From: marianjones@helpfulpeople.com
Lars Poulsen wrote:
>> Kiddo, come back when you figure out how you can identify a *specific*
>> person / household from whats in that database. *Than* you have something
>> to complain about.
>
> One use case I can think about is when the government wants to track
> you down, they know where you live. They then look up (baed on the
> geolocation what your MAC address is. But if the WiFi AP never moves,
> it still does not help them track you when you are not home.
> So yes, it does not seem very useful. But then my imagination is
> quite limited.
The research papers I listed which most have likely read by now explain the
variety of ways that access points can easily be tracked by use of the
Apple WPS implementation, but not by the Google or Mozilla implementations.
I replicated the actions of what the researched did, and by now everyone
has run the scripts so they have seen for themselves the research results.
1. modified working & tested "apple_bssid_locator.py"
2. 'bssid.bat' (looks up an AP)
3. 'bssidcompare.bat' (determines if/where the AP moved)
4. 'bssidgenerate.bat' (generates random BSSIDs to test)
5. 'bssidcheck.bat' (checks which BSSID is in Apple's insecure WPS DB)
6. 'bssidplot.py' (plots results en masse onto a map using Fermium)
7. gps:bssid results (text output directly from Apple's insecure WPS DB)
Consider these a gift of insight for those who can appreciate wisdom.
Merry Christmas!
>>:-) And what does that "network assistance" look like ? Riddle me dat
>> batman.
>>
>> Kiddo, have you *ever* stopped to think about why Apple would have spend
>> money to create that database you have been free to access and now
>> complaining about ? What's is purpose ? Can you answer me that ?
>
> A database of BSSID with location means that your phone can look up its
> location without using GPS. At least approximately, which is probably
> quite close in a city or in a suburb...
While being in Apple's (or Google's) WPS db is fine for most people,
there's a reason they publish the _nomap method for opting out of it.
And, there is a reason Google adds controls to limit what you can query.
Apple does not.
Nor does Apple respect your optout wishes.
That's what is DIFFERENT about Apple's WPS implementation from Google's.
That's a critically important distinction.
They're structured completely differently.
Which is exactly what the security researchers pointed out.
The issue here is a privacy issue in that only Apple's WPS implementation
is so insecure that it allows anyone on earth to make any number of queries
to get any number of output results at any time (as proven in this thread).
Worse, Apple refused to respect my privacy wishes even though I followed to
the letter everything Apple has published on the Internet to opt out.
The scripts in this tutorial allow anyone to replicate my results, which
itself simply replicates the research that the security experts described.
> The kind of *assisted* GPS that I am familiar with is RTK.
What I love about Usenet is we all work together, as a team, to learn from
each other, teach each other & to explore & solve problems for each other.
To that educational end, I had to look up what you had meant by RTK:
For the benefit of everyone, apparently Real-Time Kinematic is a technique
that boosts GPS accuracy from a few meters to a few centimeters by using a
nearby reference station to correct satellite errors in real time.
By comparing what the base should be receiving from satellites with what it
actually receives, it computes the errors and sends corrections. The rover
applies those corrections and gets centimeter-level accuracy, such as is
needed for surveying, precision tractors & construction projects nowadays.
Thanks for that additional information about RTK positioning systems!
Merry Christmas!
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
