
Linger – Device to create and broadcast a virtual crowd - javl
https://jaspervanloenen.com/linger/
======
amitbr
The blog is trying to mask wifi probe requests. Active scan and connect modes
are disabled on iOS and most modern smartphones from my knowledge. Back in the
golden days, we use to track people around based on their wifi signals, we
also developed a machine learning system to determine where a person was based
on their RSSI over time (we used time warping networks).

~~~
javl
I believe recent versions of IOS still do this in some form, but they use
random MAC addresses. But even if recent devices don't send out probe requests
anymore, there are still many older devices or devices with out-of-date OSes
to make this work.

While testing I didn't really have a way see what percentage of devices around
me sent probe request, but the absolute amount of devices is still high.

------
cdevs
The best ideas are the ones you could have come up with yourself but didn't
someone else made the cool white box. Nice work simple and a little creepy
hardware design mocking our lack of privacy best practices.

------
COMMENT___
The second paragraph tries to explain what this device is supposed to do or
what real problems it solves. Again, how keeping a collection of 'signals'
helps with privacy?

So does my iPhone "yell" those wifi names? How and what exactly does it yell?

Won't this linger device make me a unique and traceable fingerprint? Is this
about privacy?

~~~
puddintane
I believe the idea is to make it so this technique isn't useful for analytics
anymore (edit: because your MAC mining data would be telling the user is in
100+ places at once). If it would work is an entirely different story because
since the devices are stationary and not moving (like a device in your hand or
pocket would) would it be easily detectable that it was a "faking" device.

~~~
javl
It is not so much about your device being at many places at the same time
(though it is a nice side-effect) as it is about polluting tracking databases.
If you normally have 10 people in an area, and all of a sudden there are 2000,
you know something is wrong. But there is no telling which of these 2000
devices is the real one, meaning you have to accept false metrics, or remove
all of them from your system (including the real device).

~~~
puddintane
Pollution is essentially what I meant apologies for my poor phrasing.

However detection of these devices could become easy considering they probably
wouldn't move a lot, meaning you'd have to either (a) move the device
frequently and randomly or (b) the antenna that reproduces the signal would
need to add a bit of weakness to the signal to adjust and make the user look
like he is moving.

(e.g. If the signal strength stays the same constantly then it might be easy
to tell the user isn't moving ever and therefore likely not a spot they are at
currently, or even if everyone shares a very similar signal strength).

According to the description on GitHub the system only adjusts the sequence
numbers.

------
shshhdhs
I absolutely love how simple and clever this is, from a security/privacy
perspective. The display of the number of folks in your "group" is pure fun.
=)

I kind of wish this could be an app. Anyway to replicate the effect on iOS or
Android? Or do they not expose the necessary APIs?

~~~
javl
One of the things you'll need is a network card with the ability to go into
monitor mode, which allows it to see all traffic instead of only traffic meant
for your device. I don't think there are a lot of mobile phones that have such
a card (the Nokia N900 did).

------
mirimir
This is cool. But maybe a bit too subtle. I wonder whether devices could use a
shared P2P database, so your crowd could be millions strong.

~~~
javl
Ha, that would be awesome! Feel free to clone the Github repo and implement it
;)

------
kordless
> Your phone is basically yelling every name of every network it has ever been
> connected to

No it's not.

~~~
nikmobi
can you elaborate? Devices transmit PROBE frames containing the SSID's that
the device "remembers."

~~~
inyorgroove
I presume he manually disables/enables wifi. Or uses a utility with geo-
fencing to enable/disable wifi.

