XPost: alt.comp.os.windows-10, alt.comp.microsoft.windows, alt.c   
   mp.os.windows-11   
   From: marianjones@helpfulpeople.com   
      
   R.Wieser wrote:   
   >> The key point is that Apple's WPS endpoint returns hundreds of nearby   
   >> GPS:BSSIDs pairs for any submitted BSSID, not just the one requested.   
   > Kiddo, you have changed your story.   From a privacy issue to a "I can get   
   > the whole database".   
   >   
   > You have not given me/us any explanation to why knowing *a random BSSID* and   
   > its location would be a privacy issue, and now not why you think that being   
   > able to get all the Apple databases contents would be one.   
   >   
   >> Lest you claim "I don't get it", it's important to reiterate that the   
   >> insecurity of Apple's Wi-Fi Positioning System (WPS) isn't speculative.   
   >   
   > And as I've told you a number of times before, I'm not going on a wild goose   
   > hunt for something you *could* be meaning.  You have it as a fact in your   
   > head, *you* explain it.   I'm not going to play a ten guesses game with you.   
   >   
   >> I'm all about helping everyone -   
   >   
   > No, you're not.   
   >   
   > If you would be than you would take the time to make sure that your intended   
   > audience gets the facts instead of some guesswork as well as getting   
   > something thats easy to read and follow and thus understand.   
   >   
   > I've told you that many times, but you have disregarded that for years now.   
   > Thats not something an /actual/ helpfull person would do.   
   >   
   > Though I must say I was pleasantly surprised that your last "tutorial" was   
   > about a single subject and not multiple together, poored out after having   
   > gone to a food-blender.  Yes, I remember those. :-(   
      
      
   Rudolph, let's keep this focused on the technical issue rather than tone.   
      
   For you to tell me "I don't get it" a hundreds times, doesn't mean that I   
   don't get it when I simply reproduced what researchers said could be done.   
      
   In other words, I got it.   
   I got it the moment I read the security research (which I reproduced).   
      
   The papers and news articles you read are not speculation; they are fact.   
   All I did was reproduce what the security researchers said was easy to do.   
   And it was.   
   In fact, it was so easy to reproduce what the security researchers warned   
   about that I, myself, could easily get the entire Apple WPS database.   
      
   Worse, I, myself, could easily track any BSSID in the world.   
    a. I could pick any address on the planet   
    b. I could find the BSSID associated with that address   
    c. And I could track it forever.   
      
   That's not random.   
   I have no intention of tracking people, but I proved it's trivial to do.   
   Just like the security researchers said it was.   
      
   Hence, the privacy concern isn't about a *single* nor random BSSID.   
      
   It's about the fact that each Apple's WPS endpoint returns *hundreds* of   
   nearby BSSID-location pairs for any query, for any querier, and that you   
   can't get opt out of Apple's WPS database using Apple's published method.   
      
   These flaws effectively exposes large portions of Apple's WPS database to   
   anyone who knows how to query it, which is what the researchers said.   
   Hundreds of millions of people who, like me, thought they opted out   
   properly, are not opted out (which Apple replied to me in writing is the   
   case, although we are taking a swag at how many people use the hidden   
   feature found in almost every single router ever sold in the world).   
      
   That's the point I've been making.   
      
   If you disagree with the technical argument, I'm happy to discuss that.   
   But dismissing it as 'guesswork' doesn't address the underlying issue.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)