A lot of users requires randomized BSSIDs. We decided to implement this asap.
Here is a discussion of how the WPS leaks your location.
This issue definitely comes from Apple and Google's design flaws. Smartphones (as well as other similar devices) report location of your AP by BSSID and send to their databases. These databases don't have restrictions for API queries. So an attacker can check the location based on BSSID and know where you are. In a travel router scenario, they will know how do you travel.
While an attacker may not know to whom one BSSID belongs, this has created a threat indeed.
We believe Apple and Google will do some fix asap but from AP vendor's viewpoint, here is what you can do to enhance your privacy.
In your SSID, add _optout_nomap to tell Apple, Google and Microsoft not to track the location of this wifi network.
Hide your SSID. You don't want surrounding people know your SSID.
Use randomized SSID manually, before we implement this in the UI. We will publish some method to do this.
You can turn off your phone's location service, which may not be the choice of most of the people.
After you stop the phone tracking your location for 1 or 2 weeks, your data may be deleted from their database. We are not sure how long this will happen but hopefully this is the case.
Hahahahaahahahahaha.
Please tell me that this isn't the real solution provided by the big players. What the heck
This isn't working as a security trick, btw.
Hiding your SSID won't work if someone is scanning the network. The SSID will be broadcasted by the connected device on every connection attempt. So it's more security by obscurity.
But how will devices save a connection to a wifi network if both SSID and BSSID are randomized. It could work if some algorithm is used to generate them and some app (on the client device) is able to adjust the wifi-settings accordingly on the client devices.
Having to connect manually could be a security issue itself. That's why I am wondering about the client-side. I do believe it would be good if the router app could assist with doing just that.
I recently came across your informative text about Wi-Fi-based positioning systems and was wondering if your team has a summarized setup guide compatible with any travel router within your portfolio. This guide would focus on the optimal setup for privacy and security.
While browsing your forum https://forum.gl-inet.com, I noticed that there is a wealth of essential information scattered across multiple threads provided by your team. Consolidating this information into an official document within your GL.iNet documentation library would be incredibly beneficial.
Your products are a blessing for many, including myself. However, I believe a guide focusing on privacy and security, including this text, would be highly valuable.
If such a guide already exists, could you kindly provide the link?
Thank you for providing the link from your GL.iNet knowledge base.
Kindly extend my sincere regards to your esteemed team.
Moreover, I respectfully enquiry that your team review the open topics within your forum at your earliest convenience:
Thank you for bringing this to the attention of your colleague, @bruce.
With utmost interest, I am eagerly anticipating the proposed solution from your team.
