Hacker News new | past | comments | ask | show | jobs | submit login

Here is the code I use for my mac to randomize my mac address:

    interface="en0"
    new_mac=$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/:$//; s/./0/2') # from stackoverflow
    sudo ifconfig $interface ether $new_mac
Edit: What's the advantage of the solution in the post? If I just change my mac address every time I join a network (even the same one), they can't track me with my randomized mac addresses. So why would I prefer to keep a stable but randomized mac address for each network I connect to for a day?



Some bits of the MAC address are significant. You're generating all 48 bits randomly which could have some side effects.


Would love to know which side effects there are. I've never encountered any problems in all those years I use those randomly generated mac addresses.


    new_mac=$(openssl rand -hex 4 | sed 's/\(..\)/\1:/g; s/:$//; s/./0/2'; s/^/02:/)
is better. by using the 02: prefix for locally administered macs you avoid clashes with certain cards. I also used to randomize my local hostname.


Most of the time there are <100 devices connected to the wifis I'm connected to. I don't want to do the math now, but I expect that a collision is pretty unlikely. If you mean that some cards have problems with handling those mac addresses, I would love to hear about that.

> I also used to randomize my local hostname

Great idea, missed that. I'll integrate that in the future.


Intel cards and Realtek cards are known to be problematic with random vendor prefixes.


Because maybe you had to pay to access the network and part of that involved binding your mac address.

For example, calling the hotel desk to get your device to work.


Would be interested where that happens because I've never encountered something like this (binding the mac to the access) in public networks e.g. McDonald's, hotels and other shops. I did only get access codes which could be used for a specific time where I just changed my mac address.

I only know about mac whitelisting in protected networks managed by wary administrators.


In Canada, the ISP shaw offers ShawOpen for subscribers. There are hotspots all over the place, access control by MAC address. So I would need to provide a consistent MAC address to that SSID.


Airports do this all the time: Wifi is free for 1 hour, after that it's $X/hour. It's simply putting a "timer" on the MAC address.


Then randomizing that address gives you a new hour every time.


Yes, tested and working for 10+ years now. Also works well if usage is capped/throttled after a certain amount and you wish to 'reset' the connection. Try not to abuse this on a shared network obviously, but if you have a legitimate need it's very simple.


All of the universities I attended used MAC address whitelisting.


> I only know about mac whitelisting in protected networks managed by wary administrators.

Wouldn't make any sense for properly securing a network. As an attacker you could just create an evil twin (same ESSID), let some students connect to it and just use their mac addresses (and even drop their connections when they try to use the university wifi).

Edit: You don't even necessarily need an evil twin to get their mac addresses. You only have to listen to the wifi traffic and get some - even encrypted data packets still contain the raw mac address as far as I know. airodump-ng is the perfect tool to do that.


I didn't say it made any sense :) This is how I was able to get my Playstation connected up in my dorm. I set my laptop's MAC to my Playstation's, then got my laptop authenticated using their tool, switched the MAC back, and the Playstation would connect up without issue.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: