I saw a story on Hacker News today that opened a rabbit hole I was unaware of and found extremely disturbing. The story is here:
In particular, the part that I was disturbed by was this:
“And what do we do, when we want to find out a location associated with a wifi name? We go to wigle.net, enter the SSID (=wifi name) and it tells us where on the world it is found.”
Before I even looked it up, I instantly imagined people with more time and money on their hands than decency towards their fellow man, wardriving solely to pick up SSID’s and to otherwise be a giant bag of dicks. Anyone who ever loses a phone or device, or lets someone else log on to their network who may lose a device, or simply leave it out of sight for a moment has now given away the location of all of the networks they connect to.
Oh look, scroll down the first page and they have a wardriving app!
People being so concerned lately with big business collecting and selling your location data, and we have these “people” doing it for free! I don’t even know what to say that wouldn’t be a rage filled rant. Perhaps we need some sort of two factor dynamically changing SSID and constantly sweep away all old networks from our devices.
This is nothing new. In fact Google Street View Cars have been known to be logging this since at least 2010 if not earlier. Wigle is just a publicly sourced and searchable database that has been around for a very long time.
While hiding your SSID on your routers isn’t likely to help block this sort of data collection; as far as tracking individuals by networks they connect to, device manufacturers have begun changing the way wireless probes are sent when searching for wifi. And some (most notably apple) have engaged in device MAC address randomization that helps to anonymize devices that are sending probe requests. There is a lot of reading to be done on the subject though so have at it.
BUT please just watch the whole vid in it’s entirety. I do not believe SSID was used here, but IMO still pretty relevant. Typical Samy- Epic… one could say… Hero status (get it? See what I did there?)
I didn’t mean to paint it as if it was something new, I just put it in the news section because of the news story I saw that led me down this path. It really isn’t a problem for me personally, but rather something that could easily be turned in to something nefarious against friends and family. Plus the aforementioned idea going around about location data being sold by businesses as if that is something new, yet being deemed newsworthy as of late. Maybe I should have learned my lesson by now.
The site linked has on their front page hundreds of thousands of new locations added each day and goes back quite a ways. I’m glad I made up my mind long ago not to reproduce.
It wouldn’t help, if it didn’t use SSID it could use another more perminant identifier like BSSID or the MAC address of the wlan interface. Did you know that you can see the MAC addresses of every device on the network (wired and wireless) without even needing to connect to the WiFi network, even if its encrypted?