MAC Address Randomization

A MAC address is a unique number given to every network adapter, in order to identify it. Whenever you connect your computer to a network (like a public WiFi hotspot, for example), your computer will send its MAC address to the router. Since it is a unique ID number, it could be used to track you. This is bad for anonymity, so this guide will teach you how to randomize your MAC address on linux.

If you use NetworkManager (if you don't know what it is, you likely are using it and can test so by executing nmcli connection) you can have you mac address randomize on reboot or when an interface is connected.

Before doing the following, execute ip a > oldmac.txt to save you old mac address to ensure that your mac has changed after this tutorial.

Create the file /etc/NetworkManager/conf.d/00-macrandomize.conf and edit it with sudo. Append the following into the file:



cloned-mac-address with stable generates the same hashed MAC every time a NetworkManager connection activates, but uses a different MAC with each connection. To get a truly random MAC with every activation, use random instead of stable.

Restart NetworkManger with systemctl restart NetworkManager.

Execute ip a and see if your mac address has changed from the text file oldmac.txt we created before. Usually your devices mac address is on points 2: and :3. If it has, congratulations!

Some people might be thinking, "But if my computer randomizes its MAC address, and whatever network I'm connecting to finds some other way to identify my computer by its network traffic (like recognizing that it always connects to a certain IP address), won't that make me stand out even more?" The answer would have been yes, had it not been for Apple. Recently, Apple and Google have started implementing MAC address randomization on all phones running Android 10+ and new iPhones by default. So, if a network administrator sees that someone is connecting to their network with a randomized MAC address (if they're able to determine that at all), they'll probably think it's just another iPhone, instead of it being someone who wants to preserve their anonymity. So, there's no real downside to doing this.

If you want to be sure that your separate MAC addresses can't be connected to each other, try to eliminate any patterns that might be present in your web browsing. Make sure everything is being routed through Tor, and use a lot of different bridges. You can add as many as you want to your Tor configuration, so add a whole bunch.