this post was submitted on 29 Sep 2023
675 points (97.1% liked)

Privacy

31957 readers
418 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 1 year ago* (last edited 1 year ago) (2 children)

You do realize that they are actually tracking the device itself by the hardware MAC address and other device fingerprints.

The email is just a bonus to let them legally spam you. Anti-spam laws have an exemption. If there's a prior business relationship like shopping in their stores, they can put you on their spam list unless you opt out.

Bogus email only helps for spam but doesn't do anything about tracking.

EDIT: For Android when there's a Captive Portal like the screen shot. devices will use Persistent randomization which while not the hardware MAC will remain the same for the same network where they can track your visits.

[–] [email protected] 29 points 1 year ago* (last edited 1 year ago) (2 children)

Pretty much all modern phones randomize the MAC address everytime they connect to a network unless the user explicitly says not to do that.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

randomize the MAC address everytime they connect to a network

+1, had issues using Android devices for presence detection because of this very useful privacy feature. Even on your home network, the MAC address and device hostname get randomized, unless disabled in the settings

Edit: typo

[–] [email protected] 4 points 1 year ago (3 children)

When there's a Captive Portal like the screenshot, many devices use a random but persistent mac for that network avoid reauthorization after any network drop. This will make your access to the specific network trackable.

[–] [email protected] 2 points 1 year ago (1 children)

chuckles in GrapheneOS

(per-connection random MAC, for all networks, by default)

[–] [email protected] 3 points 1 year ago (1 children)

This is actually just part of stock Android. My Pixel 5 has MAC randomization on by default for new Wi-Fi networks.

[–] [email protected] 2 points 1 year ago (1 children)

It's per-network, not per-connection. Though that option does exist but is hidden away under developer settings.

[–] [email protected] 1 points 1 year ago (1 children)

Oh you mean like per TCP connection?

[–] [email protected] 1 points 1 year ago

It's not at the packet level - by default on gOS (and a dev option on stock pixels), every time you connect to a network, even ones you have connected to prior, you get a new random MAC. The standard aosp/pixels do one random but persistent MAC randomization. This only helps marginally from a privacy standpoint. Per-connection makes this data point useless, thereby increasing privacy.

[–] [email protected] 2 points 1 year ago

But can't you go manually forget the network in your device network options to circumvent this?

[–] [email protected] 1 points 1 year ago

I'd assume after a certain amount of time or after moving far enough away from the network it "forgets" the last randomized MAC address?

It doesn't really make sense to store these things long term.

[–] [email protected] 5 points 1 year ago (1 children)

GrapheneOS let's me do a per-connection randomized MAC.

I'm sure they do collect a lot more about my device, but there's not much I can do about it short of wrapping my phone in tin foil.

[–] [email protected] 3 points 1 year ago

Don't forget to disable wifi and bluetooth before approaching the store, as those give off unique identifiers too.