You know when you go to coffee shop or school and connect to their free internet, they can watch you. Yes, they watch your device because every computer have a unique number. It is call MAC address. It is like your computer ID card. If you use same MAC address, the router know it is you again and again. They can track where you go and what time you connect. This is very bad for your privacy because some bad companies sell this data. But we can fix this. I will show you how to tell NetworkManager to change your MAC address automatically. NetworkManager is the software that control internet in most Linux computers like Ubuntu, Fedora, or Arch Linux. We will make it use random MAC for wifi and stable MAC for cable internet.
First, we must understand what is this MAC address. MAC mean Media Access Control. It is a physical address that is hardcoded inside your network card when the factory make it. Every phone, laptop, and even smart fridge have one. When you send any data to the air or cable, this number is in the packet. The wifi router see this number and say, “Ah, this is the boy with the black Asus laptop again!” Even if you use VPN, they still know it is your same laptop because VPN only hide your IP address, not your MAC address. VPN works on Layer 3 of network, but MAC address is on Layer 2. So the router see your MAC address before your VPN even start to encrypt things. That is why we need to change it.
Now I show you how to make it automatic. You do not need to install complex tools. NetworkManager already have this feature, but it is turned off by default. We just need to write a small configuration file to turn it on. I will explain step by step.
Step 1 is to open your terminal. You can press Ctrl+Alt+T on your keyboard to open it.
Step 2 is to write the configuration file. We will use a command called tee with sudo because this file must go to system folder. If you do not use sudo, the system will say permission denied because it is protected folder. Run this command in your terminal:
sudo tee /etc/NetworkManager/conf.d/00-cfg-mac-rand.conf > /dev/null <<'EOF'
[connection-mac-randomization]
ethernet.cloned-mac-address=stable
wifi.cloned-mac-address=random
EOFLet me explain what this file mean. The first line [connection-mac-randomization] tell NetworkManager that we want to change how it handle MAC addresses for connections. The second line ethernet.cloned-mac-address=stable is for your wired cable connection. We use stable here. Why we use stable and not random? Because when you plug cable, you are usually at home or at school desk. At home, your router might give you same IP address every time because of your MAC address. This is call DHCP reservation. If we use random MAC for cable, your home router will think you are a new device every time you plug the cable. It will get confused and might run out of IP addresses or block you. The stable setting means NetworkManager will generate a fake MAC address, but it will keep using this same fake MAC address every time you connect to that specific wire. It is fake, but it is consistent for that connection.
The third line is wifi.cloned-mac-address=random. This is the most important part for wifi. It tell NetworkManager to make a completely fresh, random MAC address every time you connect to a wifi network. When you go to Starbucks, you get a fake MAC. When you go to library, you get another different fake MAC. Nobody can track your laptop across different places because your MAC is always different.
Step 3 is to restart the NetworkManager service. If you do not restart it, NetworkManager does not know you created this new file. It will keep running with old settings. Run this command to restart it:
sudo systemctl restart NetworkManagerWhen you run this, your internet will disconnect for two seconds. Do not worry, it is normal because the service is reloading. It will connect back automatically.
Step 4 is to verify if it is working. We want to be sure that our MAC is actually changed. You can use this command to check:
nmcli -f GENERAL.HWADDR,GENERAL.CLONED-HWADDR dev show wlan0 2>/dev/null || nmcli connection show --activeSometimes your wifi card is not call wlan0. It can be call wlp3s0 or something else. If the first part of command does not show anything, the second part will show your active connections. To find your real interface name, you can write this command:
ip link showLook for something that start with w like wlan0 or wlp2s0. If you see your interface name, you can check the active MAC address with this command:
ip link show wlan0Replace wlan0 with your actual wifi interface name. In the output, look for the word ether followed by some numbers and letters like a1:b2:c3:d4:e5:f6. That is your current MAC address. If you disconnect from wifi and connect again, or connect to a different wifi, you will see this number changes. That means it is working perfectly and you are safe from tracking.
I must tell you about some problems that can happen. Sometimes, public wifi has a portal page. You know, the web page where you must click “Accept terms” or type your room number in a hotel. This is called a captive portal. These portal pages remember your device by your MAC address. If your wifi disconnects because of bad signal, and NetworkManager reconnects, it might generate a new random MAC. If it does, the hotel wifi will think you are a new device and make you login again. This can be very annoying.
If this happens, you can change the setting for that specific wifi network. You do not need to delete the config file we made. You can just open your network settings GUI, go to the wifi network settings, and look for “Cloned MAC address” option. You can set it to “Default” or “Preserve” for that specific hotel network so it does not change while you are there. Once you leave, the global settings we made in our file will still protect you on other networks.
Another thing is some old wifi cards do not support MAC randomization. If your wifi card is very old, maybe from ten years ago, the driver might crash or fail to connect when NetworkManager tries to change the MAC. If your wifi stops working after you do this tutorial, you can easily delete the file we created. To delete it, write this command:
sudo rm /etc/NetworkManager/conf.d/00-cfg-mac-rand.confAnd then restart the service again:
sudo systemctl restart NetworkManagerYour system will go back to how it was before, using your real hardware MAC address. But for most modern laptops, this feature works with no issues and keeps your device private.
To conclude this, hiding your real MAC address is a very good step for your privacy when you carry your laptop outside your house. We created a simple configuration file for NetworkManager that automatically gives us a random MAC for every wifi network we use, and a stable fake MAC for our ethernet cables so we do not mess up home network settings. It is very easy to do and does not slow down your internet speed at all.