MAC Address Randomization

A MAC address is a unique number given to every network adapter, in order to identify it. Whenever you connect your computer to a network (like a public WiFi hotspot, for example), your computer will send its MAC address to the router. Since it is a unique ID number, it could be used to track you. This is bad for anonymity, so this guide will teach you how to randomize your MAC address on linux.

First, you want to install the program macchanger (GPLv3-licensed). Search your distro's package manager for macchanger - if it's not there, then download and install it from here. If you downloaded it from github, open a terminal in the directory you downloaded everything to, and run ./autogen.sh, followed by make, and sudo make install.

Once you've installed that, you need to figure out which network device you're using. If you're using an ethernet cable to connect to the internet, it's probably eth0. If you're connecting wirelessly, then it's probably wlan0. To check, open a terminal, and run ip route. Look at the first line it outputs. It should say something like this:

default via <IP address> dev wlan0

You are looking for the part after the word dev. In this case, it was wlan0. Remember this device name for later.

To test if macchanger works, run the command nmcli networking off. This will disable networking for your computer (effectively disconnecting it from the internet, and forbidding it to reconnect until you say so). You need to have networking disabled before you can change your MAC address.

Then, run sudo macchanger -A wlan0. If your network device name isn't wlan0, replace wlan0 with whatever it is. If it worked, it should print out your permanent MAC address, and a new MAC address that is different from the permanent one. If it did, turn networking back on with nmcli networking on. (If it didn't work, make sure that you followed the steps above exactly.)

You can now change your MAC address just about whenever you want. But, typing three different commands into the terminal whenever you want to change it is a bit cumbersome. You can reduce it to one command by creating a shell script to do all of this for you. Create a new file in your home directory called changeMacAddress. Open it up with a text editor, and paste the following in:

#! /usr/bin/env bash

if [ $EUID -ne 0 ]
then
	echo "This script only works if you invoke it with sudo."
	exit
fi

nmcli networking off
sleep 2
macchanger -A wlan0
sleep 2
nmcli networking on

Again, change wlan0 if you have a different network device name. Save and close it, then open up a terminal in the same directory you saved the file in. Run the following:

chmod +x changeMacAddress
mv changeMacAddress /usr/local/bin/

Now, whenever you want to change your MAC address, all you have to do is open up a terminal, and type changeMacAddress. It will automatically disable networking, change your MAC address, then re-enable networking.

This is pretty good, but what if you want to change your MAC address before you connect to any network? You could delete all saved WiFi networks, so that your computer won't automatically when it starts up, which would give you a chance to run macchanger first, but that would be a pain to have to manually connect to WiFi every time. Fortunately, there is a much easier way to do this: by creating a service to be run at boot time, before the computer connects to any networks.

This will describe how to create a systemd service, since most linux computers nowadays are using systemd. To check if yours is, run systemctl --version. It it prints out a systemd version number, you're using systemd. If you're not running systemd, look up how to create a service for whatever init system your computer is using.

To create the service, navigate to /lib/systemd/system/. Create a new file called macchanger.service. Open it, and paste the following in:

[Unit]
Description=MAC Address Changer
Documentation=man:macchanger(1)
Before=network-manager.service

[Service]
Type=oneshot
ExecStart=/usr/bin/macchanger -A wlan0

[Install]
WantedBy=multi-user.target

Again, make sure to change wlan0 to whatever your network device's name is, if it's not wlan0. Save and exit, then run sudo systemctl enable macchanger.

Now, reboot your computer. After you log back in, open a terminal, and run macchanger wlan0, replacing wlan0 with your network device's name. If it shows your current MAC address as being different from your permanent MAC address, then it worked. Congratulations! Your computer now randomizes its MAC address at startup, thus strengthening your anonymity.


Some people might be thinking, "But if my computer randomizes its MAC address, and whatever network I'm connecting to finds some other way to identify my computer by its network traffic (like recognizing that it always connects to a certain IP address), won't that make me stand out even more?" The answer would have been yes, had it not been for Apple. Recently, Apple has started implementing MAC address randomization on all new iPhones by default. So, if a network administrator sees that someone is connecting to their network with a randomized MAC address (if they're able to determine that at all), they'll probably think it's just another iPhone, instead of it being someone who wants to preserve their anonymity. So, there's no real downside to doing this.

If you want to be sure that your separate MAC addresses can't be connected to each other, try to eliminate any patterns that might be present in your web browsing. Make sure everything is being routed through Tor, and use a lot of different bridges. You can add as many as you want to your Tor configuration, so add a whole bunch.