected or not, NetworkManager sent an HTTP GET request to a server to check it in action. Connectivity can also be checked manually:
$ nmcli networking connectivity check full
Sending the same network requests after each established connect isn't privacy-friendly, 'cause exposing private information about user OS, which can be useful for targeting.
To disable the connectivity checks, add the configuration below to the
Sending machine hostname in DHCP request
NetworkManager also sent hostname in DHCP request; more details are here. Global option to disable this behavior still not available yet, the only way is editing each connection profile in
/etc/NetworkManager/system-connections/ and add
[ipv4] dhcp-send-hostname=false [ipv6] dhcp-send-hostname=false
For many NM connections next simple automation will do it faster:
IFS=$'\n' for i in $(grep ^id= /etc/NetworkManager/system-connections/*.nmconnection | cut -d= -f2); do \ nmcli connection modify "$i" ipv4.dhcp-send-hostname no ipv6.dhcp-send-hostname no; \ done
The bugreport is here.
Dear developers, please make NetworkManager capable to:
- connect to Internet with random MAC address
- without connectivity checks
- do not save passwords in plain text
- do not send machine hostname
And set above options to default, 'cause privacy matters and definitely don't all users will dig deeper and learn all available options.