School asked us to submit our MAC addresses
I think you should ask why they want to use the MAC address, not necessarily for privacy reasons; "why do you need the MAC Address?" I think it's a reasonable question to ask them.
Firstly, they will have MAC addresses of all the individuals who connect to the WiFi. Any device connecting to the WiFi will reveal their MAC address, based on the ARP protocol.
They may think locking down WiFi to known MAC addresses is a good security measure. It's not really because I can obtain your MAC address if both of us are in the same Starbucks and on the same WiFi. I can then spoof your MAC address quite easily. So from a security measure this is not great.
They may want to track your activity. They can do this already without asking for your MAC, just giving them the MAC address allows them to map it to a individual easier. They can get a history of MAC & IP address from logs and their NAT can keep a history of IP Address & Ports and map back to the MAC address.
If you use Tor, they will be able to say you used Tor, but not the content.
So, I would ask why do you want my MAC address, giving out the MAC address is not going to really affect you. Unless of course on your home WiFi or something else you are using MAC address as a method to identify yourself; as MAC address can be easily spoofed.
For a school, having all student device MAC addresses (unique hardware identifier) is a way to filter out a lot of unwanted traffic from the LAN. Even if outside devices from non-students spoof a legitimate, student-registered MAC, the packets being sent over the network can still be captured, opened, and the user agents, and other system identifiers can be observed. This lets the network admin know if someone is using a spoofed MAC and then the admin can effectively boot that MAC from the access point easily without filtering the specific MAC, which would block the legit student if done, with packet filtering blocks.
Using MAC address registeries helps to keep a check on who is supposed to be connecting and who is not. But it is only a single security method. There are others such as 3rd party proprietary or open source tools that can determine the user agents and many other things such as system hardware specs, OS being used, browser plugins, etc. Even if these things are themselves spoofed. These will identify TOR daemon/browser users as well as identify Tails users (linux OS that sends all system and web traffic through the TOR network).
If you wish to avoid being tracked, you have a few methods:
- Don't use school LAN.
- Use a bootable thumb drive and a USB wifi adapter.
- Create a virtual wireless interface and a custom interface profile.
- Use a virtual machine with a thumb drive.
- Tunnel through a legit student device such as a virtual NIC created using an adhoc virtual interface bridged to the real interface. Spoof the VNIC identifiers.
This is just a small number of ways and not the best methods either. You may find more by doing some research.
Well, the school already has your MAC address since you've connected to their access points in the past. What they don't (necessarily) know is the association between your MAC addresses and your real name.
If that concerns you, just use a different MAC while you are at school:
ip link set dev wlp1 address XX:XX:XX:XX:XX:XX
Pick a Locally Administered MAC to avoid conflicts with devices that are using their manufacturer-assigned MAC on the same AP.
Note that a malicious user would run airodump-ng
to discover another student's MAC address, kick that student off the network with aireplay-ng -0
, and then use their MAC to impersonate them. If your school thinks that MAC-filtering is good security, they're in for a big surprise!