In fairness to Apple, the feature wasn’t useless, because it did prevent passive sniffing by devices such as the above-referenced CreepyDOL. But the failure to remove the real MAC from port 5353/UDP still meant that anyone connected to a network could pull the unique identifier with no trouble.
The fallout for most iPhone and iPad users is likely to be minimal, if at all. But for people with strict privacy threat models, the failure of these devices to hide real MACs for three years could be a real problem
Are there other phones that successfully obscure the MAC when connected to WiFi networks?
It’s my understanding the Android equivalent works.
Has anyone tested or scrutinized it?
Nah.
Apple: BAD!
No need to think any further.
The researchers who discovered the issue literally checked on android.
Every Android phone running Android 10 or newer, but Android 8.0 already randomised MAC addresses for networks not associated with the devices.
networks not associated with the devices
What does that mean?
Networks not marked as trusted IIRC.
Ok but to be clear, if you were on a wifi network with a potential threat or determined observer, a unique MAC address is nice, but that alone will not nearly be enough to ‘hide’ or be unique.
Theres so much else they can use to fingerprint you across your devices these days its not even funny. Even if you’re hiding all your traffic in a VPN, theres still oh so much for a determined actor to work with.
Is there anyone who takes apple’s privacy claims seriously?
Yea, mostly people who actually read white papers and look at compliance reports.
If you want to use mainstream devices and services Apple is by far the best option for privacy, this is not up for debate, every other corporation operating in the same market spaces is worse.
My life was destroyed because of this!! -said no one ever
Fixed with ios17.1
Wasn’t this the article shared to the r/Apple sub and it exclusively negative comments about how it was a load of shit?
Not my MAC address!! Whatever will I do!