iPhone and Wi-Fi Privacy Warning

Thank sberman,

I actually do understand the concept of private Wi-Fi addresses. My point is, the feature can be enabled or disabled individually for each Wi-Fi network. And on my home network, I have NO concern about a 3rd party sniffing my Wi-Fi traffic in an effort to "track me".

That said, I have decided to test-enable the feature on my home network, since the ephemeral MAC address assigned doesn't seem like it will change that often. So I turned on Private Wi-Fi on my home network, identified the newly-generated MAC address, and labeled it within my network equipment so my phone appears by name instead of only by MAC address in stats and reports. We'll see how long that persists, and how much trouble it is to update.

But again, the tracking that the Private Wi-Fi address feature was designed to mitigate is something that occurs in Wi-Fi-dense retail environments like shopping malls and the like. While it's true that anyone could sniff your Wi-Fi traffic anywhere if they were sufficiently motivated to do so, a home/residential environment is NOT the typical environment where this occurs *for commercial tracking purposes*.

It also occurs to me that Apple has enough metadata (as well as actual data) on its iPhone users to infer or even know the user's home's address or location. So if they wanted to take things a step further than offering the option for a user to manually tag a network as a known private, trusted network, they could actually apply this tag when their data and metadata make it clear that you are at home, on your private, trusted home network. Just off the top of my head, I can think of number of signals they could use to achieve this with a high degree of accuracy.

If it turns out that my MAC address changes often enough at home that it invalidates my reporting functionality, I'll probably turn Private Wi-Fi Address back off and just live with/ignore that "privacy warning" on my home network. I'll post back here with my results for others who may be interested in this topic.

Lawrence Finch wrote:

OTOH, it does no harm to have it on for your home network.

Thanks Lawrence,

Yeah, harm is too strong a word for my situation. The inconvenience it creates is that within my Ubiquiti networking gear at home, I've labeled my mobile Apple devices (identified by MAC address) so I can easily spot them in the list of clients. Whenever the MAC address changes, that information is lost, and I'll no longer be able to easily spot and identify my iPhone, Laptop, iPad, and Apple Watch in a list of network clients. And over time, reporting will also be incorrect. Let's say I'm looking at a report of the most active clients over the last 6 months. If my MAC address has changed 4-8 times, the stats for my phone will not be aggregated and recognized as a single device, but will be seen and reported as four-to-eight different, unrelated devices. The count of unique devices seen on the network will also be incorrect within the history.

Not a big deal, obviously, but also kind of annoying, since those stats and usage metrics are sometimes useful to dig into. But I acknowledge that most home users don't have equipment that does this for them, so it's definitely a corner case problem.

And if I ONLY used my iPhone's true MAC address on my home network, it would still be difficult to track me out in the wild, since all other networks I connected to WOULD be using a randomized, ephemeral MAC address that couldn't be correlated with each other.

One thing I haven't looked into yet is whether the first half of Apple's MAC address - the portion that identifies the OUI (the vendor/manufacturer of the network interface) - is unchanged in a Private Wi-Fi address, or if even the Vendor ID portion of the MAC address is also totally randomized so that you can't even determine who made the device. I suspect they're going for maximum privacy, so it wouldn't surprise me if they randomize even the first 3 octets of a Private-Wi-Fi MAC address.

(Moments later...)

Ok, a quick-and-dirty search turned up a list of Apple OUI IDs, and spot checking a few of my saved Wi-Fi networks quickly showed that my Private Wi-Fi MAC addresses do NOT begin with any of Apple's publicly published OUI IDs in the first 3 octets. So yeah, they're going for maximum privacy, so even the device vendor can't be identified by the MAC address. That's both cool, and a PITA, for someone trying to solve this teeny tiny little problem for himself at home. :-)

sberman,

I misremembered the exact threat/tracking model that Private Wi-Fi Addresses were meant to thwart, and didn't initially read Apple's write-up carefully at the link you provided - I just skimmed and worked from faulty memory. My bad! It's not sniffing traffic that's the problem. It's network operators capable of amassing a dossier of all the Wi-Fi networks you connect to. If you're using an unchanging MAC address, they can therefore identify you across networks.

Still, thanks for your responses. All help is always appreciated. :-)

[Edited by Moderator] e