Linux NetworkManager And Anti-Privacy default settings: Call For Action

Manish

Aug 15, 2022 — 3 min read

NetworkManager is a top Linux application, available in each major Linux distributions and heavily used on laptops, desktops, and since Pinephone and Librem 5 - on Linux phones too. Networking and user privacy are important more than ever, and there are some questions related to the last.

MAC address randomization

In 2017, NetworkManager devs changed the default "do not touch" rule to "preserve" for MAC addresses, mainly for making life easier for macchanger and similar external tools. NetworkManager randomizes MAC only when scanning area in search for available Access Points (AP). To improve the situation and always randomize MAC address, add next lines to /etc/NetworkManager/conf.d/privacy.conf:

[device]
[device-mac-randomization]
# now enabled default
wifi.scan-rand-mac-address=yes

[connection-mac-randomization]
# still not enabled by default
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random

Why does randomization matters? MAC address is the number one identifier for Internet and is critical for privacy: people can be tracked in parks, restaurants, McDonald's; also there's MAC address registers can be helpful in identifying user's device and even model numbers.

Still saving passwords in plain text? Yes!

NetworkManager stores all passwords in plain text inside the configuration files:

# grep -r 'psk=' /etc/NetworkManager/system-connections/

They are, of course, under permission 0600 and can be read by root only, but it will definitely not cover cases like stolen laptops without SSD encryption.

Best way to save Wi-Fi passwords is using local keyrings, like available in GNOME and KDE. Why this is still not default - the truly miracle. It will definitely not be hard to add automatically check if local keyring is already installed and ask users to install it or put big red banner "Insecure!" and let them save their passwords in plain text.

It is preferable to save the passwords in encrypted form in a keyring instead of clear text. The downside of using a keyring is that connections have to be set up for each user.

For saving encrypted Wi-Fi passwords in local keyring, click on network connection profile, then Edit → Wi-Fi Security tab, find a password input field, click on the right icon of password and check Store the password only for this user.

Why not use an option like "Encrypt Wi-Fi passwords - Yes/No"? Well, still unknown. Maybe too easy and still doesn't fit in GNOME or Red Hat Interface Guidelines.

Connectivity checks

To ensure if a connection is actually connected or not, NetworkManager sent an HTTP GET request to a server to check it in action. Connectivity can also be checked manually:

$ nmcli networking connectivity check
full

Sending the same network requests after each established connect isn't privacy-friendly, 'cause exposing private information about user OS, which can be useful for targeting.
To disable the connectivity checks, add the configuration below to the privacy.conf:

[connectivity]
enabled=false

Sending machine hostname in DHCP request

NetworkManager also sent hostname in DHCP request; more details are here. Global option to disable this behavior still not available yet, the only way is editing each connection profile in /etc/NetworkManager/system-connections/ and add

[ipv4]
dhcp-send-hostname=false

[ipv6]
dhcp-send-hostname=false

For many NM connections next simple automation will do it faster:

IFS=$'\n'
for i in $(grep ^id= /etc/NetworkManager/system-connections/*.nmconnection | cut -d= -f2); do \
    nmcli connection modify "$i" ipv4.dhcp-send-hostname no ipv6.dhcp-send-hostname no; \
done

The bugreport is here.