Obviously a generic hostname is advisable, but in practice, there are limited other solutions available at present. One is to turn off any protocols that are not strictly necessary and which leak hostnames, particularly when insecure places are visited. This reduces the attack surface, but is impractical for certain protocols; for example, DHCP is necessary for Internet connectivity and many services depend on protocols such as mDNS. Another option is to use different hostnames for different purposes, rather than relying on a global hostname - this option is available on some OSes. Ultimately, a randomized hostname protocol is necessary to protect privacy, similar to methods utilized for MAC addresses.
What is a randomized hostname protocol?
Do kicksecure randomize it?
I don’t know any of any OS’s that randomize the hostname?
Are you sure your not getting confused with containerization?
Yes, there is a debate on if sending the hostname or not makes you more unique.
TailsOS doesn’t send the hostname to mitigate “DHCP hostname leaks” but arguably sending a more generic hostname may look more normal.
I think MAC randomization should come with it enabled by default like Graphene already does.
Like @suse211213 mentioned about Qubes enabling it by default it could be implemented like they do.
Shipping it enabled by default and adding a patch to the Calamaris installer to disable the config file at install could also be another route.
However idk what that has to do with hostname randomization but it could be possibly added to Kicksecure depending on implementation.
Besides DHCP what else sends your hostname?
What sandboxing or containerization could mitigate it other then virtual machines?
SSH doesn’t send the devices MAC Address at most it might send the hostname but good info about using network namespaces that might be useful for something in Kicksecure.
As far as I understand the issue related to
MAC randomization breaks root server and VirtualBox DHCP / IPv6PrivacyExtensions might be problematic
I believe they are referring to Installing Kicksecure as the OS on VPS server.
In this case I think Kicksecure should just NOT randomize Ethernet MAC addresses by commenting it out. Reason being most servers are wired in especially VPS, if you look at any server rack they aren’t going to be using wireless as that would create too much cross talk and you wouldn’t get optimized speeds.