

Tracking Human Mobility using WiFi signals - sapski
http://sunelehmann.com/2015/05/26/tracking-human-mobility-using-wifi-signals/

======
chatmasta
Google likely has the most accurate "IP Address <-> Location" map of any
company. They have all the data necessary for a true "god mode" view of the
internet map. Consider the data they have:

\- Google maps cars collecting wifi ssid's

\- Android phones collecting wifi ssid's

\- Chromecast scanning internal networks

They know the names of the networks behind public IP's, they know where the
networks are, and they know who connects to them.

Sometimes I wonder if IPv6 will ever be truly adopted, or if big companies
have mined so much IPv4 data that they have little incentive to switch all
systems to IPv6. Not everyone has the level of access and insight to IPv4
networks that big companies do. When every device has a unique IP, big
companies will lose a competitive advantage.

~~~
sapski
They are also willing to share their knowledge: you can do 100 requests per
day for free to
[https://developers.google.com/maps/documentation/business/ge...](https://developers.google.com/maps/documentation/business/geolocation/),
or pay up to have basically unlimited access (that's for wifi routers and gsm
towers, they work much better than IP addresses for the reasons you
mentioned).

------
URSpider94
WiFi as a location technology is well-known --
[http://www.skyhookwireless.com](http://www.skyhookwireless.com) for example
has been selling this data for a decade.

What seems to be new here is that Android is very permissive and leaky with
WiFi access point data, which allows an app to reverse-engineer location
without specifically asking permission to know your location.

Your claim that Android scans for AP's even when WiFi is off is a very
interesting one, which raises a lot of concern for privacy but also for RF
interference -- if I say I want a radio to be off, then I expect it to be OFF,
dammit!

~~~
sapski
It's true: Skyhook, Google, Apple, and Microsoft have been doing it for a
while. Even more, there are free databases that you can use to map WiFi
routers to locations (for example wiggle.net), but for some reason this is
still not enough for Google to treat WiFi as equivalent to location. This also
has consequences in age rating: if you explicitly require location access, you
fall into a different age category than if you require "only" the WiFi
permission.

You can control the scanning settings in settings -> WiFi -> advanced ->
scanning always available. It's ON by default, but you can disable it there.

Apart from what you mention, what is new is the measurement of how many access
point you actually need to know to track my location: it's costly to look up
all the routers I see during a day, but we show that people spend a vast
majority of the time close to a very small number of unique access points (~20
routers per person over 6 months).

------
dfc
I am not sure this is a new threat, a user's list of known SSIDs has been a
recognized threat to privacy for a long time. You do not even need to have an
app installed on Alice's phone to track her location. All Eve has to do is
listen for beacon probes from alice's laptop and Eve can get a good picture of
where Alice has been and more: "Show me your SSIDS I'll tell you who you
are"[1]

[1]: [http://blog.rootshell.be/2012/01/12/show-me-your-ssids-
ill-t...](http://blog.rootshell.be/2012/01/12/show-me-your-ssids-ill-tell-who-
you-are/)

~~~
sapski
Yes, but: 1) you can circumvent this problem by randomizing your mac between
probes, as apple already does, and that doesn't help with the threat we
present

2) ssids are not unique - when it says "airport" it can be any airport. When
you have access to the mac of the device, you can pin point it uniquely -
that's the threat we present.

3) with the threat you link, you theoretically might be able to recover some
of the past locations of the user where they did connect to WiFi. With the
threat we present you get the location history with time resolution of up to
20 seconds, whether the user connects to WiFi or not, and even if they disable
WiFi, and you don't have to control any routers. I would say this constitutes
a novelty.

=== EDIT ====

4) the link only mentions a theoretical possibility, we show that the threat
is real based on real data collected over 6 months about multiple people.

------
guidefreitas
I wrote a post a while ago about how to use wifi ssid and signal strength to
determinate the indoor location of an Android phone -
[http://www.guidefreitas.com/indoor-location-using-wifi-
signa...](http://www.guidefreitas.com/indoor-location-using-wifi-signal/)

------
sapski
Also, checkout the app that shows the findings on your own data:
[https://play.google.com/store/apps/details?id=dk.dtu.compute...](https://play.google.com/store/apps/details?id=dk.dtu.compute.mywifiscanner)

------
kronomikon
Luckily, you can turn this feature off. Go to Settings > Wi-Fi > Advanced and
uncheck "Scanning always available".

------
henryl
Here's a startup that leverages this for in store analytics:
[http://euclidanalytics.com/](http://euclidanalytics.com/)

~~~
sapski
This is something different: they just know when you visit a location with a
router that they control. We show that you don't need to control any routers
to track people's location, as long as you have an app with the "WiFi
information" permission (and most of the apps do have it).

~~~
chatmasta
(Assuming you are the author of the post)

Did you watch the network traffic that apps send home? I would be curious to
know, of the top games in the app store that see wifi data, how many of them
actually send it back to their servers.

I've been running mitmproxy for a project, giving me rare insight into the
data that leaves my phone. It's amazing how often android/ios apps "phone
home." Every few seconds, apple and google servers receive a request from my
phone with fingerprint information sufficient to pinpoint my location on a
map. Usually the current WiFi SSID is included in that.

It has me wondering if there is viability in a consumer-grade "man in the
middle" router for auditing/filtering the traffic leaving the user's home
network.

~~~
sapski
Good point, thanks! We didn't watch the traffic of these apps yet, we just
point out that they have the ability to report it back, beyond the user's
control.

I did however read through the privacy policies of the apps, and one of the
top 20 with WiFi but not location permission mentioned collecting your
location data.

