XPost: alt.comp.os.windows-10, comp.mobile.android, misc.phone.mobile.iphone   
   From: marianjones@helpfulpeople.com   
      
   Carlos E.R. wrote:   
   >> Regarding Frank's assessment that hiding the SSID and putting _nomap on the   
   >> SSID "makes one suspect"... Suggesting that opting out makes you 'suspect'   
   >> flips the logic. In a system where consent is assumed unless you opt out,   
   >> taking the opt-out step is the rational, privacy-protective choice.   
   >   
   > Yes, but it also signals "I have something to hide!". It makes you   
   > "interesting".   
      
   I never disagree with any sensibly valid point of view, so people never   
   waste their time when they bring up a counterpoint with me, as I do   
   understand what your're saying but we have to look at the scale of consent.   
      
   There must be millions upon millions of people who do not consent to   
   tracking, even as there must be billions who consent to tracking their AP.   
      
   So I understand your point of view which is that every person who hides   
   their SSID is more interesting, to some people, than those who do not hide   
   their SSID. Likewise with everyone who opts out of tracking with the   
   "_nomap".   
      
   Yet, both are well known to be the classic way to not consent to tracking.   
          
       "Mozilla's client applications do not collect information   
       about WiFi access points whose SSID is hidden or ends with   
       the string '_nomap' (e.g. 'Simpson-family-wifi_nomap')."   
      
   So if I'm "interesting" for opting out of consent for tracking, then there   
   must be a gazillion other ways I opt out from browser cookies to the TSA.   
      
   To wit, I recently traveled to Germany where TSA in the USA wanted to take   
   my photo at the beginning of the security check. I refused.   
      
   They looked at me. They said "fine". They compared my face to my ID.   
   That was it.   
      
   I guess my face isn't all that interesting. :)   
      
   >> 3. A data broker can infer that the Johnsons moved across the country.   
   >>     Advertisers could target them with "new homeowner" services ads.   
   >>     A stalker or abusive ex could quickly discover their new address   
   >   
   > Yes, but there are other information avenues that give away that   
   > information to the public. Starting with the Johnsons talking on   
   > twitter. The mobile phone will also notice and register this information   
   > (gps), and it will be at least available in aggregate form.   
      
   Sure. There's a reason, for example, that I turn off bluetooth on my phone   
   when I enter a store. People are tracked by ways they don't even know.   
      
   >> The paper by Erik Rye & Dave Levin tracked BSSIDs over a year, where they   
   >> mention that Apple doesn't seem to be scrubbing old BSSIDs out of the db.   
   >> "we were able to track BSSIDs longitudinally over the course of a year"   
   >   
   > Ok   
      
   I think the problem here that the security researchers outlined, is that   
   Apple's WPS is far more dangerous than the other WPS implementations.   
      
   The main reason is Apple allows anyone to make any number of queries.   
   And, Apple allows anyone to obtain millions of BSSIDs in a few days.   
      
   NOTE: I am aware the Apple trolls will claim that "I" must prove what the   
   researchers said by writing those scripts, but I don't want to track people   
   and I'm not a security researcher who gets paid to do it.   
      
   I just ask the Apple trolls to come up with a single security researcher   
   who agrees with their point of view that Apple's WPS is perfectly designed.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)