Brian Gregory wrote on 21.05.2021 04:52

> Because, presumably, if you can't have a unique SSID you can just add
> some more random characters to the pass phrase and achieve the same effect.

Actually what Brian Gregory wrote is true, where he seems to understand more
about these SSIDs (in terms of publicly available hash tables) than nospam.

The 'nospam' character seems wholly unaware of how hash tables work while
Brian correctly deduced there are two elements to avoiding the danger.

(1) *Keep out of predefined hash tables (by using a unique SSID)*
(2) *Make those hash table incorrect (by using a unique passphrase)*

It should go without saying I strive for both by design, and in addition
the point of this thread is to add finesse to the privacy/security mix.
(3) *Keep out of Google's public databases (by not broadcasting a beacon)*
(4) *Prevent upload to public databases (the topic of this thread)*

And, given knowledge of how Android works, additional finesse is desired.
(5) *Prevent leakage of your SSID away from home (also this thread topic)*

All five steps have been discussed in this thread, which is intended to be
technically comprehensive (covering the topic well enough to be resolved).

In summary if you understand the problem set you'll see it's at least a five
step solution that provides you with the best security & privacy.

I'm always looking for more technical details so if you know of related
issues or unsolved problems in this area please do add as much value as you
can as we all help each other - which is what Usenet is all about.

paul wrote on 21.05.2021 15:13

> The 'nospam' character seems wholly unaware of how hash tables work while
> Brian correctly deduced there are two elements to avoiding the danger.

I should correct a minor mistake in the prior post of the summary steps.
(1) *Keep out of predefined hash tables* (by using a unique SSID)
(2) *Make those hash table incorrect* (by using a unique passphrase)
(3) *Keep out of Google's public SSID databases* (by appending _nomap)
(4) *Prevent upload to public databases* (by hiding AP broadcast beacons)
(5) *Prevent leakage of your SSID away from home* (by proper Wi-Fi setup)

On 5/10/2021 6:15:09 PM, paul wrote:
> It's just as well known that setting your own phone to that hidden SSID will
> generally cause your own phone to continually broadcast that SSID in an
> attempt to connect with the hidden SSID that it knows about.

I just saw on the Windows newsgroups that Windows 10 has a _new_ feature!
*Enable random MAC address in Windows 10 for Wi-Fi adapter*

In terms of MAC address it's "similar" (but not exactly) what has been asked
for here but the goal is to negate similar mobile Wi-Fi privacy tracking.

https://winaero.com/enable-random-mac-address-in-windows-10-for-wi-fi-adapter/
"In Windows 10, there is a new feature available for certain Wi-Fi adapters
if they support this feature. Every time you connect to a Wi-Fi network,
Windows 10 can randomize your adapter's MAC address!

This ability is interesting for those who want to avoid location tracking
based on the device's MAC (physical) address."

On 5/21/2021 8:04:28 AM, paul wrote:

> I'm not sure why you said that but if you think that one step of disabling
> the AP broadcast beacon solves the problem then the problem is too complex
> for you to understand.

This paper seems to try to explain some of the complexities involved.
*Why MAC Address Randomization is not Enough*
*An Analysis of Wi-Fi Network Discovery Mechanisms*
https://papers.mathyvanhoef.com/asiaccs2016.pdf

An interesting set of related sentences in the paper is
"Using a probe request with an SSID is the only way to discover a hidden AP"
"A device with configured hidden networks will broadcast the corresponding SSID"

They covered a little bit on how they track people using the SSID.
"iPads & Android devices broadcast the SSID when waking up from sleep"
"We show the SSID list searched by the device can be a unique fingerprint"
"Up to 36.4% of devices broadcast at least one SSID. Among these up to
64.8% broadcast a unique list of SSIDs. Therefore this list can be used
as an additional unique identifier to track devices."
"Less than 2% of devices attempted to protect their SSID anonymity"

However the paper focused almost all its effort on the unique MAC address.
"We present several novel techniques to track unassociated mobile devices"
"We show information in probe requests can be used to fingerprint devices"
"We create tracking algorithms that do not rely on unique MAC addresses"
"We show that commodity Wi-Fi devices use predictable scrambler seeds"
"We show two attacks that reveal the real MAC address of a device"

And they showed that others are already taking advantage of this data.
"Leaked documents show the NSA tracks people's cell phone location
and uses later analysis to infer relationships between people"
"Smart trash cans used Wi-Fi to track the movements of people"

Here's what they did.
"We introduce active attacks which reveal a target's real MAC address"
"This is done by creating fake APs that advertise either popular SSIDs
and/or the support of Hotspot 2.0"
"By spoofing only 5 SSIDs we were able to retrieve the MAC address of
17.4% of devices with Hotspot 2.0 uncovering 5.2% more MAC addresses"
"We thus show that all implementations of MAC address randomization fail
to provide adequate privacy"

Here's what operation systems do to prevent such attacks.
Apple added iOS MAC address randomization starting from iOS 8.
Android 6.0 uses randomization if the hardware & driver support it.
Applications requiring root privileges have existed prior to Android 6.
Microsoft supports MAC randomization since Windows 10.
Linux added MAC randomization during network scans in kernel v3.18.

BTW, they talk a lot about the lack of security in "scrambler seeds" which
if you know more about that would be helpful to learn what they mean.

On 5/13/2021 2:08:15 PM, nospam wrote:
> a unique ssid doesn't make much of a difference.

A unique SSID may even be bad if your phone asks for a unique SSID list.
*An Analysis of Wi-Fi Network Discovery Mechanisms*
http://papers.mathyvanhoef.com/asiaccs2016.pdf

"We show the SSID list searched by the device can be a unique fingerprint"

"Up to 36.4% of devices broadcast at least one SSID. Among these up to
64.8% broadcast a unique list of SSIDs. Therefore this list can be used
as an additional unique identifier to track devices."

"Less than 2% of devices attempted to protect their SSID anonymity"

On 5/13/2021 8:24:15 AM, nospam wrote:
>> MAC addresses being easily spoofed does not make MAC address filtering a
>> "waste of time", just a small incremental improvement over not
>> filtering.
>
> it's a waste of time because it doesn't stop anyone intent on gaining
> access from doing so. that 'small incremental improvement' might add a
> few seconds to the attempt, but that's about it. it's insignificant.

This says what nospam is saying.
"Even though authentication based on the MAC address is utterly insecure
(an adversary can easily spoof a MAC address), it's still used by many
systems."

*How MAC Address Randomization Works*
https://www.mathyvanhoef.com/2016/03/how-mac-address-randomization-works-on.html

android map exposes the data that Google has been collecting from virtually
all Android devices and street view cars, using them essentially as global
wardriving machines. You can use this tool to accurately locate virtually
any router in the world, as well as position iPhones and Android phones.

When the phone detects any wireless network, encrypted or otherwise, it
sends the BSSID (MAC address) of the router along with signal strength, and
most importantly, GPS coordinates up to the mothership.

This page allows you to ping that database and find exactly where any wi-fi
router in the world is located. Note that iPhones also send this BSSID and
Cell Tower Information up to Apple, as well.

You can enter any router BSSID/MAC address to locate the exact physical
location below, or try the demonstration router by hitting "Probe" below.
http://samy.pl/androidmap/

dan wrote:

> This page allows you to ping that database and find exactly where any wi-fi
> router in the world is located.

That's over a decade old "news" ...

Andy Burns wrote on 24.05.2021 05:28
>> This page allows you to ping that database and find exactly where any wi-fi
>> router in the world is located.
>
> That's over a decade old "news" ...

I don't know if you realize that saying it's old news misses the data.
Only half that is old news - the meat of that web page is as fresh as today.

The old news is _that_ web page is no longer maintained by its owner.
The current news is what that web page _says_ about the data available.

You may recall we discussed this earlier in this privacy based thread.

The fact is it's still possible to get the _same personal data_ from the
_same google database_ today. Nothing has changed about the data stored.

It's just not from _that_ web site because Google took away the guy's key.

paul wrote:

> The fact is it's still possible to get the _same personal data_ from the
> _same google database_ today. Nothing has changed about the data stored.
>
> It's just not from _that_ web site because Google took away the guy's key.

Well yes, anyone can request a google API key, poke two BSSIDs into a
json request and get back a location, that's the old news.

We had that discussion 5 years ago, assuming that the "nospam" I'm
talking to is the "arlen/alice" version of "nospam"?

<https://groups.google.com/g/alt.internet.wireless/c/-PK03bCEheM/m/oS4B_QfpGgAJ>

Andy Burns wrote on 24.05.2021 08:22

> Well yes, anyone can request a google API key, poke two BSSIDs into a
> json request and get back a location, that's the old news.

It may be "old news" but it's _current data_ since it works today.
This thread may be about an old problem but together we found new solutions.

> We had that discussion 5 years ago, assuming that the "nospam" I'm
> talking to is the "arlen/alice" version of "nospam"?
>
> <https://groups.google.com/g/alt.internet.wireless/c/-PK03bCEheM/m/oS4B_QfpGgAJ>

The new news since 2016 is Android 11 has many brand new Wi-Fi privacy based
features that protect our privacy when we follow instructions to hide the
SSID beacon on the home router AP but when we still wish to connect
seamlessly from an Android phone to that hidden beacon when we're at home.

*These brand new Android 11 automatic solutions didn't exist in 2016.*

Neither likely did some of the cellular geofencing apps I've been testing.

Even if geofencing apps did exist long ago they'd work differently given you
have to often enable Location on the later Android versions which you don't
want to do.

Luckily we found a _new_ solution to the problem which works in Android 11.

So it's the same privacy problem as it always was since 2010 or so but the
solution on Android 11 is different (luckily better) than it was then.

Andy Burns wrote on 24.05.2021 16:22
> We had that discussion 5 years ago

BTW, that was a long thread from January 29th to Feb 12, 2016 which I just
read in its entirety to see if what Andy claims is correct about it being
the same privacy problem (and solution of course - as that's what matters).

As Andy claimed, some of the information in that thread is pertinent today.

For example in that thread Andy gave an API which can reveal your location.
https://developers.google.com/maps/documentation/geolocation/overview
(all you need is two AP's near each other, perhaps on the same router)

In that thread it was shown that your location lookup is nearly real time.

And some of the information is just as "potential" then as it is today.
For example someone mused that Google probably only stores your unique
location & your unique BSSID for 30 days - but it was never verified.

Just as important - some of the information on that thread is plain wrong.
A bunch of apps suggested in that thread no longer even exist for example.

The Android level from most people there was 4 and 5 for example where I
need to point out that we're at Android 11 now - which is vastly different.

Worse in terms of time a lot of new information is _missing_ in that thread.

For example the thread never once mentions you can download from Google Play
without any Google account whatsoever - but there were lots of omissions.

And it doesn't cover the dangers of Hotspot 2.0 nor does it have anything
about the new ability to randomize MAC addresses on almost all consumer OSs.

It's a great thread though to get background fundamentals as it covers how
to access the Google API from Russia to locate a person in the USA, which is
as valid then as it is today.

But it doesn't say a _single_ word about the method here of hiding the SSID.
Nor about the ramifications of doing so and then the relevant amelioration.

If someone implemented the solutions in that thread versus those in this
thread they'd definitely have _less_ privacy than if they used this thread
(if privacy is something they cared about of course - which many don't).

The solution in this thread (hide the SSID & set the phone accordingly)
isn't even mentioned in that thread where this new solution prevents
_upload_ of your data to google servers (which is even better than having
Google remove it from their servers - particularly when we don't know which
outfits respect _nomap).

Andy Burns <usenet@andyburns.uk> wrote:
> paul wrote:
>
> > The fact is it's still possible to get the _same personal data_ from the
> > _same google database_ today. Nothing has changed about the data stored.
> >
> > It's just not from _that_ web site because Google took away the guy's key.
>
> Well yes, anyone can request a google API key, poke two BSSIDs into a
> json request and get back a location, that's the old news.
>
> We had that discussion 5 years ago, assuming that the "nospam" I'm
> talking to is the "arlen/alice" version of "nospam"?
>
> <https://groups.google.com/g/alt.internet.wireless/c/-PK03bCEheM/m/oS4B_QfpGgAJ>

Oh dear! Forgot all about that one (and 'Alice J'). Apparently time
flies even when you're *not* having fun!

On 5/24/2021 12:21:17 PM, Frank Slootweg wrote:

> Oh dear! Forgot all about that one (and 'Alice J'). Apparently time
> flies even when you're *not* having fun!

You were in that thread as ignorant then as you remain ignorant today.
It was clear you didn't care about privacy then and you openly said so.
It was just as clear you wished to remain ignorant of privacy then, as now.

Ignorant people (especially those ignorant on purpose) can't help anyone.
What value do you add to _any_ conversation on privacy on the net Frank?

You don't.
You won't.
You can't.

Just like you just proved here.
Let's see if your _next_ post adds on topic value to the thread topic.

Ignorant people like you, Frank, have _never_ added any value on privacy.
You prove it every time you post.

Prove me wrong, Frank... with your _next_ post.
Add on topic thread value for once, Frank.

Do I need to be more clear that your purposeful ignorance is what prevents
you from ever adding any value to the topic of privacy on a cellphone?

Or do I need to be more explicit?

Dean Hoffman <deanhofman@clod.com> wrote:
> On 5/24/2021 12:21:17 PM, Frank Slootweg wrote:
>
> > Oh dear! Forgot all about that one (and 'Alice J'). Apparently time
> > flies even when you're *not* having fun!
>
> You were in that thread as ignorant then as you remain ignorant today.

[Rest of inane rant deleted.]

Maybe you should speak to 'paul'!? *He* thanked me for my
contributions in *this* very thread!

That's the problem with socks. Sooner or later they stop talking to
eachother. Or is the socks-owner's memory *completely* shot!?

BTW, I found out why you had to enable 'Wi-Fi scanning' in order to be
able to enable 'Turn on Wi-Fi automatically' and I didn't. But since I'm
apparently 'ignorant', I won't bother you with my findings.

On 5/24/2021 1:25:20 PM, Frank Slootweg wrote:

> BTW, I found out why you had to enable 'Wi-Fi scanning' in order to be
> able to enable 'Turn on Wi-Fi automatically' and I didn't. But since I'm
> apparently 'ignorant', I won't bother you with my findings.

Actually this is true that you found that Samsung automatic setting.
So I apologize first and then YOU should apologize (IMHO).

Cause & effect.
You act like an asshole - I'll point that out.
You act like an adult - I'll point that out too.

How I respond to YOU depends 100% on how you respond to me, Frank.
I'm a mirror of your asshole/attitude.

You were the asshole; not me.
However you weren't _always_ an asshole in this thread, as you noted.

First I apologize that you _did_ try to add value to the topic of this
thread (it turned out not to be useful but it _could_ have been useful).

(The reason it turned out not to be useful is it required Wi-Fi scanning.)

However, even so, I agree with you that it was _relevant_ to the topic.
In fact I agree with you that it _added_ value to the topic.

Very few people _can_ add value Frank.
Extremely few.

Like fewer than 10 on this entire group can add any value.
The rest bullshit (like Joerg Lorenz does for example).

It's important to stress this because people like nospam & Joerg _never_ add
any value to any topic (because they have no good bones in their bodies).

They won't add value.
They can't add value.

Every time they post they _subtract_ value.
As you did with your post that I had responded to Frank.

Even so, I agree that I reacted too strongly to your subtractive rant.
I should have ignored your worthless post instead of calling you out on it.

However I had just read that 2016 thread where you did the same, Frank.
In fact _all_ your posts in the 2016 thread were of absolutely no value.

You claimed that you didn't care about privacy and you proved it.
You claimed that you wanted to be ignorant of privacy and you proved it.
Your intentional ignorance in _that_ 2016 thread was shockingly astounding.

I am _always_ trying to expand our technical capabilities Frank.
People like Joerg who are simply trying to subtract value bother me, Frank.

Your post _subtracted_ value Frank.
You believe that people like Joerg who post under their nym add value simply
by using their post - which is why you will remain ignorant of many things.

The nym is meaningless Frank.
If you think it is then you're proving to be as ignorant as Joerg is.

The only thing Joerg _can_ talk about is the nym.
Same with Rod Speed. Same with Jolly Roger.

They're all so ignorant that the nym is the _only_ thing they care about.
They couldn't add value to any technical topic Frank.
And they prove it every single time they post.

They're all utter morons (and Rod Speed is worse in that he has more nyms
than anyone here which is well known so he's a moron & duplicitous).

At least I stick to my goals of (a) adding value & (b) leveraging solutions.

You proved that your post subtracted value.
But you also proved that in one post in this thread you added value.

So you're _not_ as completely worthless of a human being as they are.
It's just the post which I had responded to which was completely worthless.

BTW, *wait until _you_ get believable death threats on the net from the
likes of these sicko people above that you have to report to the FBI (and
which the FBI took seriously enough to discuss with me multiple times)
before you pass judgment on my desire for privacy.

If you want to claim they don't do that then ask me for the evidence because
I sent it all to the FBI and I'll send it to you too. Don't be ignorant.

Dean Hoffman <deanhofman@clod.com> wrote:
> On 5/24/2021 1:25:20 PM, Frank Slootweg wrote:
>
> > BTW, I found out why you had to enable 'Wi-Fi scanning' in order to be
> > able to enable 'Turn on Wi-Fi automatically' and I didn't. But since I'm
> > apparently 'ignorant', I won't bother you with my findings.
>
> Actually this is true that you found that Samsung automatic setting.
> So I apologize first and then YOU should apologize (IMHO).
>
> Cause & effect.
> You act like an asshole - I'll point that out.
> You act like an adult - I'll point that out too.
>
> How I respond to YOU depends 100% on how you respond to me, Frank.
> I'm a mirror of your asshole/attitude.
>
> You were the asshole; not me.

I was responding to Andy, not to you. If even such an innocent
response gets you all riled up, you should stay away from Usenet.
Period.

Anyway, if anyone who has a different opinion/viewpoint is an
'asshole', then by definition you're an 'asshole' as well. Can't have it
both ways.

Now with the unneeded hostilities out of the way:

> However you weren't _always_ an asshole in this thread, as you noted.
>
> First I apologize that you _did_ try to add value to the topic of this
> thread (it turned out not to be useful but it _could_ have been useful).
>
> (The reason it turned out not to be useful is it required Wi-Fi scanning.)

Before you dismiss it - as a potential solution for *you* - I think
you should investigate what *exactly* 'Wi-Fi scanning' does. It seems
you assume it does some kind of broadcasting, but scanning isn't the
same as broadcasting.

Additional note: AFAICT, you are concerned about your phone using
Location services, but in Android (at least 10/11, at least on Samsung
devices), you can set which apps can use your device's location and
which can not.

There are 3 categories: 'ALLOWED ALL THE TIME', 'ALLOWED ONLY WHILE IN
USE' and 'DENIED'.

Only 'ALLOWED ALL THE TIME' is a concern, because I assume you know
what you're doing and don't start an app in the 'ALLOWED ONLY WHILE IN
USE' category when you don't want it to use your device's location.

On my phone, there are only 3 apps in the 'ALLOWED ALL THE TIME'
category: Bixby Voice, Google and (Google) Maps. Bixby Voice (not used
by me) can't be set to another category. 'Google' can only be changed to
'Deny' (fine by me) and (Google) Maps can be set to any category and to
'Ask every time'.

Bottom line: No app has to be allowed to use your device's location if
you don't want to.

Given that conclusion is 'Wi-Fi scanning' still a concern to you? If
so, why?
two, I could easily put them in one of the other categories if I wanted.

> However, even so, I agree with you that it was _relevant_ to the topic.
> In fact I agree with you that it _added_ value to the topic.

[...]

Back to the unneeded hostilities:

> Even so, I agree that I reacted too strongly to your subtractive rant.
> I should have ignored your worthless post instead of calling you out on it.

'subtractive rant' is a laughable qualification in the face of your
subsequent response, which indeed *was* a rant and an inane one at that.
And yes, you should have ignored my post.

[Misrepresentation of 2016 thread deleted.]

> At least I stick to my goals of (a) adding value & (b) leveraging solutions.

Dont't forget (c) inane ranting about things/people which/who you
don't like for some reason or another.

If you didn't do (c) all the time, you would have much less problems.
You did manage to do that for some months. What changed?

On 5/25/2021 5:53:18 PM, Frank Slootweg wrote:

> I was responding to Andy, not to you. If even such an innocent
> response gets you all riled up, you should stay away from Usenet.
> Period.

I apologize if I misquoted you.
And I apologize that this response is looooong.

I wrote it from my heart, Frank.
Because I like you.
And because I care about people who are good people.
(I don't give a shit about bad people.)

I'm _different_ from most people on Usenet Frank.
I'm _different_ from most people in real life, Frank.

I'm purposefully helpful and I'm always correct on my facts.

And I go well out of my way to provide gory details so people have _all_ the
information they need Frank so that they too can do what I can do.

I go out of my way to help people on Usenet Frank.
And I go out of my way to be accurate in detail on Usenet Frank.
And I answer all serious questions with very good detailed responses Frank.

I'm _different_ from those assholes like nospam & Joerg & Alan Baker.
They're purposefully unhelpful.

They're on Usenet purely for their own sicko amusement.
I'm not.

Given I try so hard to help others - those assholes irk me the most.

> Anyway, if anyone who has a different opinion/viewpoint is an
> 'asshole', then by definition you're an 'asshole' as well. Can't have it
> both ways.

It's Usenet Frank.
You and I have been here since the very beginning.
To me what happens on Usenet is water under the bridge.

If Alan Baker suddenly gained a hundred IQ points, I'd be respectful to him.
If nospam ever said the truth, I'd be respectful to him.
If Joerg Lorenz or Jolly Roger or Lewis ever said something an adult would
say, I might even be respectful to them (don't cross your fingers).

But if someone wants to be an asshole - I am an instant asshole back.
If they want to be respectful and helpful - I'm as helpful as anyone can be.

I'm a mirror Frank.

What's different about me is I provide many detailed working solutions.
My solutions work. And I provide proof they work. And my facts are correct.
I'm different that way than almost everyone on Usenet Frank.

What irks me are people like nospam whose facts are almost never correct.
(they must live in a cesspool of idiots given they believe what they claim)

Unhelpful people like nospam say they have a solution when they don't.
People like Alan Baker just make up everything they claim on Usenet.
That bothers me that people that stupid can even exist.

They must live in a cesspool of idiots if they believe what they say.

Then you have the pure ignorant assholes like Joerg or JR or Lewis.
They're nothing but pure asshole like a black hole that radiates nothing.
(Yes, I'm well aware of Hawking Radiation but go with the analogy.)

Anyway, Usenet is a river & a mirror to me.
Anything you say I may remember but it's water under the bridge.
I reflect your intent of the post that I'm responding to.

I'm a mirror Frank.
If you are an asshole first - then I'm an instant asshole back.
But if you're NOT an asshole first - then I'm perfectly civil to you.

Think mirror Frank.
It's never me who throws the first punch.
It's always you (or someone else).

And I punch back.
Simply because I _care_ about people getting their answers to the question.

For example, you claimed this SSID is old news but there's new information.
Maybe you can't find any new information but trust me - the solution is new.

And that's what I'm here for on Usenet.
Solving my technical issues and solving others' technical issues.

>
> Now with the unneeded hostilities out of the way:

This is Usenet Frank.
Usenet is water under the bridge Frank.
If you're _not_ first an asshole to me - I'm not an asshole back.

>
>> However you weren't _always_ an asshole in this thread, as you noted.
>>
>> First I apologize that you _did_ try to add value to the topic of this
>> thread (it turned out not to be useful but it _could_ have been useful).
>>
>> (The reason it turned out not to be useful is it required Wi-Fi scanning.)
>
> Before you dismiss it - as a potential solution for *you* - I think
> you should investigate what *exactly* 'Wi-Fi scanning' does. It seems
> you assume it does some kind of broadcasting, but scanning isn't the
> same as broadcasting.

You are probably correct. I don't understand what "wifi scanning" does.
What I do NOT want anything to do is upload nearby SSIDs to the mother ship.
That's mostly what I fear when I get anywhere near a radio setting.

If it's only passive (ie if it only receives signals but never uploads them
to the mother ship) then I'm fine with a radio having more input methods.
>
> Additional note: AFAICT, you are concerned about your phone using
> Location services, but in Android (at least 10/11, at least on Samsung
> devices), you can set which apps can use your device's location and
> which can not.

As you seem to be well aware, my concern is _always_ privacy & courtesy.
Courtesy means it's not only my privacy, but privacy of everyone around me.

I don't want my phone uploading nearby access point information to the
mother ship any more than I want my phone uploading my contacts which
contain names and addresses of my friends, family, and neighbors or photos
of their family, or anything else that is considered personal information.

I'm always about privacy and part of that is not being rude to everyone
around me by NOT uploading their private radio information to the Goolag.

I have Android 11 now on a Samsung A series as do you (and I have another
phone with Android 10 but I'm not using it anymore, just as I'm no longer
using any of my iPads - as the new phone is better than all of them).

As for setting which apps can use location services on Samsung Android 11
I have a shortcut set to Settings > scroll > Location > App permissions
Allowed all the time = none
Allowed only while in use = some
Ask every time = few
Denied = many

I'm not at all worried about an specific app obtaining the location though.
What I'm mostly worried about is Google's sneaky methods of uploading that
location data (which often is accompanied by clever wording on their part).

As long as any app doesn't _upload_ location data to the goolag, I'm fine.
I'm probably more sensitive than anyone you know to this data leakage.
>
> There are 3 categories: 'ALLOWED ALL THE TIME', 'ALLOWED ONLY WHILE IN
> USE' and 'DENIED'.

Actually I have four categories but we agree as we both have Samsung A
series phones (yours is better but mine were all free) on Android 11.

>
> Only 'ALLOWED ALL THE TIME' is a concern, because I assume you know
> what you're doing and don't start an app in the 'ALLOWED ONLY WHILE IN
> USE' category when you don't want it to use your device's location.

I wasn't clear so I apologize that my concern is never that an app has
access to location information.

What I'm concerned with is that apps and the mother ship have clever ways of
asking you to upload information to _them_ that I don't want to fall for.

For example, and this is just an example of the trend, they often ask if you
want to improve how the app works or if you want to improve their data
collection or if you want targeted ads "for your benefit" or some other
sneaky way to get you to _upload_ information to their servers.

I want to be clear so I will repeat that I'm not in the least worried about
an app that gathers data but that doesn't _upload_ that data to the net.

Of course a flashlight app that gathers GPS data should be suspect but
within reasonable bounds I expect a location-based app to gather data.

I just want to be squeaky clean about _not_ uploading private inforamtion to
the net, where you must be well aware most people willy nilly upload all our
radio information the phone gathers to a variety of mother ships without
even blinking.

What worries me is that Google has been caught more than once secretly
gathering this data on the mother ship so I want to be doubly sure they
don't get that data from me.

When I see "Improve accuracy", in general I shudder just as if I had seen a
coiled up rattlesnake. First off GPS accuracy is just fine. I can't imagine
why, in open driving, anyone would even need better accuracy than five
meters or so. And I'm not an urban dweller so I don't need the kind of
accuracy wifi might get me as I walk through a mall (as if I visit malls).

I don't want need accuracy from WiFi or Bluetooth, and I'm afraid if I allow
it that the data can be uploaded without me knowing it to the mother ship.

If I was sure the data would never be uploaded to the mother ship I _might_
be persuaded to turn it on - but even then I can't imagine why, when
driving, I need more than 5 meter accuracy that GPS alone gives me already.

On 2021-05-26 11:16 p.m., Dean Hoffman wrote:
> On 5/25/2021 5:53:18 PM, Frank Slootweg wrote:
>
>>   I was responding to Andy, not to you. If even such an innocent
>> response gets you all riled up, you should stay away from Usenet.
>> Period.
>
> I apologize if I misquoted you.
> And I apologize that this response is looooong.
>
> I wrote it from my heart, Frank.
> Because I like you.
> And because I care about people who are good people.
> (I don't give a shit about bad people.)
>
> I'm _different_ from most people on Usenet Frank.
> I'm _different_ from most people in real life, Frank.
>
> I'm purposefully helpful and I'm always correct on my facts.

LOL!

Oh... ...wait... ...were you trying to be sincere?

LOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOLLOLOLOLOLOLOLOLOL

Take a look at what recently unredacted documents show for location privacy
https://www.androidpolice.com/2021/05/30/court-documents-show-google-intentionally-hid-privacy-controls/

Specifically page 14 of this PDF which discussed specifically that
Google tracking was so good that people would be "surprised"
(which, to Google, was _not_ a good thing at all!) how good it was!
https://www.azag.gov/sites/default/files/2021-05/Berlin_Exhibit_69.pdf

Example 1:
Person lives in a shared house. Has opted his phone out of Google location
(phone is anonymous). Opens Google Maps. Suddenly Google maps has
house-level accurate location. User is left wondering: How does Google know
my location? I thought I said no location tracking?

Example 2:
iOS user in same shared house. Goes to google.com and says "I don't want
google.com to use my location" a few days before. But yet, we _do_ know
exactly their location and we _can_ use it. User is left wondering: What?
I thought I told Google it was not allowed to use my location?

VanguardLH wrote:

>> How do you automatically turn off your WiFi broadcast when away from
>> home?
>
> https://play.google.com/store/apps/details?id=de.j4velin.wifiAutoOff&hl=en_US&gl=US
>
> There are apps that will toggle wifi on/off based on your phone's
> connection with a particular cell tower, its GPS location, time of day,
> and so on.
>
>> It's well known setting your home router ap to a hidden SSID doesn't
>> aid in security but where it helps is by not broadcasting the SSID
>> most foreign Android phones won't upload your SSID, BSSID, GPS and
>> Signal Strength to Google servers (regardless of whether or not you
>> added_nomap at the end of all your access point SSIDs as keyword
>> filtering is not done on those foreign Android phones).
>>
>> It's just as well known that setting your own phone to that hidden
>> SSID will generally cause your own phone to continually broadcast
>> that SSID in an attempt to connect with the hidden SSID that it knows
>> about.
>>
>> It's also well known that it's advantageous to security to have a
>> unique SSID (coupled with a non-dictionary passphrase) such that your
>> hash won't (hopefully) be found in butterfly hash tables available
>> throughout the net.
>>
>> It's a catch-22 that you can't win but you can perhaps ameliorate
>> somehow.
>> 1... If you don't hide your SSID it gets uploaded to Google servers
>> 2... If you hide your SSID it gets broadcast by your phone looking for
>> it
>>
>> How do you ameliorate that second problem of your own phone seeking it?
>> (assuming you hide it to keep your SSID from being uploaded to Google)
>>
>> Is there an app which will turn off the WiFi based on no connection to
>> the AP SSID for a given period of time (perhaps for a quarter of an hour)?
>

> Don't know which phone you use.

On Android 11 for a hidden network there is an auto reconnect = yes:no
On Android 10 for a hidden network, I don't see any "Autoreconnect" option.
<https://i.postimg.cc/SNd2618w/hiddennetwork01.jpg>

How do you add that Wi-Fi "Autoreconnect = yes:no" to Android 10?

On Android 10, the "Settings > Network & internet > Wi-Fi" setup says:
If your router is not broadcasting a newtwork
ID but you would like to connect to it in the
future, you can set the network as hidden.
Hidden Network = Yes
This may create a security risk because your
phone will regularly broadcast its signal to
find the network.

On Android 11, it doesn't bother with the lecture since it provides the
option to turn off the "Autoconnect" option (which solves that problem).
How do you add that Wi-Fi "Autoreconnect = yes:no" to Android 10?
--
Sometimes on Usenet you can find people who know more than you do.