Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: VanguardLH <V@nguard.LH>
Newsgroups: comp.mobile.android
Subject: Re: home screen icon to connect to wi-fi network
Date: Thu, 19 Sep 2024 01:09:46 -0500
Organization: Usenet Elder
Lines: 117
Sender: V@nguard.LH
Message-ID: <464sl25fw0ya.dlg@v.nguard.lh>
References: <vc5nt0$30lb$1@news.gegeweb.eu> <lkvbhnFftcdU1@mid.individual.net> <vces92$1m52$1@news.gegeweb.eu> <jx54y9tyo6c6.dlg@v.nguard.lh> <vcft1u$23qm$1@news.gegeweb.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-13"
Content-Transfer-Encoding: 8bit
X-Trace: individual.net lBgixWrZJ6HZ4B01ERI3Jw5YZjc3cepQ4j0N9GNhyJp/3JgH/k
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:kSRHz+zYCiWVyTlqbVKUv/HtOOk= sha256:NW0h6VTnnth5g+wEuPYhvecvQNlPSXihS+ZDEHS4VFA=
User-Agent: 40tude_Dialog/2.0.15.41
Bytes: 6749

Enrico Papaloma <enrico@papaloma.net> wrote:

> VanguardLH wrote:
>
>> I thought you could go into the properties of a connectoid to decide
>> if you want that one to auto-reconnect, like the wifi hotspot in
>> your home.
>> 
>> https://www.youtube.com/watch?v=AEkwtEzYeAQ&t=12s
> 
> Absolutely. Each wi-fi access point has its own setting for autoconnect.
> But if you turn one off, you'll be turning them all off. 

That's surprising, plus it means disabling auto-reconnect is a global
action, not just on the connectiod being configured.

>> Without the password, what good is the broadcasted BSSID? 
> 
> There are a hundred ways to answer that but the simplest is that the BSSID
> is like your Social Security Number. It's you. Only you. Nobody else. You.

And anyone can guess a sequence of numbers to construct a social
security number.  It really isn't that much of a secret.  The BSSID is
more like the house number on the outside of your house or on your
mailbox: everyone knows what it is and where it is.

So, your objection is not that your home router advertizes it is at your
home, but a wifi hotspot you run on your phone identifies you're the
owner of that hotspot.  Why are you running a wifi hotspot (tethering)
on your phone?  

The BSSID is the MAC address of the radio *to* which your phone is
currently connected.  BSSID is the unique identifier for a specific
access point within a wireless network, and used to distinguish between
multiple access points sharing the same SSID, and the SSID isn't yours,
either.  The BSSID is the 48-bit MAC address of the wireless AP or
router used to make wifi connections.  Are you toting around an wireless
AP or router for which you are worried others will discover its BSSID?

Every phone can ID your wireless AP or router, because of its SSID +
BSSID.  That is not the same as identifying your phone which is the
purpose of IMEI in your phone to let carriers know you have permission
via account status to use their service.

For example, my desktop PC has wifi capability.  Wifi is enabled;
however, it is not connected to my wifi cable modem.  As a result, the
command:

netsh wlan show interfaces | find ´BSSID¡

doesn't find anything, because my desktop PC is not connected to any
wifi hotspot.  I could connect, but then obviates the point of not
allowing auto reconnects to known hotspots, plus I prefer the CAT5 cable
connection to use Ethernet.

Do a test.  Disconnect from all wifi hotspots.  Use Ubuitities' WiFiman
or olgor's WiFi Analyzer to look for a BSSID (which is presented as the
MAC address of the hotspot to where your phone connected).  You won't
find one.  Connect to a wifi hotspot, like your wifi cable modem.
WiFiman will show the specs on the hotspot, like BSSID (as MAC address),
SSID, IP address, netmask, signal strength, etc.  Now disconnect from
the hotspot.  Yep, BSSID is gone, because you don't have a connect with
the hotspot to which a BSSID was assigned.

The BSSID does not follow around with your phone. It is the network
interface (48-bit MAC address) of whatever wifi hotspot to which you are
currently connected.  At home, you'll see the BSSID of your wifi cable
modem.  At Starbucks, it will be the BSSID for your phone's connection
to their wifi router.  At the library, it will be their BSSID.  When not
connected to any hotspot, there's no BSSID for you to get.

The BSSID doesn't track your phone.  Your phone's IMEI tracks your
phone.  Call your local police to find out if they're using CALEA
(Communications Assistance for Law Enforcement) or IMSI Catchers to
track your phone or calls by using IMEI, or by mobile phone number, but
that requires coercing a court to force a carrier to track your IMEI.
Your carrier, upon proper request, helps the cops track your phone or
calls.   They also cooperate with lost phone location.

https://www.fcc.gov/calea
https://en.wikipedia.org/wiki/IMSI-catcher
https://techreport.com/spy/spy-on-phone-with-imei/

No one cares about the BSSID of the hotspot to which you connect.  The
hotspot itself can record its own history on who connected to it.

Take a look at:

https://wigle.net/
https://play.google.com/store/search?q=wigle&c=apps

Notice the BSSID is presented as a MAC address.  It shows the SSID and
BSSID, but of what?  Your phone?  Nope, of the hotspot your phone found
when running their app on your phone.  Their app and their maps show the
hotspots you *discovered*, not where was your phone (although they may
collect that info, too, but it's your choice).

There are many crowdsourced database where users runs apps to record
what hotspots they found (by SSID and BSSID), or where are the cell
towers to which they connected to their carrier (e.g., OpenSignal).

Your objection is the BSSID tracks your phone.  Wrong.  It is the MAC
address of the hotspots to which you connected, and EVERYONE connecting
to that same hotspot are getting the same SSID and BSSID from there.

Anyone can generate a sequence of numbers hoping it matches my social
security number.  Yes, your wifi cable modem at home is broadcasting its
SSID and BSSID, but so is that house number painted on the side of your
home.  It's up to you if you want to operate an open hotspot that anyone
can use.  Most users incorporate password to operate a closed or private
hotspot.  If they don't know the password, they aren't getting a wifi
connection.  In the connection request, and before the connection is
permitted, yes, someone can get the BSSID of your home wifi router, but
how does that relate to tracking your phone?  Just because your wifi
modem is sending its SSID + BSSID to any wifi device during a scan
doesn't tell anyone that your phone is actually at home connected to
that wifi router.