By term7 in MacOS Privacy

SpoofMAC

A MAC address uniquely identifies your device to each new network it connects to. MAC addresses can therefore be used to track your location as you move between WiFi networks and Bluetooth receivers. We show you how to randomize your devices MAC addresses every time you reboot your computer!

SpoofMAC

"The MAC address is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized."

The Hitchhiker's Guide to Online Anonymity

The MAC address of a device is a unique identifier hard-coded into its physical network components. Every computer or phone can be uniquely identified by the MAC address of its network interfaces—such as Ethernet, Wi-Fi, and Bluetooth. This makes the MAC address an excellent tool for tracking the owner of a device over time.

Your device needs a MAC address to connect to any Network Interface Controller (NIC). That means administrators of public Wi-Fi networks—like those in libraries, airports, or cafés—can always see your MAC address and associate it with your device. This allows for passive tracking, even if you're not logged into any specific account or service.

MAC addresses are regularly collected and stored by various systems:

  • Wireless router logs record the MAC address of every device that connects. These logs typically include timestamps for events like authentication, association, and disconnection—providing a detailed record of when and where a device was present.
  • Radio-frequency tracking systems, designed to monitor human movement via their wireless devices, use MAC addresses to track individuals in real-time. These systems are often deployed in places like shopping centers, museums, transportation hubs, and even city streets, providing data on movement patterns and consumer behavior.

Retailers often use MAC address tracking for targeted advertising, but the implications go much further. MAC addresses can also be leveraged for government surveillance. For example, documents leaked by NSA whistleblower Edward Snowden revealed that Canada's spy agency CSEC illegally used MAC addresses collected from passengers connected to airport Wi-Fi to track thousands of devices for days after users left the airport.

Moreover, MAC addresses are not random. The first six digits form the Organizationally Unique Identifier (OUI), which identifies the manufacturer of the device's chipset. This means hackers can sometimes use the OUI to guess which exploits might work against a specific device model.

Why You Should Care

To protect your privacy:

  • Always enable MAC address randomization (most modern devices offer this setting).
  • Turn off Wi-Fi and Bluetooth when you're not using them.

While MAC addresses are unlikely to be used to directly hack your computer, they are routinely used to track you, often without your knowledge.

MAC Address Tracking Countermeasures

SpoofMAC

The only effective way to mitigate MAC Address Tracking is to switch off Wi-Fi and Bluetooth whenever you don't use it and to randomize your MAC addresses!

However, on macOS, you cannot change your MAC address via System Settings. Despite this, many tutorials online suggest using Terminal commands to do it manually.

To open Terminal, either:

  • Press  + SPACE and type Terminal,
  • Or go to Applications → Utilities → Terminal.

We attempted to change our MAC address using these command-line methods—but on newer macOS versions, they no longer seem to work. A few years ago, however, we successfully used this method on an older MacBook, which is why we’re still including it here. It also highlights just how tedious the process is.

1) Turn off Wi-Fi, either via the Control Center, or with the following command:

# Turn off Wi-Fi:networksetup -setairportpower en0 off

2) Use the following command to generate a new, random MAC address:

# Generate random MAC Address:openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'

3) Select the generated hexadecimal MAC address and press Command + C to copy it.

4) Enter the following command, paste the copied MAC address at the end using Command + V , then press Return:

# Change your MAC Address:sudo ifconfig en0 ether

5) When prompted, enter your Mac’s admin password and hit Return.

6) You can either turn Wi-Fi back on through the Control Center, or use this command:

# Turn off Wi-Fi:networksetup -setairportpower en0 on

You should now have a new, temporary MAC address. However, this change only lasts until your next reboot. Once your Mac restarts, the original MAC address will be restored. That means you’ll need to repeat these steps every time before connecting to the internet if you want to remain untracked.

As you can see, it should be possible to change or spoof your device’s MAC address, but on macOS, the process is tedious and more difficult than it should be. On our test machine (MacBook Pro – Intel, Late 2019, running macOS Sequoia), these manual commands did not work at all. And even if you do manage to successfully change your MAC address manually, the change is temporary - your original MAC address will be restored after every reboot.

This is where SpoofMAC comes in.

SpoofMAC is an open-source tool originally written in Python by GitHub user Feross, designed to make it quick and easy to change your computer’s MAC address via the command line.

With a small configuration tweak - such as adding a LaunchDaemon - you can even automate SpoofMAC to randomize your MAC address on every reboot, making it significantly harder to track or fingerprint your device based on its MAC address.

"I made SpoofMAC because changing your MAC address in Mac OS X is harder than it should be. The biggest annoyance is that the Wi-Fi card (Airport) needs to be manually disassociated from any connected networks in order for the change to be applied correctly. Doing this manually every time is tedious and lame."

Feross Aboukhadijeh / Maker of SpoofMAC

SpoofMAC: Manual Setup

Randomize your Wi-Fi MAC Address

Follow this step-by-step guide if you want to learn how to install SpoofMAC and set up a LaunchDaemon that automatically randomizes your MAC address every time you start your Mac. If you prefer a faster, automated setup, use our ready-to-go script instead: SpoofMAC: Interactive Script

INSTALL SPOOFMAC:

We don’t use the original Python-based version of SpoofMAC, but instead rely on a more recent version that uses npm for installation and execution.

To manage dependencies, we use MacPorts. If you don’t have MacPorts installed on your system yet, please follow our MacPorts installation guide before continuing with the SpoofMAC setup.

1) Install dependencies:

sudo port install npm10

2) Enter your password when prompted.

3) Use npm to install spoof:

 sudo npm install spoof -g

That’s it — SpoofMAC is now installed on your system! You can now use SpoofMAC anytime directly from the command line to change or randomize your MAC address as needed.

HOW TO USE SPOOFMAC:

List all usage instructions:

# Usage Instructions:spoof --help

List all available devices and their respective MAC addresses:

# List devices:spoof list

List only wi-fi devices and their respective MAC addresses:

# List Wi-Fi devicesspoof list --wifi

Randomize your MAC address using the hardware port name. This requires root access.

Important: You must switch off Wi-Fi first, otherwise the command will fail.

# Turn off Wi-Fi:networksetup -setairportpower en0 off
# Randomize Wi-Fi:sudo spoof randomize wi-fi

Set your device’s MAC address to a specific value. This requires root access. In this example, we use 00:0C:29:54:B6:3D.

Important: You must switch off Wi-Fi first, otherwise this command will fail.

# Turn off Wi-Fi:networksetup -setairportpower en0 off
# Set specific Wi-Fi MAC address:sudo spoof set 00:0C:29:54:B6:3D wi-fi

Reset device to its original MAC address (requires root):

# Reset Wi-Fi:sudo spoof reset wi-fi

CREATE LAUNCHDAEMON:

We want to set up a global LaunchDaemon that automatically spoofs your computer’s Wi-Fi MAC address every time it boots or reboots.

The command we want macOS to execute at startup is:

# Randomize Wi-Fi:sudo spoof randomize wi-fi

Since a LaunchDaemon runs with administrator privileges, we don’t need to use sudo, but we must use absolute paths to all executables in the script.

To begin, navigate to the system’s LaunchDaemons directory and create the .plist file:

Open a command-line editor like nano:

sudo nano /Library/LaunchDaemons/info.term7.spoof.mac.plist

Then copy and paste the following lines into the file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>info.term7.spoof.mac</string>
	<key>ProgramArguments</key>
	<array>
		<string>/opt/local/bin/node</string>
		<string>/opt/local/bin/spoof</string>
		<string>randomize</string>
		<string>en0</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>

Press [control] + X and then Y + [ENTER] to save the file and close the editor.

Next, configure the required ownership and permissions:

# Ownershipsudo chown root:wheel /Library/LaunchDaemons/info.term7.spoof.mac.plist
# Permissionssudo chmod 644 /Library/LaunchDaemons/info.term7.spoof.mac.plist

Finally, to activate automatic Wi-Fi MAC address randomization, start the LaunchDaemon with this command:

# Start LaunchDaemonsudo launchctl load /Library/LaunchDaemons/info.term7.spoof.mac.plist

Congratulations! SpoofMAC is now up and running. From now on, every time you restart your computer, it will automatically randomize your Wi-Fi MAC address.

Uninstall SpoofMac

the manual way...

1) Unload the LaunchDemon:

# Unload LaunchDemonsudo -u $(stat -f '%Su' /dev/console) launchctl unload /Library/LaunchDaemons/info.term7.spoof.mac.plist

2) Delete the LaunchDemon:

# Delete LaunchDemonsudo rm /Library/LaunchDaemons/info.term7.spoof.mac.plist

3) Uninstall spoof:

# Uninstall spoofsudo npm uninstall spoof -g

SpoofMAC has been purged from your system.

SpoofMAC: Interactive Script

Setup SpoofMAC interactively

Both our interactive script and speedy install script install SpoofMAC and set up a LaunchDaemon that runs automatically every time you boot up your computer. We also provide a simple uninstall script in case you ever want to remove everything cleanly.

BE CAREFUL: YOU SHOULD ALWAYS LOOK THROUGH THE CONTENT OF ANY SHELL SCRIPT YOU DOWNLOAD FROM AN UNKNOWN SOURCE BEFORE YOU EXECUTE IT! MAKE SURE IT IS SAFE TO EXECUTE!

WE HOST OUR SCRIPTS FOR EVERYONE TO SEE ON CODEBERG.

To run our script, you first have to download it. Open the Terminal.app (found with Spotlight: press and [SPACE], then type Terminal, or find it in your Applications -> Utilities Folder). In your Terminal, use this command to navigate to your Downloads Folder:

cd ~/Downloads

Download the interactive script:

# Interactive Scriptcurl -O https://codeberg.org/term7/MacOS-Privacy-and-Security-Enhancements/raw/branch/main/04_SpoofMAC/script/install_SpoofMAC.sh

Download the speedy install script:

# Speedy Install Scriptcurl -O https://codeberg.org/term7/MacOS-Privacy-and-Security-Enhancements/raw/branch/main/04_SpoofMAC/script/SPEEDY-INSTALL_SpoofMAC.sh

If you ever want to uninstall SpoofMAC, download our uninstall script:

# Uninstall Scriptcurl -O https://codeberg.org/term7/MacOS-Privacy-and-Security-Enhancements/raw/branch/main/04_SpoofMAC/script/UNINSTALL_kill-siri.sh

Give the respective file execute permissions:

chmod +x *SpoofMAC.sh

Execute the respective script:

./install_SpoofMAC.sh
./SPEEDY-INSTALL_SpoofMAC.sh
./UNINSTALL_SpoofMAC.sh

If asked, enter your administrator password and hit [ENTER] and follow the instructions. Your password won't be shown by default.

PREVIEW:

MacOS-Privacy-and-Security-Enhancements
Executables to enhance MacOS Privacy and Security
Codeberg.orgterm7

guerrill.art

All content on term7.info is free and open source.

We encourage you to copy, adapt, share and re-distribute!