NetworkManager/Privacy

From ArchWiki

Related articles

This article overviews how to configure NetworkManager to enhance privacy and security.

Configuration

Encrypted network keyphrases

By default, NetworkManager stores network keyphrases without encryption in /etc/NetworkManager/system-connections/, read only by root.

Consider setting up a keyring: GNOME/Keyring, KDE Wallet, then choose Store the password only for this user. Existing connections can be moved to the keyring from Edit > Wi-Fi Security tab, and choosing the option. This can be edited by e.g: nm-connection-editor.

On a single user machine, it is enough to set up encryption for root partition. See: Dm-crypt.

MAC Randomization

See MAC address spoofing.

Connectivity checks

You can check if NetworkManager issues automatic connectivity checks from: 

$ nmcli networking connectivity check

You can add: 

/etc/NetworkManager/conf.d/privacy.conf
[connectivity]
enabled=false

Hiding machine hostname

Currently, NetworkManager does not support a global option for disabling sending hostname. It has to be changed per connection. 

/etc/NetworkManager/system-connections/
[ipv4]
dhcp-send-hostname=false

[ipv6]
dhcp-send-hostname=false
Retrieved from "https://wiki.archlinux.org/index.php?title=NetworkManager/Privacy&oldid=804327"