XPost: alt.comp.os.windows-11, alt.internet.wireless

For Bluetooth and/or Wi-Fi, does Windows have the capability for...
1. MAC randomization *when scanning*
2. MAC randomization *per access point*
3. MAC randomization *per connection*
4. Did I miss any critical timer periods?

BACKGROUND:

The motherships (Apple & Google & Samsung at least) are starting to be
aware of the privacy flaws inherent in having a permanent MAC address.

So they're sloooooooooowly providing, release by release, the inherent capability to randomize your MAC address during those three tasks.

This article back in 2014, shows the danger of NOT randomizing Wi-Fi:
"When scanning for wireless networks, client devices like the
iPhone periodically broadcast identifying packets that include
the MAC address. In recent years, a number of firms have taken
advantage of these broadcasts to track individual devices as
they move around - for example, some retail outlets use MAC
address-based tracking to record the path that consumers take
as they move through the store, allowing long-term measurement
of shopping habits and better placement of sale materials
and advertising." 
<https://appleinsider.com/articles/14/06/09/mac-address-randomization-joins-apples-heap-of-ios-8-privacy-improvements>

And, this line in that same article shows the dangers with Bluetooth:
"The city of Houston's TranStar traffic monitoring system,
for instance, uses the MAC addresses from Bluetooth devices
to measure traffic flow on city streets."

The question I'm asking for this Windows newsgroup is whether Microsoft has added this capability to randomize the Bluetooth & Wi-Fi MAC during 3 times
a. When scanning
b. When connecting (per access point)
c. When connecting (per connection)

An example of these types of settings on other platforms might be this:
<https://i.postimg.cc/Rh87RNrV/macaddr02.jpg> Random MAC on every connect

Although it has implications for your home router LAN setup for static IPs.
<https://i.postimg.cc/nchSVcmS/vysor30.jpg> Static/Reserved IP address
--
Posted out of the goodness of my heart to disseminate useful information
which, in this case, is to try to learn about Windows MAC randomization.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11, alt.internet.wireless

On 07/03/2023 20:23, Andy Burnelli wrote:

For Bluetooth and/or Wi-Fi, does Windows have the capability for...
1. MAC randomization *when scanning* 2. MAC randomization *per access
point* 3. MAC randomization *per connection*
4. Did I miss any critical timer periods?

BACKGROUND:

The motherships (Apple & Google & Samsung at least) are starting to be
aware of the privacy flaws inherent in having a permanent MAC address.

So they're sloooooooooowly providing, release by release, the inherent capability to randomize your MAC address during those three tasks.

This article back in 2014, shows the danger of NOT randomizing Wi-Fi:
 "When scanning for wireless networks, client devices like the   iPhone periodically broadcast identifying packets that include   the MAC
address. In recent years, a number of firms have taken   advantage of
these broadcasts to track individual devices as   they move around - for example, some retail outlets use MAC   address-based tracking to record
the path that consumers take   as they move through the store, allowing long-term measurement   of shopping habits and better placement of sale materials   and advertising."� <https://appleinsider.com/articles/14/06/09/mac-address-randomization-joins-apples-heap-of-ios-8-privacy-improvements>

And, this line in that same article shows the dangers with Bluetooth:
 "The city of Houston's TranStar traffic monitoring system,   for instance, uses the MAC addresses from Bluetooth devices   to measure
traffic flow on city streets."

The question I'm asking for this Windows newsgroup is whether Microsoft has added this capability to randomize the Bluetooth & Wi-Fi MAC during 3 times a. When scanning
b. When connecting (per access point)
c. When connecting (per connection)

An example of these types of settings on other platforms might be this: <https://i.postimg.cc/Rh87RNrV/macaddr02.jpg> Random MAC on every connect

Although it has implications for your home router LAN setup for static IPs. <https://i.postimg.cc/nchSVcmS/vysor30.jpg> Static/Reserved IP address

My Android mobile phone now defaults to some kind of MAC randomization.
It's damn annoying.
If I forget of disable it none of the public Wi-Fi access points I use
will let me use them without re-registering every time.
I don't fully understand what it's doing though, because my own home
Wi-Fi manages to give it the same IP address every time.

--
Brian Gregory (in England).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11, alt.internet.wireless

Brian Gregory used his or her keyboard to write :

On 07/03/2023 20:23, Andy Burnelli wrote:

For Bluetooth and/or Wi-Fi, does Windows have the capability for...
1. MAC randomization *when scanning* 2. MAC randomization *per access
point* 3. MAC randomization *per connection*
4. Did I miss any critical timer periods?

BACKGROUND:

The motherships (Apple & Google & Samsung at least) are starting to be
aware of the privacy flaws inherent in having a permanent MAC address.

So they're sloooooooooowly providing, release by release, the inherent
capability to randomize your MAC address during those three tasks.

This article back in 2014, shows the danger of NOT randomizing Wi-Fi:
 "When scanning for wireless networks, client devices like the   iPhone
periodically broadcast identifying packets that include   the MAC
address. In recent years, a number of firms have taken   advantage of
these broadcasts to track individual devices as   they move around - for
example, some retail outlets use MAC   address-based tracking to record
the path that consumers take   as they move through the store, allowing
long-term measurement   of shopping habits and better placement of sale
materials   and advertising."
<https://appleinsider.com/articles/14/06/09/mac-address-randomization-joins-apples-heap-of-ios-8-privacy-improvements>

And, this line in that same article shows the dangers with Bluetooth:
 "The city of Houston's TranStar traffic monitoring system,   for
instance, uses the MAC addresses from Bluetooth devices   to measure
traffic flow on city streets."

The question I'm asking for this Windows newsgroup is whether Microsoft has >> added this capability to randomize the Bluetooth & Wi-Fi MAC during 3 times >> a. When scanning
b. When connecting (per access point)
c. When connecting (per connection)

An example of these types of settings on other platforms might be this:
<https://i.postimg.cc/Rh87RNrV/macaddr02.jpg> Random MAC on every connect

Although it has implications for your home router LAN setup for static IPs. >> <https://i.postimg.cc/nchSVcmS/vysor30.jpg> Static/Reserved IP address

My Android mobile phone now defaults to some kind of MAC randomization.
It's damn annoying.
If I forget of disable it none of the public Wi-Fi access points I use
will let me use them without re-registering every time.
I don't fully understand what it's doing though, because my own home
Wi-Fi manages to give it the same IP address every time.

https://armstrongonewire.com/Support/Internet/Articles/DisablingMACRandomization

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11, alt.internet.wireless

Brian Gregory wrote:

My Android mobile phone now defaults to some kind of MAC randomization.
It's damn annoying.
If I forget of disable it none of the public Wi-Fi access points I use
will let me use them without re-registering every time.
I don't fully understand what it's doing though, because my own home
Wi-Fi manages to give it the same IP address every time.

The phone should remember per-SSID which random MAC it previously used
(or whether it used its hardware MAC) are you telling it to forget the
SSIDs after you use them ... some earlier firmware *did* use random
every time and they stopped for the reason you describe.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11, alt.internet.wireless

Andy Burnelli wrote:

For Bluetooth and/or Wi-Fi, does Windows have the capability for...
1. MAC randomization *when scanning* 2. MAC randomization *per access
point* 3.

Is "scanning" a listen-only activity?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11, alt.internet.wireless

Andy Burns wrote:

The phone should remember per-SSID which random MAC it previously used
(or whether it used its hardware MAC) are you telling it to forget the
SSIDs after you use them ... some earlier firmware *did* use random
every time and they stopped for the reason you describe.

This specific answer above is better discussed on the Android newsgroup,
but the latest Android versions do _both_ (it's two separate settings).

1. By default, the MAC is randomized _per SSID_ (probably per BSSID)
2. In Developer options, you can set randomization per connection.
<https://i.postimg.cc/Rh87RNrV/macaddr02.jpg> Random on every connect

I'm not sure what MAC Windows uses for _scanning_ though.
*Which is why this thread was opened to find out.*

There are multiple scenarios to consider for the scanning question.
1. scanning for known ssids that are hidden
2. scanning for known ssids that are not hidden
3. scanning for unknown ssids that are not hidden
4. any others?

How does Windows handle the randomization when scanning?
(Note: How Apple does it for iOS is referenced in the sig.)
--
Here's a link for Apple's implementation of randomizing MACs for scans.
<https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: alt.comp.os.windows-11, alt.internet.wireless

Andy Burns wrote:

For Bluetooth and/or Wi-Fi, does Windows have the capability for...
1. MAC randomization *when scanning* 2. MAC randomization *per access
point* 3.

Is "scanning" a listen-only activity?

I get where you're coming from, which is that passive listening shouldn't
be a privacy problem but there's got to be a privacy issue to be resolved (whether or not Windows resolves it) because _both_ Apple (for iOS) and
Google (for Android) implemented randomized randomization (AFAIK).

I just don't know what Windows does when scanning for hidden access points.

Here's a link for Apple's implementation of randomizing MACs for scans.
<https://support.apple.com/guide/security/wi-fi-privacy-secb9cb3140c/web>

I also know what Android uses for _connecting_ to a Wi-Fi access point.
<https://i.postimg.cc/Rh87RNrV/macaddr02.jpg> Random MAC on every connect

But I am not quite sure what Wi-Fi MAC address is used while _scanning_ for Wi-Fi (or Bluetooth) access points (or for _connecting_ to Bluetooth APs.)

But that's only background because the question here is what Windows
randomizes when Windows actively scans (probes?) for Wi-Fi access points.

Specifically hidden access points.
If I knew how Windows handles these scenarios, I wouldn't be asking. :)

Some scenarios I can think of where Windows might randomize might be:
a. When scanning for hidden access points Windows is aware of
b. When scanning for not hidden access points Windows is aware of
c. When scanning for access points that are not hidden
d. Any others?

Note: Scanning may be tantamount to probing (but I'm not sure so I added
the wireless folks who can clarify if scanning is different from probing).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)