Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #64: CPU needs recalibration


comp / comp.mobile.android / Re: home screen icon to connect to wi-fi network

Subject: Re: home screen icon to connect to wi-fi network
From: Enrico Papaloma
Newsgroups: comp.mobile.android
Organization: Gegeweb News Server
Date: Thu, 19 Sep 2024 19:42 UTC
References: 1 2 3 4 5 6
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.gegeweb.eu!gegeweb.org!.POSTED.133-175-174-202.west.ap.gmo-isp.jp!not-for-mail
From: enrico@papaloma.net (Enrico Papaloma)
Newsgroups: comp.mobile.android
Subject: Re: home screen icon to connect to wi-fi network
Date: Thu, 19 Sep 2024 21:42:48 +0200
Organization: Gegeweb News Server
Message-ID: <vchuro$8uj$1@news.gegeweb.eu>
References: <vc5nt0$30lb$1@news.gegeweb.eu> <lkvbhnFftcdU1@mid.individual.net> <vces92$1m52$1@news.gegeweb.eu> <jx54y9tyo6c6.dlg@v.nguard.lh> <vcft1u$23qm$1@news.gegeweb.eu> <464sl25fw0ya.dlg@v.nguard.lh>
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 19 Sep 2024 19:42:49 -0000 (UTC)
Injection-Info: news.gegeweb.eu; posting-account="adibella@usenet.local"; posting-host="133-175-174-202.west.ap.gmo-isp.jp:133.175.174.202";
logging-data="9171"; mail-complaints-to="abuse@gegeweb.eu"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.6.1?Content-Type: text/plain; charset=UTF-8; format=flowed
Cancel-Lock: sha256:/zzQW4IKNg7PSOrlvUThmz6nheCI8/SPltCtmUf2X2Q=
Content-Language: en-US
View all headers

On 9/19/2024 8:09 AM, VanguardLH wrote:
>> Absolutely. Each wi-fi access point has its own setting for autoconnect.
>> But if you turn one off, you'll be turning them all off.
>
> That's surprising, plus it means disabling auto-reconnect is a global
> action, not just on the connectiod being configured.

You are correct the setting is NOT global (and I never said it was).

I think you misunderstood because of the way I said it, for which I
apologize. The setting is NOT global (as far as I'm aware).

You set it for each home access point that you will be connecting to.

However if you're going to set it for one access point, you would gain
nothing if you don't also set it individually for every home access point.
>>> Without the password, what good is the broadcasted BSSID?
>>
>> There are a hundred ways to answer that but the simplest is that the BSSID
>> is like your Social Security Number. It's you. Only you. Nobody else. You.
>
> And anyone can guess a sequence of numbers to construct a social
> security number. It really isn't that much of a secret.

I can tell you do not understand because you think there is a lookup.

There are many ways for me to explain it to you again, but since you don't
know how networking works, I'm going to keep the explanation very simple.

Suppose your phone shouted out the numbers corresponding to the MAC address
of DE:AD:BE:EF:CA:FE, which is 64 65 61 64 62 65 65 66 63 61 66 65 0A in
hex and which is 01100100 01100101 01100001 01100100 01100010 01100101
01100101 01100110 01100011 01100001 01100110 01100101 in binary, which is
how computers think.

Now suppose those 96 characters are unique to your home access point (which
they are, in fact) so your phone is shouting out those 96 unique binary
characters everywhere you go.

If the local pawn shop wi-fi sees that unique sequence of 96 characters
when you walk inside that store, and it sees the same unique sequence of 96
characters on Monday, Wednesday and Friday of next week, what's the chance
that those 96 unique characters EXACTLY correspond to exactly you?

99.9%, right?

Essentially, those 96 unique characters are you.
Or, at least those 96 unique characters are anyone in your home.

> The BSSID is
> more like the house number on the outside of your house or on your
> mailbox: everyone knows what it is and where it is.

See above. It's 96 characters which are unique to you (well, unique to you
and your wife and your kids - essentially anyone who lives in your home).

Every time any person in your family visits the local drug apothecary,
their wi-fi knows that you're back. Or that they're back. Close enough.

Now High Ties Cannabis Store - Alexandria Ontario knows that you keep
visiting them, and (see below) they know EXACTLY where you live too!

You live at: 45.76604369976066 North, -74.56636474143123 West
(This is just an example to make the point of what your BSSID tells them.)

> So, your objection is not that your home router advertizes it is at your
> home, but a wifi hotspot you run on your phone identifies you're the
> owner of that hotspot. Why are you running a wifi hotspot (tethering)
> on your phone?

Again I don't think you understand networking because nobody talked about
hotspots (which make the problem even worse - but let's not go there).

Here we're talking about your own home router and your own phone connecting
to the access points which your home router has (which have unique BSSIDs).

> The BSSID is the MAC address of the radio *to* which your phone is
> currently connected. BSSID is the unique identifier for a specific
> access point within a wireless network, and used to distinguish between
> multiple access points sharing the same SSID, and the SSID isn't yours,
> either. The BSSID is the 48-bit MAC address of the wireless AP or
> router used to make wifi connections. Are you toting around an wireless
> AP or router for which you are worried others will discover its BSSID?

This shows a little bit of comprehension where we both agree the BSSID is a
96-character unique-to-your-home-router number, where adding the non-unique
SSID as part of the pairing just makes positive ID of you much easier.

But the BSSID is unique enough without the SSID so we don't really need to
even discuss the SSID. The SSID just makes things worse for identification.

Note that there are butterfly hash tables of your BSSID/SSID/password on
the network, which is how they crack WPA-2, but again, let's not go there.

> Every phone can ID your wireless AP or router, because of its SSID +
> BSSID.

Wrong. If your router is not broadcasting your BSSID/SSID pair (again, the
SSID doesn't matter because it's the BSSID that matters), then no phone can
connect to it because that phone doesn't even see your BSSID/SSID pair.

Well, again, we can go deeper and talk about wardriving but a "normal"
phone used by a normal person can't see a BSSID/SSID pair unless your home
router constantly broadcasts it (which, I agree - routers do by default).

If the phone can't see the BSSID/SSID pair, then not only can it NOT
connect to it (unless you enter the SSID/security/passphrase in manually
yourself) but it can't upload your unique BSSID to the online databases.

Again, I mean a "normal" phone because a WiGle-configured phone with
WireShark or NetStumbler or other wardriving software can see it all.

> That is not the same as identifying your phone which is the
> purpose of IMEI in your phone to let carriers know you have permission
> via account status to use their service.

When you go to the local marijuana shop on Monday, if your home router was
set up for privacy, then your phone broadcasted your unique BSSID of
01100100 01100101 01100001 01100100 01100010 01100101 01100101 01100110
01100011 01100001 01100110 01100101.

Worse, if you have more than one home access point, your phone broadcast
the unique 96-character BSSID of every one of your home access points.

Then, if you go back to that drug shop on 25 Main St S, Alexandria, ON
again on Wednesday, the same unique series of characters show up in their
wi-fi logs of 01100100 01100101 01100001 01100100 01100010 01100101
01100101 01100110 01100011 01100001 01100110 01100101.

Same thing happens on Friday, where 01100100 01100101 01100001 01100100
01100010 01100101 01100101 01100110 01100011 01100001 01100110 01100101
shows up again.

That's you.

01100100 01100101 01100001 01100100 01100010 01100101 01100101 01100110
01100011 01100001 01100110 01100101 is you (or a member of your family).

Not only is that you (or someone in your family), but they know where you
live (because Google already put that in the online Google database).

> For example, my desktop PC has wifi capability. Wifi is enabled;
> however, it is not connected to my wifi cable modem. As a result, the
> command:
>
> netsh wlan show interfaces | find "BSSID"
>
> doesn't find anything, because my desktop PC is not connected to any
> wifi hotspot. I could connect, but then obviates the point of not
> allowing auto reconnects to known hotspots, plus I prefer the CAT5 cable
> connection to use Ethernet.

If you had your home router set to NOT BROADCAST the BSSID of 01100100
01100101 01100001 01100100 01100010 01100101 01100101 01100110 01100011
01100001 01100110 01100101, then it would be shouting it out constantly.

But your home access point is likely set up to not hide broadcast packets,
so what's happening instead is your unique BSSID of 01100100 01100101
01100001 01100100 01100010 01100101 01100101 01100110 01100011 01100001
01100110 01100101 is being uploaded daily by everyone driving by your house
to Internet databases, where they add your EXACT GPS location to that.

Notice this important fact, which is probably more complexity than you can
imagine but if I look up that unique BSSID in the Google online database,
it tells me your exact GPS location.

Now put that together with the fact that the same unique BSSID went to the
https://www.highties.ca/alexandria/ drug shop on Monday, Wednesday and
Friday, and I can tell you that YOU live at GPS location 45.76604369976066,
-74.56636474143123 and YOU went to that drugshop those days (or someone in
your family did).

You have to realize, the BSSID now tells them everything they need to know.
a. It points uniquely to you (or members of your family, close enough)
b. And it points to exactly where you live (the exact GPS coordinates)

> Do a test. Disconnect from all wifi hotspots. Use Ubuitities' WiFiman
> or olgor's WiFi Analyzer to look for a BSSID (which is presented as the
> MAC address of the hotspot to where your phone connected). You won't
> find one. Connect to a wifi hotspot, like your wifi cable modem.
> WiFiman will show the specs on the hotspot, like BSSID (as MAC address),
> SSID, IP address, netmask, signal strength, etc. Now disconnect from
> the hotspot. Yep, BSSID is gone, because you don't have a connect with
> the hotspot to which a BSSID was assigned.
>
> The BSSID does not follow around with your phone. It is the network
> interface (48-bit MAC address) of whatever wifi hotspot to which you are
> currently connected. At home, you'll see the BSSID of your wifi cable
> modem. At Starbucks, it will be the BSSID for your phone's connection
> to their wifi router. At the library, it will be their BSSID. When not
> connected to any hotspot, there's no BSSID for you to get.
>
> The BSSID doesn't track your phone. Your phone's IMEI tracks your
> phone. Call your local police to find out if they're using CALEA
> (Communications Assistance for Law Enforcement) or IMSI Catchers to
> track your phone or calls by using IMEI, or by mobile phone number, but
> that requires coercing a court to force a carrier to track your IMEI.
> Your carrier, upon proper request, helps the cops track your phone or
> calls. They also cooperate with lost phone location.
>
> https://www.fcc.gov/calea
> https://en.wikipedia.org/wiki/IMSI-catcher
> https://techreport.com/spy/spy-on-phone-with-imei/
>
> No one cares about the BSSID of the hotspot to which you connect.

Wrong.

The BSSId is not only unique to you (or to members of your family), but it
also tells anyone who knows how to look for it, where EXACTLY you live.

> The
> hotspot itself can record its own history on who connected to it.
>
> Take a look at:
>
> https://wigle.net/
> https://play.google.com/store/search?q=wigle&c=apps
>
> Notice the BSSID is presented as a MAC address. It shows the SSID and
> BSSID, but of what? Your phone? Nope, of the hotspot your phone found
> when running their app on your phone. Their app and their maps show the
> hotspots you *discovered*, not where was your phone (although they may
> collect that info, too, but it's your choice).
>
> There are many crowdsourced database where users runs apps to record
> what hotspots they found (by SSID and BSSID), or where are the cell
> towers to which they connected to their carrier (e.g., OpenSignal).
>
> Your objection is the BSSID tracks your phone. Wrong. It is the MAC
> address of the hotspots to which you connected, and EVERYONE connecting
> to that same hotspot are getting the same SSID and BSSID from there.
>
> Anyone can generate a sequence of numbers hoping it matches my social
> security number. Yes, your wifi cable modem at home is broadcasting its
> SSID and BSSID, but so is that house number painted on the side of your
> home. It's up to you if you want to operate an open hotspot that anyone
> can use. Most users incorporate password to operate a closed or private
> hotspot. If they don't know the password, they aren't getting a wifi
> connection. In the connection request, and before the connection is
> permitted, yes, someone can get the BSSID of your home wifi router, but
> how does that relate to tracking your phone? Just because your wifi
> modem is sending its SSID + BSSID to any wifi device during a scan
> doesn't tell anyone that your phone is actually at home connected to
> that wifi router.

I don't think I can teach you basic networking over the Internet so you're
just going to have to look up what a phone needs to upload your BSSID and
GPS (and a few other things) to the Google (and other) online databases.

You also need to understand how networking works when the broadcast is not
hidden (in which case your exactly location is uploaded to all these dbs).

And you need to understand how that does not happen when the broadcast is
hidden (which is similar, but not the same as adding "_nomap" to the SSID).

You do NOT understand any of that, so you can't "lecture" me because I knew
twenty years ago what you still do not know now about BSSID in networking.

Do you want me to give you a reference, or can you look up on your own what
happens when your BSSID is uploaded to Google/Wigle/Mozilla/etc databases?

It means this:
a. Your BSSID points uniquely to you (or members of your family) and
b. Your BSSID points to exactly where you live (the exact GPS coordinates)!

If you walk into my shop, I will not only know that you've been there
before and when, but I will also know exactly where you live.

But, as you said, unless I add other information (like credit card
transactions at my drug store or camera identification), I won't know who
you are.

I just know every time you go anywhere and I know exactly where you live.

SubjectRepliesAuthor
o home screen icon to connect to wi-fi network

By: Enrico Papaloma on Sun, 15 Sep 2024

37Enrico Papaloma

rocksolid light 0.9.8
clearnet tor