On 2021-05-15 9:30 p.m., paul wrote:
> nospam wrote on 16.05.2021 08:43
>
>> the location of a wifi access point tells you absolutely nothing about
>> who may have used that access point in the past, who is using it right
>> now, who might use it in the future or who owns the hardware.
>
> The location of home router Wi-Fi access points we are talking about here is
> your own home which is _easily_ tied to a database of who you are. Period.

Really? How?

>
> The BSSID === you. Period.

Wrong. Period.

>
> If your phone shouts out that BSSID away from home it can be traced to you.
> Period.

It shouts dozens of SSIDs if it shouts at all; probably hundreds in my case.

>
> This thread is about how to prevent that from happening.
>
> You haven't added _any_ value on how to prevent that from happening.
> Others have.
>
> I'm testing their proposals & will report back when successful.
> It's a worthwhile skill to have to protect our BSSID from interception.
>

Frank,

> I explained why it's not feasible,

No you didn't.

> but you chose to silently snip that argument.

and no I didn't.

The below is *all* I did /not/ quote from your post. Both parts because
they do not, as far as I can tell, add anything of value to what I /did/
quote from the respective paragraphs.

>> For example in our appartment building, I 'see' tens and tens
>> of SSIDs of everybodies Wi-Fi Access Points (APs).

>> An AP *can* be 'personal', but normally is not. (The *ownership*
>> of the AP might be personal', but often even that's not the case.)
>>
>> [,,,]
>>
>> [1] Except when the phone is *used as* and AP, which is a small
>> minority.

You have exactly *one* chance to clarify yourself, as I've had it upto
*there* with people who claim stuff or accuse without even bothering to show
substanciation of what they are talking about.

> So you confirm such a list doesn't exist and you've not
> explained how such a list *could* be created. Noted.

Actually, I've did the opposite on both. In the paragraph starting with "I
can /easily/ imagine"

> Remember: One can't prove a negative.

I know and am very aware of it. That is why I'm not an atheist.

> So the burden of proof - how such a list *can* be created - is on you.

Already done, in two different ways no less.- even if you refuse to
acknowledge either.

> Nope, it would *not* be enough for "one-person households",
> because you - implicitly - assume that there's enough physical
> distance between those housholds, which is often not the case -
> especially in build-up areas.

Even though I can follow your argument there, the burden of proof is now
yours. And no, your anecdotal evidence does not cut it I'm afraid.

Besides that, I thought I made clear that its not the location which binds
the device to the person, but his PII that has passed thru it.

> You can imagine all kinds of things. I prefer (technical) facts,
> logic, proof, etc.. Silly me!

You *claim* you prefer, among other stuff, logic, but when you see it you
offhandedly reject it.

And did you really expect me to hack into Googles servers to grab the
information that will convince you that it actually exists ? Or find one
of the possible other companies that might already have done it and do the
same ?

If not, what /would/ convice you ?

> And don't get me started on the 'smartness' of Google. As long
> as they can't tell the difference between multiple people using the
> same router and can't tell that I have already *bought* what they're
> advertizing, while that purchase is *recorded* in *Gmail* for crying
> out loud, they're not 'smart', but rather dumb.

All see is someone making claims without providing all the parameters (first
claim), as well as assuming that Google "can't tell" because you don't
haven't got a clue what their angle is (second claim). Not really
scientific ...

>> :-) You're conflating a certain usage with it being the /only/ usage.
>
> Explain. That comment is as clear as mud.

I already did in my previous message. Yep, again /that/ paragraph. You're
stuck on /only/ APs having BSSIDs.

> And BTW, stop snipping my arguments

No. I don't think that I will quote all of your message just because you
think - or just claim - that there is important stuff somewhere in it.
Feel free to reintroduce the missing parts in your own post though.

But than do me, or rather yourself, a favour and clarify /why/ it is so
important. Otherwise I will just do the same the next time, and than where
does that leave you ?

And oh yes : if you want to continue our conversation than I suggest you
take that chance I offered you.

Regards,
Rudy Wieser

In article <s7q75q$5tg$1@gioia.aioe.org>, paul <nospam@nospam.invalid>
wrote:

> > the location of a wifi access point tells you absolutely nothing about
> > who may have used that access point in the past, who is using it right
> > now, who might use it in the future or who owns the hardware.
>
> The location of home router Wi-Fi access points we are talking about here is
> your own home which is _easily_ tied to a database of who you are. Period.

no it can't.

> The BSSID === you. Period.

nope. it identifies the wifi access point, which is an inanimate object.

there is no registration of wifi access points, so there's no way to
know who owns it, who has connected to it in the past or who will
connect to it in the future.

> If your phone shouts out that BSSID away from home it can be traced to you.
> Period.

phones don't shout out bssids.

you are confusing bssid with ssid.

> This thread is about how to prevent that from happening.

you can't, other than shutting off the wifi access point or living
inside a faraday cage.

which one of those do you prefer?

> You haven't added _any_ value on how to prevent that from happening.
> Others have.

both false.

> I'm testing their proposals & will report back when successful.

your attempts are futile and will fail.

> It's a worthwhile skill to have to protect our BSSID from interception.

there is nothing worthwhile about it nor is anything being intercepted.

In article <s7qqbu$1fab$1@gioia.aioe.org>, R.Wieser
<address@not.available> wrote:

> You see, a SSN is worthless if you do not have access to the (gouvermental)
> DB containing your associated PII.

false.

<https://www.pcmag.com/news/heres-how-much-your-identity-goes-for-on-the-
dark-web>
For people with high credit scores, a Social Security number, birth
date, and full name can sell for $60 to $80 on the digital black
market. It may not sound like much, but for hackers, a good credit
score can fetch a nice premium.

> And as most common citizens do not
> have that access ...

the common citizens aren't the ones you have to worry about.

> And thats besides the simple fact you can easily hide
> your a SSN, just by putting something, anything over it. Which you, as
> you've already made clear, have the full intention of doing so.

that's hilarious.

no, you can't hide an ssn by "putting something, anything over it".

> And SSID on the other hand is something your phone sends out all the time
> whenever you want to be able to use a WiFi accesspoint (and possible even
> when you have disabled that - as the "assisted" in A-GPS seems to be
> overriding that setting ...)

nope. ssids are not always broadcast and a-gps is completely unrelated.

> Pretty-much the same happens when you have
> (Low Energy) BlueTooth enabled by the way.

nope. bluetooth le is entirely different.

> And as most phones nowerdays are /very/ personal (protected by biometric
> passwords and what not) that SSID might as well be burned onto your
> forehead. And yes, thats a reference to"the number of the beast".
>
> So yes, I do think that both a SSN *as well as* a SSID can be used to figure
> out a single person. With the SSID winning hands-down. And its also way
> easier to track you with. :-)

you're wrong about that too.

In article <s7quin$19e5$1@gioia.aioe.org>, R.Wieser
<address@not.available> wrote:

> > That might work somewhat (FSVSVO 'somewhat') for houses which
> > are spread over some distance, but won't work for houses in a row,
> > multi-storey houses, appartment buildings, etc..
>
> :-) Than how do you think that geolocation of WiFi accesspoints for use
> with A-GPS works ?

a-gps does not use wifi geolocation.

> No, I think its quite possible to figure out where a certain (B)SSID comes
> from. Either by just walking towards the signal, or by triangulation -
> which works as well for vertical seperation.

if you're near enough to a wifi network to be able to walk towards the
signal or trilaterate among several, then you don't need a database to
determine its location. you are *already* *there*.

> > No way to tell which SSID/AP 'belongs' to whom, at least not for
> > many/most/all of them.
>
> Sigh ... If it can be done for a SSN, why do you think its impossible for
> a (B)SSID ?

because there's no registration for wifi access points. all that's
needed is a power source.

you also continue to conflate bssid and ssid, and have now added a-gps
as part of the mix.

you are very confused.

> But yes, someone, either you yourself or someone else must have created such
> a list first.

nobody has done that because it's not possible to create a database
that links bssids to specific people.

> In the above I've already mentioned the existence of a geolocation database
> (for use by A-GPS) that will translate the SSIDs of WiFi accesspoints to a
> specific location. That would be enough for one-person households -
> stripping the "/all" an perhaps even "/most/all" from your "at least not
> for" claim ...

again, a-gps does not use wifi geolocation databases and an ssid is not
translated into a location either.

> I can also /easily/ imagine that some of the bigger companies (one of them
> starts with "G" and ends on "oogle") have created an even more extensive
> database for tracking -> ad-selling purposes, which contains the BSSIDs of
> WiFi-capable devices and whatever they got from such devices as the result
> of signing up to one or more "social media" accounts.

imagining things does not make them real.

In article <s7ru45$194j$1@gioia.aioe.org>, R.Wieser
<address@not.available> wrote:

> And did you really expect me to hack into Googles servers to grab the
> information that will convince you that it actually exists ? Or find one
> of the possible other companies that might already have done it and do the
> same ?

no hacking is required.

had you read this thread, you would have seen a post that details how
someone can make a query to google's database and obtain a location
from a bssid. it does require knowing how to write android apps, so
that probably rules you out.

one of the third party options was also mentioned several times in this
thread, which anyone can use. no android skills required.

> If not, what /would/ convice you ?

by demonstrating that you have even a slight understanding of how
things work.

so far, you have not done that.

> >> :-) You're conflating a certain usage with it being the /only/ usage.
> >
> > Explain. That comment is as clear as mud.
>
> I already did in my previous message. Yep, again /that/ paragraph. You're
> stuck on /only/ APs having BSSIDs.

you have not answered the question of what else has bssids.

here's your opportunity to demonstrate how much you know (or don't
know) about wifi.

R.Wieser <address@not.available> wrote:
> Frank,
[...]

> You have exactly *one* chance to clarify yourself, as I've had it upto
> *there* with people who claim stuff or accuse without even bothering to show
> substanciation of what they are talking about.

[...]

> And oh yes : if you want to continue our conversation than I suggest you
> take that chance I offered you.

Rudy,

I've no interest continuing this (non-)'conversation'. I tried to
bring some clarity to the confusion in this thread. But was 'rewarded'
by foul play, hostility and offense in the face of lack of knowledge/
insight/etc..

I know you're/can_be better than that, so for this thread it's EOD.

In comp.mobile.android, R.Wieser <address@not.available> wrote:
> But *WHY* is it nonsense ? I don't think you will disagree with me when I
> say that both are numbers. So *what makes the one number some much more
> special than the other one* ?

One identifies a person, the other identifies a piece of equipment in a
particular spot.

> I'm sorry ? You just told me that you would have no problem with giving us
> 20+ of the SSIDs in your neighbourhood, including your own, but directly
> after that tell us that you won't do such a thing ? I'm confused ...

I said, if I let you into my house, I'll tell you which is mine and how
to use it. At the point you are in my house, there is no need to keep
secret the location of my house.

> Also, that latter "I'm not going to post mine" has a reason. What is it ?

Think about the consequences of "I'm willing to tell everyone here what
city I live in, but not my exact location." I don't think SSID can be
used to get my exact address, but it can be used to reduce the
candidate addresses considerably.

> Is it maybe that such an SSID can be easily used to figure out
> who you are ?

It can certainly be used to figure out where I am.

> If not by the company which have stuffed milions of them in a database
> (and keeps updating them), but also have access to quite a bit more of
> your personal data thru other means ?

I'm not going to stop Apple / Google / Facebook / et al. from collecting
data on me. The best I can do is make that data as hard to use as
possible.

I wrote:
>> SSNs are "PII": personally identifiable information.
>> SSIDs are just "personal data".
>> https://techgdpr.com/blog/difference-between-pii-and-personal-data/
> I'm sorry, but could you point out where in that document you found either
> of the above (preferrably both) definitions, as I can't seem to find them

Look at the helpful table about one third of the way down. The blue
rectangle is all "Personal data". Inside it is divided into "Personally
Identifiable Information (PII)" which includes examples like

Name
Home Address
Personal identification number

And "Not PII but Personal Data under GDPR" which includes examples:

Device ID
IP addresses

> Besides the point that, as you have already made clear yourself, the
> distinguishing of them that way is razor-thin, I also disagree with your
> classification there - simply because you left stuff out.

I do recognize the device ID part is very thin, but device ID gets you
_an_ address without knowing for whom it is a _home address_.

> You see, a SSN is worthless if you do not have access to the
> (gouvermental) DB containing your associated PII. And as most
> common citizens do not have that access ... And thats besides the
> simple fact you can easily hide your a SSN, just by putting something,
> anything over it. Which you, as you've already made clear, have the
> full intention of doing so.

I think you are overly confident about what stuff is available outside
of governmental databases.

> And SSID on the other hand is something your phone sends out all the time

The device probes for all networks it knows how to join and only when
not on a network (and, of course, when wifi is enabled). That's subtly
different: _an_ address without knowing if it is a _home address_.

> Pretty-much the same happens when you have
> (Low Energy) BlueTooth enabled by the way.

I do not have Bluetooth enabled. But IMSI catchers work on a similar
principle to track cellular devices.

> And as most phones nowerdays are /very/ personal (protected by biometric
> passwords and what not) that SSID might as well be burned onto your
> forehead. And yes, thats a reference to"the number of the beast".

I don't use "biometric" anywhere. Nor do I think your leap is well
founded even if I did.

>> There are three people regularlly using my wifi network, and six
>> or so others using it sporatically. That means my wifi network will
>> not identify any particular person,
> No, you have *chosen* not to identify them. Thats something quite
> different.

Nine people with n => 9 devices that use that network. Finding one of
them does not makt it a particular person. It just narrows the field a
lot.

My car's license plate "broadcasts" its id every where I go, too. But
there are two regular drivers, so who it is can't be certain.

Elijah
------
broadcasts biometrics like height and gait just by walking down the street

In article <eli$2105171555@qaz.wtf>, Eli the Bearded
<*@eli.users.panix.com> wrote:

> > Is it maybe that such an SSID can be easily used to figure out
> > who you are ?
>
> It can certainly be used to figure out where I am.

an ssid by itself can't unless it's very unique or contains some key
identifying information, such as full name or street address.

if it's 'linksys' or some other generic default name, then it's going
to be impossible to narrow it down without additional information.

>
> My car's license plate "broadcasts" its id every where I go, too. But
> there are two regular drivers, so who it is can't be certain.

that's why photo radar and red light cameras also take a photo of the
driver.

nospam wrote on 17.05.2021 21:14

> an ssid by itself can't unless it's very unique or contains some key
> identifying information, such as full name or street address.

It's hard to tell if you understand the differences between an SSID and the
BSSID being associated with your accurate location on a public database.

Given you probably do not understand that the SSID can often be found in
butterfly hash tables, it bears repeating that your AP SSID is best kept out
of the rainbow tables commonly available on the Internet.
https://www.ethicalhackx.com/wpa-psk-rainbow-tables-download/
https://en.wikipedia.org/wiki/Rainbow_table
https://www.futurelearn.com/info/courses/identity-and-access-management-part-2/0/steps/192492
https://project-rainbowcrack.com/table.htm" rel="nofollow" target="_blank">https://project-rainbowcrack.com/table.htm
https://www.ethicalhacker.net/columns/gates/tutorial-rainbow-tables-and-rainbowcrack/
https://www.geeksforgeeks.org/understanding-rainbow-table-attack/
https://sandilands.info/sgordon/passwords-hashes-and-rainbow-tables
https://freerainbowtables.com/
https://project-rainbowcrack.com/
https://crackstation.net/
etc.

In addition to your apparent lack of knowledge about SSIDs, you also appear
to lack basic knowledge that the AP broadcast BSSID is (essentially) unique.

As are your GPS coordinates associated with your home AP SSID/BSSID pair.

Until you demonstrate basic knowledge your opinions are nearly worthless.

In article <s80n06$13qv$1@gioia.aioe.org>, paul <nospam@nospam.invalid>
wrote:

>
> > an ssid by itself can't unless it's very unique or contains some key
> > identifying information, such as full name or street address.
>
> It's hard to tell if you understand the differences between an SSID and the
> BSSID being associated with your accurate location on a public database.
>
> Given you probably do not understand that the SSID can often be found in
> butterfly hash tables, it bears repeating that your AP SSID is best kept out
> of the rainbow tables commonly available on the Internet.

as usual, you snipped to alter context.

the issue is how easy it is to identify the location and/or owner of a
particular wifi network or those who use it.

rainbow tables do not do that.

knowing the ssid does not do that either unless it contains the
person's full name or address.

there are a lot of ssids named 'linksys'. where are they? who owns them?

>
> Until I demonstrate basic knowledge, my opinions are nearly worthless.

ftfy

nospam wrote on 16.05.2021 23:29

>> The location of home router Wi-Fi access points we are talking about here is
>> your own home which is _easily_ tied to a database of who you are. Period.
>
> no it can't.

You continue to demonstrate not only your complete lack of basic knowledge
but you are mistakenly supremely confident in that complete ignorance of how
public tax records work in the United States.

Period.

Where I live any property can be looked up in public tax records available
on the net simply by going to the tax assessor's office (or tax collector)
web site.

Period.

*That property is directly associated with the owner's name, namely me.*

That you are apparently completely unaware of these basics means, in effect,
that your opinion is based on pure ignorance of the facts - and hence - your
opinion is likely nearly worthless (as a direct result of your ignorance).

Period.
>> The BSSID === you. Period.
>
> nope. it identifies the wifi access point, which is an inanimate object.

You appear to be ignorant that tax records for your home identify the owner.
In my case (and in many other cases) that owner is exactly one person - me.

> there is no registration of wifi access points, so there's no way to
> know who owns it, who has connected to it in the past or who will
> connect to it in the future.

What's shocking is you don't realize the GPS coordinates are of your home.
And that your home can easily be looked up in public tax records on the net.

The only thing not shocking is your supreme confidence of your ignorance.

As a result your opinion is nearly worthless unless you begin to demonstrate
at least a basic knowledge of how easily your name is uniquely associated
with the location of your home which itself is uniquely associated with the
SSID/BSSID/GPS/Db information many phones automatically upload, by default,
to public servers if/when you choose to broadcast your home router AP SSID.

nospam wrote on 18.05.2021 18:00

> as usual, you snipped to alter context.

You and Alan Baker are the type of people who complain about "snipping".

As Rudy already explained to people like you who complain about snipping -
it's only your lack of adult comprehensive skills which causes you to
constantly lose your train of thought in any public adult conversation.

In other words, if you complain of snipping in what amounts to a well
documented public conversation - then you lack even the most basic of
adult communication skills and hence your opinion is (almost) worthless.

> the issue is how easy it is to identify the location and/or owner of a
> particular wifi network or those who use it. \

It's trivially easy in my case.

(1) If broadcasted, the SSID/BSSID/GPS/DB is uploaded to public databases.
(2) That GPS location is uniquely tied to me in public tax records online.

That you don't appear to know this extremely basic and very public
information is worrisome as it makes your opinions (almost) worthless.

> rainbow tables do not do that.

That you don't appear to understand choosing a common home AP SSID virtually
guarantees it will be found in the public databases is also worrisome as it
also makes your opinions (nearly) worthless as a result of your ignorance.
> knowing the ssid does not do that either unless it contains the
> person's full name or address.

Again that you appear to be unable to connect the dots between your unique
SSID/BSSID/GPS/DB dataset being online and public tax records is worrisome.

Your lack of basic knowledge indicates your opinion is (nearly) worthless.

> there are a lot of ssids named 'linksys'. where are they? who owns them?

Again, your demonstrated lack of basic knowledge is worrisome because you
don't appear to comprehend that the GPS location associated with that
"linksys" SSID is uniquely tied in very many cases directly to you in public
tax records easily found on the Internet (by law, they're public records!).

What's shocking is your ignorance doesn't seem to affect your confidence.

>> Until I demonstrate basic knowledge, my opinions are nearly worthless.
>
> ftfy

You always turn into an instant child whenever you're confronted with facts.

Piet wrote on 15.05.2021 11:14

> The Old Days comprise Android 6/7 too, at least on my S6.

Frank brought up an excellent observation that the "teardrop" quick settings
tile for "Location" apparently does not (currently?) mean GPS is toggled.

Up until Frank mentioned that astute observation, I had always just figured
the swipe-down-from-the-top teardrop tile toggled the GPS radio on and off.

It had not occurred to me otherwise - but when I looked up Frank's
supposition, I found the answers in the public record to be confusingly
missing a more clear answer to what exactly toggles the GPS radio on & off.

If anyone has a clearer answer to what actually toggles the GPS radio, it
would be of interest to many of us.

Frank's supposition is that only an app can toggle the GPS radio on & off.
That may very well be true.

I didn't find a good comprehensive answer to _what_ toggles the GPS radio.

Does anyone here have better information as to what toggles the GPS radio?

In article <s80qma$11ku$1@gioia.aioe.org>, paul <nospam@nospam.invalid>
wrote:

>
> >> The location of home router Wi-Fi access points we are talking about here is
> >> your own home which is _easily_ tied to a database of who you are. Period.
> >
> > no it can't.
>
> I continue to demonstrate not only my complete lack of basic knowledge
> and complete ignorance of how
> public tax records work in the United States.

ftfy

what you call public tax records are not conveyed or indexed by an
ssid, they are not easily obtained (although not impossible) and do not
identify the occupant(s), with rental properties and businesses being
the two most obvious examples.

In article <s80sf1$1shr$1@gioia.aioe.org>, paul <nospam@nospam.invalid>
wrote:

> (1) If broadcasted, the SSID/BSSID/GPS/DB is uploaded to public databases.

who cares. there's very little someone can do with that information.

> (2) That GPS location is uniquely tied to me in public tax records online.

public records identifies the owner of the property (not the occupants)
and not part of an ssid broadcast.

in the case of businesses and many rental properties, the property
owner is not an individual.

if someone wants to look up your property records, they can do so
without knowing your ssid. all they need is a street address, and in
some cases, money.

if you want to keep yourself out of databases, you're doing it wrong.

> >> Until I demonstrate basic knowledge, my opinions are nearly worthless.
> >
> > ftfy
>
> I always turn into an instant child whenever I'm confronted with facts.

ftfy

On 2021-05-18 8:37 a.m., paul wrote:
> nospam wrote on 17.05.2021 21:14
>
>> an ssid by itself can't unless it's very unique or contains some key
>> identifying information, such as full name or street address.
>
> It's hard to tell if you understand the differences between an SSID and the
> BSSID being associated with your accurate location on a public database.

It isn't that accurate.

>
> Given you probably do not understand that the SSID can often be found in
> butterfly hash tables, it bears repeating that your AP SSID is best kept out
> of the rainbow tables commonly available on the Internet.
> https://www.ethicalhackx.com/wpa-psk-rainbow-tables-download/
> https://en.wikipedia.org/wiki/Rainbow_table
> https://www.futurelearn.com/info/courses/identity-and-access-management-part-2/0/steps/192492
> https://project-rainbowcrack.com/table.htm" rel="nofollow" target="_blank">https://project-rainbowcrack.com/table.htm
> https://www.ethicalhacker.net/columns/gates/tutorial-rainbow-tables-and-rainbowcrack/
> https://www.geeksforgeeks.org/understanding-rainbow-table-attack/
> https://sandilands.info/sgordon/passwords-hashes-and-rainbow-tables
> https://freerainbowtables.com/
> https://project-rainbowcrack.com/
> https://crackstation.net/
> etc.
>
> In addition to your apparent lack of knowledge about SSIDs, you also appear
> to lack basic knowledge that the AP broadcast BSSID is (essentially) unique.
>
> As are your GPS coordinates associated with your home AP SSID/BSSID pair.
>
> Until you demonstrate basic knowledge your opinions are nearly worthless.
>

Joerg Lorenz wrote on 14.05.2021 16:41

> You are spreading fake news.
> You are a Troll.

It's typical this Joerg Lorenz troll has never added value to any topic.
Meanwhile here's a PROGRESS UPDATE on a global solution to the problem set.

Given I'm here not only to solve all the problems but also to leverage those
solutions so that other people can also solve all the problems, here's a
quick update.

I've been testing a few different solutions for a few days.
Most of them work so now it's down to the task of honing those solutions.
https://play.google.com/store/apps/details?id=com.farproc.wifi.statIc
https://play.google.com/store/apps/details?id=com.my.wifiswitch
https://play.google.com/store/apps/details?id=de.j4velin.wifiAutoOff

Some require GPS turned on, others only require a cellular tower, while
still others don't seem to require anything other than default Android.
https://security.stackexchange.com/questions/62124/phones-broadcast-the-ssids-of-all-networks-they-have-ever-connected-to-how-can
https://android.stackexchange.com/questions/66244/wifi-scanning-for-known-networks-that-dont-broadcast-their-ssid?rq=1

For example, the simplest native solution seems to be to set "auto reconnect
turned off" which I think was what Frank had suggested (as I recall anyway).

When you're in range of your AP hidden SSID you tap "Connect to network".
When the phone goes out of range of that hidden SSID it stops trying.

*That's a supremely _simple solution_ which /seems/ to be effective.*

However, I'm installing non-root network pcap tcpdump sniffers to
doublecheck for any undesired requests of the hidden SSID from the phone.
https://play.google.com/store/apps/details?id=com.emanuelef.remote_capture
https://play.google.com/store/apps/details?id=com.evbadroid.wicapdemo
--
I'm having trouble locating this app in a canonical sourceforge package
https://www.apkmonk.com/app/jp.sourceforge.soopy.hidden.ssid.enabler/

nospam wrote on 18.05.2021 20:02

>> and complete ignorance of how
>> public tax records work in the United States.
>
> ftfy

This is how it's easy to tell you have utterly no adult education nospam.
You have no adult tools to respond to facts you simply are ignorant of.

I don't claim to be a genius but when I talk to you I cry out for mankind.
Nobody should be as ignorant as you, Joerg, Baker, Speed, Lewis, JR, are.

And yet all of you prove to be shockingly ignorant of the simplest things.

> what you call public tax records are not conveyed or indexed by an
> ssid, they are not easily obtained (although not impossible) and do not
> identify the occupant(s), with rental properties and businesses being
> the two most obvious examples.

This shows your complete ignorance as anyone with _any_ intelligence knows
these public tax records are available with a simple address look up.

It's shocking people as ignorant as you always prove to be exist.
You are supremely confident and yet you prove to be shockingly ignorant.

Worse you have no intent to ever add value to any conversation on Usenet.
Meanwhile I've solved the problem (two ways) which I'll report separately.
--
Note you said the problem can't be solved which proves again your ignorance.

*SOLVED*

I don't think I've ever had an Android problem that we didn't solve.
This is no different. Together we solve every problem we ask about.

For years we've been solving every problem we ask about here.

Since I'm a good person I always leverage the solution for others' benefit.
The solution I'm currently using turns out to be amazingly simple.

(1) On my home router I turn off SSID broadcast beacons.
(2) On my Samsung (Android 11) I set Wi-Fi to "Auto reconnect = off"

That's it.
(a) When I leave home the Wi-Fi Internet connection automatically drops
(b) When I arrive back I tap on the Wi-Fi connection to reconnect

It's really that simple.
(A) AFAIK, this prevents the SSID/BSSID/GPS/DB from being uploaded
by phones which are simply badly setup using likely default settings)
(B) And AFAIK, this prevents the phone from asking for it away from home.

i. Please check if you have the same settings on your phone
ii. Please let us know if you have the _same_ settings on your phone
iii. Note this solution works _without_ GPS or cellular being involved!

Note anyone whose intended purpose is to sniff your BSSID _will_ obtain it
at the vicinity of your home (but not from the phone when away from home).

For those who may not have these "Auto reconnect" settings, there are other
methods which also worked but which make use of cellular geofencing, e.g.,
https://github.com/SecUSo/privacy-friendly-wifi-manager
https://play.google.com/store/apps/details?id=org.secuso.privacyfriendlywifimanager
https://f-droid.org/en/packages/org.secuso.privacyfriendlywifimanager/

Note: I assume cellular geofencing is (far) more private than GPS geofencing
(for the obvious reasons) - but if you know more about this - let us know.

If you need me to test that solution for you just let me know.
--
Highly intelligent people like I am are completely different from ignorant
morons like nospam & Joerg Lorenz who aren't helpful because they can't be.

In article <s84f34$oja$1@gioia.aioe.org>, paul <nospam@nospam.invalid>
wrote:

> (1) On my home router I turn off SSID broadcast beacons.
> (2) On my Samsung (Android 11) I set Wi-Fi to "Auto reconnect = off"

....

> (A) AFAIK, this prevents the SSID/BSSID/GPS/DB from being uploaded
> by phones which are simply badly setup using likely default settings)

no it doesn't, as you've repeatedly been told.

> (B) And AFAIK, this prevents the phone from asking for it away from home.

did you check or are you wishcasting?

nospam wrote on 20.05.2021 08:33

>> (A) AFAIK, this prevents the SSID/BSSID/GPS/DB from being uploaded
>> by phones which are simply badly setup using likely default settings)
>
> no it doesn't, as you've repeatedly been told.

Look nospam, stop wasting everyone's time with your childish bullshit.
You know absolutely nothing and worse you have no purposeful intentions.

>> (B) And AFAIK, this prevents the phone from asking for it away from home.
>
> did you check or are you wishcasting?

Getting back to the solution instead of your worthless childish taunts...

Bearing in mind we almost never fail to do whatever we want to do,
I have added another simple step to the solution that others can test.

(1) At home I turn off AP SSID broadcast beacons which prevents
badly configured Android phones from uploading the SSID/BSSID/GPS/DB
by default (whether or not the SSID has the "_nomap" postfix).
(2) On my Samsung (Android 11) I set Wi-Fi to "Auto reconnect = off"
(this turns out to work surprisingly well in practice!)

In addition, today I started testing this third related switch:
(3) On the phone set "Switch to mobile data = on" which says
"Switch between Wi-Fi and mobile data automatically based on
your usage patterns and the connection quality of the current
network."

Which allows for...
"Network exceptions: Your phone will remain connected to these
networks, even if the connection is unstable"
(optional list of network exceptions)

I'm testing that third refinement setting which also has an option
"Allow individual apps to switch: Get notifications to switch apps to
mobile data when they can't connect using the current Wi-Fi network."
"Apps selected below will switch to mobile data if they're blocked
or if there's a connection problem on the current Wi-Fi network."
"Allow individual apps to switch"
(optional list of app exceptions)

As always, this solution is posted to be purposefully helpful to everyone
and as such it would be nice if others can test it out and report back
their findings. There are other options I'm also testing (such as
cellular tower geofencing) but at this time we can consider this problem
set solved.

Note this is the ONLY place on the Internet that I know of which even
knows about the intricacies we've discussed here so this is a useful
record for the future as it covers solutions never before proposed.

On 12/05/2021 05:40, paul wrote:
> kelown wrote on 12.05.2021 03:05
>
>>> Spoofing "some" MAC addresses is indeed trivial but spoofing the one AP
>>> broadcast BSSID that is clearly the main subject of this thread is decidedly
>>> not even close to trivial on most of our typical common home routers.
>>
>> The Kali Linux penetration tester will instantly display all nearby
>> SSIDs whether they're hidden or not.
>
> Let's not lose sight of what the goal is - which is to NOT have Google,
> Kismet, Wigle, Mozilla (etc) servers on the net get our home AP BSSIDs.
>
> The problem is how best to do that - where one method is to hide broadcast.

Then that's it. Problem solved.

> Keep in mind even if you add "_nomap" to your AP broadcast SSID your unique
> BSSID information is _still_ uploaded to those public servers by most phones
> because the phones can still easily "see" the broadcast BSSID information.
>
> However when you turn off the AP broadcast then it's my understanding most
> phones will not automatically upload your AP unique BSSID & GPS location to
> these public servers.
>
> That solves one problem but in reality it morphs to another problem which is
> that your phone is constantly broadcasting all the access points in its
> history. On Android (but not on iOS) you can clear this history on a case by
> case basis but then you have to set up the connection anew each time you
> wish to reconnect.

But you just said you're assuming Google is only looking for access
points in the normal way and not, for instance, seeing the BSSIDs of
hidden SSIDs. If so Google be looking for clients pinging their list of
known access points? That wouldn't tell them anything about where the
access point is anyway, just where that client is.

--
Brian Gregory (in England).

On 13/05/2021 21:08, nospam wrote:
> In article <s7jenp$1fjp$1@gioia.aioe.org>, paul <nospam@nospam.invalid>
> wrote:
>
>>
>>> what *does* stop people from accessing a network is using a complex
>>> passphrase that isn't in any of the password dictionaries.
>>
>> In case people are trying to learn something from what nospam says he needs
>> to add that the SSID should _also_ not be something that is common either.
>
> a unique ssid doesn't make much of a difference.
>

Because, presumably, if you can't have a unique SSID you can just add
some more random characters to the pass phrase and achieve the same effect.

--
Brian Gregory (in England).

Brian Gregory wrote on 21.05.2021 02:45

>> The problem is how best to do that - where one method is to hide broadcast.
>
> Then that's it. Problem solved.

I'm not sure why you said that but if you think that one step of disabling
the AP broadcast beacon solves the problem then the problem is too complex
for you to understand.

I suggest you read the thread articles and learn the technical details
because you won't be able to help anyone (least of all yourself) if you
don't understand that the issues are on the Android phone - not the router.

> But you just said you're assuming Google is only looking for access
> points in the normal way and not, for instance, seeing the BSSIDs of
> hidden SSIDs.

As I said above, you have to understand how Android works to understand the
problem set, which means you can't add any value if you haven't read the
thread.

Given you haven't read the thread, I'm going to charitably assume you're not
trolling us, which, if that's the case, then you simply don't yet know how
Android phones work when they connect to hidden SSIDs.

And that's OK.
You just need to learn more about how Android works, that's all.

Rather than repeat the problem set for you here, I simply refer you to the
opening post which described the problem set for you in sufficient detail.

> If so Google be looking for clients pinging their list of
> known access points? That wouldn't tell them anything about where the
> access point is anyway, just where that client is.

Given you don't know how Android works it probably isn't going to be
productive to correct the misconceptions in those two sentences.

My suggestion is you read the opening post which explains the problem set.
Then read the solution post, which explains the current generic solution.