Net

NetworkManager Privacy Settings

1. Persist NetworkManager Config:

   Add this to /rw/config/qubes-bind-dirs.d/50_user.conf:

   binds+=( '/etc/NetworkManager/conf.d/' )
   

2. Reboot

3. Add Custom NetworkManager Configuration:

   Add /etc/NetworkManager/conf.d/privacy.conf

   [device]
   wifi.scan-rand-mac-address=yes
   
   [connection]
   wifi.cloned-mac-address=random
   ethernet.cloned-mac-address=random
   
   # keep MAC only until reboot if MAC set to stable
   connection.stable-id=${CONNECTION}/${BOOT}
   
   # prefer temporary address
   ipv6.ip6-privacy=2
   

   Attention

   Not all drivers support setting a custom MAC address. It may be necessary to remove wifi.cloned-mac-address or ethernet.cloned-mac-address.

   Caution

   NetworkManager doesn’t allow disabling sending a hostname in DHCP requests globally (Gnome Bug #768076). To ensure no hostname is sent, no static hostname must bo set (hostnamectl set-hostname '').

4. Restart NetworkManager:

   sudo systemctl restart NetworkManager