How to prevent wireless network tracking?


It's no secret that corporations collect data about Wi-Fi devices of users who are near the device. If some devices, be it a laptop or smartphone, when connected to the network, can generate a new mac-address, thereby preventing them from being tracked.

How to protect a device running openwrt? I think it is possible to create a new MAC address and wireless network name at power up or once a day to interfere with tracking.

If so, how do client devices know which network they should connect to? Maybe such a tool already exists? What do you think about this?

Even if you could do that on the AP, I do not know if any (generally available) method to configure the clients.

I have not come up with anything better than generating data on the client device and sending it via ssh to the router. In this case, other clients will have to find out the ssid manually or try to connect to several networks in turn until one of them accepts the password.

Android 8.0 introduced using random MAC addresses when looking for new WiFi networks. As of Android 10, the default is to present a random mac address to AP's both when looking for networks and connecting to wireless networks.

I don't know the specifics for iOS or other client operating systems, but I mention this to amplify the other responses. This is generally done on the client side, not the AP side.

It is is possible to change the MAC address presented by OpenWrt AP's in the wireless configuration as follows, but this is a one time change until you manually modify the MAC address again.

config wifi-iface 'default_radio0'
         option macaddr '00:90:A1:CA:FE:01'

Perhaps this will be a partial solution for you.

1 Like

How are you going to coordinate all those Android, Apple, Windows, Smart TV, and whatever devices into changing their configuration to a new SSID each time you change it?

You can run macchanger to set up a random MAC address on boot or on schedule.

What is it that you are concerned is tracking your OpenWRT device? How do you think 'they' are doing this tracking?

Changing the mac address is not a problem, but you should also change ssid and tell all clients what network they need to connect to. The only problem is how you tell the clients this information.

That's my question.

One more time. The basic scenario looks like this:

  1. Change the BSSID
  2. Change the SSID
  3. Notify clients of the created SSID

The problem only arises at step three.

A list of available devices (access points and their clients) is made when scanning networks and sent to the servers of the companies where the map is made. This allows you to find out where the device used to be and where it is now, and all the clients that connected to it. If it is a mobile device then you can even map its travel route.

Your options:

  • Utilize some sort of group policy management like Ansible to deploy the configs.
  • Use a predefined rule to change the SSID, e.g.
SSID="$(LANC=C date +%Y%m%d:passphrase | sha256sum | head -c 8)"

What do you think is making this list? And how do you think it's being done to/with your OpenWRT device? Frankly it's sounds like your paranoia is getting the better of you.

1 Like

The list is not made by the access point itself, but by the devices that connect to it. It may be a smartphone with unethical firmware, a laptop with Linux, but it has a browser with geolocation enabled. The devices scan the airwaves and send this data to corporate servers. Devices regularly send this data. Using this information, you can keep track of the people that corporations do. Use Google to learn more.

I planned this to get around the surveillance. I'm not going to prove anything about surveillance to anyone, because I could talk to the wall, and that would be even more productive.

If you help me with what's on my mind, I'll listen to you.

Right... Paranoid much?

Maybe you'd be better off getting rid of the devices that are tracking you than trying to solve it by repeatedly changing the MAC address of your router

And the general answer is "no", because no such protocol exists today; and even if it existed, it is not generally used.

You could probably build something yourself for a computer. A phone will be more difficult, as they have a hardened security model. But an embedded device, that does not accept external programs, will be impossible.

1 Like

Problems can be avoided by creating, for example, 30 SSIDs for the entire month and synchronizing this list to all devices in any way. You will need to create connection files on the device saying that if such a network is detected, you will need to connect to it. If it is not possible to create such files, you can always open the list and find out the name of the currently existing network.

This is still a sketch, but I think that this will work.