XPost: alt.comp.os.windows-10, comp.mobile.android   
   From: marianjones@helpfulpeople.com   
      
   Help!   
   How do we get Apple to care about privacy for entities who own APs?   
   i. People   
   ii. Companies   
   iii. Governments   
   Basically, everyone in the world is affected by Apple's WPS privacy policy   
   not being respected by Apple and by Apple's highly insecure WPS structure.   
      
   Here are the facts as documented by independent researchers:   
      
   Apple's WPS implementation has been described as highly insecure.   
   It behaves differently from standard WPS implementations.   
   Researchers have shown that anyone can collect Apple's entire WPS database.   
       
      
   Because of those claims, I tested the situation myself:   
      
   a. I modified publicly available open-source code   
      and confirmed the researchers' findings.   
        
      
   b. I located my own BSSID-despite using the _nomap suffix-in Apple's   
      WPS database.   
        
      
   c. Mozilla, for example, says they'll honor the hidden SSID or the _nomap.   
          
       "Mozilla's client applications do not collect information   
       about WiFi access points whose SSID is hidden or ends with   
       the string '_nomap' (e.g. 'Simpson-family-wifi_nomap')."   
      
   But not Apple.   
      
    A. Apple has stated in writing to me that they do not intend to respect   
      the opt-out flag even as it is clearly Apple's published privacy policy:   
          
       "The owner of a Wi-Fi access point can opt it out of   
        Apple's Location Services ¡X which prevents its location   
        from being sent to Apple to include in Apple's crowd-sourced   
        location database ¡X by changing the access point's SSID (name)   
        to end with '_nomap.' For example, 'Access_Point' would be   
        changed to 'Access_Point_nomap.'"   
      
    B. Google also documents the use of "_nomap" suffix to opt out:   
          
       "To opt out, change the SSID (name) of your Wi-Fi access point   
       (your wireless network name) so that it ends with '_nomap.'   
       For example, if your SSID is '12345,' you would change it   
       to '12345_nomap.'"   
      
    C. What's different is Google's WPS doesn't make the entire database   
       available to everyone (including me!) in the with no oversight!   
        *Surveilling the Masses with Wi-Fi-Based Positioning Systems*   
           
      
   Those points are factual and easily verifiable.   
      
   My view is that keeping millions of access points in an insecure, globally   
   accessible database, especially when the owners have opted out following   
   Apple's own privacy policy, is legally, morally & ethically dead wrong.   
      
   Apple's recent written response to me only reinforces that privacy concern.   
      
   I need help though, from the users, in how to make Apple change the policy   
   to be privacy friendly since this action by Apple (of not respecting users'   
   opt out wishes and making the database available to everyone in the world   
   with no restrictions) is the antithesis of what Apple "says" they stand   
   for.   
      
   Any ideas to get Apple to do what they say they do when it comes to   
   supporting consumer, corporate and government privacy?   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)