Router MAC address privacy

In summary, is there a consensus that adding “_optout_nomap” to WiFi name does not bring value?

There is no harm but yeah I’d agree that there isn’t much point. There are much more effective surface level things you can do like not putting PII in your Wi-Fi SSID.

Or just use wired networking.

Like much in the privacy community, a lot of what we do is based on assumptions and best guesses if not experience and I see a lot of that in this thread… because unless you work for google maps, then you really don’t know how a randomized MAC AP will be recorded or treated internally. It’s not like there are many Snowdens out there either.

Well we also have experience… so to get back on track…

I have been randomizing the MAC on my openwrt routers for YEARS before this showed up last year as it just seemed obvious to me. Now you don’t have to do anything complicated to do this, it’s just a simple setting to add to the network config or button to click via the LUCI web interface. The complicated scripts posted above are so overblown because any time the interface is brought up or down with this setting active, the MAC changes anyway. This means that (since you should be rebooting your router regularly anyway for security purposes) you will have regularly updated MAC with out even trying too hard. For instance, if you set your router to reboot every day, then you will have a different MAC every day.

Now experience.

I live in a touristic place, in an apartment building on the main high street with an airbnb literally next door to me no less and have never once seen my unique network (again necessary for the security of the router and its PSK) show up on WIGLE or elsewhere. I have even contributed some data using pwnagotchi etc. but never once have I seen any reference to any AP I’ve ever had anywhere show up. This is not the case for my neighbors with their static SSID and MACs.

Now assumptions.

1. When an AP has a randomized MAC it looks like a hotspot. This in itself is not at all useful to FAANGs as far as location is concerned since hotspots are obviously mobile.

2. For Gmaps to link location data to a physical AP’s MAC, they need androids and chromecasts with wifi-scanning and they need at least 3 trustworthy data points to triangulate accurately the location of an AP.

3. With a daily MAC change, there is not enough data to accurately track an APs location over time and since its ephemeral, if it does get tracked, then it will not last.

4. The MAC is the only thing that can be used to accurately track location since it is possible to tell whether that is randomized or not. A static SSID and MAC is a useful data point. A random MAC with ‘known’ SSID is useless for triangulating location.

5. No one is combing through data looking at why a particular SSID has lots of hits in one general location with many random MAC addresses recorded. The machine is only looking to log accurate location data, not make conjectures on what could be happening.

Now just to end this, there is one point that I didn’t notice being made… TURN YOUR FUCKING AP DOWN! As I said, I live in an apartment and, with my 5G radio turned down to half power, and 2G radio turned down to 1/10th power, I have more than enough coverage even in my garden. There is no advantage to blasting wifi at full power in MOST cases. Apart from security benefits of making it harder to attack your wireless devices at range, better battery life for your devices, and longer life for your AP’s, it also stops people driving by from accurately scanning your SSID. If your AP is showing at -90dbm to a random android, then I don’t think google maps is really going to give much of a shit about it at all.