Let’s say, I sit down in a mall, open my laptop and connect to a secured mobile hotspot. Then I do it again next week after a reboot. What information would a nearby shop or a passive malicious hacker be able to find about my device? Does my device send out identifying information before joining, like a MAC address? Is this persistent, or randomized?
I intentionally haven’t specified a distro, so if something only applies to some network managers, give some details.
Bonus points: what about Android phones?
If you and the attacker share the same network the attacker can get all sorts if info.
Tools like nmap show things like ip, mac, ports and os detection.
You can use macchanger to randomize your mac. I think there is a setting in networkmanager to do this. Been a while since I looked in the settings.
To add to this, I’d be more worried about traffic collection. DNS requests (if your browser isn’t using dnssec then you may not be aware), IPs visited, and other stuff.
not only the browser, other programs and system services too
I might be wrong on this or might be missing your point, but I thought dnssec was for validating integrity of the request, not to encrypt it like DoT or DoH.
Sorry my bad, you are correct and I meant DoT or DoH.