On Tue, 28 May 2024 01:10:20 -0600, Charlie wrote:

> Surveillance Risk: Apple's WiFi-Based Positioning System
> <https://www.govinfosecurity.com/surveillance-risk-apples-wifi-based-positioning-system-a-25330>
>
> The attack risk stems from Apple's WiFi-based Positioning System, or WPS,
> which offers an API to which any device or service, Apple-made or
> otherwise, can submit one or more Basic Service Set Identifiers, together
> with their signal strength.

Why would Apple design a system so incredibly horrific against privacy?

Basically you can track anyone simply by asking Apple for their location.
No permission? No problem, says Apple. Here's their location & also the
location of the nearest 400 people to that person. How's that for privacy.

Researchers find Apple's Wi-Fi Positioning System represents a serious
privacy vulnerability.
<https://www.macworld.com/article/2343297/apple-wi-fi-network-wps-vulnerability-location-services-leak.html>

"Apple's WPS server sends up to 400 other known Wi-Fi networks that may be
in the approximate vicinity of the device as part of its crowdsourcing
location database.

From this list, the requesting device searches for eight possible variants
and calculates its location based on this data. Apple's WPS system, the iOS
device, and the router on which the network is based operate with the
so-called BSSIDs (Basic Service Set Identification) and usually correspond
to the MAC address of the device, which is static in most cases.

The request via Apple's APIs is free, so Rye and Levin sent 30 requests per
second with 100 guessed BSSIDs.

The information on the current static location alone is life-threatening in
the wrong hands, as it indicates the location data of the Ukrainian
military units and of refugees as they move about in the Gaza Strip.

With Apple & Google, you can add "_nomap" to your Access Point SSID.

However, Microsoft requires you to give them all your MAC addresses first!
https://account.microsoft.com/privacy/location-services-opt-out

On Tue, 28 May 2024 17:38:16 -0400, Oscar Mayer wrote:
On 30 May 2024 21:30:37 GMT, Jolly Roger wrote:

>>>> Since even the Apple shills directly blame Apple for this privacy hole
>>>
>>> A database of publicly-broadcasted WiFi BSSIDs is not a "privacy hole".
>>
>> Only Apple
>
> Nope, sorry.

Nobody but you denies what even Apple doesn't deny.

Why do you do that?

[https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/]
"There is one crucial difference between the way in which
Apple and Google devices carry out this task
and that's exactly where the privacy issue arises."

[https://www.macworld.com/article/2343297/apple-wi-fi-network-wps-vulnerability-location-services-leak.html]
"Researchers have discovered a crucial vulnerability in the way
only Apple's location services work"

[https://www.govinfosecurity.com/surveillance-risk-apples-wifi-based-positioning-system-a-25330]
"The attack risk stems from Apple's WiFi-based Positioning System, or WPS"

[https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/]
"We need to understand Apple devices figure out locations differently"

[https://securityboulevard.com/2024/05/apple-wi-fi-location-privacy-richixbw/]
"An unrestricted Apple API endpoint allows for easy tracking."

[https://cybernews.com/privacy/apple-beams-wifi-location-data-privacy-risk/]
"Anyone can exploit Apple's flawed WiFi-based positioning system (WPS)*

[https://arxiv.org/abs/2405.14975]
"In this work, we show that Apple's flawed WPS can too easily be abused"

Why do you deny what nobody but you denies (not even Apple denies it)?