XPost: alt.comp.os.windows-10, alt.comp.microsoft.windows, alt.c   
   mp.os.windows-11   
   From: marianjones@helpfulpeople.com   
      
   R.Wieser wrote:   
   >> I'm simply informing you and others on this newsgroup of this problem set.   
   >   
   > And I'm informing you that you have dreamed up a problem where none exists.   
   >   
   >> And I'm asking for solutions (in another thread) for resolving the   
   >> problem.   
   >   
   > Maybe you should start with clarifying the problem, instead of having us   
   > guess what you think it might be.   
   >   
   >> but my point is that being able to easily track it from anywhere in the   
   >> world means anyone can essentially atrack you.   
   >   
   > Ehhh....  If someone can do "x" that someone can essentially do "x" ?   Yeah   
   > duh!   
   >   
   > But as I already explained to you and you refused to respond to, from whats   
   > in that database you can only track a *random* person.  Which, as I   
   > mentioned earlier, is useless.   
   >   
   >> To prove how easy it is to track anyone's movements from place to place,   
   >> I'm setting up these three routers to prove that I can easily be tracked:   
   >   
   > You still don't get it, do you.     You are still working your way backwards   
   > from the answer (you know what your BSSID is)  to the question (find your   
   > BSSID and read your own location next to it).   Anyone can do that.   
   >   
   > Doing it the other way around however ...   
      
   Hi Rudolph!   
      
   Thank you for your opinion, which I appreciate given I was shocked when,   
   after reproducing the published research methods, that Apple was not   
   respecting their own published privacy policy on how to opt out of their   
   public WPS system that anyone in the world can access at will.   
      
   Lest you claim "I don't get it", it's important to reiterate that the   
   insecurity of Apple's Wi-Fi Positioning System (WPS) isn't speculative.   
   It's not an opinion as it's documented in peer-reviewed research. The   
   recent paper "Surveilling the Masses with Wi-Fi-Based Positioning Systems"   
   (Rye & Levin, 2024) demonstrates that Apple's WPS API can be queried at   
   scale to reconstruct large portions of the global Wi-Fi map, including   
   access points that the querier has never observed.   
      
   The entire database is open to everyone, as you've already seen when you   
   ran the scripts I so kindly provided for you in this very thread prior.   
     1. modified working & tested "apple_bssid_locator.py"   
    2. 'bssid.bat' (looks up an AP)   
    3. 'bssidcompare.bat' (determines if/where the AP moved)   
    4. 'bssidgenerate.bat' (generates random BSSIDs to test)   
    5. 'bssidcheck.bat' (checks which BSSID is in Apple's insecure WPS DB)   
    6. 'bssidplot.py' (plots results en masse onto a map using Fermium)   
    7. gps:bssid results (text output directly from Apple's insecure WPS DB)   
      
   The key point is that Apple's WPS endpoint returns hundreds of nearby   
   GPS:BSSIDs pairs for any submitted BSSID, not just the one requested.   
      
   The researchers claimed that behavior allows iterative expansion, which,   
   listed in its simplest form (as described) is:   
    a. Query any BSSID (it can be known, or random)   
    b. Receive up to ~400 nearby BSSIDs   
    c. Query the "edge" BSSIDs   
      
   Repeat until you have the entire database of GPS:BSSID pairs (which is   
   trivial to do, and we proved that. It simply costs 120GB of disk space).   
      
   This is exactly the technique the researchers used to walk outward across   
   cities and continents. I simply proved to Chris that it's trivial to do.   
      
   The researchers claimed you can easily track when those GPS:BSSID pairs   
   have moved to a new location, which I also proved was trivial (my script   
   looked for changes of 100KM or more - but any distance is feasible).   
      
   The researchers claim a simple public map shows the building address where   
   that GPS:BSSID pair was before and after it was moved, and I proved that.   
      
   To verify the behavior the researchers claimed was the behavior all of us   
   can trivially observe, I modified the open-source apple_bssid_locator tool   
   so that it requests the full result set (return_single_result = 0) and logs   
   all returned BSSID->GPS pairs. The modified script reliably returns   
   hundreds of nearby access points per query, consistent with the behavior   
   described in the paper.   
      
   This isn't "theoretical," and it isn't dependent on privileged access.   
      
   It's simply how Apple's WPS API responds today. The fact that random,   
   unobserved BSSIDs can be queried without restriction, and that the API   
   returns their coordinates and the GPS:BSSID pairs of all adjacent access   
   points, is precisely the privacy issue the researchers highlighted.   
      
   Given I read the research papers and I reproduced their results, maybe you   
   might want to rethink your assessment that "I don't get it", Rudolph.   
      
   Whether one considers this a vulnerability or a design flaw is a matter of   
   interpretation, but the underlying behavior is not in dispute. The academic   
   paper, the Register article summarizing it, and independent replication all   
   confirm the same thing: Apple's WPS database can be enumerated at scale,   
   and the API provides enough information to reconstruct the physical   
   locations of Wi-Fi access points globally.   
      
   Even Apple didn't dispute all my facts when I presented them to Apple via   
   my next-door neighbor who is a VP who entered the issue into Apple's RADAR.   
      
   So maybe I do get it when everything I did confirms what the researchers   
   said, and Apple confirmed everything I did since I gave them the same data   
   that I gave you as my goal is not only to stay out of Apple's insecure WPS   
   database, but to help potentially hundreds of millions of others do so too!   
      
   I'm all about helping everyone - which is why all my tutorials use tools   
   which are free to use and I provide my scripts when I modify FOSS tools.   
   --   
   My posts aim to explore how Apple's WPS actually works beneath the surface,   
   in ways most users may never understand because Apple doesn't tell them.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)