Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> AFAIK this sort of polling only happens if your phone has hidden networks remembered.

Alas, no when you have a SSID remembered it doesn't know if it's hidden or not. (well maybe apple has some privacy behavior for this). It's not only used for hidden networks: clients probe so they can quickly enumerate nearby access points so they can switch over to them fast if they lose connectivity.



Source on this?

A few years ago when the whole "people are tracking your phones using wifi probes!" story got popular I ran packet captures on an android and ios device and found that neither made directed probe requests (ie. the kind that contained SSIDs). The man page for wpa_supplicant (which is used for android) seems to confirm this:

     scan_ssid
             SSID scan technique; 0 (default) or 1.  Technique 0 scans for the
             SSID using a broadcast Probe Request frame while 1 uses a
             directed Probe Request frame.  Access points that cloak
             themselves by not broadcasting their SSID require technique 1,
             but beware that this scheme can cause scanning to take longer to
             complete.
https://www.daemon-systems.org/man/wpa_supplicant.conf.5.htm...


Ok so putting this all together, if you run a hidden network at home that means your phone HAS to use a directed probe request to find that network which it will keep trying to do when you are out and about. Am I reading that right?

If so the best way to have a phone that doesn't leak is to have a home network that does... maybe?


> if you run a hidden network at home that means your phone HAS to use a directed probe request to find that network which it will keep trying to do when you are out and about

That certainly isn't a theoretical requirement; the alternative is "if you run a hidden network, your devices will not connect to it automatically". You'd have to tell them to connect.


or you have your phone turn off wifi once it's out of range of your specified ssid(s). several apps do that; i use

https://github.com/j4velin/WiFi-Automatic


Exactly correct. Hidden network at home means your phone screams out for it all the time when not at home, because that's the only way it can find it.


If only there was a way to know the location of an SSID! /s


WPA needs help.


GPs second point still holds - the laptop scans for SSID, not BSSID. If all you have is SSID you can't get to location using Google's database. At most you could use it as a data point to connect someone's laptop to a location you already know.

An easy way around this would be to leave your wireless SSID on it's default (or set it to 'Linksys').


> An easy way around this would be to leave your wireless SSID on it's default (or set it to 'Linksys').

Exactly, and thus don't add _nomap.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: