Surveilling the masses with wi-fi-based positioning systems

Original Article ↗ Hacker News Discussion ↗

Secure-by-default routers & open hardware

  • One project builds “secure by default” Wi‑Fi routers with UI support for MAC/BSSID randomization, aimed at home and travel use.
  • Users ask for better enclosures, parental controls, and clearer product descriptions; some compare it to a privacy‑focused prosumer alternative to mainstream gear.
  • The software can run on Docker; current images target boards like Raspberry Pi and Banana Pi.
  • Long subthread debates open vs. closed firmware on SoCs (RK3399 vs RK3588) and the practical/ethical issues of binary blobs at the highest privilege levels, plus the cost and difficulty of cleanroom reverse‑engineering.

Wi‑Fi sensing standards and privacy

  • Upcoming IEEE 802.11 amendments: some aim to improve privacy (bh, bi), others enable Wi‑Fi sensing (bf).
  • Commenters highlight that sensing can reveal presence, movement, and even activities inside homes, with major abuse potential.
  • There is concern that privacy is acknowledged in standards discussions but not yet enforced in implementations.

MAC randomization, leaks, and tracking resistance

  • Historically, many Wi‑Fi basebands leaked true MACs in management frames, undermining randomization.
  • Open firmware (e.g., on some older chipsets) is seen as the only way to be confident there is no leakage.
  • The router project reports MAC‑randomization bugs in client devices and is researching open 802.11 implementations for some Wi‑Fi 6 cards.
  • One side argues AP BSSID randomization works reliably in their testing; another criticizes any reliance on “no reason to believe” in security.
  • Even with randomized MACs, device‑ and signal‑level fingerprinting can still enable tracking.

Location services, automation, and residual tracking

  • Several users describe aggressive disabling of Android location settings, but note carriers still know location via cell towers.
  • Others use automation (Tasker/Automate, iOS Shortcuts, Samsung “Intelligent Wi‑Fi”) to toggle Wi‑Fi based on location or patterns.
  • Debate centers on whether such features inherently increase data sharing with large platforms, versus being implementable in a more private, on‑device way.
  • Some suggest leaving phones at home or using Faraday bags; others say this is impractical, especially with children and modern digital expectations.

AP databases, opt‑out flags, and scraping

  • Discussion of Apple/Google/Microsoft Wi‑Fi positioning databases and the _nomap / _optout SSID suffixes as an opt‑out mechanism.
  • Critiques: opt‑out is obscure, requires changing your visible SSID, and effectively labels you as “privacy‑concerned.”
  • Some urge not to rely on these flags or call them “nonsense”; others ask whether they are honored or abused like spam opt‑out lists.
  • A project uses Apple’s geolocation API to regularly download AP snapshots; another experimenter is MITM‑ing iPhone CoreLocation traffic to see what is sent.
  • There is speculation about poisoning these databases by spoofing SSIDs/MACs in new locations.

Military, crime, and geo‑fencing examples

  • The paper’s claim that personal devices in war zones expose pre‑deployment sites and military positions resonates with users citing Strava‑based base leaks and Ukraine‑war phone‑usage targeting.
  • One participant ponders using probe‑request SSIDs from thieves’ phones to infer where they frequent; others question its practicality.
  • A long anecdote explains how US online casinos enforce state‑level geofencing using Wi‑Fi‑based location via browser and native code, and how hard it is to bypass even with VPNs and spoofing.

ISP/carrier visibility and regulation

  • Carriers are said to sell location data; recent regulatory fines are mentioned, along with proposed US privacy legislation (APRA 2024) as a partial remedy.
  • An ISP app that shows connected MACs and plaintext Wi‑Fi passwords remotely raises concern about nation‑state access and the need for open firmware or laws.
  • Some argue client‑side MAC randomization could blind many upstream actors, but it requires broad vendor adoption and doesn’t cover first‑boot scenarios.

Debate over “mass surveillance” framing

  • Some argue the paper’s title is sensational: they see it as adding another aggregate movement proxy rather than enabling precise, individualized real‑time tracking.
  • Others point to the paper’s explicit attacker model—gathering large‑scale movement data—and say that justifies the “surveilling the masses” language.
  • It remains contested in the thread how much genuinely new surveillance capability this adds over existing demographic, traffic, and mobility data.