They are watching DHCP Discover option 55. The device tells the server what options it expects to receive, and different vendors and device ask for different options or ask for them in a different order, and they are fingerprinting that.

Cisco also describes the tactic: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116235-configure-ise-00.html

The fingerprints are viewable at https://github.com/karottc/fingerbank/blob/master/dhcp_fingerprints.conf - it is more specific than a mac vendor but not extremely anti-privacy, anybody watching firewall logs will know an iPhone connected pretty easily too.

You need to say more than that about what your concern is, especially on devices configured for Mac randomization and other privacy features.

Aruba is looking at the dhcp traffic and inferring information about the device. The device is not sending all of this data.

Bundling it means Firefox is guaranteed to be there on a default install, so you can look up documentation and get online or pass through a captive portal. Fedora also tends to prefer their own flatpak repository over flathub although that might be changing.

The Firefox official flatpak on flathub plays videos fine. It can even use vaapi if you install that.

Maybe stuff like this starts getting those “I’ve got nothing to hide” people to think a little more about privacy.