XPost: alt.comp.os.windows-10, alt.comp.microsoft.windows, alt.c
mp.os.windows-11
From: marianjones@helpfulpeople.com
Andy Burns wrote:
>> The research papers I listed which most have likely read by now explain the
>> variety of ways that access points can easily be tracked by use of the
>> Apple WPS implementation
>
> But people don't care if APs can be tracked, unless *they* can be
> associated with specific APs.
Hi Andy,
I'm simply informing you and others on this newsgroup of this problem set.
And I'm asking for solutions (in another thread) for resolving the problem.
I know you're intelligent and well informed, and I realize you're trying to
make the point that carrying an access point in your pocket doesn't mean
the access point is you, but my point is that being able to easily track it
from anywhere in the world means anyone can essentially atrack you.
Or, um, er... specifically they can track that which is in your pocket.
Your point may be you can leave your pants at someone else's house, and, in
that case, it's really allowing the tracking of the location of your pants.
Especially since the GPS location is as accurate as it is for tracking us.
To prove how easy it is to track anyone's movements from place to place,
I'm setting up these three routers to prove that I can easily be tracked:
I'm going to simulate renting an apartment (flat to you in the UK) in Palo
Alto at a friend's house who works for Google & then I'm going to "move" to
an apartment in Cupertino (to simulate my movements over the next month).
From: Marian
Newsgroups: alt.comp.os.windows-10,comp.mobile.android,alt.internet.wireless
Subject: Help! How do we get Apple to care about privacy for entities who
own access points?
Date: Tue, 23 Dec 2025 23:42:17 -0700
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID: <10ig209$29kr$1@nnrp.usenet.blueworldhosting.com>
My tests will prove that Apple's WPS implementation is the antithesis of
everything that Apple "says" they stand for, in terms of my privacy, in
that anyone in the world can track my movements tied to my use of APs.
Also note that Apple themselves can track any device that uploads the
router AP location information, but that flaw is NOT my concern today.
If I were to summarize my main issues, I would say that they are:
1. Apple's WPS implementation is vastly different than all others
3. Apple has no limits on who can obtain & track BSSID locations
2. Apple does not follow their own public privacy policy
This has nothing whatsoever to do with whether you own or use Apple
products as it affects every entity who manages any Wi-Fi access point.
That's not only basically every home and apartment/flat in the developed
world, but also many businesses, hospitals, government agencies, etc.
The research papers noted Apple's WPS allows easy tracking of smartphones
in hotspot mode, portable travel routers, IoT gadgets, delivery robots,
drones, vehicles with embedded Wi-Fi modules, buses, trains, and rideshare
vehicles with onboard Wi-Fi (and individual Starlink devices also).
Apparently, even Starlink terminals could be tracked if their Wi-Fi BSSIDs
are collected by nearby Apple devices.
That's because these all broadcast stable identifiers, so their movement
patterns can be reconstructed just like a person's. The tracking risk goes
far beyond fixed home routers.
Apple's WPS implementation makes it trivial to track billions of APs.
I already proved that (just try the FOSS scripts that I modified).
As for whether or not people care that they're being tracked, I care.
That's all that matters. I know more about privacy than most people do.
And I care about privacy.
But I am not the only one in the world who cares about privacy, Andy.
If people didn't care, then Mozilla wouldn't need this opt-out policy.
"Mozilla's client applications do not collect information
about WiFi access points whose SSID is hidden or ends with
the string '_nomap' (e.g. 'Simpson-family-wifi_nomap')."
If I didn't care, then I wouldn't need to follow Apple's opt-out policy.
"The owner of a Wi-Fi access point can opt it out of
Apple's Location Services - which prevents its location
from being sent to Apple to include in Apple's crowd-sourced
location database - by changing the access point's SSID (name)
to end with '_nomap.' For example, 'Access_Point' would be
changed to 'Access_Point_nomap.'"
The University of Maryland paper "Surveilling the Masses with Wi-Fi-Based
Positioning Systems" shows that Apple's WPS (the Wi-Fi Positioning System
used by iPhones, Macs, and many apps) can be queried at massive scale to
retrieve the physical locations of Wi-Fi access points worldwide.
All I did was reproduce what the researchers said was easily possible.
And I proved that it is trivial for anyone in the world to do.
I'd put these in the sig but you said you don't look at sig references.
*Surveilling the Masses with Wi-Fi-Based Positioning Systems*
Cybernews: *Anyone can tap into your WiFi location data to track you*
explains how Apple's WPS can be exploited for mass surveillance.
Cybersecurity News: *Hackers Can Abuse Apple's Wi-Fi Positioning System*
details the University of Maryland study showing global tracking risks.
Dark Reading: *Apple Geolocation API Exposes Wi-Fi Access Points Worldwide*
notes that researchers could query hundreds of millions of APs in days.
Krebs on Security: *Why Your Wi-Fi Router Doubles as an Apple AirTag*
describes how Apple's data was used to track billions of devices globally
Register: *Apple Wi-Fi Positioning System open to global tracking abuse*
covers the academic paper "Surveilling the Masses with Wi-Fi-Based
Positioning Systems" by Erik Rye and Dave Levin
--
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
