From the latest GrapheneOS release notes (grapheneos.org/releases#2020.):
> disable RFC 7217 support (stable link-local IPv6 privacy addresses) and stick to link-local IP addresses based on the (random) MAC addresses
The Linux implementation of privacy extensions is some nasty stuff.
Conversation
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
We don't want networks to be able to know that it's the same user as before. We default to stateless MAC randomization rather than the persistent per-network MAC randomization used by AOSP/stock. Also, networks could look the same as other networks. Status quo seems like a mess.
You may want to have two "connectivity profiles". One that employs RFC7217, and a paranoid mode where you do what you describe (or even better, do only temporary addresses -- see: tools.ietf.org/html/draft-iet)
1
There are 3 choices for MAC randomization: grapheneos.org/usage#wifi-pri. AOSP / stock OS have 2 of those but not our default stateless MAC randomization. No configuration for other stuff right now. Since the stable secret is not per-network it screws up both MAC rand modes.
1
Show replies