iOS 18 and macOS Sequoia Add 'Rotate Wi-Fi Address' Option to Cut Down on Tracking

[MacRumors]

With iOS 18, iPadOS 18, and macOS Sequoia, Apple has replaced the Private Wi-Fi Address option for Wi-Fi networks with a new Rotate Wi-Fi Address option that's aimed at better minimizing tracking.

Available when accessing the settings of any Wi-Fi network, Apple says the opt-in Rotate Wi-Fi Address feature changes your Wi-Fi address at random times.

A rotating Wi-Fi address helps reduce tracking by changing your Wi-Fi address at various times. Tracking can happen when your address always appears the same to other devices and people using the same network as you.

The prior Private Wi-Fi Address setting assigned a different MAC address to a device for each Wi-Fi network it connected to.

Rotate Wi-Fi Address, like Private Wi-Fi Address, is separate from the additional Limit IP Address Tracking option that can be turned on for Mail and Safari.

Article Link: iOS 18 and macOS Sequoia Add 'Rotate Wi-Fi Address' Option to Cut Down on Tracking

 

[sniffies]

Hopefully Apple will enable it by default.

 

[jz0309]

looks like a great feature

 

[jimsong]

This is great for being on a public network but it makes identifying which devices are connected to my home network much more challenging. It would be nice if you could specify private networks where this rotation would not happen.

EDIT: never mind, it looks like this is configurable on a per-network basis, which would be great news!

 

[orbital~debris]

Pick your fandom time:

• “I’ll try spinning! That’s a good trick!”
• “Rotate the shield frequencies.”

 

[klasma]

Shouldn't the address be upside down when it is rotated?
And maybe they could add a setting where you can choose the rotation angle.
Though I'm sure that trackers will catch on pretty quickly.

 

[austinmm6]

View attachment 2387245

Shouldn't the address be upside down when it is rotated?
And maybe they could add a setting where you can choose the rotation angle.
Though I'm sure that trackers will catch on pretty quickly.

On my Mac this is off but it still changed my wifi MAC address from its original one and won't change it back.

 

[redheeler]

I just use a VPN

A VPN doesn't hide your MAC address to computers on the same local network, it hides your public IP address to whatever remote website/server you're connecting to.

 

[dcjames]

Users will really need to be careful when using this feature on metered/temporary access networks where one purchases wifi access per-device (I have been on ferries around Greece that do this). If a user enables this feature for such a network, and iOS changes the MAC Address seen by the network during the middle of the session, the device will no longer be recognized and the user would have to re-purchase access every time the MAC is rotated.

 

[Royalrock1]

Hopefully Apple will enable it by default.

not by default

 

[justanthonylee]

I just use a VPN

So you have no idea how this works hu? That is not the same, this is to keep you from being tracked across wifi networks and basestations and when returning to locations and using wifi again, like at a public place.

 

[Apleeseed84]

Users will really need to be careful when using this feature on metered/temporary access networks where one purchases wifi access per-device (I have been on ferries around Greece that do this). If a user enables this feature for such a network, and iOS changes the MAC Address seen by the network during the middle of the session, the device will no longer be recognized and the user would have to re-purchase access every time the MAC is rotated.

Yeah, I’m not looking forward to that either, I already get annoyed when I have to change my location settings all the time

 

[justanthonylee]

Yeah, I’m not looking forward to that either, I already get annoyed when I have to change my location settings all the time

You just need to turn it off on the ONE network.

 

[Bornee35]

glad its configurable as this would be a nightmare for any secured network that whitelists based on MAC address

 

[jchurchill]

I used to randomly change my MAC address all the time via a shell command until the T2 chip took away that ability. Bringing it back is great, but it needs to be static for certain networks. Getting registered on my corporate network, for example, is very annoying (email approval process), but it remembers the device for a year based on the MAC. Change your MAC, have to register the device all over again. I believe Starbucks Wifi also remembers you by MAC and lets you on without re-registering.

 

[artifex]

“I’ll try spinning! That’s a good trick!”

I had to look that one up, it's been so long. (Followed by, "whoops!" )

 

[dampfnudel]

I use a VPN most of the time especially when I’m traveling, but this would definitely be helpful as another tool to reduce the risk.

 

[Speedman100]

This isn’t new. It’s just renamed. It used to say “Private Wi-Fi Address”.

 

[Jgreg00]

This isn’t new. It’s just renamed. It used to say “Private Wi-Fi Address”.

So you're telling us all that you only read the headline?

 

[StuBeck]

I really dislike how they're making up terms here. I know why they're doing it, anyone without networking knowledge would be confused why their iPhone had a MAC address, but I feel they could have used a better term than something which is typically associated with a different layer on the ios model...but I guess that's not really their concern here.

I just hope they handle this in a reasonable timeframe, as I'm not looking forward to clients turning this on and having each device take up 8 IP addresses a day when they'd usually using 1.

 

[macduke]

So is this getting rid of the MAC Address capability, and just rotating the IP address? Because if so idk if that seems any better, probably worse, I’m probably just misunderstanding. Things are always so confusing on announcement day.

 

[WB2Colorado]

So is this getting rid of the MAC Address capability, and just rotating the IP address? Because if so idk if that seems any better, probably worse, I’m probably just misunderstanding. Things are always so confusing on announcement day.

Sounds like it is changing the MAC address more frequently than it did before

 

[ArtOfWarfare]

This sounds like privacy theater to me.

Apple really wants people to think that they care about their privacy and they're doing everything they can to thwart Google, Facebook, and other ad companies from tracking them.

But this does absolutely nothing to impair them. They never knew the IP address of your iPhone, because your iPhone doesn't connect directly to their servers. They only get the IP address of the router that your iPhone is connected to, plus all your cookies and anything else they shove into local storage.

Maybe this impairs the ability of whoever is running the wifi you're on from tracking you... but not really. They'd see your phone disconnect at the same time as an identical phone connects... seems pretty easy to put one and one together and identify it as a iPhone that just rotated its IP address. Plus they still have the hostnames/IPs/ports you're connecting to, even if everything is over SSL... so that seems like a lot to use to come up with a unique fingerprint. Or if everything is over a VPN, that seems like an even easier fingerprint (what're the odds that somebody else is also using the same VPN?)

 

[Chungry]

So is this getting rid of the MAC Address capability, and just rotating the IP address? Because if so idk if that seems any better, probably worse, I’m probably just misunderstanding. Things are always so confusing on announcement day.

Cycling a random MAC more frequently than just every time the phone connects to an SSID.

Gotta say, as a network admin this is an interesting feature but I’m hesitant because of all the knock-on effects that could happen with MAC-based reservations in many home network setups. Not to mention the way it might interfere with Zero Trust implementations like ClearPass. I guess it all depends on if it’s off by default (conservative choice) or on by default (safer but potentially problematic choice). It should be opt-in but I guess we shall see. I’m not on the beta yet

 

[jeroenvip]

You just need to turn it off on the ONE network.

View attachment 2387282

Was does Roger opens ?