XPost: alt.comp.os.windows-10, alt.comp.microsoft.windows, alt.c   
   mp.os.windows-11   
   From: marianjones@helpfulpeople.com   
      
   R.Wieser wrote:   
   > So, you have a list of person names and, I assume, street adresses - but no   
   > (GPS.)BSSIDs.  iow, nothing to track any of those persons with.   
   >   
   > Kiddo, you *really need to* explain how you convert BSSIDs into a persons   
   > name, or a persons name into a BSSID.   
   >   
   > And lets not forget, I asked you a simple Yes/No question about it which you   
   > still have not answered :   
   >   
   > [quote=me]   
   > So, if I pick a name than you can, assiming he's got a BSSID with him, tell   
   > me where that person is traveling ?   Yes or no ?   And ofcourse, explain   
   > your answer. :-)   
   > [/quote]   
   >   
   > Ofcourse, when I pick a name of someone/place I know the BSSID of it would   
   > be *very* evident when you would give me a random BSSID for it ...   
   >   
   > The same would happen when I give you a known-to-me BSSID and you come back   
   > with some random persons name.   
   >   
   > Yeah, your best shot at not falling into that "trap" is by simply refusing   
   > to answer the question.   
   >   
   > The only problem with that is that *not* giving an answer is an answer in   
   > itself : YOU HAVE NO CLUE.   
      
   Hi Rudolph,   
      
   Let me address this at the technical level, because the privacy concerns   
   are getting mixed up with how the data actually works.   
      
   1. What a BSSID is and is not   
      a. A BSSID is the MAC address of a Wi-Fi access point.   
      b. It identifies hardware at a fixed physical location.   
      c. It does NOT identify a person.   
      d. There is no built-in mapping between a person and a BSSID.   
      e. The only inherent mapping is between the access point   
         and the building where it is located   
      f. Buildings have owners & ownership records are public information.   
      g. So as not to dox people, the names I listed earlier were   
         slightly altered to avoid posting identifiable data directly   
         (but those looking at public records should recognize the pattern)   
      
   2. How the location association works   
      a. Apple¢s WPS database stores BSSID-to-location pairs.   
      b. In practice, these coordinates almost always correspond   
         to a specific building.   
      c. That building is associated with an owner through public   
         property records (in the USA anyway)   
      d. Apple devices passively observe nearby BSSIDs.   
      e. Those observations are uploaded to Apple¢s WPS database.   
      f. Apple aggregates these observations into a large, publicly   
         queryable location database with no controls whatsoever!   
      g. This is the same mechanism described in the published research.   
      
   3. Where the "1 to 1" linkage comes from   
      a. Apple provides only BSSID-to-location.   
      b. Yet, that location is almost always a building.   
      c. Buildings have owners.   
      d. Property ownership records are public in the United States.   
      e. Combining these two data sources yields:   
           BSSID -> address -> homeowner name   
      f. This derived linkage is not present in Apple's data itself.   
      g. It is, however, trivial for anyone to construct using   
         publicly available information (which I easily proved)   
      h. I am not posting the fully assembled chain in a single message,   
         because that might dox people too easily for people like you.   
         But it's close enough to make the point for someone who knows   
         how to use a web page to obtain the ownership data themselves.   
      
   This is the technical explanation. The privacy boundary is simply that I am   
   not going to publish a combined BSSID + address + homeowner name dataset in   
   one place, even though the individual components are public.   
      
   The underlying point is straightforward: if a BSSID is tied to a fixed   
   home, and home ownership records are public, then correlating the two is   
   trivial. Anyone familiar with how these systems work already understands   
   this, and the research literature has demonstrated it clearly.   
   --   
   Intelligent people own the imagination to figure out how a tool works.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)