Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iOS 18 and macOS Sequoia Add 'Rotate Wi-Fi Address' Option to Cut Down on Tracking
- Thread starter MacRumors
- Start date
- Sort by reaction score
As long as free public WiFi needs one’s cell number to be activated, there will be limited utility.
But I’m still glad Apple has added this.
But I’m still glad Apple has added this.
Please don’t treat MAC filtering as a security method.. it’s super easy to monitor & spoof MAC addresses.
Not the person you’re responding to but I AGREE. sadly, this is popular, easy to implement, and built into every consumer WIFI routing prodcut since forever. Even the cherished AirPort. You might get a chuckle: some multinationals I’ve worked with but won’t name here use MAC whitelisting. They tie it back to a DC handing out DHCP. Different continents had different lists which created issues for traveling execs. Somehow no one saw any of this as a problem… Did my eyes roll? Yes. Did I suggest dropping it like yesterday as part of my remediation recommendation? 1000%. Did they LISTEN? nah fam.
Knowing the risks companies will still do it. What chance do consumers have?
This has been on Windows and Android since forever. On Windows it is called "change Mac address daily" and on Android it is in developer settings called "non-persistent Mac Address randomization".
This, the iPhone 15 limiting battery to 80%, tiling Windows, just make it feel like Apple is constantly catching up in small regular (non-AI/ML) quality of life features. It shouldn't be worth mentioning in a keynote because it isn't complicated and it has already been done by everybody else.
Of course, better late then never.
This, the iPhone 15 limiting battery to 80%, tiling Windows, just make it feel like Apple is constantly catching up in small regular (non-AI/ML) quality of life features. It shouldn't be worth mentioning in a keynote because it isn't complicated and it has already been done by everybody else.
Of course, better late then never.
Not really. The purpose of MAC address is to have an address at the local networking level to deliver a network message to. As long as it stays constant for some amount of time its purpose is already fulfilled. The fact that it stays constant forever is not very useful unless the local network enforces authentication based on MAC address (which can be replaced more securely by certificate based authentication).
So as long as it is not changing every minute or less, network messages can be delivered consistently like before.
Without randomization, it is using the real MAC address.
With randomization, it uses a Hash(real MAC address + SSID). This will produce a consistent MAC address for each WiFi network you connect to, which means MAC based authentication will continue to work (e.g. plane WiFi).
With non-persistent randomization, it uses some equivalent of Hash(real MAC address + SSID + Timestamp at granularity > 1 minute). Windows for example uses the date, which means the address only changes once every 24 hours.
This tracking mostly have to do with hidden WiFi SSID searches. Because the access point does not broadcast SSIDs, each phone/computer needs to broadcast and ask "does <XYZ> exist at this location". And they will broadcast with a consistent MAC address whether you are in an airport or at the strip club. People could possible see that there's a person who went to both venues and they might narrow down who it is.
In reality it doesn't really happen unless you're hunted by some powerful people but it is also a low hanging fruit because it doesn't take much effort to implement.
There are many different aspects of privacy. Privacy concerns with server side tracking (cookies) or AI/ML features should not invalidate the need for local level privacy.
It's like setting up a fence at your house and wearing cloths walking on the street. Just because you set up a fence at your house doesn't mean it isn't a good idea to also wear cloths walking outside.
Apple doesn’t have the greatest track record because they really don’t have the deep stable of that sort of talent as proof by their disastrous attempted replacement for various parts of their network stack during the OS X days. I’m sure reasons are many. Their pay isn’t that great for network architects and I’d imagine there is more interesting/engaging work elsewhere that won’t eat you up and spit you out. Also see AirPort getting axed. Damn shame too we could use that sort of product modernized for mesh deployment
I use MAC filtering on my home network (among other things) to stop unknown devices from connecting. Is it possible to keep a fixed MAC for a trusted network whilst still enabling the rotating MAC feature for untrusted ones?
My kids, and some non-techy adults, now have a way to unblock their devices on my router 🤷♂️
I'm using Parental Controls on my Asus Router (AX55) wherein you specify the MAC address to block/unblock during specified times.
The previous "Private Wi-Fi Address" setting already bypasses that, damn.
I had to turn that setting off on their device :/
Is there an alternative consumer WiFi 6 or 5 router that can address that?
I'm using Parental Controls on my Asus Router (AX55) wherein you specify the MAC address to block/unblock during specified times.
The previous "Private Wi-Fi Address" setting already bypasses that, damn.
I had to turn that setting off on their device :/
Is there an alternative consumer WiFi 6 or 5 router that can address that?
Not really, because MDM exists and Private Address was always configurable in a network configuration profile. This will be no exception. Takes literally 60 seconds to implement as well.
You’re looking at the still image, this is what it actually looks like 😀
But this lets you change your Mac address automagically from a Mac! Makes daily moving way cheaper because I don’t need a Windows machine for just that.
Last edited:
Will there be a way to use a private MAC address, but have it stay the same for each SSID like we have now? Or is it going to be either a rotating, changing MAC address, or no privacy at all?
I hope Apple re-thinks this. A lot of Wifi networks still use the MAC address as an identifier to keep track of users. One example is when you use WiFi at a hotel; when you accept the terms and conditions or enter your room number, if your MAC address changes you'll have to do that again. Eventually the system might tell you that you have too many devices signed in, and lock you out.
Private MAC addresses are great. Changing them randomly once you are signed in is not.
I hope Apple re-thinks this. A lot of Wifi networks still use the MAC address as an identifier to keep track of users. One example is when you use WiFi at a hotel; when you accept the terms and conditions or enter your room number, if your MAC address changes you'll have to do that again. Eventually the system might tell you that you have too many devices signed in, and lock you out.
Private MAC addresses are great. Changing them randomly once you are signed in is not.
100% this ^
The way it currently functions is fine. Randomising after x period isnt and just breaks things. Apple just needs to leave it alone.
Agreed, so we all need to let Apple know by using Feedback Assistant (https://feedbackassistant.apple.com). The more people that do that, the more notice Apple will take.
Well, this is confusing.
I originally assumed that this was very similar to what was in iOS 17 and Sonoma. It has copied the toggle settings over and this "rotate MAC address" thing is disabled for my home network.
However, it has still picked a random MAC address! It changed during the upgrade, and now doesn't match what was in my router and what still shows in the System Report as the actual/real MAC address..
So, I've amended the MAC address in my router and will see if it changes again.
(This is all on MacOS as I'm back on iOS 17 on my phone.)
I originally assumed that this was very similar to what was in iOS 17 and Sonoma. It has copied the toggle settings over and this "rotate MAC address" thing is disabled for my home network.
However, it has still picked a random MAC address! It changed during the upgrade, and now doesn't match what was in my router and what still shows in the System Report as the actual/real MAC address..
So, I've amended the MAC address in my router and will see if it changes again.
(This is all on MacOS as I'm back on iOS 17 on my phone.)
Not possible in MacOS. I've logged a Feedback thing. Please do the same.
I've changed my router with the "new" (random/invented) MAC address, and so long as it doesn't randomise it again then that will be a help. However, I split my 5GHz and 2.4GHz networks and as both now have different MAC addresses, my IP address will change depending on which I connect to. This is not good (for me).
I think what is important to note as it relates to DHCP snooping and nobody is mentioning this anywhere I have found anywhere...Apple has decided to start blocking on IOS 18 and MacOS 15 the reporting of the OS to the Wireless AP/network. If you are on an enterprise network/even mid-range business, they are likely going to have in place DHCP snooping policies which have DHCP snooping rules in place to limit what OS can connect to certain WiFi networks based on the DHCP OS reported. For example, I don't allow, or want any iPhone/Android mobile devices to connect to our Enterprise WPA3/2 network, there is no reason for it. I can't control which devices show up user's own, so I need to filter/allow/disallow based on the OS. The easy way to resolve this, is to have a rule if it reports Unknown, just block it. BUT....and a big BUT....Apple is now doing this on the MacOS!!! We have Macs, Windows devices/laptops we only want to connect to our secure Internal net...now I can't identify when it is a Mac laptop on the MacOS 15 Beta because Apple now reports it as Unknown as part of the message sent to the Wireless APs?!?! WTF Apple??? Why??? I can see maybe 1 reason you would want to block the OS reporting, and that is maybe to avoid someone identifying the OS and targeting it with an attac thinking it could have an unpatched Vuln..but hey, if someone is going to do that, they will just do it for every computer and run the attack on them. But, most networks will not allow Devices to talk to one-another, Isolation...especially on guests networks...so this is a moot point. I have no idea why Apple is blocking the OS on a DHCP snoop and now, and there might be a bunch of people that don't know this until they are looking at their log files/wireless on a business/enterprise network monitoring, that if you had are rule set to allow everything except Android and IOS for example...they are now able to connect to the network, unless there is a "Unknown" block in place as the OS identifier. I had to modify and flip my rules to only allow MacOS and Windows to my secure internal network. But if you have MacOS 15 now...you get blocked because you are now an Unknown OS!!! They need to connect...so there goes any security I had in place for my Wireless enterprise network...thanks Apple!!!!! I have to now allow every OS known/unknown now to connect to the Enterprise secure Internal network because a few people were running MacOS 15 Beta and we figured out real quick....hey, where is the OS DHCP Info in the WiFi request???? I'm not putting hundreds or thousands of MAC addresses of devices in place to allow them to connect...this is nuts. I know some networks/operations might try/do this...but DHCP snooping is the answer to easily control access right off the bat with no other steps to be taken. Now Apple hosed this up. Wow, geniuses...would love to hear the theory and concept behind this nonsense. I got my Wireless vendor Arista on this and asked them what they are going to do about this. Crickets so far. Thanks!!!
Is this still true? If so that is unfortunate. I wonder if you can still disable it via a profile using Apple Configurator.
No. The original MAC address can be sent to Wi-Fi networks on both iOS and MacOS.
A few of the early betas messed this up, but it seens fine now.