Path: ...!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail
From: Andrews <andrews@spam.net>
Newsgroups: comp.mobile.android,alt.internet.wireless
Subject: Re: Was Google Location Accuracy (now is How to Spoof Wi-Fi Location)
Date: Wed, 30 Oct 2024 13:55:02 -0000 (UTC)
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID: <vftdrl$2eno$1@nnrp.usenet.blueworldhosting.com>
References: <vfhvpo$18uv$1@nnrp.usenet.blueworldhosting.com> <vfphso$28r1$1@nnrp.usenet.blueworldhosting.com> <rr32ijdg3r261u4sf4nk4un9juirrsfflv@4ax.com> <loegnoFf10jU11@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 30 Oct 2024 13:55:02 -0000 (UTC)
Injection-Info: nnrp.usenet.blueworldhosting.com;
	logging-data="80632"; mail-complaints-to="usenet@blueworldhosting.com"
User-Agent: tin/1.6.2-20030910 ("Pabbay") (UNIX) (CYGWIN_NT-10.0-WOW/2.8.0(0.309/5/3) (i686)) Hamster/2.0.2.2
Cancel-Lock: sha1:WrH1UQM8qD/iFk0zZ7D5kx3d3oY= sha256:TB5dtB4PCofH3A37s3NlYMFD0cijyEg7F+HZ/qFn4JQ=
	sha1:c0ZfPzpu/kfAvqoBadbc2zhM4v8= sha256:hv7n1p/zUXomfz9NpvQdOMCoz1MbuO7yAFQ8BMuYJiA=
Bytes: 4038
Lines: 51

Arno Welzel wrote on Wed, 30 Oct 2024 11:39:52 +0100 :

> I don't think so. Because this access point can be seen by *other*
> devices which may report its current position. This is how Google learns
> the positions of Wi-Fi access points anyway.

With Jeff's suggestion, we're finally making progress on the solution.

What Arno said is true that any access point (that advertises itself on
airwaves as not hidden) will be seen (& uploaded) to the AP databases.

This upload is not done by you - but by all the rude people around you.
Which is pretty much everybody who owns an Android phone (9,999 of 10K).

For the one out of 10,000 people who doesn't want to be in the AP db
Google was forced to create an "opt out" mechanism to that upload.
 <https://support.google.com/maps/answer/1725632>

Apple & Mozilla "say" they will respect Google's opt-out mechanism too.
Microsoft uses a different opt out, though, namely xxx_optout_nomap
 <https://account.microsoft.com/privacy/location-services-opt-out>

Notice it "can take up to five business days" for these outfits to scrub
you from their access point databases, which means, effectively, as long as
a rude Android owner is near you within those five days, you're screwed.

That's why you also need to set your SSID broadcast to "hidden" since all
respectable companies will honor hidden broadcasts as "private" in intent.

Overall, that means your SSID needs only to have these three things:
a. You start with the Google/Mozilla/Apple opt out (SSID_nomap)
b. Then you add the Microsoft opt out (SSID_optout_nomap)
c. Then you turn off the public broadcast (aka, hidden network).
   (See the sig for clarification on hiding the access point broadcast.)

I love that Jeff Liebermann has come up with a potential solution.
I will dig into the references to see if what he suggests might work.

Any other ideas for Wi-Fi access point privacy are invited as Jeff, Andy,
Arno and I seem to understand the goal of zeroing out Wi-Fi AP uploads
while we're forced to use precise location for apps that don't need it.

Note: We don't zero it out during routing - but an insect lookup app which
requires precise location doesn't really need it. They're mining you.
-- 
Every time I mention a hidden broadcast some pundit attacks me saying it
doesn't add "security" but we're not doing it for security. Most articles
on hiding the broadcast have no idea whatsoever why we're hiding it. 

Hiding the network access point broadcast packet has one privacy downside
which is your phone tries to find it on its own; so you have to turn off
autoconnect (or geofence your attempts at connecting to your home AP).