The amount of people who routinely spoof their own MAC when on public wifi is so minuscule to be objectively irrelevant to any mass-data-gatherer out there. Unless this becomes something that the OS can automatically randomize for you (are you listening, Apple...?), even a creative attack won’t move the needle.
Of course. (And I think Apple does/might do that?)
I'm suggesting that if we discover/think that these advertisers/trackers are using it for anything interesting, there could be some fun to be had at their expense by picking up a suitcase full of junk wifi devices, configuring them to deliberately spoof their own MAC, and visiting that airport. I think you'd only need to spend hundreds on junk devices to taint their system with tens of millions of addresses.
If there's any observable result, I think it'd be fun to do and write it up/present it at a Chaos Computing Congress (or similar) event.
