From 53cf92c39f6e5ba028795094d092dee8ae2abe9d Mon Sep 17 00:00:00 2001
From: 3hhh <tripleh@hackingthe.net>
Date: Sat, 11 Jan 2020 17:17:51 +0100
Subject: [PATCH 1/3] Update anonymizing-your-mac-address.md

Add random hostname section
---
 .../anonymizing-your-mac-address.md           | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/external/privacy-guides/anonymizing-your-mac-address.md b/external/privacy-guides/anonymizing-your-mac-address.md
index 4bad3602..afe3d5bc 100644
--- a/external/privacy-guides/anonymizing-your-mac-address.md
+++ b/external/privacy-guides/anonymizing-your-mac-address.md
@@ -71,3 +71,44 @@ Finally, shutdown all VMs and change the settings of sys-firewall, etc. to use t
 
 You can check the MAC address currently in use by looking at the status pages of your router device(s), or inside the NetVM with the command `sudo ip link show`.
 
+## Randomize your hostname
+
+DHCP requests also leak your hostname to your LAN. Since your hostname is usually `sys-net`, other network users can easily spot that you're using Qubes OS.
+
+Unfortunately `NetworkManager` currently doesn't provide an option to disable that leak globally ([Gnome Bug 768076](https://bugzilla.gnome.org/show_bug.cgi?id=768076)).
+
+You may however use the following code to assign a random hostname to a VM during each of its startup. Please follow the instructions mentioned in the beginning to properly install it.
+
+```.bash
+#!/bin/bash
+set -e -o pipefail
+#
+# Set a random hostname for a VM session.
+#
+# Instructions:
+# 1. This file must be placed and made executable as the file /etc/network/if-pre-up.d/00_hostname (owner: root) inside the template VM of your
+#  network VM.
+# 2. Execute `sudo touch /etc/hosts.lock` inside the template VM of your network VM.
+# 3. Execute inside your network VM:
+#  `sudo bash -c 'mkdir -p /rw/config/protected-files.d/ && echo /etc/hosts'"$'\n'"'/etc/hostname > /rw/config/protected-files.d/protect_hostname.txt'`
+
+
+#NOTE: mv is atomic on most systems
+if [ -f "/rw/config/protected-files.d/protect_hostname.txt" ] && rand="$RANDOM" && mv "/etc/hosts.lock" "/etc/hosts.lock.$rand" ; then
+	name="PC-$rand"
+	echo "$name" > /etc/hostname
+	
+	#from /usr/lib/qubes/init/qubes-early-vm-config.sh
+	if [ -e /etc/debian_version ]; then
+            ipv4_localhost_re="127\.0\.1\.1"
+        else
+            ipv4_localhost_re="127\.0\.0\.1"
+        fi
+        sed -i "s/^\($ipv4_localhost_re\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
+        sed -i "s/^\(::1\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
+fi
+exit 0
+```
+Assuming that you're using `sys-net` as your network VM, your `sys-net` hostname should now be `PC-[number]` with a different `[number]` each time your `sys-net` is started.
+
+Please note that the above script should _not_ be added to [/rw/config/rc.local](/doc/config-files/)) as that is executed only _after_ the network fully started.

From 46b4716ee9cb6d7de36c80d0fb8ab5c74f11201b Mon Sep 17 00:00:00 2001
From: 3hhh <tripleh@hackingthe.net>
Date: Mon, 13 Jan 2020 07:29:00 +0100
Subject: [PATCH 2/3] newline for ksh et al

---
 external/privacy-guides/anonymizing-your-mac-address.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/external/privacy-guides/anonymizing-your-mac-address.md b/external/privacy-guides/anonymizing-your-mac-address.md
index afe3d5bc..ea7a688a 100644
--- a/external/privacy-guides/anonymizing-your-mac-address.md
+++ b/external/privacy-guides/anonymizing-your-mac-address.md
@@ -90,7 +90,7 @@ set -e -o pipefail
 #  network VM.
 # 2. Execute `sudo touch /etc/hosts.lock` inside the template VM of your network VM.
 # 3. Execute inside your network VM:
-#  `sudo bash -c 'mkdir -p /rw/config/protected-files.d/ && echo /etc/hosts'"$'\n'"'/etc/hostname > /rw/config/protected-files.d/protect_hostname.txt'`
+#  `sudo bash -c 'mkdir -p /rw/config/protected-files.d/ && echo -e "/etc/hosts\n/etc/hostname" > /rw/config/protected-files.d/protect_hostname.txt'`
 
 
 #NOTE: mv is atomic on most systems

From 46e82d88934258e809e02edde4fbbdc431bc4605 Mon Sep 17 00:00:00 2001
From: 3hhh <tripleh@hackingthe.net>
Date: Wed, 15 Jan 2020 09:58:35 +0100
Subject: [PATCH 3/3] make sure the hostname is set

---
 external/privacy-guides/anonymizing-your-mac-address.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/external/privacy-guides/anonymizing-your-mac-address.md b/external/privacy-guides/anonymizing-your-mac-address.md
index ea7a688a..00bc8160 100644
--- a/external/privacy-guides/anonymizing-your-mac-address.md
+++ b/external/privacy-guides/anonymizing-your-mac-address.md
@@ -97,6 +97,8 @@ set -e -o pipefail
 if [ -f "/rw/config/protected-files.d/protect_hostname.txt" ] && rand="$RANDOM" && mv "/etc/hosts.lock" "/etc/hosts.lock.$rand" ; then
 	name="PC-$rand"
 	echo "$name" > /etc/hostname
+	hostname "$name"
+	#NOTE: NetworkManager may set it again after us based on DHCP or /etc/hostname, cf. `man NetworkManager.conf` @hostname-mode
 	
 	#from /usr/lib/qubes/init/qubes-early-vm-config.sh
 	if [ -e /etc/debian_version ]; then