WWW.MACWORLD.COM
How to enhance your network security with private Wi-Fi network addresses
MacworldYou might think that connecting anonymously to a public Wi-Fi network doesnt reveal much about you. You might be using a VPN (virtual private network) to protect everything you do. Even if you arent, the vast majority of websites and email servers (and pretty much all those run by companies) use client-to-server encryption. But what if you could be tracked anyway?Apple has a solution for this as it does for many tracking systems. The companys trick lies in how Wi-Fi (and ethernet) adapters identify themselves over a local network. How MAC addresses workEvery network adapter has a unique, factory-assigned address baked in or programmed in at its manufacture. Its called a Media (or Medium) Access Control address; the abbreviation is MAC, confusingly enough, but it has nothing to do with Macintoshes. Where an IP (Internet Protocol) address defines your machines location on the internet, a MAC address defines it on your local area network (LAN). The MAC is in part how devices on a LAN all communicate with one another, whether over Wi-Fi or ethernet.Apple recognized that any fixed identifier could be used to track someone if the ID could be tied to records shared beyond a local network. When you connect to a wireless hotspot, your Wi-Fi MAC address gets transmitted because its an inherent part of that connection. If that MAC address doesnt change over time, the backend of a hotspot portal or a business locations point-of-sale system could build up a profile of you (or your device) using a variety of clues that includes any Bluetooth broadcasts, logging into a portal to gain free access, using a discount card while paying, and emitting other broadcast identifiers.They could sell this information to third-party information brokers who could track you widely across locations that also share and sell information and target you with ads even if all your web, email, and file-transfer connections were secure, as is the case in most scenarios today. Worse, its clear that law enforcement and government agencies routinely purchase access to location information without use of subpoenas or legal mechanisms that a provider or you would be informed of and could fight.While a MAC address is factory assigned, it can be changed. For instance, you may have had the experience of connecting to a Wi-Fi gateway to configure it and seeing an option buried in advanced settings to modify the MAC address. (This can sometimes be helpful when youre replacing a router, and your ISPs broadband modem or adapter is registered to that older devices MAC address.)The ability for a MAC to change and the potential for a MAC to be tracked is why Apple introduced a Private Wi-Fi address as a feature in iOS 14, iPadOS 14, and watchOS 7. It later added it to macOS. The feature is enabled by default for all Wi-Fi connections on all platforms. Apple made this feature more granularoffering ways to tune it furtherin iOS 18, iPadOS 18, macOS 15 Sequoia, and watchOS 11.Apple uses the term Private Wi-Fi address to refer to the MAC address for a Wi-Fi adapter. Its identical to a MAC address, but the company doesnt offer private MAC addresses for Ethernet connections.Change your private address settingsYou can view the settings only for individual networks because Apple lets you have different settings for each network to which you connect.On an iPhone or iPad, go to Settings > Wi-Fi and tap the connected network name. You can also change Private Wi-Fi options by tapping the i (info) icon next to a nearby network, or tapping Edit at the top of Wi-Fi settings and tapping the i icon.On a Mac, go to System Settings > Wi-Fi and click Details next to the connected network. You can also tap the (More) button next to a network shown as nearby to make changes to the Private Wi-Fi address settings. (You cant change stored MAC settings in macOS.)On a Watch, go to Settings > Wi-Fi, tap the name of the network, and the Private Address setting appears.The Private Wi-Fi address setting lets you control how much long-term information you leak about your device to nearby networks.FoundryThe latest releases of operating systems added a menu that offers Off, Fixed, and Rotating choices.By default when you connect to an open network (one with no encryption) or one using outdated encryption methods (WEP or the original WAP flavor), your operating system automatically sets the option to Rotating. In this case, your device invents a MAC address for every network you join and uses that address for two weeks. The address also changes if you choose Forget This Network and then connect again after 24 hours, or if you use the devices settings to reset your network settings (Settings > General > Transfer or Reset iPhone/iPad > Reset > Reset Network Settings).You might ask: what if Apple generates a MAC address already in use? The number of possible addresses is vastover 280 trillion possibilitiesand unlike a global IP address, it only needs to be unique on the local network.If you connect to a network with WPA2 or later encryption, your device uses Fixed by default. You might also choose this on a personal or office local network even if Apples default isnt set to Fixed in order to ensure your address stays consistent.If you pick Off, youre warned about tracking and have to confirm before Private Wi-Fi address is disabled.You might change from Rotating to Off or Fixed if you think youre experiencing problems with a hotspot network that keeps losing your login. Ive seen this with airplane Wi-Fi and havent diagnosed whether its an issue with the airplanes authentication system or private MAC addressing.This Mac 911 article is in response to a question submitted by a Macworld reader.Ask Mac 911Weve compiled a list of the questions we get asked most frequently, along with answers and links to columns:read our super FAQto see if your question is covered. If not, were always looking for new problems to solve! Email yours tomac911@macworld.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we dont reply to email, and we cannot provide direct troubleshooting advice.
0 Commentaires
0 Parts
20 Vue