Precise geolocation via Wi-Fi Positioning System

Original Article ↗ Hacker News Discussion ↗

How Wi‑Fi positioning works

  • Commenters clarify that browser geolocation usually uses the OS’s location services, based on nearby Wi‑Fi access points (and sometimes GPS), not IP, so a VPN doesn’t defeat it.
  • The mechanism is described as trilateration/multilateration using signal strength plus a large server‑side database of AP locations, not a local database on the device.
  • Several people note this has been widely used for years because it’s faster and more robust indoors than GPS.

Spoofing and technical limitations

  • Multiple ways to fake location are discussed: browser extensions that override the Geolocation API, userscript hacks, and Firefox configuration that returns fixed coordinates.
  • More “physical” spoofing ideas include rebroadcasting captured Wi‑Fi fingerprints with ESP32/ESP8266 hardware or changing BSSIDs/MAC addresses, though some argue consumer routers rarely expose MAC changes and that rotating MACs would disrupt clients.
  • Others point out that simply returning spoofed coordinates is easier than simulating radio environments.
  • Hidden SSIDs do not protect against wardriving because BSSIDs still beacon, just with an empty SSID.

Privacy controls and platform behavior

  • Firefox users share detailed prefs to pin or disable geolocation (network URL override, disabling platform providers, testing mode).
  • Browser extensions like LocationGuard are mentioned for per‑site accuracy fuzzing.
  • Apple’s “_nomap” SSID suffix is noted as an opt‑out from some Wi‑Fi databases; there’s frustration that Wi‑Fi is hard to truly disable on some Macs.
  • One commenter dislikes that their own phone contributes to Wi‑Fi databases, preferring hardened Android forks that give more control.

Usefulness versus GPS

  • Several commenters praise Wi‑Fi geolocation for malls, airports, train stations, hospitals, and trains where GPS is slow or unreliable.
  • Others note GPS’s historical intentional degradation (“selective availability”) and current export‑related limits on high‑altitude/high‑speed receivers; there’s debate over whether such restrictions still make sense.

University attendance and academic integrity

  • There’s an extended debate on compulsory attendance: some see it as infantilizing paying adults; others argue it helps weaker students, supports discussion‑based classes, satisfies sponsors/visa rules, and aids in handling appeals or accommodations.
  • Some faculty report using simple roll calls for documentation, not enforcement.
  • A long subthread laments a “cheating culture,” especially in online exams, with examples of massive cheating detected at a research university.
  • One side argues surveillance tools like TopHat deepen distrust and gamification; the other stresses the need for both honor codes and clear, objective rules.

TopHat‑style Wi‑Fi attendance systems

  • Commenters summarize the article’s point: US universities are using Wi‑Fi‑based geolocation via browser APIs to take “secure” attendance.
  • Many feel this is overkill, trivially spoofable, and not appropriate for professors to use, likening it to older “clicker” systems that were easily defeated by friends.
  • Some speculate that students will quickly build location‑proxy tools so remote students can appear “in class.”