[jascii]

That really is the difference between "proven secure" vs "not proven insecure", which would you consider best practice? As far as fingerprinting WiFi devices goes: It is an rf device and all rf devices vary in behaviour due to component tolerances. This shows in such things as spurious emissions, power variations across its transmission spectrum, oscillator drift, etc, etc. These are fairly easy to detect remotely. One example is shown in this paper: https://www.cs.ucr.edu/~zhiyunq/pub/infocom18_wireless_finge...

[Godel_unicode]

That paper states that the accuracy could be as high as 95%. Apple has sold over a billion iOS devices with WiFi radios in them. I'll let you Google the base-rate fallacy for yourself, and decide if that risk is worth it.

Edit: make that over 2 billion

Edit: also, "proven secure" is impossible.

[jascii]

The paper is only one such method, there are countless and these methods have been in documented use in signal intelligence since at least WW2, combined your accuracy increases. And this is on top of all the other known methods of fingerprinting network devices.. Besides, most of the time you only care whether the same device was used, 95% gives you a lot of certainty. Within propper constraints "proven secure" certainly is possible.