Knowledge Base / Privacy Tips

MAC Address Privacy Tips

Updated February 17, 2026 ยท 5 min read

Your MAC address can be used to track you across Wi-Fi networks. Here are practical, actionable steps to protect your privacy on every device you own.

Quick Privacy Checklist

  • Enable MAC randomization on all devices (see below)
  • Turn off Wi-Fi when you don't need it
  • Forget saved networks you no longer use
  • Disable auto-join for public networks
  • Use a VPN on untrusted networks (protects IP after connection)
  • Turn off Wi-Fi and Bluetooth scanning for location services

Enable MAC Randomization Everywhere

This is the single most impactful thing you can do. Most modern devices support it, but it may not be enabled for all networks.

iPhone / iPad (iOS 14+)

  1. Go to Settings โ†’ Wi-Fi
  2. Tap the (i) icon next to each saved network
  3. Enable "Private Wi-Fi Address"
  4. For maximum protection on iOS 18+, choose "Rotating" instead of "Fixed"
๐Ÿ’ก Tip: On iOS 18+, "Rotating" changes your private address every two weeks. Use this for public networks (cafรฉs, airports). "Fixed" is better for home/work networks where you need consistent DHCP reservations or parental controls.

Android (10+)

  1. Go to Settings โ†’ Network & Internet โ†’ Wi-Fi
  2. Tap a saved network
  3. Go to Privacy
  4. Select "Use Randomized MAC" (default on most Android 10+ devices)

Do this for each saved network โ€” the setting is per-network, not global.

Windows 10/11

  1. Go to Settings โ†’ Network & Internet โ†’ Wi-Fi
  2. Turn on "Random hardware addresses"
  3. For per-network control: select a network โ†’ toggle its random MAC setting

Note: Not all Wi-Fi drivers support this. If the option is missing, your hardware or driver doesn't support it.

macOS (Sonoma+)

  1. Go to System Settings โ†’ Wi-Fi
  2. Click Details next to your connected network
  3. Enable "Private Wi-Fi Address"
  4. On macOS 15+, select "Rotating" for public networks

Linux (NetworkManager)

Add to /etc/NetworkManager/conf.d/mac-randomize.conf:

[device]
wifi.scan-rand-mac-address=yes

[connection]
wifi.cloned-mac-address=stable
ethernet.cloned-mac-address=stable

The stable setting generates a consistent random MAC per network (best balance of privacy and usability). Use random for a new MAC every connection.

Beyond MAC Randomization

Turn Off Wi-Fi When Not In Use

Even with randomization, your device broadcasts probe requests when scanning for known networks. These probes can reveal the names of networks you've connected to before (your "preferred network list"), which is itself a fingerprint. Turning off Wi-Fi when you're not using it eliminates this entirely.

Clean Up Saved Networks

Your device remembers every Wi-Fi network you've ever connected to. Each one is a potential identifier when your phone probes for it. Regularly go through your saved networks and delete ones you no longer use โ€” especially uniquely named ones (like "JohnsHouse5G").

Disable "Automatically Join" for Public Networks

If you've connected to "Starbucks WiFi" once, your phone may auto-join any network with that name โ€” including malicious ones. Disable auto-join for all public/temporary networks.

Watch Out for Captive Portals

When you sign into a hotel or airport Wi-Fi portal, you're associating your identity (email, room number, etc.) with your MAC address โ€” even if it's randomized. The randomization only helps across different networks; once you authenticate, that network knows who you are for the duration.

Bluetooth Considerations

Bluetooth has its own address system that can sometimes be correlated with Wi-Fi MACs. Modern BLE (Bluetooth Low Energy) devices use address randomization too, but classic Bluetooth may not. Keep Bluetooth off when not in use, especially in public.

For Network Administrators

If you run a network and want to respect user privacy while maintaining security:

  • Don't rely on MAC filtering for access control โ€” use 802.1X with certificates or WPA3-Enterprise
  • Use DHCP fingerprinting cautiously โ€” it can identify device types without tracking individuals
  • Implement proper network segmentation โ€” separate guest, IoT, and corporate traffic by VLAN, not by MAC
  • Communicate clearly โ€” if your network requires a stable MAC (e.g., for DHCP reservations), tell users and explain why

The Bottom Line

MAC address privacy is mostly a solved problem on modern devices โ€” but only if the features are enabled and you practice good network hygiene. Enable randomization everywhere, clean up old networks, and stay aware of what your devices broadcast.

โ† MAC Spoofing Next: What is MACsec? โ†’