Re: home screen icon to connect to wi-fi network

On 9/28/2024 6:39 AM, Arno Welzel wrote:

Remember the home router is always set to not broadcast your BSSID/SSID
pair, which is prudent not for security but for privacy reasons since then
phones don't upload your unique BSSID/SSID pair to Internet databases.

 
Why do you think, that the phone won't do this, when it is *connected*
to that SSID?

Good question. I don't know the full answer but I suspect the correct
answer has a lot to do with the word "this" in your sentence.

What, exactly, do you mean, by "this"? (See what I mean, below.)

What you're saying, and which I agree may be happening, is if you grep the
packets emanating from the phone "during" a connection to your WAP, the
BSSID is likely being ping-ponged back and forth, hidden in those packets.

That's explicitly why I said a war driver can "see" your BSSID, but not a
"normal" user whose phone is simply configured for a default Google setup.

But I have auto-connect turned off, so the phone is not "looking" for any
WAP, and therefore once the phone is disconnected from that WAP, it stops
sending those packets containing the BSSID of the home router WAP.

Given that situation, I suspect the correct answer to your excellent
question is that the packets are fundamentally different when a phone is
"looking" to connect to a WAP versus when the phone "is" connected to it.

While I can't control other people's phones, they are set up by Google to
look for the "I'm here!" packet (which I'll call the "broadcast" packet).

And while I can't control nefarious stores like the Cannabis store or the
Pawn shop, they too are looking at the "Are you there?" packets I assume.

In my setup there is no "I'm here!" packet coming from my home router.
And in my setup there is no "Where are you?" packet coming from the phone.

So two things are set which most people don't know why they'd set them.
(1) The home router is set to NOT BROADCAST your unique BSSID/SSID pair.
(2) The phone is set to NOT AUTO CONNECT to any known wi-fi access points.
 
Those are set for privacy.
Not for security.

 
What has auto-connect to do with privacy if you are using your own WiFi
network?

Most people don't understand a thing about wireless networking and how it
impacts their privacy, so I'm not surprised you don't know how it works.

I can't teach you a course in networking here, but the simplest way to
answer your question is to first patiently explain that most phones are set
to auto-connect to a known WAP if it sees it, and most routers are set to
broadcast the WAP's presence, but that's not the situation in my setup.

The router is set up to not broadcast the WAP's presence, which is done to
keep the phones that pass by the home from picking it up (by default).

The phone is set to connect to that "hidden network" but not to reconnect.
That's done to keep the Cannabis store from picking up my unique home WAP's
BSSID while I'm away from home. Together, it's three things for privacy.

 [1] Home WAP set up as hidden network (it doesn't broadcast availability)
 [2] Phone set up to connect to the hidden network (credentials are saved)
 [3] But phone is also set up to never auto connect (it doesn't look)

I could skip step [2] above but that would be inconvenient in daily use.

Most people don't understand the difference, but the end result is if you
leave auto connect on the default setting, then your phone will constantly
shout out your unique BSSID/SSID pair everywhere you go in the world.

 
Do you have a source where one can learn more about this?

It's basic stuff. Nothing I've said is incorrect so it's everywhere.
 

That allows anyone with even minimum skills to track your every movement.
I don't want that.

 
With even "minimum skills"? How?

Again, this is kid's stuff. It's basic networking. Very simple. Look it up.

We didn't even get into MAC randomization where by default, newer phones
randomize any given access point connection MAC (set for life), and if you
tweak Developer options, Androids randomize the MAC on every connection.

Why do you think that is a fundamental part of Android privacy nowadays?