Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Private Network Addresses - dislike default of ON

While I applaud Apple for implementing the concept of private MAC addresses where they change each time you re-connect to a WiFI network, I must say that as a network manager, having the default be on, when there has been no notification/widespread communication of this, is a mess.


I operate my networks (and will continue to operate) all of my networks with recognized MAC addresses. If I don’t recognize a device MAC address, then you won’t get an IP address assigned. I realize this is not a 100% secure approach, but it is one piece of a total security picture. As such if my network does not recognize your MAC address you are not allowed to join the network (or will be booted off). This means every Apple device user (including me!) will be disadvantaged until they turn off private address for my SSIDs.


I believe Apple should have either made the default OFF, or at least asked the user to confirm if s/he wanted to enable private addresses on each WiFI network already stored on the Apple device.


I know I am just one person, but this has made a mess for network managers trying to protect the security of their network. And I notice the MAC addresses assigned are not even in the same range.


While I applaud Apple’s efforts to protect our privacy, and it is one of the main reasons that I myself actually purchase and recommend Apple devices, I am not impressed with this feature’s launch/deployment.


Regards.

iPad Pro 12.9-inch, 3rd Gen, Wi-Fi, Cell

Posted on Oct 5, 2020 9:41 AM

Reply
Question marked as Top-ranking reply

Posted on Oct 5, 2020 9:54 AM

I fully understand your comments.


Have you ever heard of MAC Spoofing? It’s trivial to accomplish - and effectively circumvents access controls based upon basic MAC ACL or filtering. MAC Addresses alone is not sufficient to identify a trusted network client.


You, like anyone else, are free to implement whatever access control that meets your needs - and you will not be alone in using this outdated and ineffective control measure. Apple chooses to default its settings to those which offer greater security and privacy; as such, this explains the behaviour for which you express apparent dislike.


Apple do welcome constructive feedback, comments and feature requests via their product feedback pages:

Feedback - iPad - Apple


In case you’ve not come across this page, here are Apple’s recommended security settings for your WiFi Network and Router:

Recommended settings for Wi-Fi routers and access points – Apple Support

2 replies
Question marked as Top-ranking reply

Oct 5, 2020 9:54 AM in response to TrainsRus

I fully understand your comments.


Have you ever heard of MAC Spoofing? It’s trivial to accomplish - and effectively circumvents access controls based upon basic MAC ACL or filtering. MAC Addresses alone is not sufficient to identify a trusted network client.


You, like anyone else, are free to implement whatever access control that meets your needs - and you will not be alone in using this outdated and ineffective control measure. Apple chooses to default its settings to those which offer greater security and privacy; as such, this explains the behaviour for which you express apparent dislike.


Apple do welcome constructive feedback, comments and feature requests via their product feedback pages:

Feedback - iPad - Apple


In case you’ve not come across this page, here are Apple’s recommended security settings for your WiFi Network and Router:

Recommended settings for Wi-Fi routers and access points – Apple Support

Private Network Addresses - dislike default of ON

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.