On 2026-06-01 08:00, tacticool.aura67 via Tails-dev wrote:
> On the tor forum there is a thread discussing the design and compliance
> of
> Anonymity Profiles for DHCP Clients in relation to tails:
>
>> https://forum.torproject.org/t/tails-compliance-with-anonymity-profiles-for-dhcp-clients-documentation/21634
>
> The core issue is that Tails approach to DHCP identifier management may
> not fully align with RFC 7844 (Anonymity Profiles for DHCP Clients),
> particularly when network connection profiles are saved in Persistent
> Storage.
>
> The directory
> `/live/persistence/TailsData_unlocked/nm-system-connections` is created
> on the encrypted LUKS volume
>
> This directory is bind-mounted to
> `/etc/NetworkManager/system-connections` in the live system in relation
> to the `persistence.conf`
>
> That means *Connection profiles* for known networks are saved when
> "Network Connections" in Persistent Storage settings is configured
> right?
>
> Besides probe requests of saved networks, which this is not about,
> another issue could arise about if DHCP identifiers dont change in
> synchrony with the MAC address.
>
> What can be tracked:
>
> - DHCP Client ID
> - DUID (IPv6)
> - IAID
>
> ---
> NetworkManager github even mentions this and I think these lines are
> relevent since Tails handles spoofing outside of NetworkManager:
>
> https://github.com/NetworkManager/NetworkManager/blob/main/examples/nm-conf.d/30-anon.conf#L68-L79
>
> Then the other configs mentioned in the tor forum could be added in
> like `connection.stable-id=${CONNECTION}/${BOOT}` instead
> `connection.stable-id=${RANDOM}` and a few others.
>
> Best Regards, Tacticool
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://www.autistici.org/mailman/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to
> Tails-dev-unsubscribe@???.
This is a good idea and also concerning if true? I'll have to save a
connection and see whats saved in the connection profile now.
