XPost: alt.comp.os.windows-10, misc.phone.mobile.iphone, alt.internet.wireless   
   From: marianjones@helpfulpeople.com   
      
   Carlos E.R. wrote:   
   >>    As has been said before, trying to hide makes one suspect, because   
   >> *other* factors stand out.   
   >   
   > I am curious, though, about why some people are listed and some are not.   
   > What's the criteria? Maybe just chance. A passerby having the proper non   
   > intentional software working properly, I'd guess.   
      
   I will disagree with anyone who makes an illogical statement such as that   
   which Frank made above, but I'll help answer any valid question such as   
   what Carlos asked.   
      
   Regarding Frank's assessment that hiding the SSID and putting _nomap on the   
   SSID "makes one suspect"... Suggesting that opting out makes you 'suspect'   
   flips the logic. In a system where consent is assumed unless you opt out,   
   taking the opt-out step is the rational, privacy-protective choice.   
      
   In a system where the user must opt out, what I'm doing is establishing   
   clear instructions to the WPS databases that I do not consent to tracking.   
    a. I hid my SSID (which is a clear non-consent active action), and,   
    b. I added _nomap to all my SSIDs (which is another active non consent).   
   And yet, Apple ignored *both* those messages of clear opt-out intent!   
      
   Mozilla, for example, says they'll honor the hidden SSID or the _nomap.   
          
       "Mozilla's client applications do not collect information   
       about WiFi access points whose SSID is hidden or ends with   
       the string '_nomap' (e.g. 'Simpson-family-wifi_nomap')."   
      
   But not Apple.   
   Clearly Apple ignored all my requests to opt out of their WPS database.   
      
   That's a problem.   
   A big problem.   
      
   What makes Apple *different* from Google is there are zero controls.   
   Anyone can download millions of tracking datapoints with Apple's WPS setup.   
   (That's what the security researchers were warning us about after all.)   
      
   Scenario:   
    1. The Johnson family lives in Denver, Colorado.   
       Their home router has a unique BSSID 44:55:66:77:88:99   
      
    2. The Johnsons move to Atlanta, Georgia, and bring their router   
       with them. As soon as they plug it in, the same BSSID is detected.   
      
    3. A data broker can infer that the Johnsons moved across the country.   
       Advertisers could target them with "new homeowner" services ads.   
       A stalker or abusive ex could quickly discover their new address   
      
   The BSSID is persistent across locations.   
   That persistence means your router acts like a digital homing beacon.   
   It follows you wherever you go.   
      
   Now run that kind of tracking on millions of BSSIDs en masse, which is what   
   security researched showed the insecure Apple WPS database can be used for.   
      
   As for Carlos' question of why some people are in the highly insecure Apple   
   WPS database, A router's BSSID is only logged if an Apple device (like an   
   iPhone, iPad, or Mac) scans it and reports it back to Apple's servers. If   
   no device running Apple's WPS software has ever passed near your router, it   
   won't be listed.   
      
   In my case, I have plenty of Apple mobile devices inside my home.   
   So they threw me under the bus even if nobody else did it for Apple.   
      
   The paper by Erik Rye & Dave Levin tracked BSSIDs over a year, where they   
   mention that Apple doesn't seem to be scrubbing old BSSIDs out of the db.   
    "we were able to track BSSIDs longitudinally over the course of a year"   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)