Let’s say, I sit down in a mall, open my laptop and connect to a secured mobile hotspot. Then I do it again next week after a reboot. What information would a nearby shop or a passive malicious hacker be able to find about my device? Does my device send out identifying information before joining, like a MAC address? Is this persistent, or randomized?
I intentionally haven’t specified a distro, so if something only applies to some network managers, give some details.
Bonus points: what about Android phones?
(edit: all of below stuff is only for not being on the same network. After that it gets … messy)
Oh boy! First: Thank you - I thought to briefly validate my knowledge and understanding before answering and went down a rabbit hole :D this is my current grasp, happy to be corrected!
First: Most is actually not even distro agnostic but also OS agnostic:
Most modern wifi devices when you tell them to “connect to WiFi” radiates, literally, what it can do and what kind of connection it wants. E.g. im a wifi device with WPA3 capabilities and this is my Mac address to answer me.
OS specific is the question if your Mac address gets scrambled or not. For both iwd and networkmanager, which both support it, have it turned off by default. There is a big advantage to being able to be recognizable on friendly networks after all.
Now comes the part I wasn’t aware:
Even your hostname is often still broadcasted publicly! This happens during the DHCP handshake - and many devices don’t support apparently existing standards to address this gap. It’s all about securing the first frames where devices align on communication standards, encryption way, etc. This seems to still be quite public.
Android was easier (and iOS seems to be the same but I didn’t bother with that more): Same as Linux but more aggressive by default: Mac scrambling all the time while searching for networks ,DHCP uses obscure strings as hostnames, etc.
Fun fact: even those have stable max addresses once connected. Again, getting the same DHCP lease and being able to whitelist or recognized by the network seems to have more upsights than I was aware of.
On iOS and most androids, your Mac address is only scrambled per network. So when you connect to the same network again, your device will use the same Mac address. This generally isn’t an issue if you’re using a private wifi network, or any network where the password isn’t public, but for public wifi it makes it much easier to identify you.
Thanks for the addition! Edited to make it more clear: there part also referred only to the time before you’ve connected.
And track you, Cisco has had the ability to track MAC addresses over their APs on a map for 2 decades now.
Also track you over multiple networks- most only care about the SSID- so if you’ve ever connected to “eduroam” you can be tracked across multiple campuses.
Specifically for eduroam, I assume you can be tracked anyways, since you have to authenticate with your personal credentials, right?