XPost: misc.phone.mobile.iphone, comp.mobile.android, alt.internet.wireless   
   From: marianjones@helpfulpeople.com   
      
   J. P. Gilliver wrote:   
   > This is the first I've heard of a "nomap request".   
      
   All the major players publish that they respect the "_nomap" request, where   
   we've been discussing the _nomap keyword on these newsgroups since, oh, at   
   least a decade or more.   
      
   As I recall, Google was forced to add it to allow people to opt out, and   
   then all the "well-behaved" entities (Apple, WiGLE, Mozilla, etc.) followed   
   suit one by one when the uproar got too high (they even had to send a   
   message to Congress, as I recall, explaining how people can opt out).   
      
   Microsoft, being Microsoft, added _optout (as did WiGLE initially), but of   
   course, it was pointed out to them you can't end with both opt out keywords   
   so it was always assumed Microsoft would accept _optout_nomap syntax.   
      
   Having said that, I went to a Christmas party yesterday where a very high   
   level Apple employee was hosting, who told me to send him the information.   
      
   I haven't received any results from the layers I contacted (not   
   surprisingly) but this Apple VP knows me extremely well so he knows I'm not   
   full of shit. Being that everyone on the mountain uses WISP, he knows Wi-Fi   
   even better than I do, so we'll find out what will happen from Apple.   
      
   I did receive responses from security researchers and Mozilla security   
   personnel, but so far I haven't heard a word from the queries I sent to   
   both Apple & Google through their privacy email mechanisms.   
      
   At this point, I feel it's criminally and ethically irresponsible for Apple   
   to have my BSSID in their WPS database given I did everything I could to   
   opt out of it.   
      
   As Chris noted, it could be they only looked at the broadcast packets   
   (which occur every 100ms or so) which don't contain the SSID - but they   
   clearly know from those broadcast packets that the SSID is hidden.   
      
   I think this is a clear case for a class action lawsuit; but I'll give   
   Apple all the information and I will require that Apple explain HOW my   
   BSSID got into their WPS database, since that will let me know if it's just   
   me or everyone who tries to opt out of Apple's insecure WPS database.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)