XPost: alt.comp.os.windows-10, alt.comp.microsoft.windows, alt.c   
   mp.os.windows-11   
   From: marianjones@helpfulpeople.com   
      
   R.Wieser wrote:   
   >> The fundamental issue is Apple is not respecting their legally binding   
   >> policy to allow people like me (who care about privacy) to opt out of WPS.   
   >   
   > As long as that BSSID is not openly linked to you, the person, than there is   
   > no privacy issue present.   
      
   Since I have already posted a half dozen security research papers and   
   articles that expressly claim otherwise, you're entitled to your own   
   opinion which isn't backed up by a single security researcher on earth.   
      
   The research shows that BSSID + geolocation enables inference attacks,   
   movement tracking, and household identification even without explicit   
   personal identifiers. That's why every major security researcher treats   
   Wi-Fi geolocation databases as sensitive.   
      
   This isn't a matter of your opinion; it's documented in the literature.   
      
   > Also, I take it you have disabled the "A" part of your device(s) A-GPS* ?   
      
   It's disconcerting that you've said that since it means you don't   
   understand the problem set to even the most basic level.   
      
   For those lurking and learning, this isn't what people like Rudy think it   
   is, since A-GPS has absolutely nothing directly to do with any of this.   
      
   A-GPS is simply a method for a phone to speed up its own location fix using   
   network assistance. It has nothing to do with whether Apple collects and   
   republishes the geolocation of privately owned Wi-Fi access points.   
      
   The vulnerability documented in the research applies to every access point,   
   regardless of whether the owner uses A-GPS, GPS, or no smartphone at all.   
      
   So the A-GPS question is a separate topic and doesn't address the issue   
   under discussion.   
      
   >   
   > * If not, your smartphone asking Apple for the coordinates of nearby BSSIDs   
   > gives your own location away.   
      
   You perhaps didn't read the security research which explained the   
   vulnerability has nothing directly to do with using Apple products.   
      
      *EVERYONE with any access point is affected.*   
      
   There are over two billion APs alone in Apple's WPS database (according to   
   the security research which you must have read by now, haven't you?).   
      
   > As for your "legally binding policy" claim ?:   You have claimed facts *way*   
   > to often to believe you without having hard evidence for it.   
      
   Apple has a published privacy rule.   
   Apple admits that they violated it.   
      
   Those are facts. They're not opinions.   
   You not knowing the facts doesn't mean there isn't proof.   
      
   It just means you have a very strongly held opinion which nobody on the   
   planet who understand how the system works would agree with you.   
      
   Certainly no security researcher on the planet would agree with you.   
      
   > And you misssed the whole point (but whats new).   
      
   The existence of other privacy risks doesn't justify ignoring this one.   
      
   Opt-out mechanisms exist precisely so individuals can control how their   
   infrastructure is used. Apple published a policy promising that AP owners   
   could opt out, and the research shows they did not honor that policy.   
      
   That's the issue being discussed.   
   It's not a matter of opinion. It's a matter of fact.   
      
   > you are throwing so much   
   > data around that you can't control and even *need* to throw around   
   > (smartphone) that removing that BSSID and its coordinates from a database   
   > doesn't really help.   
      
   Personal remarks don't change the technical facts, and worse, if you think   
   my behavior changes anything in Apple's WPS system, you're dead wrong.   
      
   The issue is not my behavior, my phone settings, or my credibility.   
      
   The issue is Apple's documented collection and redistribution of Wi-Fi   
   access point locations, including those belonging to people who explicitly   
   opted out.   
      
   The security research is publicly available, peer-reviewed, and independent   
   of me personally. If you disagree with the findings, the appropriate   
   response is to address the research itself, not the messenger of research.   
      
   Read it before repeating you don't believe in the security research, Rudy.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)