On the tor forum there is a thread discussing the design and compliance of
Anonymity Profiles for DHCP Clients in relation to tails:
> https://forum.torproject.org/t/tails-compliance-with-anonymity-profiles-for-dhcp-clients-documentation/21634
The core issue is that Tails approach to DHCP identifier management may not fully align with RFC 7844 (Anonymity Profiles for DHCP Clients), particularly when network connection profiles are saved in Persistent Storage.
The directory `/live/persistence/TailsData_unlocked/nm-system-connections` is created on the encrypted LUKS volume
This directory is bind-mounted to `/etc/NetworkManager/system-connections` in the live system in relation to the `persistence.conf`
That means *Connection profiles* for known networks are saved when "Network Connections" in Persistent Storage settings is configured right?
Besides probe requests of saved networks, which this is not about, another issue could arise about if DHCP identifiers dont change in synchrony with the MAC address.
What can be tracked:
- DHCP Client ID
- DUID (IPv6)
- IAID
---
NetworkManager github even mentions this and I think these lines are relevent since Tails handles spoofing outside of NetworkManager:
https://github.com/NetworkManager/NetworkManager/blob/main/examples/nm-conf.d/30-anon.conf#L68-L79
Then the other configs mentioned in the tor forum could be added in like `connection.stable-id=${CONNECTION}/${BOOT}` instead `connection.stable-id=${RANDOM}` and a few others.
Best Regards,Tacticool
