[vladvasiliu]

Don't most devices use randomized MAC addresses for Wifi nowadays? I don't have a Windows machine handy to verify, but I'm pretty sure even they do it. Not sure if it's the default, though. Ditto for MacOS.

My Linux box (NetworkManager on Arch) does it, but I don't remember whether I had to manually turn it on.

edit: according to [0], NetworkManager defaults to randomized for scanning, but not for connections.

[0] https://blogs.gnome.org/thaller/2016/08/26/mac-address-spoof...

[coldtea]

>Don't most devices use randomized MAC addresses for Wifi nowadays?

Does it help if you're one of 2 people in the Starbucks, and the other person is the one logging the IPs you visit?

[vladvasiliu]

Well, since they can't correlate the MAC with you, I don't see how it's different from the VPN provider logging and selling the IPs you visit.

[coldtea]

>Well, since they can't correlate the MAC with you

They don't have to. They see you right there.

[vladvasiliu]

But then your VPN provider can do exactly the same. It even works if there are 1000 people in the coffee shop.

[coldtea]

Yes. But not the ones who are directly targeting you there, which is the point.

[vladvasiliu]

Being targeted, as opposed to general surveillance of random people in a coffee shop, is moving the goalposts.

If you are a target, how likely is it that whoever's after you only has control over the coffee shop wifi, but not over the possibly untrustworthy VPN provider?