Source code and details: https://github.com/nikolas-trey/LANGhost
Description
LANGhost is a Linux anonymity hardening layer for systems managed by NetworkManager. It minimizes identity leakage across multiple network surfaces during connection setup, enforces privacy-focused connection configurations, and implements a fail‑closed mechanism that terminates or isolates connectivity when runtime checks detect unsafe conditions.
What it does
- Randomizes MAC policy before activation.
- Assigns a randomized DHCP hostname before activation.
- Applies a per-activation identity seed for NetworkManager-derived identifiers.
- Hardens DHCP identity behavior.
- Enables stronger IPv6 privacy behavior and stable-privacy address generation.
- Disables local discovery features that can expose system identity on managed links.
- Quarantines interfaces with tc drop filters during setup.
- Verifies runtime state after activation and triggers a kill switch on failure.
Does tails do all of this already? If not they would find this interesting. Maybe Kali too
For Tails, there’s no gap to fill because it already handles MAC randomization and DHCP hardening as part of a purpose-built amnesic system where no identity persists across sessions. Kali is a persistent, general-purpose Linux system managed by NetworkManager, which is exactly LANGhost’s target environment. Out of the box Kali does nothing special about MAC randomization, DHCP hostname, IAID, or LLMNR/mDNS. A penetration tester connecting to a client network or a hotel LAN during an engagement leaks the same identifiers any stock Ubuntu machine would. LANGhost would be a genuine improvement for that use case.