Conversation

We were disabling that feature downstream but now we no longer need to disable it since they fixed it to be conditional. There are still other issues though. The Linux kernel happily reuses the global privacy address across networks. State isn't always properly flushed for it.
2
2
It's worse to have privacy addresses enabled right now if you're using MAC randomization than not having them enabled. In theory, they help due to rotation but in practice there are serious issues with them. Some network management tools reset more state and handle it better.
1
1
There are other issues aside from the addresses. It's frustrating digging deeper into it and realizing how screwed up this stuff is in the Linux kernel. Shouldn't need to reboot between connecting to each network to avoid reusing identifiers, 'keys', counters, etc. for things.
2
1
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
Agree, and we don't intend to disable privacy addresses, but it's frustrating that a privacy feature is making things worse than not using the feature. Not much point using privacy addresses for link-local addresses though, so the new status quo for that upstream is good.
1
2
Associated MAC randomization is enabled by default in Android. It uses a persistent per-network random MAC address. When MAC randomization is enabled, they use a link-local IP address based on the MAC address. They only use the stable privacy address feature when MAC rand is off.
2
1
It reuses those public privacy addresses when stable addresses are explicitly disabled. It's not caused by asking for stable addresses. It's caused by the Linux kernel not offering an alternative unless you go out of the way to flush the state somehow and avoid it reusing them.
1
By default, Android uses a persistent random MAC address for each network, a link-local IPv6 address based on the MAC address and an ephemeral public IPv6 address rotating daily for new connections and valid for up to a week per Linux kernel defaults for privacy address rotation.
2
1
Show replies