[Whonix-devel] MAC changer "blend into the crowd" by only using common manufacturer MAC (OUI part) addresses broken by design?

Patrick Schleizer patrick-mailinglists at whonix.org
Thu Nov 26 20:52:08 CET 2015

Tails' current implementation...

only spoof the NIC part: yes [1]
OUI part unchanged: yes [2]

quu9ohch [1]:
> [...] It is not possible to "blend into the crowd" with a
"typical-looking" mac address when so many users allow themselves to be
uniquely fingerprinted and tracked. The tradeoff of using a weird (or
never manufactured) mac address is like the tradeoff of using tor. It
follows from the pigeon hole principle that one cannot hide the fact
that they are trying to hide (it is up to other users to hide you), but
the best one can do is become statistically exchangeable with the
largest possible set of anonymity participants via randomness. [...] [2]

An argument of mine... Quote Tails MAC changer design.

> [MAC OUI] lists do not take into account that some devices are pretty
much only used in some geographical areas

I conclude, for someone who traveled far or bought an uncommon notebook,
by not changing the OUI part, one could stand out more. Because always
that uncommon OUI shows up that is rare in that geographical area. And
worse so, the uncommon OUI with an always changed NIC. This would lead
to AdvGoalIdMacSpoof, AdvGoalIdTails and AdvGoalTracking. That
particular user with that uncommon OUI would be better off with a fully
random (OUI part and NIC part) MAC address. It would lead to
AdvGoalIdMacSpoof, but not to AdvGoalTracking. In my opinion, the better


[1] https://tails.boum.org/contribute/design/MAC_address/#index13h2
[2] https://tails.boum.org/contribute/design/MAC_address/#index12h2
[3] https://github.com/quu9ohch

More information about the Whonix-devel mailing list