Important details related to MAC addresses:

So, there are two aspects of MAC addresses that are problematic: that they are long-term identifiers, and that they actually reveal things about that device.

If upon installation the FreedomBox software merely changed each machine's MAC address to a random value, we'd solve the second problem (avoid revealing who made the device). However it's trickier than that, since we may not have a good source of randomness at installation time (making our addresses too predictable), and also, devices that have a random MAC address (instead of one assigned to a company on the IEEE-maintained registry of Ethernet manufacturers) might make it too obvious that the manufacturer's MAC address had been overwritten, which would lead totalitarians to pay more attention.

We could carefully pick a random number and then package it into a MAC address that looks like it comes from a popular manufacturer. For example, we could have a table of a hundred big manufacturers, and for each, the known range of "serial number" bits that they shipped. We'd use part of our random number to pick a manufacturer, and another part to pick a valid-looking serial number within that manufacturer's products. To avoid drawing scrutiny, we might have to be more selective, e.g. avoid putting a MAC address from a 10-megabit 1990s 3Com Ethernet card onto a 2010s WiFi link.

Changing the MAC address to a packaged random value *periodically* -- perhaps daily or weekly -- would solve the first problem of its being a long-term identifier. IPv6 can cope with that without trouble; it encourages interfaces to have multiple IPv6 addresses, deprecating old ones while allowing existing communications to work. IPv4 can also cope with changed MAC addresses; within seconds, any neighbor on the Ethernet or radio who is communicating with the node will know the new MAC address that matches the same old IPv4 address.

We would have to test any new candidate MAC address, before using it, by trying to communicate with it and seeing if anything responds. See the "Duplicate Address Detection" algorithm in RFC 4862.

MAC addresses in all modern networking chips can be set from software.

I think what you mean is that the *default* MAC address is stored in flash, near where the boot firmware is stored, and that some boards running Linux can't rewrite that flash memory. "Can't" is probably too strong a word -- many can, but how to do so is often merely undocumented, providing a little security-by-obscurity.

"ifconfig DEV hwaddr xx:xx:xx:xx:xx:xx" or "ip link set DEV xx:xx:xx:xx:xx:xx" lets you set the MAC address of DEV at any time from a shell, as root. There is also an equivalent low level interface.

We can't set 0:0:0:0:0:0 as every interface's MAC address. There is good reason to have unique addresses on Ethernet interfaces. On a given Ethernet, or in a given WiFi radio range, communication will fail if multiple interfaces have the same address (unless those interfaces specifically coordinate with each other, e.g. are plugged into the same node and use custom software to pretend to be a single interface). If you and your neighbor both have a FreedomBox with WiFi address 0:0:0:0:0:0, there will be no way to send a packet to YOUR FreedomBox; your neighbor's box will also receive the packet and is just as likely to respond to it -- which will confuse the communication when BOTH boxes respond to it.









Live Help

Where To Start







To Do









FreedomBox for Communities

FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Mailing List - #freedombox | CONTACT Foundation | JOIN Project

Next call: Saturday, August 13 at 14:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.