Fedora 40 introduced a system-wide shift to Wi-Fi MAC address randomization, a change designed to reduce how easily your laptop or device can be tracked across different networks. Many public Wi-Fi hotspots and advertisers use your device’s MAC address—a unique identifier assigned to your network card—to monitor your movements and usage patterns. By randomizing this address, Fedora 40 aims to disrupt persistent tracking and provide users with a higher level of privacy when connecting to wireless networks. This feature is now enabled by default for Wi-Fi connections managed by NetworkManager.

This guide details how Fedora 40 implements MAC address randomization, how you can verify or adjust these settings, and what to do if you need to disable or customize randomization for specific networks.

How Fedora 40 Implements MAC Address Randomization

Fedora 40 configures NetworkManager to use a “stable-ssid” mode for MAC address randomization. In this mode, NetworkManager generates a consistent—but randomized—MAC address for each unique Wi-Fi SSID (network name). This approach means your device will appear as a different device on each network but will maintain the same randomized address for each connection, which helps with network compatibility and stable DHCP assignments. The randomization is seeded using a combination of the network’s SSID, your system’s /etc/machine-id, and other internal keys, making it unique per device and network.

How to Verify MAC Address Randomization Is Active

Step 1: Open a terminal window.

Step 2: Use the ip link command to display your current network interfaces and their MAC addresses. Look for your Wi-Fi interface (commonly named wlp* or wlan*).


ip link

Step 3: Disconnect and reconnect to a different Wi-Fi network and run ip link again. You should see a different MAC address for each SSID, confirming that randomization is working as intended.

This randomized address is consistent for each SSID, so reconnecting to the same network will use the same randomized address, but connecting to a new SSID will generate a new one.

How to Customize or Disable MAC Address Randomization

While MAC address randomization provides strong privacy benefits, there are scenarios—such as MAC filtering on home networks or enterprise environments—where you may need to revert to your device’s original (permanent) MAC address. Fedora 40 allows you to control randomization either globally or per-connection.

Method 1: Disable Randomization for a Specific Wi-Fi Connection

Step 1: Identify the connection profile name for your network using the nmcli c command.


nmcli c

Step 2: Set the cloned MAC address policy to “permanent” for your chosen connection. This ensures that NetworkManager uses your hardware’s original MAC address for that network only.


nmcli connection modify <PROFILE_NAME> wifi.cloned-mac-address permanent

Replace <PROFILE_NAME> with the actual name of your Wi-Fi connection as listed by nmcli c.

Step 3: Bring the connection down and up again to apply the change:


nmcli connection down <PROFILE_NAME>
nmcli connection up <PROFILE_NAME>

This method is recommended if you only need to disable randomization for certain trusted networks, such as your home or work Wi-Fi.

Method 2: Disable Randomization System-Wide

If you need to revert to using your device’s permanent MAC address on all networks, you can override Fedora’s default configuration.

Step 1: Create a new configuration file in /etc/NetworkManager/conf.d/ to override the system default. You can name it 90-wifi-mac-addr.conf for clarity.


sudo nano /etc/NetworkManager/conf.d/90-wifi-mac-addr.conf

Step 2: Add the following content to instruct NetworkManager to use the permanent MAC address for all Wi-Fi connections:


[connection]
wifi.cloned-mac-address=permanent

Step 3: Save the file and restart NetworkManager to apply the new setting:


sudo systemctl restart NetworkManager

After restarting, your device will use its hardware MAC address for all Wi-Fi connections. This system-wide override is useful if you experience compatibility issues with certain networks or hardware.

How to Set a Truly Random MAC Address for Each Connection

If you want your device to use a new, completely random MAC address every time you connect (not just per SSID), you can set the policy to “random” instead of “stable-ssid” or “stable.”

Step 1: Open your configuration file for NetworkManager, such as /etc/NetworkManager/conf.d/00-macrandomize.conf.

Step 2: Add or modify the following lines:


[connection]
wifi.cloned-mac-address=random

Step 3: Restart NetworkManager:


sudo systemctl restart NetworkManager

This approach maximizes privacy but may cause issues with captive portals or networks that expect a consistent MAC address for authentication.

Alternative: Using the Graphical User Interface (GUI)

Fedora’s GNOME and KDE desktops allow some MAC address configuration through network settings, but options may be limited depending on your desktop environment and NetworkManager version. In GNOME, you can:

  • Go to Settings > Wi-Fi.
  • Click the gear icon next to your network.
  • Navigate to the Identity tab.
  • Look for the “Cloned MAC address” field, where you can enter permanent, random, or stable as required.

However, some users report that the GUI may not always accept these keywords and may expect a specific MAC address format. If you encounter issues, use the nmcli command-line or nmtui (the text-based interface) for more reliable results.

Fedora 40’s default MAC address randomization significantly reduces tracking risks on public Wi-Fi while allowing flexibility for trusted or special-case networks. Regularly reviewing your settings ensures you maintain the right balance of privacy and compatibility as your needs change.