From Newsgroup: alt.comp.os.windows-11

Marian wrote:

Here is code I hacked out this morning which tracks those 400 BSSID:GPS pairs, where I set the distance to 100KM but it could be any distance.

Here is code that generates random (or sequential) BSSIDs to place into a
file which can later be checked against Apple's highly insecure WPS DB.

bssidgenerate.bat

Select an OUI from the menu or press Enter to type your own:
1) TP-Link F4:F2:6D
2) Netgear 44:94:FC
3) Arris 60:31:97
4) Ubiquiti 24:A4:3C
5) Technicolor 10:13:31
6) Cisco/Linksys 00:25:9C
7) ASUS AC:9E:17
8) Google/Nest F4:F5:D8
9) Amazon/Eero 74:83:C2
10) Hitron C8:3A:35

Enter menu number (1iV10) or press Enter to type your own: 3
How many BSSIDs do you want to generate?: 100
Random or Sequential? (R/S): r
Generating BSSIDs...
60:31:97:CF:01:AB
60:31:97:21:8A:8B
60:31:97:A2:3D:B5
60:31:97:E3:F7:5F
60:31:97:62:E4:8A
60:31:97:7F:45:6D
60:31:97:77:C3:76
60:31:97:63:9E:DB
60:31:97:5C:33:91
60:31:97:76:B9:71
60:31:97:1D:0B:F0
60:31:97:9C:17:21
60:31:97:25:F7:F5
60:31:97:4D:67:FA
60:31:97:94:88:D0
60:31:97:E7:73:04
etc.
Output file saved to: bssidinput.txt

@echo off
:: C:\app\os\python\apple_bssid_locator\bssidgenerate.bat
:: Runs bssidgenerate.ps1 to generate random/sequential realistic BSSIDs
set "SCRIPT=%~dp0bssidgenerate.ps1"

echo Running PowerShell script:
echo %SCRIPT%
echo.

powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -File "%SCRIPT%"

# C:\app\os\python\apple_bssid_locator\bssidgenerate.ps1
# Usemodel: bssidgenerate.bat (runs this powershell script)
# v1p0 20251217
# Generates BSSIDs based on user input.
# Prompts for:
# 1. OUI (first half), e.g., F4:F2:6D (TP-Link)
# 2. Number of BSSIDs to generate (e.g., 100)
# 3. Mode: R = random, S = sequential
# v1p1 20251217
# Saves results to bssidinput.txt
# Forces an OUI in case enter is hit prematurely
# v1p2 20251217
# Added menu of the ten most common USA OUI's
# v1p3 20251217
# Added sequential-mode starting block
# v1p4 20251217
# Added wraparound protection (at FF:FF:FF)

# --- BEGIN OUI MENU BLOCK ---
Write-Host ""
Write-Host "Select an OUI from the menu or press Enter to type your own:"
Write-Host " 1) TP-Link F4:F2:6D"
Write-Host " 2) Netgear 44:94:FC"
Write-Host " 3) Arris 60:31:97"
Write-Host " 4) Ubiquiti 24:A4:3C"
Write-Host " 5) Technicolor 10:13:31"
Write-Host " 6) Cisco/Linksys 00:25:9C"
Write-Host " 7) ASUS AC:9E:17"
Write-Host " 8) Google/Nest F4:F5:D8"
Write-Host " 9) Amazon/Eero 74:83:C2"
Write-Host " 10) Hitron C8:3A:35"
Write-Host ""

$choice = Read-Host "Enter menu number (1iV10) or press Enter to type your own"

switch ($choice) {
"1" { $oui = "F4:F2:6D" }
"2" { $oui = "44:94:FC" }
"3" { $oui = "60:31:97" }
"4" { $oui = "24:A4:3C" }
"5" { $oui = "10:13:31" }
"6" { $oui = "00:25:9C" }
"7" { $oui = "AC:9E:17" }
"8" { $oui = "F4:F5:D8" }
"9" { $oui = "74:83:C2" }
"10" { $oui = "C8:3A:35" }
default { $oui = $null }
}
# --- END OUI MENU BLOCK ---

# Ask for the first half (OUI)
if (-not $oui) {
$oui = Read-Host "Enter the first half (e.g., F4:F2:6D)"
}
$oui = $oui.ToUpper().Replace("-",":").Trim()

# Prevent empty OUI
if (-not $oui) {
Write-Host "You must enter an OUI such as F4:F2:6D."
exit
}

# Ask how many BSSIDs to generate
$count = Read-Host "How many BSSIDs do you want to generate?"
$count = [int]$count

# Ask for mode: random or sequential
$mode = Read-Host "Random or Sequential? (R/S)"
$mode = $mode.ToUpper()

Write-Host ""
Write-Host "Generating BSSIDs..."
Write-Host ""

# Output file
$outfile = "bssidinput.txt"
Clear-Content -Path $outfile -ErrorAction SilentlyContinue

# Function to format a number 0iV255 as two hex digits
function To-Hex([int]$n) {
return "{0:X2}" -f $n
}

# Sequential mode
if ($mode -eq "S") {

# Ask for starting second-half (e.g., AB:CD:EF)
$startHex = Read-Host "Enter starting second-half (e.g., AB:CD:EF) or press Enter for 00:00:00"
if (-not $startHex) { $startHex = "00:00:00" }

# Normalize
$startHex = $startHex.ToUpper().Replace("-",":").Trim()

# Convert to integer
$parts = $startHex.Split(":")
if ($parts.Count -ne 3) {
Write-Host "Invalid starting value. Must be three bytes like AB:CD:EF."
exit
}

$startVal = ([Convert]::ToInt32($parts[0],16) -shl 16) `
+ ([Convert]::ToInt32($parts[1],16) -shl 8) `
+ [Convert]::ToInt32($parts[2],16)

$maxVal = 0xFFFFFF

for ($i = 0; $i -lt $count; $i++) {

$val = $startVal + $i

if ($val -gt $maxVal) {
Write-Host "Reached maximum value FF:FF:FF. Stopping."
break
}

$b1 = ($val -shr 16) -band 0xFF
$b2 = ($val -shr 8) -band 0xFF
$b3 = $val -band 0xFF

$bssid = "${oui}:{0}:{1}:{2}" -f (To-Hex $b1), (To-Hex $b2), (To-Hex $b3)
Write-Host $bssid
Add-Content -Path $outfile -Value $bssid
}
}

# Random mode
elseif ($mode -eq "R") {
$rand = New-Object System.Random
for ($i = 0; $i -lt $count; $i++) {
$b1 = $rand.Next(0,256)
$b2 = $rand.Next(0,256)
$b3 = $rand.Next(0,256)

$bssid = "${oui}:{0}:{1}:{2}" -f (To-Hex $b1), (To-Hex $b2), (To-Hex $b3)
Write-Host $bssid
Add-Content -Path $outfile -Value $bssid
}
}

else {
Write-Host "Invalid choice. Please enter R or S."
}

Write-Host ""
Write-Host "Output file saved to: $(Resolve-Path $outfile)"

# end of C:\app\os\python\apple_bssid_locator\bssidgenerate.ps1
--
Helping others & learning from them is what this Usenet ng is all about.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

Here is code I hacked out this morning which tracks those 400 BSSID:GPS
pairs, where I set the distance to 100KM but it could be any distance.

Here is code that generates random (or sequential) BSSIDs to place into a file which can later be checked against Apple's highly insecure WPS DB.

My claim is that it's trivial to gather valid access points to check
against Apple's highly insecure WPS database, where below is that check.

Once we have tens of thousands of random (or sequential) BSSIDs (which we
can start at any start point but I stop at the FF:FF:FF wrap around), we
can then check each of them against Apple's highly insecure WPS database.

@echo off
:: This is C:\app\os\python\apple_bssid_locator\bssidcheck.bat
:: v1p0 20251217
:: checks a list of BSSIDs from bssidcheck.txt in Apple's WPS db
:: outputs to the console and into a timestamped log file
:: v1p1 20251217
:: added fullpath to output files in the console output
:: v1p2 20251217
:: only log when a lookup is successful
:: v1p3 20251217
:: added summary section of bssid's that were found

:: Begin Log setup
set LOGDIR=%~dp0log
if not exist "%LOGDIR%" mkdir "%LOGDIR%"

for /f %%A in ('wmic os get localdatetime ^| find "."') do set dt0=%%A
set "session_ts=%dt0:~0,8%_%dt0:~8,6%"
set "session_log=%LOGDIR%\session_%session_ts%.log"
:: End Log setup

:: --- begin Success list setup ---
set "FOUND_LIST="
:: --- end Success list setup ---

echo === New BSSID lookup session started at %date% %time% === >> "%session_log%"
echo Session log: %session_log%

:: Begin FILE MODE
if exist "%~dp0bssidcheck.txt" (
echo Processing BSSIDs from bssidcheck.txt...
for /f "usebackq tokens=*" %%X in ("%~dp0bssidcheck.txt") do (
set "BSSID=%%X"
call :process_bssid
)
goto end
)
:: End FILE MODE

:: Begin INTERACTIVE MODE
:loop
echo.
set /p BSSID=Enter the BSSID (or q to quit):
if /I "%BSSID%"=="q" goto end

call :process_bssid
goto loop

:: End INTERACTIVE MODE

:: Begin PROCESS ONE BSSID
:process_bssid
:: --- Clean up input ---
set "BSSID=%BSSID:"=%"
set "BSSID=%BSSID: =%"

:: --- begin Make filename-safe version ---
set "safeBSSID=%BSSID::=-%"
:: --- end Make filename-safe version ---

:: --- begin Generate timestamp for THIS lookup ---
for /f %%A in ('wmic os get localdatetime ^| find "."') do set dt=%%A
set "ts=%dt:~0,8%_%dt:~8,6%"
:: --- end Generate timestamp for THIS lookup ---

:: --- begin Timestamped output file ---
set "outfile=%LOGDIR%\bssidlookup_%ts%_%safeBSSID%.log"
:: --- end Timestamped output file ---

:: --- begin Clear previous coordinates ---
set LAT=
set LON=
:: --- end Clear previous coordinates ---

:: --- begin Run Python lookup ---
echo === Lookup started at %date% %time% === > "%outfile%"
echo BSSID: %BSSID% >> "%outfile%"
echo. >> "%outfile%"

python.exe apple_bssid_locator.py %BSSID% --all >> "%outfile%"
:: --- end Run Python lookup ---

:: --- begin Display results ---
echo -----------------------------------------------
type "%outfile%"
echo -----------------------------------------------
if defined LAT if defined LON echo Log written to: %outfile%
:: --- end Display results ---

:: --- begin Extract coordinates ---
for /f "tokens=2 delims=: " %%A in ('findstr /i "Latitude" "%outfile%"') do set LAT=%%A
for /f "tokens=2 delims=: " %%B in ('findstr /i "Longitude" "%outfile%"') do set LON=%%B

echo === Lookup finished at %date% %time% === >> "%outfile%"
echo. >> "%outfile%"
:: --- end Extract coordinates ---

:: --- begin Append to session log ---
if defined LAT if defined LON (
echo [%date% %time%] BSSID: %BSSID% >> "%session_log%"
echo Latitude: %LAT% >> "%session_log%"
echo Longitude: %LON% >> "%session_log%"
echo. >> "%session_log%"

:: Add to success list
set "FOUND_LIST=%FOUND_LIST% %BSSID%"
)
:: --- end Append to session log ---

:: --- begin Append to master log ---
if defined LAT if defined LON (
echo [%date% %time%] BSSID: %BSSID% >> "%LOGDIR%\bssidcheck_%session_ts%.log"
echo Latitude: %LAT% >> "%LOGDIR%\bssidcheck_%session_ts%.log"
echo Longitude: %LON% >> "%LOGDIR%\bssidcheck_%session_ts%.log"
echo. >> "%LOGDIR%\bssidcheck_%session_ts%.log"
)
:: --- end Append to master log ---

:: --- begin Open in Google Maps ---
if defined LAT if defined LON start msedge "https://www.google.com/maps/search/?api=1&query=%LAT%,%LON%"
:: --- end Open in Google Maps ---

goto :eof
:: End PROCESS ONE BSSID


:end

:: --- begin Summary of successful lookups ---
echo.
echo ===== Summary of Successful BSSID Lookups =====
if defined FOUND_LIST (
echo %FOUND_LIST%
) else (
echo No BSSIDs were successfully located.
)
echo ===============================================
echo.
:: --- end Summary of successful lookups ---

echo Exiting. Goodbye!
:: end of C:\app\os\python\apple_bssid_locator\bssidcheck.bat
--
Never make the mistake of thinking I'm anything like the trolls are.
I am not here for my ego; nor for my amusement; but to teach & learn.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

My claim is that it's trivial to gather valid access points to check
against Apple's highly insecure WPS database, where below is that check.

Anyone interested in running these TP-Link BSSIDs through Apple's
highly insecure WPS lookup database & reporting results to the team?
<https://wavedigger.networksurvey.app/?tab=bssid>

===== Summary of Successful BSSID Lookups =====
F4:F2:6D:B6:A6:97
F4:F2:6D:38:43:72
F4:F2:6D:8E:DE:DC
F4:F2:6D:87:0A:CE
etc.
===============================================

Click on these links and let the team know what you find out from them:
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=F4-F2-6D-B6-A6-97>
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=F4-F2-6D-38-43-72>
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=F4-F2-6D-8E-DE-DC>
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=F4-F2-6D-87-0A-CE>
etc.

Here's a report of the nearest 400 APs to the Shreveport Louisiana BSSID:
<https://www.google.com/maps/place/32#27'32.07"N+93#48'53.84"W/>
(4302 Josey Cir, Shreveport, LA 71109)

Enter the BSSID (or q to quit): F4:F2:6D:B6:A6:97
-----------------------------------------------
=== Lookup started at Wed 12/17/2025 3:15:21.02 ===
BSSID: F4:F2:6D:B6:A6:97

Searching for location of bssid: F4:F2:6D:B6:A6:97
Saved 309 entries to results.txt
BSSID: f4:f2:6d:b6:a6:97
Latitude: 32.45974349
Longitude: -93.81695556

BSSID: 18:de:50:5b:14:6c
Latitude: 32.45925521
Longitude: -93.81757354

BSSID: 1a:1e:19:0d:c9:a9
Latitude: 32.45926666
Longitude: -93.8175888

BSSID: 1e:9e:cc:d6:cb:71
Latitude: 32.45985031
Longitude: -93.81725311

BSSID: 1e:9e:cc:d6:cb:76
Latitude: 32.45985031
Longitude: -93.81725311

BSSID: 02:aa:a0:ba:26:e0
Latitude: 32.45988464
Longitude: -93.81759643000001

BSSID: 50:95:51:b5:b6:ae
Latitude: 32.4591217
Longitude: -93.81761169

BSSID: 54:b2:03:2f:1b:60
Latitude: 32.45988082
Longitude: -93.81723022

BSSID: 62:b2:03:2f:1b:60
Latitude: 32.45986175
Longitude: -93.81723785

BSSID: 06:aa:a0:ba:26:e0
Latitude: 32.45986938
Longitude: -93.81759643000001

BSSID: 6a:b2:03:2f:1b:60
Latitude: 32.45987701
Longitude: -93.81723022

BSSID: 6e:b2:03:2f:1b:60
Latitude: 32.459846490000004
Longitude: -93.81730651000001

BSSID: 84:eb:3e:f8:36:d3
Latitude: 32.45880508
Longitude: -93.81717681

BSSID: 84:eb:3e:fa:b2:63
Latitude: 32.4595375
Longitude: -93.81742858

BSSID: 84:eb:3f:08:e0:72
Latitude: 32.45973968
Longitude: -93.81745147000001

BSSID: 8c:76:3f:f8:5d:cd
Latitude: 32.45948791
Longitude: -93.81759643000001

BSSID: 8c:85:80:d1:be:37
Latitude: 32.45985031
Longitude: -93.81759643000001

BSSID: 8e:76:3f:f8:5d:cd
Latitude: 32.4594841
Longitude: -93.8175888

BSSID: 92:76:3f:f8:5d:cd
Latitude: 32.4594841
Longitude: -93.81756591

BSSID: 92:95:51:b5:b6:ae
Latitude: 32.45910644
Longitude: -93.81759643000001

BSSID: 96:76:3f:f8:5d:cd
Latitude: 32.45948791
Longitude: -93.8175888

BSSID: 96:ad:43:e3:f8:a8
Latitude: 32.45892715
Longitude: -93.81752014

BSSID: 9c:34:26:9e:ff:4a
Latitude: 32.45941162
Longitude: -93.8166275

BSSID: 9e:34:26:9e:ff:4a
Latitude: 32.45940017
Longitude: -93.81663513000001

BSSID: ae:4c:a5:65:93:62
Latitude: 32.45982742
Longitude: -93.81752014

BSSID: ae:4c:a5:65:93:67
Latitude: 32.45983505
Longitude: -93.81752014

BSSID: ba:5e:71:08:7c:6c
Latitude: 32.45958709
Longitude: -93.81726837000001

BSSID: ba:5e:71:08:7c:6f
Latitude: 32.45959091
Longitude: -93.81725311

BSSID: bc:9b:68:7e:15:c0
Latitude: 32.45943069
Longitude: -93.817276

BSSID: bc:9b:68:7e:15:c1
Latitude: 32.4594078
Longitude: -93.817276

BSSID: bc:9b:68:7e:15:c3
Latitude: 32.459438320000004
Longitude: -93.817276

BSSID: bc:9b:68:7e:15:c5
Latitude: 32.45941543
Longitude: -93.81728363

BSSID: bc:9b:68:7e:15:c6
Latitude: 32.45944976
Longitude: -93.81729125

BSSID: be:34:26:9e:ff:4a
Latitude: 32.45941925
Longitude: -93.81661987

BSSID: c6:4f:d5:41:a5:59
Latitude: 32.45885467
Longitude: -93.81680297

BSSID: de:34:26:9e:ff:4a
Latitude: 32.4594078
Longitude: -93.81664276000001

BSSID: ec:aa:a0:ba:26:e0
Latitude: 32.45988845
Longitude: -93.8175888

BSSID: fa:aa:a0:ba:26:e0
Latitude: 32.45989227
Longitude: -93.81759643000001

BSSID: 12:3d:0a:47:68:48
Latitude: 32.45932769
Longitude: -93.81684875

BSSID: 3a:1e:19:0d:c9:a9
Latitude: 32.45920944
Longitude: -93.8175888

BSSID: 72:95:51:b5:b6:ae
Latitude: 32.45911026
Longitude: -93.81761932

BSSID: 74:ea:e8:a0:a7:d7
Latitude: 32.45973205
Longitude: -93.81691741

BSSID: 78:d2:94:c9:68:48
Latitude: 32.45880889
Longitude: -93.81738281

BSSID: 82:da:c2:f4:9c:fd
Latitude: 32.45885086
Longitude: -93.81640625

BSSID: 88:ad:43:e3:f8:a8
Latitude: 32.45894241
Longitude: -93.8175354

BSSID: 9e:ad:43:e3:f8:a8
Latitude: 32.45894622
Longitude: -93.8175354

BSSID: a2:ad:43:e3:f8:a8
Latitude: 32.45894622
Longitude: -93.81755065

BSSID: 0a:1e:19:0d:c9:a9
Latitude: 32.45919799
Longitude: -93.81758117

BSSID: c6:4f:d5:41:a5:5e
Latitude: 32.45884704
Longitude: -93.81679534

BSSID: de:72:23:a3:8a:04
Latitude: 32.45986557
Longitude: -93.81764984

BSSID: e6:bf:fa:bb:35:f8
Latitude: 32.45929718
Longitude: -93.81698608

BSSID: e6:bf:fa:bb:35:fb
Latitude: 32.45929718
Longitude: -93.81697845000001

BSSID: 10:93:97:0a:e7:80
Latitude: 32.45983123
Longitude: -93.81554412

BSSID: 12:36:aa:62:9c:39
Latitude: 32.45924758
Longitude: -93.81565093

BSSID: 12:36:aa:62:9c:3a
Latitude: 32.45924377
Longitude: -93.81565856

BSSID: 12:36:aa:62:9c:3d
Latitude: 32.4592247
Longitude: -93.81564331

BSSID: 12:36:aa:62:9c:3e
Latitude: 32.45925521
Longitude: -93.81563568

BSSID: 12:36:aa:85:84:c9
Latitude: 32.45958709
Longitude: -93.81570434

BSSID: 18:9c:27:b6:4b:8a
Latitude: 32.45975494
Longitude: -93.81597137

BSSID: 02:cb:7a:c2:d1:42
Latitude: 32.45950698
Longitude: -93.81557464000001

BSSID: 02:cb:7a:c2:d1:43
Latitude: 32.45950698
Longitude: -93.81555938

BSSID: 02:cb:7a:c2:d1:45
Latitude: 32.45949935
Longitude: -93.81555938

BSSID: 36:e6:e6:86:cd:1c
Latitude: 32.45980453
Longitude: -93.81570434

BSSID: 3a:9c:27:b6:4b:8a
Latitude: 32.45976257
Longitude: -93.81599426

BSSID: 5a:9c:27:b6:4b:8a
Latitude: 32.45975112
Longitude: -93.81600189

BSSID: 8c:76:3f:d4:13:8d
Latitude: 32.4597969
Longitude: -93.81586456000001

BSSID: 8c:85:80:e4:35:dd
Latitude: 32.45980834
Longitude: -93.81555938

BSSID: 8c:0f:6f:21:c8:80
Latitude: 32.45982742
Longitude: -93.81553649

BSSID: 8c:0f:6f:d3:3b:68
Latitude: 32.459030150000004
Longitude: -93.81517791

BSSID: 8e:76:3f:d4:13:8d
Latitude: 32.4597969
Longitude: -93.81587982

BSSID: 94:a6:7e:31:02:35
Latitude: 32.45889282
Longitude: -93.81509399000001

BSSID: 96:76:3f:d4:13:8d
Latitude: 32.45978546
Longitude: -93.81589508

BSSID: 9a:0f:6f:21:c8:80
Latitude: 32.45982742
Longitude: -93.81553649

BSSID: 9a:0f:6f:d3:3b:68
Latitude: 32.45904922
Longitude: -93.81517791

BSSID: a2:0f:6f:21:c8:80
Latitude: 32.4598236
Longitude: -93.81553649

BSSID: a2:0f:6f:d3:3b:68
Latitude: 32.45904159
Longitude: -93.81518554

BSSID: a6:0f:6f:21:c8:80
Latitude: 32.45983123
Longitude: -93.81555175

BSSID: a6:0f:6f:d3:3b:68
Latitude: 32.45905303
Longitude: -93.8152008

BSSID: be:61:e9:cd:aa:a8
Latitude: 32.458812710000004
Longitude: -93.81623077

BSSID: ca:3a:6b:db:9b:ba
Latitude: 32.45902252
Longitude: -93.81513977

BSSID: ce:6c:6d:53:02:e5
Latitude: 32.45965194
Longitude: -93.81586456000001

BSSID: d4:6c:6d:53:02:e5
Latitude: 32.45964431
Longitude: -93.81583404

BSSID: d6:6c:6d:53:02:e5
Latitude: 32.45964431
Longitude: -93.81583404

BSSID: da:e3:5e:f7:08:87
Latitude: 32.45980453
Longitude: -93.81556701

BSSID: f8:aa:3f:fe:b2:1e
Latitude: 32.4590187
Longitude: -93.81517791

BSSID: 4e:6b:b8:aa:8c:80
Latitude: 32.45885467
Longitude: -93.81540679

BSSID: 78:b2:13:e7:91:39
Latitude: 32.45882797
Longitude: -93.81607055

BSSID: 1e:30:08:a4:b8:64
Latitude: 32.45988082
Longitude: -93.81547546

BSSID: 9e:b3:f7:21:91:e7
Latitude: 32.459102630000004
Longitude: -93.81617736

BSSID: ce:8b:66:31:a1:df
Latitude: 32.45933151
Longitude: -93.81556701

BSSID: 80:30:dc:c2:05:26
Latitude: 32.45886993
Longitude: -93.81635284000001

BSSID: 6e:29:90:f7:23:74
Latitude: 32.45904159
Longitude: -93.81517028

BSSID: 0c:73:29:ff:29:93
Latitude: 32.45893096
Longitude: -93.81542968000001

BSSID: 7e:27:bc:95:f5:35
Latitude: 32.45974349
Longitude: -93.81566619

BSSID: 54:21:60:82:f9:80
Latitude: 32.45933914
Longitude: -93.81817626

BSSID: 66:c6:d2:a2:ca:41
Latitude: 32.45928955
Longitude: -93.81825256

BSSID: 72:13:01:e1:d9:24
Latitude: 32.45993041
Longitude: -93.81851959000001

BSSID: 82:da:c2:8e:e8:de
Latitude: 32.45935821
Longitude: -93.81826019

BSSID: 86:ea:ed:9d:93:56
Latitude: 32.45885467
Longitude: -93.81848144

BSSID: 88:57:1d:5f:b0:29
Latitude: 32.45927047
Longitude: -93.8179779

BSSID: 8c:0f:6f:3c:c5:a8
Latitude: 32.45972442
Longitude: -93.81800079

BSSID: 8e:49:62:3e:0e:4a
Latitude: 32.45919418
Longitude: -93.81777191

BSSID: 9a:0f:6f:3c:c5:a8
Latitude: 32.45974731
Longitude: -93.81801605

BSSID: a2:0f:6f:3c:c5:a8
Latitude: 32.45973968
Longitude: -93.81801605

BSSID: a6:0f:6f:3c:c5:a8
Latitude: 32.45972442
Longitude: -93.81801605

BSSID: c6:4f:d5:7e:64:69
Latitude: 32.45947647
Longitude: -93.81790924

BSSID: c6:4f:d5:7e:64:6f
Latitude: 32.45946502
Longitude: -93.81789398000001

BSSID: 2e:3f:75:b6:2f:07
Latitude: 32.45936203
Longitude: -93.81813812

BSSID: 82:da:c2:8e:e8:d9
Latitude: 32.459365840000004
Longitude: -93.81826019

BSSID: ae:ae:19:b3:82:47
Latitude: 32.45906448
Longitude: -93.81778717

BSSID: 32:9b:d6:b8:39:e9
Latitude: 32.45936965
Longitude: -93.81829833

BSSID: 70:13:01:ef:d9:23
Latitude: 32.459583280000004
Longitude: -93.81856536000001

BSSID: 70:13:01:ef:d9:26
Latitude: 32.45959091
Longitude: -93.81858062

BSSID: 70:13:01:ef:d9:27
Latitude: 32.45959091
Longitude: -93.81858062

BSSID: 70:13:01:ef:d9:25
Latitude: 32.45958709
Longitude: -93.81858062

BSSID: 50:fd:d5:04:5f:42
Latitude: 32.45814132
Longitude: -93.81715393

BSSID: 62:9c:8e:29:da:30
Latitude: 32.45869445
Longitude: -93.81692504

BSSID: 62:9c:8e:29:da:32
Latitude: 32.45867538
Longitude: -93.81691741

BSSID: 62:9c:8e:29:da:35
Latitude: 32.45868301
Longitude: -93.81696319

BSSID: 72:13:01:28:3a:49
Latitude: 32.4581108
Longitude: -93.81741333000001

BSSID: 72:13:01:28:3a:4a
Latitude: 32.45811462
Longitude: -93.81740570000001

BSSID: 88:ad:43:13:50:e8
Latitude: 32.4581871
Longitude: -93.81671905

BSSID: 96:ad:43:13:50:e8
Latitude: 32.45817947
Longitude: -93.81671905

BSSID: 9c:34:26:19:5d:7c
Latitude: 32.4576683
Longitude: -93.817276

BSSID: 9e:34:26:19:5d:7c
Latitude: 32.45766448
Longitude: -93.81726837000001

BSSID: 9e:ad:43:13:50:e8
Latitude: 32.45819091
Longitude: -93.81671905

BSSID: bc:2e:48:ee:7e:a5
Latitude: 32.45818328
Longitude: -93.81676483

BSSID: be:34:26:19:5d:7c
Latitude: 32.45766448
Longitude: -93.81728363

BSSID: de:2e:48:ee:7e:a5
Latitude: 32.45818328
Longitude: -93.81674957

BSSID: de:34:26:19:5d:7c
Latitude: 32.45765686
Longitude: -93.81728363

BSSID: ee:79:0a:fc:38:85
Latitude: 32.45792388
Longitude: -93.81736755

BSSID: fa:79:0a:fc:38:85
Latitude: 32.45790863
Longitude: -93.81735229

BSSID: fe:2e:48:ee:7e:a5
Latitude: 32.4582138
Longitude: -93.81678771

BSSID: 12:3d:0a:60:d0:1c
Latitude: 32.45816421
Longitude: -93.81655883

BSSID: 18:9c:27:2c:f7:40
Latitude: 32.45811462
Longitude: -93.81652069

BSSID: 1c:e8:9e:86:6f:43
Latitude: 32.45815658
Longitude: -93.81722259

BSSID: 4a:bd:ce:cf:8f:71
Latitude: 32.458641050000004
Longitude: -93.81672668

BSSID: 4a:bd:ce:cf:8f:76
Latitude: 32.45863723
Longitude: -93.81671142

BSSID: 68:3a:48:cd:9b:2a
Latitude: 32.45803451
Longitude: -93.81713867

BSSID: a2:ad:43:13:50:e8
Latitude: 32.45833969
Longitude: -93.8167572

BSSID: a4:11:62:b8:a5:5a
Latitude: 32.45875167
Longitude: -93.81645965

BSSID: a6:53:d2:96:a3:a6
Latitude: 32.45819091
Longitude: -93.81773376

BSSID: d6:53:d2:96:a3:a6
Latitude: 32.45819854
Longitude: -93.81772613

BSSID: 72:c9:4e:2b:23:6b
Latitude: 32.4580574
Longitude: -93.81681823

BSSID: 5c:47:5e:a6:ed:ef
Latitude: 32.4579811
Longitude: -93.81711578000001

BSSID: 10:56:11:6a:80:86
Latitude: 32.46089553
Longitude: -93.81726074000001

BSSID: 10:da:43:3f:a1:0d
Latitude: 32.46057891
Longitude: -93.81767272

BSSID: 1e:9d:72:d4:4c:51
Latitude: 32.46066284
Longitude: -93.81764984

BSSID: 1e:9d:72:d4:4c:54
Latitude: 32.4606781
Longitude: -93.81765747

BSSID: 2c:7e:81:c7:f2:44
Latitude: 32.460353850000004
Longitude: -93.81745910000001

BSSID: 32:56:11:6a:80:86
Latitude: 32.46089172
Longitude: -93.81726837000001

BSSID: 38:17:b1:6e:e1:f6
Latitude: 32.46012115
Longitude: -93.81768035

BSSID: 42:17:b1:6e:e1:f6
Latitude: 32.46009063
Longitude: -93.81764984

BSSID: 4e:7e:81:c7:f2:44
Latitude: 32.46035003
Longitude: -93.81746673

BSSID: 52:56:11:6a:80:86
Latitude: 32.46089935
Longitude: -93.81726074000001

BSSID: 6e:7e:81:c7:f2:44
Latitude: 32.46036911
Longitude: -93.81747436

BSSID: 88:ad:43:58:8b:28
Latitude: 32.460617060000004
Longitude: -93.81711578000001

BSSID: 8c:85:80:ba:9f:da
Latitude: 32.460742950000004
Longitude: -93.81735992

BSSID: 96:ad:43:58:8b:28
Latitude: 32.46060943
Longitude: -93.81713104

BSSID: 9e:ad:43:58:8b:28
Latitude: 32.4606018
Longitude: -93.81712341000001

BSSID: a2:ad:43:58:8b:28
Latitude: 32.46061325
Longitude: -93.81712341000001

BSSID: ca:e5:da:d7:c2:44
Latitude: 32.45995712
Longitude: -93.81754302

BSSID: 00:1e:e5:7c:74:93
Latitude: 32.46081161
Longitude: -93.81645965

BSSID: 5c:b0:66:0b:d3:46
Latitude: 32.4608879
Longitude: -93.81703948

BSSID: 7e:b0:66:0b:d3:46
Latitude: 32.46088409
Longitude: -93.81703948

BSSID: 9e:b0:66:0b:d3:46
Latitude: 32.46088409
Longitude: -93.81703948

BSSID: 36:5e:08:70:77:09
Latitude: 32.46072006
Longitude: -93.81699371

BSSID: ce:8b:66:29:32:d4
Latitude: 32.4603157
Longitude: -93.81760406000001

BSSID: c6:50:9c:f9:9c:29
Latitude: 32.46025848
Longitude: -93.81729888

BSSID: c6:50:9c:f9:9c:2a
Latitude: 32.46026992
Longitude: -93.81729125

BSSID: c6:50:9c:f9:9c:2e
Latitude: 32.460254660000004
Longitude: -93.81729888

BSSID: c6:50:9c:f9:9c:2f
Latitude: 32.46035766
Longitude: -93.81731414000001

BSSID: 58:96:71:75:47:18
Latitude: 32.45874404
Longitude: -93.8155899

BSSID: b8:3a:9d:ff:8f:ba
Latitude: 32.45768737
Longitude: -93.81520843

BSSID: ce:6c:6d:bd:5a:e9
Latitude: 32.458641050000004
Longitude: -93.81510925

BSSID: d4:5d:df:38:18:a0
Latitude: 32.45795822
Longitude: -93.81510162000001

BSSID: d4:6c:6d:bd:5a:e9
Latitude: 32.45866012
Longitude: -93.81512451

BSSID: d6:6c:6d:bd:5a:e9
Latitude: 32.458667750000004
Longitude: -93.81512451

BSSID: e2:5d:df:38:18:a0
Latitude: 32.45796966
Longitude: -93.81510925

BSSID: ea:5d:df:38:18:a0
Latitude: 32.45796203
Longitude: -93.81511688

BSSID: ee:5d:df:38:18:a0
Latitude: 32.45796585
Longitude: -93.81511688

BSSID: 12:59:32:bf:8f:69
Latitude: 32.45852661
Longitude: -93.81599426

BSSID: 34:ea:e7:69:1a:03
Latitude: 32.45866012
Longitude: -93.81589508

BSSID: b0:7f:b9:01:3b:e3
Latitude: 32.45864868
Longitude: -93.81630706

BSSID: c8:63:fc:21:48:e6
Latitude: 32.458667750000004
Longitude: -93.81589508

BSSID: ce:63:fc:21:48:e6
Latitude: 32.45867156
Longitude: -93.81587982

BSSID: d6:63:fc:21:48:e6
Latitude: 32.45867156
Longitude: -93.81588745

BSSID: da:63:fc:21:48:e6
Latitude: 32.45867156
Longitude: -93.81587219000001

BSSID: 54:e0:19:43:85:8d
Latitude: 32.458667750000004
Longitude: -93.81587219000001

BSSID: 2e:3f:75:35:25:b9
Latitude: 32.45836257
Longitude: -93.8187561

BSSID: 3c:b7:4b:a2:12:74
Latitude: 32.45783233
Longitude: -93.81846618

BSSID: 3c:b7:4b:a2:12:75
Latitude: 32.45782852
Longitude: -93.81846618

BSSID: 04:17:b6:01:74:91
Latitude: 32.45777511
Longitude: -93.81830596

BSSID: 4c:bc:e9:ae:85:e6
Latitude: 32.458477020000004
Longitude: -93.8188095

BSSID: 54:a6:5c:b0:58:af
Latitude: 32.45839691
Longitude: -93.81859588

BSSID: 54:a6:5c:b0:58:b4
Latitude: 32.45838546
Longitude: -93.81859588

BSSID: 72:13:01:fd:d6:19
Latitude: 32.458404540000004
Longitude: -93.81896972

BSSID: 86:ef:16:b0:c3:44
Latitude: 32.4580307
Longitude: -93.81842803

BSSID: 88:ef:16:b0:c3:44
Latitude: 32.45802688
Longitude: -93.81842041

BSSID: 08:65:f0:85:af:46
Latitude: 32.458133690000004
Longitude: -93.81807708000001

BSSID: 9c:34:26:24:02:fe
Latitude: 32.45853042
Longitude: -93.81868743

BSSID: 9e:ad:43:e2:72:58
Latitude: 32.45835494
Longitude: -93.81844329

BSSID: a6:36:c7:93:a6:e3
Latitude: 32.45809555
Longitude: -93.81831359

BSSID: ac:91:9b:d4:bd:30
Latitude: 32.45775222
Longitude: -93.81910705

BSSID: ae:61:a3:82:38:31
Latitude: 32.45793151
Longitude: -93.81826782

BSSID: ae:97:cd:1d:65:1d
Latitude: 32.45816421
Longitude: -93.81831359

BSSID: ae:ae:19:be:75:b9
Latitude: 32.45865631
Longitude: -93.81803894000001

BSSID: be:34:26:24:02:fe
Latitude: 32.45854187
Longitude: -93.81868743

BSSID: be:d7:d4:c9:42:98
Latitude: 32.4582901
Longitude: -93.81867218000001

BSSID: c6:50:9c:9d:03:92
Latitude: 32.45809555
Longitude: -93.81854248

BSSID: dc:eb:69:59:75:17
Latitude: 32.45872497
Longitude: -93.81905364

BSSID: dc:eb:69:59:75:1a
Latitude: 32.45876693
Longitude: -93.81905364

BSSID: dc:eb:69:59:75:1c
Latitude: 32.458740230000004
Longitude: -93.81904602

BSSID: dc:eb:69:59:75:1d
Latitude: 32.45874404
Longitude: -93.81906127

BSSID: de:34:26:24:02:fe
Latitude: 32.45853424
Longitude: -93.8186798

BSSID: e2:db:d1:ca:98:99
Latitude: 32.45833587
Longitude: -93.8184967

BSSID: f6:79:0a:5a:0e:aa
Latitude: 32.45858383
Longitude: -93.81819915

BSSID: f8:79:0a:5a:0e:aa
Latitude: 32.45858001
Longitude: -93.81817626

BSSID: 3c:b7:4b:a2:12:6f
Latitude: 32.45782089
Longitude: -93.81845855

BSSID: 3c:b7:4b:a2:12:72
Latitude: 32.45783233
Longitude: -93.81846618

BSSID: 4a:ea:62:bb:12:84
Latitude: 32.45869445
Longitude: -93.81802368

BSSID: 08:65:f0:84:e3:7e
Latitude: 32.45810699
Longitude: -93.81805419

BSSID: 08:65:f0:85:ab:f6
Latitude: 32.45824813
Longitude: -93.81806182

BSSID: 9e:b3:f7:e9:12:d2
Latitude: 32.45869445
Longitude: -93.81893157

BSSID: a6:6a:44:d3:d3:fb
Latitude: 32.45800399
Longitude: -93.81819915

BSSID: b6:53:d2:96:a3:a6
Latitude: 32.45809936
Longitude: -93.81781768

BSSID: be:d7:d4:d1:6d:a5
Latitude: 32.4582138
Longitude: -93.81854248

BSSID: de:cd:2f:94:a1:f3
Latitude: 32.45821762
Longitude: -93.81860351

BSSID: bc:64:4b:13:e5:b4
Latitude: 32.45775985
Longitude: -93.81871795

BSSID: 0e:64:4b:13:e5:b4
Latitude: 32.4577713
Longitude: -93.81870269

BSSID: 6e:29:90:48:48:f8
Latitude: 32.45824813
Longitude: -93.81910705

BSSID: 6e:29:90:44:df:e4
Latitude: 32.45845794
Longitude: -93.81904602

BSSID: 6e:29:90:48:5c:92
Latitude: 32.45841598
Longitude: -93.81911468

BSSID: 10:9a:dd:89:81:75
Latitude: 32.46053314
Longitude: -93.81541442

BSSID: 16:93:7c:21:d8:cd
Latitude: 32.460472100000004
Longitude: -93.81539154000001

BSSID: 1c:93:7c:21:d8:cd
Latitude: 32.46047592
Longitude: -93.81538391000001

BSSID: 1e:51:a4:d5:ad:2e
Latitude: 32.46110534
Longitude: -93.81504821

BSSID: 22:76:13:0c:4a:e6
Latitude: 32.46063232
Longitude: -93.81548309

BSSID: 02:71:47:b8:8e:45
Latitude: 32.46051788
Longitude: -93.81537628

BSSID: 02:a0:0d:cf:38:92
Latitude: 32.46069717
Longitude: -93.81577301

BSSID: 2a:c5:c8:13:e4:09
Latitude: 32.46052169
Longitude: -93.81542205

BSSID: 3a:a0:97:ae:25:b0
Latitude: 32.46107101
Longitude: -93.81588745

BSSID: 42:75:c3:38:ad:5d
Latitude: 32.45996475
Longitude: -93.81601715000001

BSSID: 48:ea:62:19:c1:37
Latitude: 32.46043395
Longitude: -93.81559753

BSSID: 58:07:f8:2c:e9:f4
Latitude: 32.46059417
Longitude: -93.81523895000001

BSSID: 84:eb:3f:39:d3:36
Latitude: 32.460472100000004
Longitude: -93.81536102

BSSID: c0:a0:0d:cf:38:92
Latitude: 32.46071243
Longitude: -93.81578826

BSSID: c2:38:96:68:ab:18
Latitude: 32.46050643
Longitude: -93.81540679

BSSID: e2:a0:0d:cf:38:92
Latitude: 32.46071243
Longitude: -93.81578063

BSSID: e8:97:b8:8e:f4:99
Latitude: 32.4604988
Longitude: -93.81613159

BSSID: 0e:93:7c:21:d8:cd
Latitude: 32.46048355
Longitude: -93.81538391000001

BSSID: f8:a0:97:ae:25:b0
Latitude: 32.46107482
Longitude: -93.8159027

BSSID: 28:6b:b4:e6:5a:6a
Latitude: 32.46052169
Longitude: -93.81571197

BSSID: 42:75:c3:38:ad:59
Latitude: 32.46013259
Longitude: -93.81605529000001

BSSID: 42:75:c3:38:ad:5a
Latitude: 32.46012878
Longitude: -93.81604766

BSSID: 42:75:c3:38:ad:5e
Latitude: 32.46014404
Longitude: -93.81604766

BSSID: 42:75:c3:38:ad:5f
Latitude: 32.46013259
Longitude: -93.81605529000001

BSSID: 54:21:60:82:37:08
Latitude: 32.46048736
Longitude: -93.81610107

BSSID: 8c:61:a3:83:5c:19
Latitude: 32.4610939
Longitude: -93.81595611

BSSID: 8c:85:80:e4:91:ab
Latitude: 32.46012115
Longitude: -93.81610107

BSSID: 90:d0:92:56:be:64
Latitude: 32.46058654
Longitude: -93.81621551

BSSID: a2:ff:70:fe:7b:e8
Latitude: 32.46064376
Longitude: -93.81583404

BSSID: a2:ff:70:fe:7b:ed
Latitude: 32.46063995
Longitude: -93.81584167

BSSID: 0a:05:81:2b:bb:4d
Latitude: 32.4604988
Longitude: -93.81541442

BSSID: ae:61:a3:83:5c:19
Latitude: 32.4610939
Longitude: -93.81596374

BSSID: c2:e5:da:6e:1b:48
Latitude: 32.46081161
Longitude: -93.81608581

BSSID: ce:61:a3:83:5c:19
Latitude: 32.46108627
Longitude: -93.81595611

BSSID: 86:ea:ed:40:1b:57
Latitude: 32.4599533
Longitude: -93.81594848

BSSID: da:a0:11:b9:d5:51
Latitude: 32.46051788
Longitude: -93.81621551

BSSID: 72:13:01:e1:d9:21
Latitude: 32.4601593
Longitude: -93.81848907

BSSID: 72:13:01:e1:d9:22
Latitude: 32.46015167
Longitude: -93.81848907

BSSID: 72:13:01:e1:d9:26
Latitude: 32.46016311
Longitude: -93.81850433

BSSID: 84:eb:3f:39:cb:07
Latitude: 32.46070098
Longitude: -93.81808471000001

BSSID: 84:eb:3f:07:10:ef
Latitude: 32.46009826
Longitude: -93.81835174

BSSID: 8c:61:a3:a1:11:01
Latitude: 32.46061325
Longitude: -93.8179779

BSSID: 8c:76:3f:51:c7:f7
Latitude: 32.46059036
Longitude: -93.81776428

BSSID: 8c:0f:6f:1b:1a:60
Latitude: 32.46043014
Longitude: -93.81858062

BSSID: 8e:49:62:6e:f4:8a
Latitude: 32.46063995
Longitude: -93.81803131

BSSID: 8e:76:3f:51:c7:f7
Latitude: 32.46057891
Longitude: -93.81777954

BSSID: 96:76:3f:51:c7:f7
Latitude: 32.46059417
Longitude: -93.81775665

BSSID: 9a:0f:6f:1b:1a:60
Latitude: 32.46042251
Longitude: -93.81858825

BSSID: a0:68:7e:90:9d:50
Latitude: 32.46071243
Longitude: -93.81809997

BSSID: a2:0f:6f:1b:1a:60
Latitude: 32.460426330000004
Longitude: -93.81858825

BSSID: a6:0f:6f:1b:1a:60
Latitude: 32.46038436
Longitude: -93.81861877

BSSID: cc:58:30:61:e8:27
Latitude: 32.46091461
Longitude: -93.81833648

BSSID: d4:5d:df:e4:38:10
Latitude: 32.46094512
Longitude: -93.81808471000001

BSSID: 18:60:24:d6:92:0f
Latitude: 32.46081161
Longitude: -93.81790161

BSSID: 2a:c5:c8:04:a7:dd
Latitude: 32.46001434
Longitude: -93.81880187

BSSID: 4a:4b:d4:6a:36:fd
Latitude: 32.46064376
Longitude: -93.81900787000001

BSSID: 8e:49:62:f2:22:22
Latitude: 32.460762020000004
Longitude: -93.81889343

BSSID: ae:61:a3:a1:11:01
Latitude: 32.46060943
Longitude: -93.8179779

BSSID: ce:61:a3:a1:11:01
Latitude: 32.46060943
Longitude: -93.8179779

BSSID: d4:5d:df:e8:5b:90
Latitude: 32.46016311
Longitude: -93.81820678

BSSID: e2:5d:df:e8:5b:90
Latitude: 32.46017837
Longitude: -93.81820678

BSSID: ea:01:c7:48:27:3c
Latitude: 32.46076965
Longitude: -93.81806945

BSSID: ea:5d:df:e4:38:10
Latitude: 32.46091842
Longitude: -93.81809234

BSSID: ea:5d:df:e8:5b:90
Latitude: 32.46017074
Longitude: -93.81820678

BSSID: ee:5d:df:e8:5b:90
Latitude: 32.46022033
Longitude: -93.81821441

BSSID: fa:d2:ac:08:fd:ed
Latitude: 32.46027374
Longitude: -93.81826782

BSSID: fc:51:a4:ae:a5:50
Latitude: 32.46082305
Longitude: -93.81792449

BSSID: fe:51:a4:ae:a5:50
Latitude: 32.46081542
Longitude: -93.81790924

BSSID: e2:3e:cb:98:c8:2c
Latitude: 32.46010589
Longitude: -93.81864929

BSSID: 00:18:f8:c1:4a:65
Latitude: 32.45991134
Longitude: -93.81384277000001

BSSID: 02:aa:a0:e3:5f:38
Latitude: 32.458904260000004
Longitude: -93.81495666

BSSID: 06:aa:a0:e3:5f:38
Latitude: 32.45891189
Longitude: -93.81496429

BSSID: 72:13:01:01:99:9a
Latitude: 32.45918273
Longitude: -93.81450653

BSSID: 72:13:01:01:99:9d
Latitude: 32.45917892
Longitude: -93.81450653

BSSID: ec:aa:a0:e3:5f:38
Latitude: 32.45891189
Longitude: -93.81495666

BSSID: fa:aa:a0:e3:5f:38
Latitude: 32.45890808
Longitude: -93.81495666
-----------------------------------------------
--
The point being made is not that I wish to track movement (I don't!);
but that it's trivial to do using the insecure Apple WPS database.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

BSSID: 8c:85:80:d1:be:37
Latitude: 32.45985031
Longitude: -93.81759643000001

BSSID: 8e:76:3f:f8:5d:cd
Latitude: 32.4594841
Longitude: -93.8175888

BSSID: 92:76:3f:f8:5d:cd
Latitude: 32.4594841
Longitude: -93.81756591

BSSID: 92:95:51:b5:b6:ae
Latitude: 32.45910644
Longitude: -93.81759643000001

Does anyone have any idea why the highly insecure Apple WPS database
contains GPS entries to this illogically numerous set of decimal places?

BSSID: 8c:85:80:d1:be:37
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=8c-85-80-d1-be-37>

BSSID: 8e:76:3f:f8:5d:cd
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=8e-76-3f-f8-5d-cd>

BSSID: 92:76:3f:f8:5d:cd
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=92-76-3f-f8-5d-cd>

BSSID: 92:95:51:b5:b6:ae
<https://wavedigger.networksurvey.app/?tab=bssid&bssid=92-95-51-b5-b6-ae>
--
Intelligent people ask questions to get help from those who know answers.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Thu, 18 Dec 2025 14:29:00 -0700, Marian wrote:

Does anyone have any idea why the highly insecure Apple WPS database
contains GPS entries to this illogically numerous set of decimal places?

Because... fwiw I can download gpx track files from my Amazfit fitness tracker. It gives the trackpoint coordinates as

<trkpt lat="46.87262766" lon="-113.90577533">

Anything over 5 decimal places is wishful thinking for consumer grade receivers. Part of it may be converting degrees, minutes, and seconds to decimal degrees.

iow, it isn't only Apple.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Thu, 12/18/2025 4:29 PM, Marian wrote:

Marian wrote:

-a BSSID: 8c:85:80:d1:be:37
-a Latitude: 32.45985031
-a Longitude: -93.81759643000001
-a -a BSSID: 8e:76:3f:f8:5d:cd
-a Latitude: 32.4594841
-a Longitude: -93.8175888
-a -a BSSID: 92:76:3f:f8:5d:cd
-a Latitude: 32.4594841
-a Longitude: -93.81756591
-a -a BSSID: 92:95:51:b5:b6:ae
-a Latitude: 32.45910644
-a Longitude: -93.81759643000001

Does anyone have any idea why the highly insecure Apple WPS database
contains GPS entries to this illogically numerous set of decimal places?

BSSID: 8c:85:80:d1:be:37 <https://wavedigger.networksurvey.app/?tab=bssid&bssid=8c-85-80-d1-be-37>

BSSID: 8e:76:3f:f8:5d:cd <https://wavedigger.networksurvey.app/?tab=bssid&bssid=8e-76-3f-f8-5d-cd>

BSSID: 92:76:3f:f8:5d:cd <https://wavedigger.networksurvey.app/?tab=bssid&bssid=92-76-3f-f8-5d-cd>

BSSID: 92:95:51:b5:b6:ae <https://wavedigger.networksurvey.app/?tab=bssid&bssid=92-95-51-b5-b6-ae>

Well, check the NMEA messages and see what they contain.

First, you have to be aware of the conversion steps.

https://stackoverflow.com/questions/66978496/parsing-and-converting-output-from-a-gps-dongle

import pynmea2

line = "$GPGLL,3745.81303,N,12214.62049,W,175033.00,A,D*7C" # degrees minutes fractions-of-a-minute
nmeaobj = pynmea2.parse(line)

coord = f'{nmeaobj.latitude} {nmeaobj.longitude}'
print(coord)
# 37.763551 -122.243675 # Degrees fractions-of-a-degree

https://en.wikipedia.org/wiki/Decimal_degrees#Precision

I just shifted the stuff over here, to see how many digits they give.
The GLL seems to give me eight digits. The GGA less so.

GLL

https://gocut.tiwri.com/gll_geographic_position___latitude_longitude.htm

$GPGLL,5943.432134,N,01020.998301,E,080920.91,A,A*6C # degrees minutes fractions-of-a-minute

Latitude in dd mm,mmmm format (0-7 decimal places). 59.43432134 as 59. 43.432134
Latitude N or S.
Longitude in ddd mm,mmmm format (0-7 decimal places). 010.20998301 as 010. 20.998301
Longitude E or W.

GGA

https://w3.cs.jmu.edu/bernstdh/web/common/help/nmea-sentences.php

$GPGGA,210230,3855.4487,N,09446.0071,W,1,07,1.1,370.5,M,-29.5,M,,*7A # degrees minutes fractions-of-a-minute

Latitude (in DDMM.MMM format) 38.554487 as 38. 55.4487
Latitude compass direction
Longitude (in DDDMM.MMM format) 094.460071 as 094. 46.0071
Longitude compass direction

We don't want to go into the minutiae to dismiss the crap on the end of -93.81759643000001

Paul
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

this tutorial is only useful if you want to control the query
of Apple's highly insecure WPS database, which has no privacy controls.

I've not followed this thread in detail, I could understand the outrage
*if* apple were storing SSID/GPS pairs, such as ssid:Arlens_house_nomap=latitude:40.12345678,longitude:-120.12345678

But how is it compromising to store BSSID/GPS pairs such as bssid:AA:BB:CC:11:22:33=latitude:40.12345678,longitude:-120.12345678

How could anyone discover that AA:BB:CC:11:22:33 belongs to Arlen?




--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Andy,

How could anyone discover that AA:BB:CC:11:22:33 belongs to Arlen?

Easy : Someone drives up to his house and than checks their phone which
SSIDs it detects. :-)

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Andy Burns wrote:

Marian wrote:

this tutorial is only useful if you want to control the query
of Apple's highly insecure WPS database, which has no privacy controls.

I've not followed this thread in detail, I could understand the outrage
*if* apple were storing SSID/GPS pairs, such as ssid:Arlens_house_nomap=latitude:40.12345678,longitude:-120.12345678

But how is it compromising to store BSSID/GPS pairs such as bssid:AA:BB:CC:11:22:33=latitude:40.12345678,longitude:-120.12345678

How could anyone discover that AA:BB:CC:11:22:33 belongs to Arlen?

Since I reproduced almost exactly what the researchers said could be done,
did you read the research papers which were cited about this subject?

How would you summarize what they said about the privacy danger involved?

See references in the sig...
--
*Surveilling the Masses with Wi-Fi-Based Positioning Systems*
<https://par.nsf.gov/servlets/purl/10540853>


Cybernews: *Anyone can tap into your WiFi location data to track you*
explains how Apple's WPS can be exploited for mass surveillance. <https://cybernews.com/privacy/apple-beams-wifi-location-data-privacy-risk/>

Cybersecurity News: *Hackers Can Abuse Appleos Wi-Fi Positioning System* details the University of Maryland study showing global tracking risks.
<https://cybersecuritynews.com/apples-wi-fi-positioning-system/>

Dark Reading: *Apple Geolocation API Exposes Wi-Fi Access Points Worldwide* notes that researchers could query hundreds of millions of APs in days. <https://www.darkreading.com/endpoint-security/apple-geolocation-api-exposes-wi-fi-access-points-worldwide>

Krebs on Security: *Why Your Wi-Fi Router Doubles as an Apple AirTag*
describes how Appleos data was used to track billions of devices globally <https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/>

Register: *Apple Wi-Fi Positioning System open to global tracking abuse*
covers the academic paper "Surveilling the Masses with Wi-Fi-Based
Positioning Systems" by Erik Rye and Dave Levin
<https://www.theregister.com/2024/05/23/apple_wifi_positioning_system/>
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

How could anyone discover that AA:BB:CC:11:22:33 belongs to Arlen?

Easy : Someone drives up to his house and than checks their phone which SSIDs it detects. :-)

Here's the key thing we need to do to gain an appreciation for privacy.

I suggest anyone else who thinks a BSSID is "just a number" begin to
separate the object being tracked from the person being inferred.

This is a very common but very incorrect assumption:
"If the thing being tracked isn't me, then I'm not being tracked."

That is factually wrong, and the academic research we have been citing
makes that abundantly clear.

We need to take the time to understand how modern tracking systems work. Because there are layers of complexity involved that interplay together.

The privacy risk in Apple's WiFi Positioning System is not what most think
it is. The core issue is not whether the scanning device is tracked.

The core problem is that the WiFi access point itself becomes a traceable object because Apple publishes its GPS coordinates in a global database.

I've proved it's trivial to obtain the entire WPS database for the mere
cost of modifying the public FOSS scripts and a few GB of disk space.

Apple's WPS stores billions of BSSIDs along with their latitude and
longitude. Anyone can query those coordinates. If a BSSID moves, its
movement can be tracked. If that BSSID is inside a car, an RV, a backpack,
a travel router, a MiFi hotspot, or even a home router that gets relocated, then the person carrying it is tracked indirectly.

This is exactly what the University of Maryland paper "Surveilling the
Masses with Wi-Fi-Based Positioning Systems" demonstrated. The researchers tracked cars, delivery vehicles, people, and sensitive facilities simply by watching BSSIDs move in Apple's database. No user device needed to be compromised. The BSSID itself is the tracking beacon.

It was trivial for me to reproduce their results.
a. I created sequential (or random) valid BSSIDs
b. I looked them up and found where they were located
c. That gave me the next nearest 400 BSSIDs also

From that list, I could expand outward (if I felt like it, and I do not).
Which is exactly what the researchers said could be done (read the paper).

Once I have a BSSID of interest, I could track its movements.
Which I proved was trivial (where I set movement at 100km distance).

Again, that's exactly what the researchers said could be done.
And I did it.,

Apple's system is so different from everyone else's system that it was
trivial for me, a nobody, to do it - using open source code out there.

This is the primary, documented, peer-reviewed risk. It does not depend on speculation about Apple's internal behavior. It is observable, measurable,
and repeatable. Anyone with a script can look up the GPS coordinates of any BSSID in the database and monitor its movement over time.

Separately, it is also true that Apple receives the location of the device
that reports nearby BSSIDs, because that is how the database is built. That
is a different issue, and Apple does not publish that data publicly. But it shows that both the reporting device and the BSSID itself become part of Apple's location infrastructure.

The important point is that the BSSID does not need to be "associated with
you" for this to reveal your movements. If the BSSID moves with you, then tracking the BSSID is tracking you. That is the core finding of the
academic research, and it is the part that cannot be dismissed.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

Since I reproduced almost exactly what the researchers said could be done, did you read the research papers which were cited about this subject?

No, I didn't ...


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

See references in the sig...

I hide .sigs to avoid the politics/religion that some people use.

If someone could come up with a single sentence that describes how
someone could find one or more BSSIDs for a person or family, without
already knowing their location, that would spark my curiosity ...

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

How could anyone discover that AA:BB:CC:11:22:33 belongs to Arlen?

Easy : Someone drives up to his house and than checks their phone which
SSIDs it detects. :-)

Here's the key thing we need to do to gain an appreciation for privacy.

I suggest anyone else who thinks a BSSID is "just a number" begin to
separate the object being tracked from the person being inferred.

It is. You can get rid of it - or replace it - at the drop of a hat. Just like you do with your nym.


There is quite a list of "just a number" stuff that you have on you which
are *not* you, but do associate themselves with you. Including the name
you are referring to yourself within your neighbourhood.

You likely have a smartphone. That means that your phone company has got
data about where your phone is, every minute of the day.

Your phone has bluetooth enabled ? Than anyone with less than $50
equipment will be able to register that you walked by. A store will be able to register that you entered and even where you paused (which products
you're looking at).

You have a credit and/or loyalty cards ? Every time you use it data is stored about where you did so it and what you payed for - meaning location
and behavioural data.

Anyone with a bit of equipment can walk near you and scan the cards that you have in your wallet within your trousers or coat.

You drive a car ? Its plates will likely be scanned when you drive around, and that data is also stored. Besides that, you already gave your
"private" data to the DMV and, I might hope, to some insurance company.

And than I have not even talked about the upcoming industry of biometrics, where a random street camera can identify you on your face alone.


Your whole problem with your BSSID is that you had access to a database it appears in, and as such *have become aware* about how many "just a number" thingies are available to other people.

All those other databases you know nothing about / have no access to ? Law enforcement can demand that data, and anyone willing to spend a buck
(private investigators, head-hunters, your neighbour) can also get it.

You think you can be anonymous / untrackable ? Think again.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Andy Burns <usenet@andyburns.uk> wrote:

Marian wrote:

See references in the sig...

I hide .sigs to avoid the politics/religion that some people use.

If someone could come up with a single sentence that describes how
someone could find one or more BSSIDs for a person or family, without already knowing their location, that would spark my curiosity ...

The key question.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Paul wrote:

$GPGGA,210230,3855.4487,N,09446.0071,W,1,07,1.1,370.5,M,-29.5,M,,*7A # degrees minutes fractions-of-a-minute

Latitude (in DDMM.MMM format) 38.554487 as 38. 55.4487
Latitude compass direction
Longitude (in DDDMM.MMM format) 094.460071 as 094. 46.0071
Longitude compass direction

We don't want to go into the minutiae to dismiss the crap on the end of -93.81759643000001

None of us knew how Apple saved the location of our APs until recently.
02:aa:a0:e3:5f:38 3245891571 -9381494140 32.45891571 -93.81494140
00:18:f8:c1:4a:65 3245990371 -9381384277 32.45990371 -93.81384277
44:1c:12:99:23:58 3245911026 -9381490325 32.45911026 -93.81490325
44:1c:12:99:23:5b 3245911026 -9381489562 32.45911026 -93.81489562
44:1c:12:99:23:5d 3245911407 -9381490325 32.45911407 -93.81490325
44:1c:12:99:23:5e 3245912170 -9381490325 32.45912170 -93.81490325
06:aa:a0:e3:5f:38 3245893096 -9381491088 32.45893096 -93.81491088
72:13:01:01:99:9a 3245925521 -9381433868 32.45925521 -93.81433868
72:13:01:01:99:9d 3245924758 -9381433868 32.45924758 -93.81433868
etc.

After digging deeper (see other posts), I've confirmed Apple is simply
storing our personal data to 8 decimal places, but without the decimal
point. So all the conversion of Apple's raw values to GPS are off a bit.

That is, Apple's wide-open yet highly insecure WPS database stores
latitude and longitude as integers representing the real coordinate
multiplied by 100,000,000 (i.e., multiply by one hundred million).

I think mainly, since we're using Windows tools to get Apple privacy data, that we simply needed to UNDERSTAND better what it is that Apple is allowing everyone on the planet, no matter who they are, to access.

I agree with everyone who says the precision for the decimal location
in Apple's highly insecure but all-too-public easily accessed WPS database
is likely far higher than it needs to be for simply locating an access point.
9a:0f:6f:18:7c:00 3246034622 -9381387329 32.460346 -93.813873
a2:0f:6f:18:7c:00 3246035003 -9381387329 32.460350 -93.813873
a6:0f:6f:18:7c:00 3246034622 -9381386566 32.460346 -93.813866
2a:ad:18:fc:8b:1f 3246102142 -9381381988 32.461021 -93.813820
where all four of those in Shreveport, LA map to the same 100-meter area.
0.0008deg latitude ~ 89 meters
0.0010deg longitude at that latitude ~ 92 meters

Apple's WPS (Wi-Fi Positioning System) database appears to be
storing our personal BSSID locations using fixed-point integer
encoding where
Latitude is apparently stored as an integer ~ lat * 1e8
Longitude is stored as an integer ~ lon * 1e8

Hence Apple's WPS database stores coordinates with 8 decimal places:
1e-8 degrees of latitude ~ 1.1 millimeters
But the real-world accuracy of Wi-Fi geolocation is nowhere near that.
So the location of each individual BSSID is probably within ~10 meters.

When you look up your own AP in Apple's database, if you get the
raw numbers, all you need to do to convert Apple's stored value back
into a normal GPS coordinate, you just divide by 100,000,000.

Here's the modified python script that just divides by 100 million
the raw data that Apple stores about us in its highly insecure public
WPS database.

#!/usr/bin/env -S uv run --script
# -*- coding: utf-8 -*-

# C:\app\os\python\apple_bssid_locator\apple_bssid_locator.py
# Queries Apple WPS database for GPS:BSSID location pairs
# Implementation based on https://github.com/hubert3/iSniff-GPS
#
# Usage: apple_bssid_locator.py 11:22:33:AA:BB:CC
# Usage: apple_bssid_locator.py 11:22:33:AA:BB:CC --all
# Usage: apple_bssid_locator.py 11:22:33:AA:BB:CC --map
#
# Changelog:
# v1p0 20251205 - Initial version
# v1p1 20251214 - Added logging to results.txt
# v1p2 20251215 - Timestamped results.txt to avoid overwrites
# v1p3 20251219 - Limited output to 6 decimal places
# v1p4 20251219 - Added raw integer output alongside converted decimals
# v1p5 20251222 - Fixed raw to decimal conversion (divide by 100 Million)

import argparse
import requests
import webbrowser
import AppleWLoc_pb2

def parse_arguments():
parser = argparse.ArgumentParser()
parser.add_argument("bssid", type=str, help="display the location of the bssid")
parser.add_argument("-m", "--map", help="shows the location on google maps", action='store_true')
parser.add_argument("-a", "--all", help="shows all results returned, not just the requested one", action='store_true')
args = parser.parse_args()
return args

def format_bssid(bssid):
return ':'.join(e.rjust(2, '0') for e in bssid.split(':'))

def query_bssid(bssid, output_file="results.txt"):
apple_wloc = AppleWLoc_pb2.AppleWLoc()
wifi_device = apple_wloc.wifi_devices.add()
wifi_device.bssid = bssid
apple_wloc.unknown_value1 = 0
apple_wloc.return_single_result = 0 # request ALL results
serialized_apple_wloc = apple_wloc.SerializeToString()
length_serialized_apple_wloc = len(serialized_apple_wloc)

headers = {'User-Agent':'locationd/1753.17 CFNetwork/889.9 Darwin/17.2.0'}
data = b"\x00\x01\x00\x05"+b"en_US"+b"\x00\x13"+b"com.apple.locationd"+b"\x00\x0a"+b"8.1.12B411"+b"\x00\x00\x00\x01\x00\x00\x00" + bytes((length_serialized_apple_wloc,)) + serialized_apple_wloc
r = requests.post('https://gs-loc.apple.com/clls/wloc', headers=headers, data=data)

apple_wloc = AppleWLoc_pb2.AppleWLoc()
apple_wloc.ParseFromString(r.content[10:])

# Build dictionary of results
results = {}
with open(output_file, "w") as f:
for wifi_device in apple_wloc.wifi_devices:
if wifi_device.HasField('location'):
raw_lat = wifi_device.location.latitude
raw_lon = wifi_device.location.longitude
lat = raw_lat * 1e-8
lon = raw_lon * 1e-8
mac = format_bssid(wifi_device.bssid)
results[mac] = (lat, lon, raw_lat, raw_lon)
# Write both raw integers and converted decimals (8 decimal places)
f.write(f"{mac}\t{raw_lat}\t{raw_lon}\t{lat:.8f}\t{lon:.8f}\n")

print(f"Saved {len(results)} entries to {output_file}")
return results

def main():
args = parse_arguments()
print("Searching for location of bssid: %s" % args.bssid)
results = query_bssid(args.bssid)

# Determine which BSSIDs to process
bssids_to_process = results.keys() if args.all else [args.bssid.lower()]

found = False
for bssid in bssids_to_process:
if bssid in results:
lat, lon, raw_lat, raw_lon = results[bssid]
if lat == -180.0 and lon == -180.0:
continue # Skip entries that were not found
if found:
print()
print(f"BSSID: {bssid}")
print(f"Raw latitude integer: {raw_lat}")
print(f"Raw longitude integer: {raw_lon}")
print(f"Latitude (degrees): {lat:.8f}")
print(f"Longitude (degrees): {lon:.8f}")
if args.map:
url = f"http://www.google.com/maps/place/{lat:.8f},{lon:.8f}"
webbrowser.open(url)
found = True
if not found:
print("The bssid was not found.")

if __name__ == '__main__':
main()

# end of C:\app\os\python\apple_bssid_locator\apple_bssid_locator.py
--
We need to work together to help Apple understand that it is morally,
ethically & legally reprehensible to not allow us to opt out of WPS.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Andy Burns wrote:

Marian wrote:

Since I reproduced almost exactly what the researchers said could be done, >> did you read the research papers which were cited about this subject?

No, I didn't ...

Rest assured I'm in direct email contact with Brian at Krebs on Security
who wrote this article, where I've given him all my work and he agrees.

Krebs on Security: *Why Your Wi-Fi Router Doubles as an Apple AirTag*
describes how Appleos data was used to track billions of devices globally <https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/>

His article is what got me started since I wanted to ensure I wasn't in
Apple's highly insecure but very public WPS database since I've opted out
for years on all my access points, so I'm not in anyone else's public WPS.

I almost had a heart attack when I found out that Apple has no intention of honoring their very public privacy policy - which - to me - is so egregious
an act that I am working with Apple at this very moment to change that
policy (since my next-door neighbor is very high in the Apple hierarchy).

So far Apple has NOT agreed to do the ethical, legal & moral thing,
but I'm trying to impress upon Apple execs that this is the wrong approach.

Time (and effort) will tell as I'm trying to protect the privacy of not
only myself, but hundreds of millions of households and firms in the USA.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Chris wrote:

Andy Burns <usenet@andyburns.uk> wrote:

Marian wrote:

See references in the sig...

I hide .sigs to avoid the politics/religion that some people use.

If someone could come up with a single sentence that describes how
someone could find one or more BSSIDs for a person or family, without
already knowing their location, that would spark my curiosity ...

The key question.

While I respect the question, just the fact someone would ask means they haven't read what the security researchers have said about the situation.

*Surveilling the Masses with Wi-Fi-Based Positioning Systems*
<https://par.nsf.gov/servlets/purl/10540853>

To summarize in a single sentence, I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it).

It's trivial to do.
And I already proved that statement.

If I can do it, the bad guys already have.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

You think you can be anonymous / untrackable ? Think again.

The fundamental issue is Apple is not respecting their legally binding
policy to allow people like me (who care about privacy) to opt out of WPS.

I am working with Apple directly on this (through my next-door neighbor who
is very high in the Apple hierarchy) but so far Apple refuses to honor
their public privacy policy.

I have let Apple know that is an unacceptable response, so my focus moving forward will be to get Apple to make the legal, moral & ethical decision.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it).

But which of those 2 billion belong to me?


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

You think you can be anonymous / untrackable ? Think again.

The fundamental issue is Apple is not respecting their legally binding
policy to allow people like me (who care about privacy) to opt out of WPS.

As long as that BSSID is not openly linked to you, the person, than there is no privacy issue present.

Also, I take it you have disabled the "A" part of your device(s) A-GPS* ?

* If not, your smartphone asking Apple for the coordinates of nearby BSSIDs gives your own location away.

As for your "legally binding policy" claim ?: You have claimed facts *way* to often to believe you without having hard evidence for it.

And you misssed the whole point (but whats new) : you are throwing so much data around that you can't control and even *need* to throw around (smartphone) that removing that BSSID and its coordinates from a database doesn't really help.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Mon, 22 Dec 2025 18:00:14 +0000, Andy Burns <usenet@andyburns.uk>
wrote:

Marian wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it).

But which of those 2 billion belong to me?

Well, *you* know which it is, and ve haf vays of making you talk, so...

https://en.wiktionary.org/wiki/ve_haf_vays_of_making_you_talk

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char Jackson wrote on 12/22/2025 3:42 PM:

On Mon, 22 Dec 2025 18:00:14 +0000, Andy Burns <usenet@andyburns.uk>
wrote:

Marian wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it). >>

But which of those 2 billion belong to me?

Well, *you* know which it is, and ve haf vays of making you talk, so...

https://en.wiktionary.org/wiki/ve_haf_vays_of_making_you_talk

Hush! You are scaring marian.

He happens to be a super intelligent paranoid schizophrenic and you
could push him over the edge with this sort of talk.

Leave him be. He's performing a valuable service by examining minute
details and writing thousands of tutorials for everyone.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char Jackson <none@none.invalid> wrote:

On Mon, 22 Dec 2025 18:00:14 +0000, Andy Burns <usenet@andyburns.uk>
wrote:

Marian wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it). >>

But which of those 2 billion belong to me?

Well, *you* know which it is, and ve haf vays of making you talk, so...

Do *you* know your MAC address if presented with a list? I certainly don't.


It would be easier just to ask me for my physical address.

https://en.wiktionary.org/wiki/ve_haf_vays_of_making_you_talk

Am surprised there isn't a reference to the 80's comedy show 'Allo 'Allo!

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 23 Dec 2025 10:00:36 -0000 (UTC), Chris <ithinkiam@gmail.com>
wrote:

Char Jackson <none@none.invalid> wrote:

On Mon, 22 Dec 2025 18:00:14 +0000, Andy Burns <usenet@andyburns.uk>
wrote:

Marian wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it). >>>

But which of those 2 billion belong to me?

Well, *you* know which it is, and ve haf vays of making you talk, so...

Do *you* know your MAC address if presented with a list? I certainly don't.

I actually don't know my WAN MAC, but I know where to find it and could
do so in a few seconds if I needed it. I was just joking with Andy,
though.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char Jackson wrote:

On Tue, 23 Dec 2025 10:00:36 -0000 (UTC), Chris <ithinkiam@gmail.com>
wrote:

Char Jackson <none@none.invalid> wrote:

On Mon, 22 Dec 2025 18:00:14 +0000, Andy Burns <usenet@andyburns.uk>
wrote:

Marian wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it). >>>>

But which of those 2 billion belong to me?

Well, *you* know which it is, and ve haf vays of making you talk, so...

Do *you* know your MAC address if presented with a list? I certainly don't.

I actually don't know my WAN MAC, but I know where to find it and could
do so in a few seconds if I needed it. I was just joking with Andy,
though.

I wonder if everyone realizes the script I posted will give them your MAC & location of your own access points, including your nearest 400 neighbors'.
<https://i.postimg.cc/43ysV3Mr/fermium.jpg>

You get a map (using Fermium) that shows all 400 of them, down to the very corner of the home where the access point is located (as mine show up
exactly at the barn, in the stables, at the pool, in my office, etc.).

So every one of these is in Apple's WPS database with their GPS location
<https://i.postimg.cc/qMhQRkJN/linksys-wrt-54g.jpg>

I will move one to the location of the Christmas Eve party later today.
I'll then watch it move on Apple's WPS database, hopefully by tomorrow.

It's that easy to track its movement to the exact corner of your home!

The problem here I'm trying to resolve will protect the privacy of hundreds
of millions of owners who opted out correctly from Apple's WPS database,
and yet, Apple has decided not to respect any of their privacy wishes.

What Apple is doing is lying about privacy in a way that is reprehensible.

What Apple is doing is claiming they care about privacy, but clearly Apple
is doing what is clearly the antithesis of privacy (read the research).

Apple "says" they care about privacy.
Apple is lying.

What Apple is doing (by not honoring their own privacy policy) is the antithesis of privacy. It's legally, morally & ethically reprehensible.

Which is easy to prove.
a. Only Apple does this
b. Not Google
c. Not Mozilla

Only Apple.
Nobody else.

Just Apple.
Think about that fact.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

The fundamental issue is Apple is not respecting their legally binding
policy to allow people like me (who care about privacy) to opt out of WPS.

As long as that BSSID is not openly linked to you, the person, than there is no privacy issue present.

Since I have already posted a half dozen security research papers and
articles that expressly claim otherwise, you're entitled to your own
opinion which isn't backed up by a single security researcher on earth.

The research shows that BSSID + geolocation enables inference attacks,
movement tracking, and household identification even without explicit
personal identifiers. That's why every major security researcher treats
Wi-Fi geolocation databases as sensitive.

This isn't a matter of your opinion; it's documented in the literature.

Also, I take it you have disabled the "A" part of your device(s) A-GPS* ?

It's disconcerting that you've said that since it means you don't
understand the problem set to even the most basic level.

For those lurking and learning, this isn't what people like Rudy think it
is, since A-GPS has absolutely nothing directly to do with any of this.

A-GPS is simply a method for a phone to speed up its own location fix using network assistance. It has nothing to do with whether Apple collects and republishes the geolocation of privately owned Wi-Fi access points.

The vulnerability documented in the research applies to every access point, regardless of whether the owner uses A-GPS, GPS, or no smartphone at all.

So the A-GPS question is a separate topic and doesn't address the issue
under discussion.

* If not, your smartphone asking Apple for the coordinates of nearby BSSIDs gives your own location away.

You perhaps didn't read the security research which explained the
vulnerability has nothing directly to do with using Apple products.

*EVERYONE with any access point is affected.*

There are over two billion APs alone in Apple's WPS database (according to
the security research which you must have read by now, haven't you?).

As for your "legally binding policy" claim ?: You have claimed facts *way* to often to believe you without having hard evidence for it.

Apple has a published privacy rule.
Apple admits that they violated it.

Those are facts. They're not opinions.
You not knowing the facts doesn't mean there isn't proof.

It just means you have a very strongly held opinion which nobody on the
planet who understand how the system works would agree with you.

Certainly no security researcher on the planet would agree with you.

And you misssed the whole point (but whats new).

The existence of other privacy risks doesn't justify ignoring this one.

Opt-out mechanisms exist precisely so individuals can control how their infrastructure is used. Apple published a policy promising that AP owners
could opt out, and the research shows they did not honor that policy.

That's the issue being discussed.
It's not a matter of opinion. It's a matter of fact.

you are throwing so much
data around that you can't control and even *need* to throw around (smartphone) that removing that BSSID and its coordinates from a database doesn't really help.

Personal remarks don't change the technical facts, and worse, if you think
my behavior changes anything in Apple's WPS system, you're dead wrong.

The issue is not my behavior, my phone settings, or my credibility.

The issue is Apple's documented collection and redistribution of Wi-Fi
access point locations, including those belonging to people who explicitly opted out.

The security research is publicly available, peer-reviewed, and independent
of me personally. If you disagree with the findings, the appropriate
response is to address the research itself, not the messenger of research.

Read it before repeating you don't believe in the security research, Rudy.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

As long as that BSSID is not openly linked to you, the person, than there
is no privacy issue present.

Since I have already posted a half dozen security research papers and articles that expressly claim otherwise

As you have thrown claims around that you refuse to substanciate in any way since forever I'm not going to believe the above either.

you're entitled to your own opinion which isn't backed up by a single security
researcher on earth

And neither is, as always, yours. Your point ?

The research shows that BSSID + geolocation enables inference attacks, movement tracking,

Yep. Which is rather useless as long as you have no clue who you are targetting/tracking.

and household identification even without explicit personal identifiers.

Yes. And than you have identified a random household. Thats as meaningless
as the above.

Kiddo, come back when you figure out how you can identify a *specific*
person / household from whats in that database. *Than* you have something
to complain about.

For those lurking and learning, this isn't what people like Rudy think it is, since A-GPS has absolutely nothing directly to do with any of this.

:-)

A-GPS is simply a method for a phone to speed up its own location fix
using network assistance.

:-) And what does that "network assistance" look like ? Riddle me dat batman.

Kiddo, have you *ever* stopped to think about why Apple would have spend
money to create that database you have been free to access and now
complaining about ? What's is purpose ? Can you answer me that ?

No, I don't think so.

And something else to think about : You have tracked the movement of a BSSID in real-time. Where do those updated coordinates come from ? Who / what is providing them ?

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On 2025-12-24, R.Wieser <address@is.invalid> wrote:

Yep. Which is rather useless as long as you have no clue who you are targetting/tracking.
Yes. And than you have identified a random household. Thats as meaningless as the above.

Kiddo, come back when you figure out how you can identify a *specific* person / household from whats in that database. *Than* you have something to complain about.

One use case I can think about is when the government wants to track
you down, they know where you live. They then look up (baed on the
geolocation what your MAC address is. But if the WiFi AP never moves,
it still does not help them track you when you are not home.
So yes, it does not seem very useful. But then my imagination is
quite limited.

:-) And what does that "network assistance" look like ? Riddle me dat
batman.

Kiddo, have you *ever* stopped to think about why Apple would have spend money to create that database you have been free to access and now complaining about ? What's is purpose ? Can you answer me that ?

A database of BSSID with location means that your phone can look up its location without using GPS. At least approximately, which is probably
quite close in a city or in a suburb,

The kind of *assisted* GPS that I am familiar with is RTK.
--
Lars Poulsen - an old geek in Santa Barbara, California
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Lars Poulsen wrote:

Kiddo, come back when you figure out how you can identify a *specific*
person / household from whats in that database. *Than* you have something >> to complain about.

One use case I can think about is when the government wants to track
you down, they know where you live. They then look up (baed on the geolocation what your MAC address is. But if the WiFi AP never moves,
it still does not help them track you when you are not home.
So yes, it does not seem very useful. But then my imagination is
quite limited.

The research papers I listed which most have likely read by now explain the variety of ways that access points can easily be tracked by use of the
Apple WPS implementation, but not by the Google or Mozilla implementations.

I replicated the actions of what the researched did, and by now everyone
has run the scripts so they have seen for themselves the research results.

1. modified working & tested "apple_bssid_locator.py"
2. 'bssid.bat' (looks up an AP)
3. 'bssidcompare.bat' (determines if/where the AP moved)
4. 'bssidgenerate.bat' (generates random BSSIDs to test)
5. 'bssidcheck.bat' (checks which BSSID is in Apple's insecure WPS DB)
6. 'bssidplot.py' (plots results en masse onto a map using Fermium)
7. gps:bssid results (text output directly from Apple's insecure WPS DB)

Consider these a gift of insight for those who can appreciate wisdom.
Merry Christmas!

:-) And what does that "network assistance" look like ? Riddle me dat
batman.

Kiddo, have you *ever* stopped to think about why Apple would have spend
money to create that database you have been free to access and now
complaining about ? What's is purpose ? Can you answer me that ?

A database of BSSID with location means that your phone can look up its location without using GPS. At least approximately, which is probably
quite close in a city or in a suburb...

While being in Apple's (or Google's) WPS db is fine for most people,
there's a reason they publish the _nomap method for opting out of it.

And, there is a reason Google adds controls to limit what you can query.
Apple does not.

Nor does Apple respect your optout wishes.
That's what is DIFFERENT about Apple's WPS implementation from Google's.

That's a critically important distinction.
They're structured completely differently.

Which is exactly what the security researchers pointed out.

The issue here is a privacy issue in that only Apple's WPS implementation
is so insecure that it allows anyone on earth to make any number of queries
to get any number of output results at any time (as proven in this thread).

Worse, Apple refused to respect my privacy wishes even though I followed to
the letter everything Apple has published on the Internet to opt out.

The scripts in this tutorial allow anyone to replicate my results, which
itself simply replicates the research that the security experts described.

The kind of *assisted* GPS that I am familiar with is RTK.

What I love about Usenet is we all work together, as a team, to learn from
each other, teach each other & to explore & solve problems for each other.

To that educational end, I had to look up what you had meant by RTK:
<https://en.wikipedia.org/wiki/Real-time_kinematic_positioning>

For the benefit of everyone, apparently Real-Time Kinematic is a technique
that boosts GPS accuracy from a few meters to a few centimeters by using a nearby reference station to correct satellite errors in real time.

By comparing what the base should be receiving from satellites with what it actually receives, it computes the errors and sends corrections. The rover applies those corrections and gets centimeter-level accuracy, such as is
needed for surveying, precision tractors & construction projects nowadays.

Thanks for that additional information about RTK positioning systems!

Merry Christmas!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

The research papers I listed which most have likely read by now explain the variety of ways that access points can easily be tracked by use of the
Apple WPS implementation

But people don't care if APs can be tracked, unless *they* can be
associated with specific APs.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Andy Burns wrote:

The research papers I listed which most have likely read by now explain the >> variety of ways that access points can easily be tracked by use of the
Apple WPS implementation

But people don't care if APs can be tracked, unless *they* can be
associated with specific APs.

Hi Andy,

I'm simply informing you and others on this newsgroup of this problem set.
And I'm asking for solutions (in another thread) for resolving the problem.

I know you're intelligent and well informed, and I realize you're trying to make the point that carrying an access point in your pocket doesn't mean
the access point is you, but my point is that being able to easily track it from anywhere in the world means anyone can essentially atrack you.

Or, um, er... specifically they can track that which is in your pocket.
Your point may be you can leave your pants at someone else's house, and, in that case, it's really allowing the tracking of the location of your pants.

Especially since the GPS location is as accurate as it is for tracking us.
To prove how easy it is to track anyone's movements from place to place,
I'm setting up these three routers to prove that I can easily be tracked:
<https://i.postimg.cc/44WKMKpJ/apple-wps-testing.jpg>

I'm going to simulate renting an apartment (flat to you in the UK) in Palo
Alto at a friend's house who works for Google & then I'm going to "move" to
an apartment in Cupertino (to simulate my movements over the next month).
From: Marian <marianjones@helpfulpeople.com>
Newsgroups: alt.comp.os.windows-10,comp.mobile.android,alt.internet.wireless
Subject: Help! How do we get Apple to care about privacy for entities who
own access points?
Date: Tue, 23 Dec 2025 23:42:17 -0700
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID: <10ig209$29kr$1@nnrp.usenet.blueworldhosting.com>

My tests will prove that Apple's WPS implementation is the antithesis of everything that Apple "says" they stand for, in terms of my privacy, in
that anyone in the world can track my movements tied to my use of APs.

Also note that Apple themselves can track any device that uploads the
router AP location information, but that flaw is NOT my concern today.

If I were to summarize my main issues, I would say that they are:
1. Apple's WPS implementation is vastly different than all others
3. Apple has no limits on who can obtain & track BSSID locations
2. Apple does not follow their own public privacy policy

This has nothing whatsoever to do with whether you own or use Apple
products as it affects every entity who manages any Wi-Fi access point.

That's not only basically every home and apartment/flat in the developed
world, but also many businesses, hospitals, government agencies, etc.

The research papers noted Apple's WPS allows easy tracking of smartphones
in hotspot mode, portable travel routers, IoT gadgets, delivery robots,
drones, vehicles with embedded Wi-Fi modules, buses, trains, and rideshare vehicles with onboard Wi-Fi (and individual Starlink devices also).

Apparently, even Starlink terminals could be tracked if their Wi-Fi BSSIDs
are collected by nearby Apple devices.

That's because these all broadcast stable identifiers, so their movement patterns can be reconstructed just like a person's. The tracking risk goes
far beyond fixed home routers.

Apple's WPS implementation makes it trivial to track billions of APs.
I already proved that (just try the FOSS scripts that I modified).

As for whether or not people care that they're being tracked, I care.
That's all that matters. I know more about privacy than most people do.

And I care about privacy.
But I am not the only one in the world who cares about privacy, Andy.

If people didn't care, then Mozilla wouldn't need this opt-out policy.
<https://en.wikipedia.org/wiki/Mozilla_Location_Service>
"Mozilla's client applications do not collect information
about WiFi access points whose SSID is hidden or ends with
the string '_nomap' (e.g. 'Simpson-family-wifi_nomap')."

If I didn't care, then I wouldn't need to follow Apple's opt-out policy.
<https://support.apple.com/en-us/102515>
"The owner of a Wi-Fi access point can opt it out of
Apple's Location Services - which prevents its location
from being sent to Apple to include in Apple's crowd-sourced
location database - by changing the access point's SSID (name)
to end with '_nomap.' For example, 'Access_Point' would be
changed to 'Access_Point_nomap.'"

The University of Maryland paper "Surveilling the Masses with Wi-Fi-Based Positioning Systems" shows that Apple's WPS (the Wi-Fi Positioning System
used by iPhones, Macs, and many apps) can be queried at massive scale to retrieve the physical locations of Wi-Fi access points worldwide.

All I did was reproduce what the researchers said was easily possible.
And I proved that it is trivial for anyone in the world to do.
I'd put these in the sig but you said you don't look at sig references.

*Surveilling the Masses with Wi-Fi-Based Positioning Systems*
<https://par.nsf.gov/servlets/purl/10540853>

Cybernews: *Anyone can tap into your WiFi location data to track you*
explains how Apple's WPS can be exploited for mass surveillance. <https://cybernews.com/privacy/apple-beams-wifi-location-data-privacy-risk/>

Cybersecurity News: *Hackers Can Abuse Apple's Wi-Fi Positioning System* details the University of Maryland study showing global tracking risks.
<https://cybersecuritynews.com/apples-wi-fi-positioning-system/>

Dark Reading: *Apple Geolocation API Exposes Wi-Fi Access Points Worldwide* notes that researchers could query hundreds of millions of APs in days. <https://www.darkreading.com/endpoint-security/apple-geolocation-api-exposes-wi-fi-access-points-worldwide>

Krebs on Security: *Why Your Wi-Fi Router Doubles as an Apple AirTag*
describes how Apple's data was used to track billions of devices globally <https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/>

Register: *Apple Wi-Fi Positioning System open to global tracking abuse*
covers the academic paper "Surveilling the Masses with Wi-Fi-Based
Positioning Systems" by Erik Rye and Dave Levin
<https://www.theregister.com/2024/05/23/apple_wifi_positioning_system/>
--
My posts aim to explore how Apple's WPS actually works beneath the surface,
in ways most users may never understand because Apple doesn't tell them.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

I'm simply informing you and others on this newsgroup of this problem set.

And I'm informing you that you have dreamed up a problem where none exists.

And I'm asking for solutions (in another thread) for resolving the
problem.

Maybe you should start with clarifying the problem, instead of having us
guess what you think it might be.

but my point is that being able to easily track it from anywhere in the world means anyone can essentially atrack you.

Ehhh.... If someone can do "x" that someone can essentially do "x" ? Yeah duh!

But as I already explained to you and you refused to respond to, from whats
in that database you can only track a *random* person. Which, as I
mentioned earlier, is useless.

To prove how easy it is to track anyone's movements from place to place,
I'm setting up these three routers to prove that I can easily be tracked:

You still don't get it, do you. You are still working your way backwards from the answer (you know what your BSSID is) to the question (find your BSSID and read your own location next to it). Anyone can do that.

Doing it the other way around however ...

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

I'm simply informing you and others on this newsgroup of this problem set.

And I'm informing you that you have dreamed up a problem where none exists.

And I'm asking for solutions (in another thread) for resolving the
problem.

Maybe you should start with clarifying the problem, instead of having us guess what you think it might be.

but my point is that being able to easily track it from anywhere in the
world means anyone can essentially atrack you.

Ehhh.... If someone can do "x" that someone can essentially do "x" ? Yeah duh!

But as I already explained to you and you refused to respond to, from whats in that database you can only track a *random* person. Which, as I mentioned earlier, is useless.

To prove how easy it is to track anyone's movements from place to place,
I'm setting up these three routers to prove that I can easily be tracked:

You still don't get it, do you. You are still working your way backwards from the answer (you know what your BSSID is) to the question (find your BSSID and read your own location next to it). Anyone can do that.

Doing it the other way around however ...

Hi Rudolph!

Thank you for your opinion, which I appreciate given I was shocked when,
after reproducing the published research methods, that Apple was not
respecting their own published privacy policy on how to opt out of their
public WPS system that anyone in the world can access at will.

Lest you claim "I don't get it", it's important to reiterate that the insecurity of Apple's Wi-Fi Positioning System (WPS) isn't speculative.
It's not an opinion as it's documented in peer-reviewed research. The
recent paper "Surveilling the Masses with Wi-Fi-Based Positioning Systems"
(Rye & Levin, 2024) demonstrates that Apple's WPS API can be queried at
scale to reconstruct large portions of the global Wi-Fi map, including
access points that the querier has never observed.

The entire database is open to everyone, as you've already seen when you
ran the scripts I so kindly provided for you in this very thread prior.
1. modified working & tested "apple_bssid_locator.py"
2. 'bssid.bat' (looks up an AP)
3. 'bssidcompare.bat' (determines if/where the AP moved)
4. 'bssidgenerate.bat' (generates random BSSIDs to test)
5. 'bssidcheck.bat' (checks which BSSID is in Apple's insecure WPS DB)
6. 'bssidplot.py' (plots results en masse onto a map using Fermium)
7. gps:bssid results (text output directly from Apple's insecure WPS DB)

The key point is that Apple's WPS endpoint returns hundreds of nearby GPS:BSSIDs pairs for any submitted BSSID, not just the one requested.

The researchers claimed that behavior allows iterative expansion, which,
listed in its simplest form (as described) is:
a. Query any BSSID (it can be known, or random)
b. Receive up to ~400 nearby BSSIDs
c. Query the "edge" BSSIDs

Repeat until you have the entire database of GPS:BSSID pairs (which is
trivial to do, and we proved that. It simply costs 120GB of disk space).

This is exactly the technique the researchers used to walk outward across cities and continents. I simply proved to Chris that it's trivial to do.

The researchers claimed you can easily track when those GPS:BSSID pairs
have moved to a new location, which I also proved was trivial (my script
looked for changes of 100KM or more - but any distance is feasible).

The researchers claim a simple public map shows the building address where
that GPS:BSSID pair was before and after it was moved, and I proved that.

To verify the behavior the researchers claimed was the behavior all of us
can trivially observe, I modified the open-source apple_bssid_locator tool
so that it requests the full result set (return_single_result = 0) and logs
all returned BSSID->GPS pairs. The modified script reliably returns
hundreds of nearby access points per query, consistent with the behavior described in the paper.

This isn't "theoretical," and it isn't dependent on privileged access.

It's simply how Apple's WPS API responds today. The fact that random, unobserved BSSIDs can be queried without restriction, and that the API
returns their coordinates and the GPS:BSSID pairs of all adjacent access points, is precisely the privacy issue the researchers highlighted.

Given I read the research papers and I reproduced their results, maybe you might want to rethink your assessment that "I don't get it", Rudolph.

Whether one considers this a vulnerability or a design flaw is a matter of interpretation, but the underlying behavior is not in dispute. The academic paper, the Register article summarizing it, and independent replication all confirm the same thing: Apple's WPS database can be enumerated at scale,
and the API provides enough information to reconstruct the physical
locations of Wi-Fi access points globally.

Even Apple didn't dispute all my facts when I presented them to Apple via
my next-door neighbor who is a VP who entered the issue into Apple's RADAR.

So maybe I do get it when everything I did confirms what the researchers
said, and Apple confirmed everything I did since I gave them the same data
that I gave you as my goal is not only to stay out of Apple's insecure WPS database, but to help potentially hundreds of millions of others do so too!

I'm all about helping everyone - which is why all my tutorials use tools
which are free to use and I provide my scripts when I modify FOSS tools.
--
My posts aim to explore how Apple's WPS actually works beneath the surface,
in ways most users may never understand because Apple doesn't tell them.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

The key point is that Apple's WPS endpoint returns hundreds of nearby GPS:BSSIDs pairs for any submitted BSSID, not just the one requested.

Kiddo, you have changed your story. From a privacy issue to a "I can get
the whole database".

You have not given me/us any explanation to why knowing *a random BSSID* and its location would be a privacy issue, and now not why you think that being able to get all the Apple databases contents would be one.

Lest you claim "I don't get it", it's important to reiterate that the insecurity of Apple's Wi-Fi Positioning System (WPS) isn't speculative.

And as I've told you a number of times before, I'm not going on a wild goose hunt for something you *could* be meaning. You have it as a fact in your
head, *you* explain it. I'm not going to play a ten guesses game with you.

I'm all about helping everyone -

No, you're not.

If you would be than you would take the time to make sure that your intended audience gets the facts instead of some guesswork as well as getting
something thats easy to read and follow and thus understand.

I've told you that many times, but you have disregarded that for years now. Thats not something an /actual/ helpfull person would do.

Though I must say I was pleasantly surprised that your last "tutorial" was about a single subject and not multiple together, poored out after having
gone to a food-blender. Yes, I remember those. :-(

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

The key point is that Apple's WPS endpoint returns hundreds of nearby
GPS:BSSIDs pairs for any submitted BSSID, not just the one requested.

Kiddo, you have changed your story. From a privacy issue to a "I can get the whole database".

You have not given me/us any explanation to why knowing *a random BSSID* and its location would be a privacy issue, and now not why you think that being able to get all the Apple databases contents would be one.

Lest you claim "I don't get it", it's important to reiterate that the
insecurity of Apple's Wi-Fi Positioning System (WPS) isn't speculative.

And as I've told you a number of times before, I'm not going on a wild goose hunt for something you *could* be meaning. You have it as a fact in your head, *you* explain it. I'm not going to play a ten guesses game with you.

I'm all about helping everyone -

No, you're not.

If you would be than you would take the time to make sure that your intended audience gets the facts instead of some guesswork as well as getting something thats easy to read and follow and thus understand.

I've told you that many times, but you have disregarded that for years now. Thats not something an /actual/ helpfull person would do.

Though I must say I was pleasantly surprised that your last "tutorial" was about a single subject and not multiple together, poored out after having gone to a food-blender. Yes, I remember those. :-(

Rudolph, let's keep this focused on the technical issue rather than tone.

For you to tell me "I don't get it" a hundreds times, doesn't mean that I
don't get it when I simply reproduced what researchers said could be done.

In other words, I got it.
I got it the moment I read the security research (which I reproduced).

The papers and news articles you read are not speculation; they are fact.
All I did was reproduce what the security researchers said was easy to do.
And it was.
In fact, it was so easy to reproduce what the security researchers warned
about that I, myself, could easily get the entire Apple WPS database.

Worse, I, myself, could easily track any BSSID in the world.
a. I could pick any address on the planet
b. I could find the BSSID associated with that address
c. And I could track it forever.

That's not random.
I have no intention of tracking people, but I proved it's trivial to do.
Just like the security researchers said it was.

Hence, the privacy concern isn't about a *single* nor random BSSID.

It's about the fact that each Apple's WPS endpoint returns *hundreds* of
nearby BSSID-location pairs for any query, for any querier, and that you
can't get opt out of Apple's WPS database using Apple's published method.

These flaws effectively exposes large portions of Apple's WPS database to anyone who knows how to query it, which is what the researchers said.
Hundreds of millions of people who, like me, thought they opted out
properly, are not opted out (which Apple replied to me in writing is the
case, although we are taking a swag at how many people use the hidden
feature found in almost every single router ever sold in the world).

That's the point I've been making.

If you disagree with the technical argument, I'm happy to discuss that.
But dismissing it as 'guesswork' doesn't address the underlying issue.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

Rudolph, let's keep this focused on the technical issue rather than tone.

Answer my questions, and I will consider it.

So, when are you going to explain how you being able to read BSSID's and coordinates from Apples database is a privacy problem ?

For you to tell me "I don't get it" a hundreds times, doesn't mean that I don't get it when I simply reproduced what researchers said could be done.

Kiddo, being able to repeat what others have detailed doesn't mean you understood what you where doing.

Worse, I, myself, could easily track any BSSID in the world.

Kiddo, I've asked you several times to explain why, according to you, that that is a problem. You have refused to do so every time. No, *YOU DO NOT
GET IT*.

Proof of that ? If you would than you would have been able to explain yourself to me/us. The fact that you don't ...

That's not random.

Yes, it is. Tell me, what is *the name of the person* behind the BSSID's
you have been tracking ?

Ofcourse, you have no idea.

These flaws effectively exposes large portions of Apple's WPS database
to anyone who knows how to query it, which is what the researchers said.

Its not a flaw, its on purpose. Kiddo, you have *NO* idea what that
database is for, but you have already drawn your conclusions. You are, as I mentioned a few times, *WILLFULLY IGNORANT*.

And it doesn't help that *I already asked you* to consider what the purpose
of that database is, and you simply refuse to do so.

I have no intention of tracking people, but I proved it's trivial to do. Just like the security researchers said it was.

Is that true ? So, if I pick a name than you can, assiming he's got a BSSID with him, tell me where that person is traveling ? Yes or no ? And ofcourse, explain your answer. :-)

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

That's not random.

Yes, it is. Tell me, what is *the name of the person* behind the BSSID's you have been tracking ?

Ofcourse, you have no idea.

Ah, but I do.
So would you had you read the research papers, Rudolph.

Cybernews: *Anyone can tap into your WiFi location data to track you*
explains how Apple's WPS can be exploited for mass surveillance. <https://cybernews.com/privacy/apple-beams-wifi-location-data-privacy-risk/>

The researchers already showed anyone in the world is already able to use Apple's WPS db to track Loretta Anne Jameson's AP which is currently
located at 4302 Josey Circle, Shreveport, LA 71109.

When she moves, I'll let you know where she moves her router to.
Likewise with any of her neighbors.

Ronda and Alfred Beel, 4310 Josey Cir, Unit #2-A
Benjamin and Eric Choyica 1/4 and, 4318 Josey Cir, Unit #2-A
Jeffrey Devin, 4306 Josey Cir, Unit #2-A
Flora Ann Jackson Gellion, 4338 Josey Cir, Unit #2-A
Lonzie D. Groniger, 4321 Josey Cir, Unit #2-A
Lutrisher Walton Hill, 4329 Josey Cir, Unit #2-A
Melvin Hawthorn, Jr. 1/2 and, 4823 Josey Cir, Unit #2-A
Mary E. Gebbs Hendy, 4816 Josey Cir, Unit #2-A
Shane Jameson Sr., 4330 Josey Cir, Unit #2-A
Rosemary Ellerbee Jones, 4317 Josey Cir, Unit #2-A
Charles Nesh, 4824 Josey Cir, Unit #2-A
James and Dollie Henson Smythe, 4314 Josey Cir, Unit #2-A
Sherryn Marie Smythe, 4820 Josey Cir, Unit #2-A
Terrince Steedman, 4326 Josey Cir, Unit #2-A
Pamela Tomas, 4828 Josey Cir, Unit #2-A
Trivia Yashica Watken, 4827 Josey Cir, Unit #2-A
etc.

Anyone can do this for any home in the United States.
Which is why this is so dangerous to privacy.
--
I'm here to help others understand the deeper mechanics of WPS that
most people never comprehend (& that Apple marketing never explains).
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

Unit #2-A

Apologies for the unit 2-a on every name and address in the previous list.
Only the first line was that unit.

I used gVIM to munge the record, slightly, for privacy, since the exact
unit didn't matter for our purposes, but I made an editing redaction error.

The point is anyone in the world can track these people by their GPS:BSSID.
Jeffrey Devin ......................... 4306 Josey Circle
Ronda and Alfred Beel ................ 4310 Josey Circle
James and Dollie Henson Smythe ....... 4314 Josey Circle
Rosemary Ellerbee Jones .............. 4317 Josey Circle
Benjamin and Eric Choyica ............ 4318 Josey Circle
Lonzie D. Groniger .................... 4321 Josey Circle
Terrince Steedman ..................... 4326 Josey Circle
Lutrisher Walton Hill ................ 4329 Josey Circle
Shane Jameson Sr. ..................... 4330 Josey Circle
Flora Ann Jackson Gellion ............ 4338 Josey Circle
Mary E. Gebbs Hendy ................... 4816 Josey Circle
Sherryn Marie Smythe .................. 4820 Josey Circle
Melvin Hawthorn, Jr. ................. 4823 Josey Circle
Charles Nesh .......................... 4824 Josey Circle
Trivia Yashica Watken ................ 4827 Josey Circle
Pamela Tomas .......................... 4828 Josey Circle
etc.

The papers explained how anyone in the world could track every owner of
every home in the United States by their GPS:BSSID using the highly
insecure Apple WPS database like could for the above people (which I have
no plans on doing but which is why I understand how badly designed Apple's
WPS implementation is - which Google's WPS & Mozilla's WPS isn't).
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

Anyone can do this for any home in the United States.
Which is why this is so dangerous to privacy.

Apologies for the unit 2-a on every name and address in the previous list.
Only the first line was that unit.

I used gVIM to munge the record, slightly, for privacy, since the exact
unit didn't matter for our purposes, but I made an editing redaction error.

The point is anyone in the world can track these people by their GPS:BSSID.
Jeffrey Devin ......................... 4306 Josey Circle
Ronda and Alfred Beel ................ 4310 Josey Circle
James and Dollie Henson Smythe ....... 4314 Josey Circle
Rosemary Ellerbee Jones .............. 4317 Josey Circle
Benjamin and Eric Choyica ............ 4318 Josey Circle
Lonzie D. Groniger .................... 4321 Josey Circle
Terrince Steedman ..................... 4326 Josey Circle
Lutrisher Walton Hill ................ 4329 Josey Circle
Shane Jameson Sr. ..................... 4330 Josey Circle
Flora Ann Jackson Gellion ............ 4338 Josey Circle
Mary E. Gebbs Hendy ................... 4816 Josey Circle
Sherryn Marie Smythe .................. 4820 Josey Circle
Melvin Hawthorn, Jr. ................. 4823 Josey Circle
Charles Nesh .......................... 4824 Josey Circle
Trivia Yashica Watken ................ 4827 Josey Circle
Pamela Tomas .......................... 4828 Josey Circle
etc.

The papers explained how anyone in the world could track every owner of
every home in the United States by their GPS:BSSID using the highly
insecure Apple WPS database like could for the above people (which I have
no plans on doing but which is why I understand how badly designed Apple's
WPS implementation is - which Google's WPS & Mozilla's WPS isn't).
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote on 12/28/2025 6:24 PM:

Marian wrote:

Anyone can do this for any home in the United States.
Which is why this is so dangerous to privacy.

Apologies for the unit 2-a on every name and address in the previous list. Only the first line was that unit.

I used gVIM to munge the record, slightly, for privacy, since the exact
unit didn't matter for our purposes, but I made an editing redaction error.

The point is anyone in the world can track these people by their GPS:BSSID. Jeffrey Devin ......................... 4306 Josey Circle
Ronda and Alfred Beel ................ 4310 Josey Circle
James and Dollie Henson Smythe ....... 4314 Josey Circle
Rosemary Ellerbee Jones .............. 4317 Josey Circle
Benjamin and Eric Choyica ............ 4318 Josey Circle
Lonzie D. Groniger .................... 4321 Josey Circle
Terrince Steedman ..................... 4326 Josey Circle
Lutrisher Walton Hill ................ 4329 Josey Circle
Shane Jameson Sr. ..................... 4330 Josey Circle
Flora Ann Jackson Gellion ............ 4338 Josey Circle
Mary E. Gebbs Hendy ................... 4816 Josey Circle
Sherryn Marie Smythe .................. 4820 Josey Circle
Melvin Hawthorn, Jr. ................. 4823 Josey Circle
Charles Nesh .......................... 4824 Josey Circle
Trivia Yashica Watken ................ 4827 Josey Circle
Pamela Tomas .......................... 4828 Josey Circle
etc.

The papers explained how anyone in the world could track every owner of
every home in the United States by their GPS:BSSID using the highly
insecure Apple WPS database like could for the above people (which I have
no plans on doing but which is why I understand how badly designed Apple's WPS implementation is - which Google's WPS & Mozilla's WPS isn't).

I couldn't figure out which of these people are YOU.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

That's not random.

Yes, it is. Tell me, what is *the name of the person* behind the BSSID's >> you have been tracking ?

Ofcourse, you have no idea.

Ah, but I do.

Another claim without anything to support it. Ignored.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

Apologies for the unit 2-a on every name and address in the previous list. Only the first line was that unit.

...

The point is anyone in the world can track these people by their
GPS:BSSID.
Jeffrey Devin ......................... 4306 Josey Circle
Ronda and Alfred Beel ................ 4310 Josey Circle
James and Dollie Henson Smythe ....... 4314 Josey Circle

[snip rest of list]

So, you have a list of person names and, I assume, street adresses - but no (GPS.)BSSIDs. iow, nothing to track any of those persons with.

Kiddo, you *really need to* explain how you convert BSSIDs into a persons name, or a persons name into a BSSID.

And lets not forget, I asked you a simple Yes/No question about it which you still have not answered :

[quote=me]
So, if I pick a name than you can, assiming he's got a BSSID with him, tell
me where that person is traveling ? Yes or no ? And ofcourse, explain
your answer. :-)
[/quote]

Ofcourse, when I pick a name of someone/place I know the BSSID of it would
be *very* evident when you would give me a random BSSID for it ...

The same would happen when I give you a known-to-me BSSID and you come back with some random persons name.

Yeah, your best shot at not falling into that "trap" is by simply refusing
to answer the question.

The only problem with that is that *not* giving an answer is an answer in itself : YOU HAVE NO CLUE.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

So, you have a list of person names and, I assume, street adresses - but no (GPS.)BSSIDs. iow, nothing to track any of those persons with.

Kiddo, you *really need to* explain how you convert BSSIDs into a persons name, or a persons name into a BSSID.

And lets not forget, I asked you a simple Yes/No question about it which you still have not answered :

[quote=me]
So, if I pick a name than you can, assiming he's got a BSSID with him, tell me where that person is traveling ? Yes or no ? And ofcourse, explain your answer. :-)
[/quote]

Ofcourse, when I pick a name of someone/place I know the BSSID of it would be *very* evident when you would give me a random BSSID for it ...

The same would happen when I give you a known-to-me BSSID and you come back with some random persons name.

Yeah, your best shot at not falling into that "trap" is by simply refusing to answer the question.

The only problem with that is that *not* giving an answer is an answer in itself : YOU HAVE NO CLUE.

Hi Rudolph,

Let me address this at the technical level, because the privacy concerns
are getting mixed up with how the data actually works.

1. What a BSSID is and is not
a. A BSSID is the MAC address of a Wi-Fi access point.
b. It identifies hardware at a fixed physical location.
c. It does NOT identify a person.
d. There is no built-in mapping between a person and a BSSID.
e. The only inherent mapping is between the access point
and the building where it is located
f. Buildings have owners & ownership records are public information.
g. So as not to dox people, the names I listed earlier were
slightly altered to avoid posting identifiable data directly
(but those looking at public records should recognize the pattern)

2. How the location association works
a. Appleos WPS database stores BSSID-to-location pairs.
b. In practice, these coordinates almost always correspond
to a specific building.
c. That building is associated with an owner through public
property records (in the USA anyway)
d. Apple devices passively observe nearby BSSIDs.
e. Those observations are uploaded to Appleos WPS database.
f. Apple aggregates these observations into a large, publicly
queryable location database with no controls whatsoever!
g. This is the same mechanism described in the published research.

3. Where the "1 to 1" linkage comes from
a. Apple provides only BSSID-to-location.
b. Yet, that location is almost always a building.
c. Buildings have owners.
d. Property ownership records are public in the United States.
e. Combining these two data sources yields:
BSSID -> address -> homeowner name
f. This derived linkage is not present in Apple's data itself.
g. It is, however, trivial for anyone to construct using
publicly available information (which I easily proved)
h. I am not posting the fully assembled chain in a single message,
because that might dox people too easily for people like you.
But it's close enough to make the point for someone who knows
how to use a web page to obtain the ownership data themselves.

This is the technical explanation. The privacy boundary is simply that I am
not going to publish a combined BSSID + address + homeowner name dataset in
one place, even though the individual components are public.

The underlying point is straightforward: if a BSSID is tied to a fixed
home, and home ownership records are public, then correlating the two is trivial. Anyone familiar with how these systems work already understands
this, and the research literature has demonstrated it clearly.
--
Intelligent people own the imagination to figure out how a tool works.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

Another claim without anything to support it.

And yet I proved it's trivial to obtain the named owner of every building
in the United States (since that's public information) and to obtain the location of every BSSID in that building which, if it's a home, typically
has only one (although mine has half a dozen or more tied to my home).

BSSID <-> Owner (via the building location)
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Andy Burns wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it).

But which of those 2 billion belong to me?

Andy,

I respect your knowledge, so I'm aware you understand what a BSSID is.
You also understand that most people own the home they live in.
And, you understand that if they move, they take their router with them.

Are you disputing any of that?

I know the owner of every home on Josey Circle in Shreveport, LA, right?
That's trivial. Anyone can prove how trivial that is, right?
Jeffrey Devin ......................... 4306 Josey Circle
Ronda and Alfred Beel ................ 4310 Josey Circle
James and Dollie Henson Smythe ....... 4314 Josey Circle
Rosemary Ellerbee Jones .............. 4317 Josey Circle
Benjamin and Eric Choyica ............ 4318 Josey Circle
Lonzie D. Groniger .................... 4321 Josey Circle
Terrince Steedman ..................... 4326 Josey Circle
Lutrisher Walton Hill ................ 4329 Josey Circle
Shane Jameson Sr. ..................... 4330 Josey Circle
Flora Ann Jackson Gellion ............ 4338 Josey Circle
Mary E. Gebbs Hendy ................... 4816 Josey Circle
Sherryn Marie Smythe .................. 4820 Josey Circle
Melvin Hawthorn, Jr. ................. 4823 Josey Circle
Charles Nesh .......................... 4824 Josey Circle
Trivia Yashica Watken ................ 4827 Josey Circle
Pamela Tomas .......................... 4828 Josey Circle
etc.

And, in another post, I showed the BSSID nearest to each of those
buildings, right? (I'm not going to put it together here for reasons that
I'm not trying to dox people.)

So what are you asking me to answer?
a. Are you disputing I have the named owner of every home in the USA?
b. Or are you disputing I have the BSSID of every home in the USA?

If your name was, oh, let's say Jeffrey Devin, and if you put that router
in the home that you own at 4306 Josey Circle, then I can track that AP anywhere in the world if you then moved to another home, and took your
router with you.
c. Are you disputing I can track the location of that AP BSSID, Andy?

Note that by tracking the BSSID and knowing the owner of every home in the
USA (since that's a public record), I could tie it to you "if" you're the owner. If you only rented the home, then I'd need more data to tie it to
you.

But in the USA, overwhelmingly, people own the home they live in.
So it's tied to the owner. Who, in this case, would be you.

Would it not?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

And lets not forget, I asked you a simple Yes/No question about it which
you still have not answered :

...

f. This derived linkage is not present in Apple's data itself.

So, your initial accusation that the contents of Apples database constitutes to a privacy violation is false.

Kiddo, thats what I've been trying to tell you all along, but you have been dancing around, trying to evade having to say that. You infact still do.
:-)

2. How the location association works
a. Apples WPS database stores BSSID-to-location pairs.
b. In practice, these coordinates almost always correspond to a specific building.
c. That building is associated with an owner through public
property records (in the USA anyway)

In short, you need to access *other* publicly available databases to *try
to* link a BSSID to a specific person.

"Try to" as it will still fail when muliple persons live close together (appartment building, GPS is *very* bad at altitude measurement, or even a
row of appartments against each other), or when Apple has "seeded" those coordinates, randomly shifting them away from the actual ones. Just a few meters (inside the precision tolerance) is enough to make them point to a neighbour.

Kiddo, you are WILLFULLY IGNORANT, as you refuse to consider the
implications of what you try to claim.

But ok, now you have found a *random person*. What good does that do ?

My question still stands :

[quote=me]
So, if I pick a name than you can, assiming he's got a BSSID with him, tell
me where that person is traveling ? Yes or no ? And ofcourse, explain
your answer. :-)
[/quote]

If you can answer that one *than* you perhaps have something to complain about.

... but than the question is : complain to whom ? Why have you been accusing Apple of spilling the beans when those "public property records"
are spilling /whole bags/ of them ?

Also, I've been telling you that getting personal information - like
location information - can be bought by anyone who is willing to spend a
buck.

But *if* you can find the home-addres of *a specific person* - which is not
a given - and from there the BSSID of devices owned by that person - which
is also not a given - you have merely found /another way/ to track that person. Congratulations.


And another question you have refused to answer : how does Apples database
get the real-time coordinates of those BSSIDs (so you can track their
movment) ? If its not the persons own devices that upload them, than how does that work ?

... An when a persons own device is doing it, why not point at that person (you?) for being a dumbass for not understanding how his phone works.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

And yet I proved it's trivial to obtain the named owner of every building
in the United States

I've got a name for you :John Smith. Now tell me, where does he live and whats his BSSID ?

Do I have to explain the above to you or are you smart enough to figure it
out for yourself ?

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

In short, you need to access *other* publicly available databases to *try to* link a BSSID to a specific person.

Essentially...
1. Every home in the USA is tied to an owner in a public database
2. Every BSSID in every home in the USA is in the Apple public database

BSSID <-> GPS <-> Address <-> Owner

Only an extremely unimaginative person wouldn't be able to connect the dots (which is why the researchers said that the Apple implementation is flawed)

Remember, Apple's WPS is DIFFERENT than how Google/Mozilla do their WPS.
That DIFFERENCE is what the security researchers pointed out so forcefully.

Apple makes that task of correlating every name to every location trivial because there are absolutely no controls on the Apple WPS database.

None.
You can download the entire Apple database using basic commands.

Basically, you get every BSSID:LOCATION pair in the world.
(Actually every BSSID:LOCATION in Apple's WPS but that's close to all.)

The problem is two fold:
1. Apple's WPS implementation has no controls.
2. Apple won't let you opt out.

That's what I've been saying for weeks now, so if people don't get it after having read the papers and run the scripts, then they'll never ever get it.

Google's WPS has controls; Apple's WPS does not.
Mozilla's WPS allows you to opt out with certainty; Apple's WPS does not.

This isn't speculation.
It's fact.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

And yet I proved it's trivial to obtain the named owner of every building >> in the United States

I've got a name for you :John Smith. Now tell me, where does he live and whats his BSSID ?

Do I have to explain the above to you or are you smart enough to figure it out for yourself ?

BSSID <-> GPS <=> Address <-> Owner

Every person who knows anything understands that every owner of every home
in the United States is in a public database and that every BSSID:GPS in
every home in the world (essentially) is in Apple's public database.

For someone to not be able to connect the dots would mean they lack ability
to use tools as simple as a hammer and a nail, as it's that trivial to do.

It's a simple merging of 2 data files, both of which have no controls:
BSSID <-> GPS <=> Address <-> Owner

What's DIFFERENT is Google's WPS has controls; Apple's WPS does not.
And Mozilla's WPS works like it should; Apple's WPS does not.

What Apple is doing is the antithesis of everything Apple "says" it does.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

Essentially... 1. Every home in the USA is tied to an owner in a public database

You have adjusted your claim to mean only a small part of the world. Your claim that everyone all over the world could be followed is therefore false.

Also, the owner doesn't need to live in that house or being the person carrying the BSSID with him. Your claim that everyone all over the world could be followed is therefore false.

2. Every BSSID in every home in the USA is in the Apple public database

Nope. And I'm not even going to explain that to you.

BSSID <-> GPS <-> Address <-> Owner

Only an extremely unimaginative person wouldn't be able to connect the
dots

Kiddo, you have both been shrinking the reach of your claim as well as refusing to consider any of the problems I've mentioned in regard to your above chain - making your "connect the dots" a farce.

Kiddo, I say it again : YOU ARE WILLFULLY IGNORANT. And you know it.

[quote=me]
So, if I pick a name than you can, assiming he's got a BSSID with him, tell
me where that person is traveling ? Yes or no ? And ofcourse, explain
your answer. :-)
[/quote]

You can't do the above, its as simple as that.

And than there are ofcourse all my other hints and questions you have
refused to respond to.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

I've got a name for you :John Smith. Now tell me, where does he live and >> whats his BSSID ?

Do I have to explain the above to you or are you smart enough to figure
it out for yourself ?

BSSID <-> GPS <=> Address <-> Owner

Every person who knows anything understands that every owner of every
home in the United States is in a public database

Every person who know anything knows that

the owner might not live in the house he owns. (1)

there might be multiple - unrelated - people living in the house (2)

the "GPS" coordinates in Apples database just might not be exactly pointing
to the device itself

(1) Good luck with find out where a person who is *not* the owner actually lives.

(2) Good luck with pin-pointing "the person-of-interest".

Kiddo, you keep presenting your "facts" while forcefully refusing to
consider the problems with them. You are WILLFULLY IGNORANT.

Which in itself isn't much of a problem, but you keep posting your fantasies as tutorials. With which you could greatly damage someone who takes your fantasies as facts.

Forgive me if I will keep making that FACT clear to anyone who might stumble over your science-fiction scribblings.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

"R.Wieser" wrote

Arlen,

Apologies for the unit 2-a on every name and address in the previous
list.
Only the first line was that unit.

...

The point is anyone in the world can track these people by their
GPS:BSSID.
Jeffrey Devin ......................... 4306 Josey Circle
Ronda and Alfred Beel ................ 4310 Josey Circle
James and Dollie Henson Smythe ....... 4314 Josey Circle

[snip rest of list]

So, you have a list of person names and, I assume, street adresses - but
no (GPS.)BSSIDs. iow, nothing to track any of those persons with.

I see I fully forgot to point out the most obvious : that list doesn't seem
to contain coordinates of the property. iow, nothing to compare the coordinates outof Apples database with.

Yet another "connect the dots" of yours that, with the information your provided us, simply doesn't, cannot work.

... or you would need to use /yet another/ information source as a bridge.

So, you would have three(?) databases(?) that will *only* when combined -
and only as long as you ignore all the other problems with it I've posted - devulge the info you're after.

But you still want to blame Apple, and Apple alone for leaking your privacy
?

Yeah, right.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

I respect your knowledge, so I'm aware you understand what a BSSID is.
You also understand that most people own the home they live in.

Most, yes; here in the UK it's roughly 2/3 of households, not sure
whether that's less than in the USA?

And, you understand that if they move, they take their router with them.

Most people here will use the router provided by their ISP, they're
probably meant to leave it behind, or send it back when they move home.

I know the owner of every home on Josey Circle in Shreveport, LA, right?

And, in another post, I showed the BSSID nearest to each of those
buildings, right? (I'm not going to put it together here for reasons that
I'm not trying to dox people.)

So what are you asking me to answer?

For a named person, if you already know where they live, you know their location, if you don't know where the live, Apple's database doesn't
help you find out. Even if you find their router's BSSID, why do you
ant to wait years until they move home, just so you can track where they
move to?

a. Are you disputing I have the named owner of every home in the USA?

Situation is a bit different here, there's the electoral roll which will
list everyone's address, but many people opt to tick the "privacy" box
so that isn't public information, there's also the land registry but
homes which have not recently changed hands are not required to be
registered, and you have to pay to see each record.

b. Or are you disputing I have the BSSID of every home in the USA?

I don't think you have it in such a cut-and-dried format, you've tied
things together by implication.

If your name was, oh, let's say Jeffrey Devin, and if you put that router
in the home that you own at 4306 Josey Circle, then I can track that AP anywhere in the world if you then moved to another home, and took your
router with you. c. Are you disputing I can track the location of that
AP BSSID, Andy?

But the BSSIDs are unique, people's names are not, how easy would it be
for you to link to SSNs?

Note that by tracking the BSSID and knowing the owner of every home in the USA (since that's a public record), I could tie it to you "if" you're the owner. If you only rented the home, then I'd need more data to tie it to
you.

But in the USA, overwhelmingly, people own the home they live in.
So it's tied to the owner. Who, in this case, would be you.

For anyone who runs their own business, the companies house data is
another source of addresses,

Would it not?

It would be easier for you to find my address by *not* using Apple's
database ...


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,

And, you understand that if they move, they take their router with them.

Are you disputing any of that?

Wishfull thinking much ? If he doesn't I will.

I know the owner of every home on Josey Circle in Shreveport, LA, right?

Which is pretty useless.

And, in another post, I showed the BSSID nearest to each of those
buildings, right? (I'm not going to put it together here for reasons that I'm not trying to dox people.)

:-) You're just telling us exactly what you've done, so we can repeat it ourselves. In my country thats called "aiding and abedding" - which can easily land you into jail.

a. Are you disputing I have the named owner of every home in the USA?

You already asked that.

b. Or are you disputing I have the BSSID of every home in the USA?

If he doesn't I will. Also, *the* BSSID ? Just a single one ? What are
you ? Poor ?

Note that by tracking the BSSID and knowing the owner of every home in the USA (since that's a public record), I could tie it to you "if" you're the owner.

Thats a rather big "if", don't you think ? It certainly trashes your initial claim that you could track *everyone* (all over the world).

But in the USA, overwhelmingly, people own the home they live in.

Tell that to all the poor city-dwellers who predominanty rent they places.

Who are, by the way, in close proximity and often stacked several layers
ontop of each other. Which ofcourse makes a mockery of any claim that a certain location will al;ways point to a single home.

So it's tied to the owner.

:-) You're "cooking the books" there.

Who, in this case, would be you.

Would it not?

Chances are - for multiple reasons as indicated in the above - he's not.

You're playing the "no true Scotsman" falacy there* : when you do not like a certain result you just discard it - leaving you with a meaningless, small subset, but all confirming what you wish to claim. Duh. Also, blergh.

* https://en.wikipedia.org/wiki/No_true_Scotsman

Bottom line : you *might* be able to track someone when you are given a persons name. - if the stars align just right.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Tue, 30 Dec 2025 22:24:03 +0100, "R.Wieser" <address@is.invalid>
wrote:

Arlen,

And, you understand that if they move, they take their router with them.

Are you disputing any of that?

Wishfull thinking much ? If he doesn't I will.

I know the owner of every home on Josey Circle in Shreveport, LA, right?

Which is pretty useless.

And, in another post, I showed the BSSID nearest to each of those
buildings, right? (I'm not going to put it together here for reasons that >> I'm not trying to dox people.)

:-) You're just telling us exactly what you've done, so we can repeat it >ourselves. In my country thats called "aiding and abedding" - which can >easily land you into jail.

a. Are you disputing I have the named owner of every home in the USA?

You already asked that.

b. Or are you disputing I have the BSSID of every home in the USA?

If he doesn't I will. Also, *the* BSSID ? Just a single one ? What are >you ? Poor ?

Note that by tracking the BSSID and knowing the owner of every home in the >> USA (since that's a public record), I could tie it to you "if" you're the >> owner.

Thats a rather big "if", don't you think ? It certainly trashes your
initial claim that you could track *everyone* (all over the world).

But in the USA, overwhelmingly, people own the home they live in.

Tell that to all the poor city-dwellers who predominanty rent they places.

Who are, by the way, in close proximity and often stacked several layers >ontop of each other. Which ofcourse makes a mockery of any claim that a >certain location will al;ways point to a single home.

So it's tied to the owner.

:-) You're "cooking the books" there.

Who, in this case, would be you.

Would it not?

Chances are - for multiple reasons as indicated in the above - he's not.

You're playing the "no true Scotsman" falacy there* : when you do not like a >certain result you just discard it - leaving you with a meaningless, small >subset, but all confirming what you wish to claim. Duh. Also, blergh.

* https://en.wikipedia.org/wiki/No_true_Scotsman

Bottom line : you *might* be able to track someone when you are given a >persons name. - if the stars align just right.

Some random thoughts...

A BSSID is typically based on the interface's MAC address. Each MAC
address is assumed, by many people, to be globally unique, but they
don't have to be.* It helps greatly if a MAC address is unique within
its local network segment, but a duplicate MAC appearing somewhere else shouldn't cause any problems. By extension, a duplicate BSSID appearing somewhere else shouldn't cause any problems that I can think of.

So my question is, would it help Arlen's quest for privacy if he were to
choose a MAC, and thus a BSSID, that already exists somewhere else and
is already present in the database? When someone does a query on that
BSSID, would they get the first result, or all results? I wonder if
Arlen has checked for duplicate BSSID entries in his favorite database.

*Many years ago, where I worked we trialed a piece of software that intentionally used the same IP address and MAC address on every server
in the pool. That violates everything we're taught about network
addressing, but it didn't cause any problems. It simply moved certain
tasks farther up the network stack. We ended up buying and deploying
that software into our production network.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char,

It helps greatly if a MAC address is unique within its local
network segment,

I would say that!

Examples of 'puters who could not communicate over the LAN because either their ethernet-cards MAC was already present, or they had a hard-set IP that clashed are aplenty.

but a duplicate MAC appearing somewhere else shouldn't cause
any problems.

As long as it would not be a duplicate there, you would be correct. :-)

There are a few problems with your suggestion though : it only works for devices that do not move around, which would make Arlens statement that he
can track anyone a bit of a joke.

If they hoever *do* move around (hello smartphones!) there is a rather good chance that they will, sometimes, enter a network segment where their BSSID
is alread present - which could lead to a denial of service for one, or even all of the devices being copies of each other.

*Many years ago,

...

it didn't cause any problems. It simply moved certain
tasks farther up the network stack

I think it did a bit more. Like negotiating which server would handle the request, and how to mark it that a certain ethernet packet was part of an ongoing conversation with a specific server.

iow, all those servers would need to /activily work together/ so they would not yell over each other and try to hijack each others conversations.

You know, it does sound odd : that sofware (that was bought) would need to
add markers to make sure ongoing conversations would go to the server which first serviced it, in effect duplicating what the ethernet MAC and the
puters IP are for ...

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Arlen,


[quote=me]

Tell that to all the poor city-dwellers who predominanty rent they places.

Who are, by the way, in close proximity and often stacked several
layers ontop of each other.

As my thoughts went over to the "well off" city-dwellers who own the appartments they live in, I realized that they too often live stacked that
way, sometimes in high-rises of 20 stories or more, with penthouses ontop.

Your Apple-database location data in such cases ? Useless.

Regards,
Rudy Wieser




--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char Jackson wrote:

A BSSID is typically based on the interface's MAC address. Each MAC
address is assumed, by many people, to be globally unique, but they
don't have to be.* It helps greatly if a MAC address is unique within
its local network segment, but a duplicate MAC appearing somewhere else shouldn't cause any problems. By extension, a duplicate BSSID appearing somewhere else shouldn't cause any problems that I can think of.

So my question is, would it help Arlen's quest for privacy if he were to choose a MAC, and thus a BSSID, that already exists somewhere else and
is already present in the database? When someone does a query on that
BSSID, would they get the first result, or all results? I wonder if
Arlen has checked for duplicate BSSID entries in his favorite database.

*Many years ago, where I worked we trialed a piece of software that intentionally used the same IP address and MAC address on every server
in the pool. That violates everything we're taught about network
addressing, but it didn't cause any problems. It simply moved certain
tasks farther up the network stack. We ended up buying and deploying
that software into our production network.

Hi Char Jackson,

Happy New Year!

You are one of the people on this newsgroup who know more about routers
than anyone I personally know, including me, although Jeff Lieberman and
Paul and a few others would know as much or almost as much as you do.

So I welcome your question as I am wondering the same things myself!

In the context of OpenWrt running on consumer-grade hardware, it is
important to distinguish between what the configuration layer *allows*
you to request and what the underlying wireless chipset and driver will actually honor. While OpenWrt exposes 'option macaddr' for wireless
interfaces, the ability to override the BSSID (which is simply the MAC
address of the AP's radio interface) is entirely dependent on the
capabilities of the Wi-Fi hardware and its corresponding mac80211 or vendor-specific driver.

Most consumer routers use Broadcom, Qualcomm Atheros, or Mediatek
chipsets whose Wi-Fi MAC addresses are stored in OTP/EEPROM and are
treated as immutable by the firmware. Even when OpenWrt writes an
override into /etc/config/wireless, the driver frequently rejects the
requested MAC because the hardware enforces the burned-in address or
derives multiple interface MACs from a fixed base. As a result, the
BSSID remains tied to the factory-programmed value regardless of user configuration. This is why many OpenWrt users observe that attempts to
spoof the BSSID simply do not take effect on real consumer hardware.

Only a subset of chipsets, typically those using fully mac80211-based
drivers with permissive MAC handling, will accept a user-specified
address for the AP interface. Even then, the override must satisfy the
802.11 requirement for a unicast, locally administered MAC (i.e., the second-least-significant bit of the first octet must be set, and the least-significant bit must be clear). If the address fails these
constraints, the driver will silently normalize or reject it.

Because of these hardware and driver limitations, the idea of selecting
an arbitrary BSSID to "collide" with an existing entry in a Wi-Fi
positioning database is largely theoretical for typical OpenWrt
deployments. Even on hardware that does permit MAC spoofing, WPS systems
such as Apple's treat the BSSID as a unique key and will simply update
the single stored location rather than maintaining multiple entries. As
a consequence, spoofing an existing BSSID does not provide meaningful
privacy benefits and, in practice, is simply not achievable on most
consumer routers, even when they are running the latest OpenWrt firmware.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char Jackson wrote:

*Many years ago, where I worked we trialed a piece of software that intentionally used the same IP address and MAC address on every server
in the pool. That violates everything we're taught about network
addressing, but it didn't cause any problems. It simply moved certain
tasks farther up the network stack. We ended up buying and deploying
that software into our production network.

Hi Char Jackson,

I appreciate your input because you're very knowledgeable in router setup.

I had left a note in the chimney on Christmas Eve for a consumer router
with DD-WRT or OpenWRT firmware that allows me to change the AP BSSID.

Unfortunately, there is no consumer router brand or model that universally "allows BSSID changes" as far as I'm currently aware. Certainly that
ability to change the BSSID of the access point exists in pro routers.

But what matters is not the router but the Wi-Fi chipset and the driver.

OpenWrt can only spoof a BSSID on hardware whose mac80211 driver
permits overriding the interface MAC address. Most consumer routers do
not permit this because the Wi-Fi MAC is stored in OTP/EEPROM and the
driver enforces it.

The only consumer-grade devices that consistently allow BSSID spoofing
are those using ath9k (Atheros 802.11n) or ath10k/ath11k (Qualcomm
802.11ac/ax) *with specific firmware revisions* that do not lock the MAC. Examples include older TP-Link, Netgear, and Ubiquiti devices based on
Atheros AR9xxx or QCA9xxx chipsets. On these units, OpenWrt can override
the MAC for AP mode, and the BSSID will follow the configured address.

However, even within the same product line, behavior varies.

Many ath10k-based consumer routers ship with board data that locks the MAC
or derives multiple interface MACs from a fixed base, preventing spoofing. Mediatek MT76 devices sometimes allow MAC override on 2.4 GHz but not on
5 GHz. Broadcom consumer routers almost never allow BSSID changes under
OpenWrt because the proprietary firmware enforces the burned-in address.

Therefore, the most accurate answer is that only certain Atheros-based
consumer routers, typically older models using ath9k or early ath10k,
permit true BSSID spoofing. No vendor guarantees this capability, and it
must be verified per chipset and driver rather than per router model.

My next chance is my 86th birthday, where I'll ask for an older router that
can change the BSSID in the outward-facing access point BSSID as no modern consumer router running OpenWrt or DD-WRT can reliably spoof the
outward-facing BSSID.

As far as I'm aware, only certain legacy Atheros ath9k devices could do
this, and they are no longer current hardware, unfortunately for me. :(
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Marian wrote:

Certainly that
ability to change the BSSID of the access point exists in pro routers.

But what matters is not the router but the Wi-Fi chipset and the driver.

Drat.

We all agree the BSSID picked up by Apple/Google devices and then uploaded
to the Apple/Google WPS databases is simply the MAC address of the wireless access point's radio interface as advertised in its beacon frames.

So to change the BSSID, we must change the MAC address of the AP interface.

While OpenWrt exposes:
option macaddr 'AA:BB:CC:DD:EE:FF'
it is ultimately the driver and hardware that decide whether to honor the override. Most modern Wi-Fi chipsets ignore it for AP mode.

Only older Atheros AR9xxx devices using the ath9k driver (circa 2008iV2014) allowed true MAC override in AP mode, which indirectly changed the BSSID.
These were fully mac80211-based radios with no firmware offload and no MAC locking. Examples include early TP-Link WR841N/WR1043ND units and some
Ubiquiti M-series devices. These are now obsolete and unsuitable for modern Wi-Fi.

Modern chipsets behave very differently. Qualcomm ath10k/ath11k, Mediatek
MT76 (MT7603/MT7612/MT7915/MT798x), and all Broadcom-chipset consumer
radios store the Wi-Fi MAC in OTP/EEPROM and enforce it in firmware.

Even when OpenWrt accepts a user-specified MAC, the driver normalizes or rejects it, or regenerates interface MACs from a fixed base. As a result,
the AP interface MAC cannot be changed, and the BSSID remains fixed.

From what I can determine, no modern consumer, prosumer, or WISP-grade
router (including Ubiquiti, MikroTik, OpenWrt, DD-WRT, or anything based on Qualcomm, Mediatek, or Broadcom chipsets) can arbitrarily change the BSSID
that appears in beacon frames.

As far as I can find out in google searches, unfortunately for me, and for anyone who cares about privacy, there is no mechanism in 802.11 to override
the BSSID field independently because the BSSID is not a configurable
parameter as the BSSID is always derived from the AP interface MAC address.

I wish it were that easy...
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Andy Burns wrote:

So what are you asking me to answer?

For a named person, if you already know where they live, you know their location, if you don't know where the live, Apple's database doesn't
help you find out. Even if you find their router's BSSID, why do you
ant to wait years until they move home, just so you can track where they move to?

Hi Andy,

Happy New Year!

Thanks for answering as I respect your acumen, as you've taught me a lot
over the years, which I appreciate and we've always worked together.

I think you agreed we know the name of every homeowner in the USA.
And we know the location of that home (if it's a single-family home).
That's not disputable.

What we can dispute is whether the accuracy of the BSSID identifies the
home, and we can dispute the percentage of people who take their router
with them when they move from one home to another home (e.g., I took mine).

We can dispute who is living in the home, and for multi-family dwellings,
we can dispute who the person is that is using that router at that time.

We can also dispute the significance of a router moving from one location
to another, although a large number of moves will be by the router owner.

We do know the brand of router, so we can exclude exchanged equipment.

If we are thoughtful, we can come up with a large list of vetted things we know, and things we can reliably guess & things we will never know, right?

In "my" case, I took all my routers with me when I moved from home A to
home B, and most people I know have done the same, so it's very common.

a. Are you disputing I have the named owner of every home in the USA?

Situation is a bit different here, there's the electoral roll which will list everyone's address, but many people opt to tick the "privacy" box
so that isn't public information, there's also the land registry but
homes which have not recently changed hands are not required to be registered, and you have to pay to see each record.

I won't dispute the UK system, nor any others, as it's not really the point
to narrow it down to an individual because it's already down to the home.

The fundamental main points, which all tie together, are
1. Apple does not respect their published opt-out mechanism
2. Hence, my BSSIDs are in Apple's WPS database even though I've opted out
3. My ownership of the home is a public record I can not make private.
4. Since I live in the home, that's me (and the members of my family).
5. Anyone can look up the location of my home in Apple's WPS
6. That means they can reverse search, if they felt like doing that.
7. Unlike Google's WPS, Apple's WPS has no controls whatsoever on lookup.
8. Unlike Google's WPS, Apple's WPS lookups give 400 nearby AP BSSIDs.
9. This makes it trivial to create a db of every AP in the world
10. And trivial to track the movements of every BSSID in the world
11. Which means they can reverse search by homeowner/home to BSSID movement
12. Which is exactly what the security researchers said was easily doable.

Combined with any other location-based database, they can easily track
almost anything they want to track that is tied to a homeowners movements.

b. Or are you disputing I have the BSSID of every home in the USA?

I don't think you have it in such a cut-and-dried format, you've tied
things together by implication.

Sure. That's exactly what all the security research in the world says.
So I'm saying what experts are saying - which is reasonable.

Only someone who lacks imagination can't think of ways to use a hammer.
This is a hammer. It's a very powerful hammer indeed.

Tie it with a nail and the bad guys can do a lot of mischief.
Which I tried to avoid by opting out of Apple's WPS database.

Circle back to Apple has no intention of following their own privacy rules.

If Apple respected their own privacy policy, I would not have as great a
case against Apple, where what Apple is doing is the antithesis of what
Apple loudly proclaims it does.

Remember, Google isn't doing this.
Neither was Mozilla.

Only Apple.

If your name was, oh, let's say Jeffrey Devin, and if you put that router
in the home that you own at 4306 Josey Circle, then I can track that AP
anywhere in the world if you then moved to another home, and took your
router with you. c. Are you disputing I can track the location of that
AP BSSID, Andy?

But the BSSIDs are unique, people's names are not, how easy would it be
for you to link to SSNs?

I do not have a database of SSNs, but I'm sure if I was a loan officer I'd
have it, right? Or a banker? Or a solar roof installer, or law enforcement.

Once you have the router ap in the home, you can track that router ap
around the world if someone bothers to take their router with them.

I do.
My routers, as you've seen, are ages old and I still have them at home.
<https://i.postimg.cc/44WKMKpJ/apple-wps-testing.jpg>

Those are going to be turned on in Palo Alto on New Year's day.
In a month, we'll move them to Cupertino.

This is a simple test case which proves that anyone in the world
can track any access point in the world, no matter where it goes.

Again, if I could opt out, it wouldn't be so bad for privacy.
But Apple does not respect their own opt-out privacy policy.

Note that by tracking the BSSID and knowing the owner of every home in the >> USA (since that's a public record), I could tie it to you "if" you're the
owner. If you only rented the home, then I'd need more data to tie it to
you.

But in the USA, overwhelmingly, people own the home they live in.
So it's tied to the owner. Who, in this case, would be you.

For anyone who runs their own business, the companies house data is
another source of addresses,

There are lots of ways to tie metadata together where the key points are
really that Apple won't respect its privacy policy and Apple's WPS returns
for too much data (400 BSSID:GPS pairs in every query!) and has no
controls.

Remember, Google isn't doing that.
Neither was Mozilla.

I'm in constant email with Brian Krebs on this and with Dan Veditz
on the Mozilla Security Team, both of whom easily understand the issues.

But I couldn't get Erik Rye or David Levin to respond to my emails yet.

Would it not?

It would be easier for you to find my address by *not* using Apple's database ...

Let's say you go on vacation and you take your router with you.
I can track your movements anywhere in the world if you do that.

But the main point, let's keep in mind, is mainly that:
1. Apple doesn't not respect their own legally binding privacy policy
(unlike Mozilla who respects hidden SSIDs as a very clear opt out)
2. Apple WPS is too easy to abuse (which is very unlike Google's WPS)
(which is what the security researchers stated rather clearly)

Do you disagree with that two-point assessment?
--
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 31 Dec 2025 08:03:36 +0100, "R.Wieser" <address@is.invalid>
wrote:

Char,

It helps greatly if a MAC address is unique within its local
network segment,

I would say that!

Yes, :) Unless of course if it's done intentionally, which should very
rarely be the case.

Examples of 'puters who could not communicate over the LAN because either >their ethernet-cards MAC was already present, or they had a hard-set IP that >clashed are aplenty.

When I was in college/university, someone in the computer lab
intentionally enabled a DHCP server, knowing that there was already an
active DHCP server. With over 300 workstations affected, we were all
dismissed for the day while the lab team figured out what had happened.

but a duplicate MAC appearing somewhere else shouldn't cause
any problems.

As long as it would not be a duplicate there, you would be correct. :-)

I was thinking that the chance of that kind of collision would be
exceedingly low, but statistics were never my strength.

There are a few problems with your suggestion though : it only works for >devices that do not move around, which would make Arlens statement that he >can track anyone a bit of a joke.

If they hoever *do* move around (hello smartphones!) there is a rather good >chance that they will, sometimes, enter a network segment where their BSSID >is alread present - which could lead to a denial of service for one, or even >all of the devices being copies of each other.

*Many years ago,

...

it didn't cause any problems. It simply moved certain
tasks farther up the network stack

I think it did a bit more. Like negotiating which server would handle the >request, and how to mark it that a certain ethernet packet was part of an >ongoing conversation with a specific server.

iow, all those servers would need to /activily work together/ so they would >not yell over each other and try to hijack each others conversations.

You know, it does sound odd : that sofware (that was bought) would need to >add markers to make sure ongoing conversations would go to the server which >first serviced it, in effect duplicating what the ethernet MAC and the >puters IP are for ...

We thought it was odd, as well, but in the end we implemented it and it
worked, so there's that. That was more than 20 years ago, but I remember
the servers having dual NICs, with one dedicated as sort of a mesh,
where they disambiguated and de-duped everything, and the other
interface being for the actual subscriber traffic. Looking back, perhaps
it was overly complicated. I'm sure it has been replaced several times
by now.

Arlen says the whole idea that I tossed out above is a non-starter, so
thanks for the discussion. Happy New Year!

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char Jackson wrote:

thanks for the discussion. Happy New Year!

Hi Char Jackson,

Happy New Year to you too!

I agree the simplest solution is to change the outward-facing SSID BSSID.
And I may have been wrong when I previously assumed no router allows it.

I've scoured the net trying to find a router that allows BSSID changing.
<https://forum.gl-inet.com/t/gl-mt3000-how-to-change-bssid/34977>

With FOSS firmware, the question morphs from which routers to which
chipsets and drivers allow changing the access point BSSID at will.

OpenWrt/DD-WRT can request a custom MAC/BSSID, but the radio driver must
honor it (i.e., option macaddr 'AA:BB:CC:DD:EE:FF').

Some sources claim these routers allow the BSSID override:
1. Netgear R7800 (Qualcomm Atheros IPQ8065 + ath10k radios)
2. TP-Link Archer C7 / A7 (Qualcomm ath9k/ath10k/ath11k)
3. Linksys EA8300 (Qualcomm IPQ4019)
4. Ubiquiti UniFi AC-Lite / AC-LR / AC-Pro (ath9k/ath10k)
5. GL.iNet ATX1800 (Wi-Fi 6, MediaTek MT7915)
Using OpenWRT in this three-step procedure:
STEP 1: Check BSSID
iw dev wlan0 info
STEP 2: Change BSSID
uci set wireless.radio0.macaddr='02:11:22:33:44:55'
uci commit wireless
wifi reload
STEP 3: Recheck BSSID
iw dev wlan0 info

Changing the BSSID means overriding the MAC address of the virtual AP interface, but only certain chipsets & Wi-Fi drivers allow this:
a. ath9k -> apparently always allows MAC override
b. ath10k -> apparently allows MAC override
c. ath11k -> apparently allows MAC override
d. mt76 (MediaTek) -> sometimes allows it; MT7915 is one of the good ones
e. Broadcom -> apparently never allows it
f. Marvell -> apparently never allows it
g. Realtek -> apparently unreliable or unsupported

So the list of potential routers that allow BSSID changes collapses to
'routers with Atheros or certain MediaTek chipsets that are sold today'.
--
There is always a solution that intelligent people, working together,
can discuss so that every problem we ever run into, has a working solution.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char,

but I remember the servers having dual NICs, with one dedicated
as sort of a mesh, where they disambiguated and de-duped everything,

That makes it likely that my (educated) guess that all servers would need to work together is what happened. :-)

Arlen says the whole idea that I tossed out above is a non-starter,

Arlen says a lot of things, most of it - lets put it nicely - not thought
thru.

Happy New Year!

And happy year to you - and everyone else here. :-)

Regards,
Rudy Wieser




--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Char,

but a duplicate MAC appearing somewhere else shouldn't
cause any problems.

As long as it would not be a duplicate there, you would be
correct. :-)

I was thinking that the chance of that kind of collision would
be exceedingly low, but statistics were never my strength.

Mine neither, and that is why I saved a copy of the explanation to the "birthday paradox" : The chance that in a rather small group of people two would have the same birthday.

https://www.scientificamerican.com/article/bring-science-home-probability-birthday-paradox/

It turns out that that chance is above 50% for a group of just 23 people. Which is, to me, remarkable.


Ofcourse, the range of possible "birthdays" for BSSIDs is a "bit" (understatement)larger* (but would it be if we would have started with your idea ? I don't think so), but as the BSSID is moving around the "group" becomes much larger too.

* If we choose our BSSIDs ourselves, the actual range drops dramatically.
Take passwords as an example. Most of us have to be forced not to use our own name or birthdate. :-)

Bottom line, those clashes would probably be much more likely than you
think.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Wed, 31 Dec 2025 08:17:06 +0100, "R.Wieser" <address@is.invalid>
wrote:

Arlen,

[quote=me]

Tell that to all the poor city-dwellers who predominanty rent they places. >>
Who are, by the way, in close proximity and often stacked several
layers ontop of each other.

As my thoughts went over to the "well off" city-dwellers who own the >appartments they live in, I realized that they too often live stacked that >way, sometimes in high-rises of 20 stories or more, with penthouses ontop.

Your Apple-database location data in such cases ? Useless.

Regards,
Rudy Wieser

Adding location information to DNS, DHCP, SNMP etc have been proposed.
Go to:
<https://www.rfc-editor.org/search/rfc_search.php>
and search for "location". You will find 165 RFC's involving
location.

An early scheme is RFC 1712
<https://www.rfc-editor.org/info/rfc1712> <https://www.rfc-editor.org/rfc/pdfrfc/rfc1712.txt.pdf>
The location data was limited to "level", which translates to floor
number, and "room" which provides horizontal location data for a
specific "level". Note that the data does not need to be derived from
GPS data. Since it doesn't change (often), it could be entered into
the database when the DNS record was created.

Among the later schemes is RFC 5870 <https://en.wikipedia.org/wiki/Geo_URI_scheme> <https://www.rfc-editor.org/rfc/pdfrfc/rfc5870.txt.pdf>
--
Jeff Liebermann jeffl@cruzio.com
PO Box 272 http://www.LearnByDestroying.com
Ben Lomond CA 95005-0272 AE6KS 831-336-2558

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Jeff,

Adding location information to DNS, DHCP, SNMP etc have been proposed.

...

An early scheme is RFC 1712

proposed in 1994. Its now more than 36 years later (which is, for
technology, a loooong time), and nothing like it has been implemented.


Maybe that is because there is no automated way to determine the "floor number". Especially for devices which task it is to do DNS, DHCP and so
on - those do not even contain hardware to determine their own X/Y location.

I must say that that RFC does have a joke smell to it. You know, like the "I'm a teapot" HTTP status, the "evil bit" for ethernet packets and lets not forget "IP over avian carriers" (which, by the way /does/ work).

And although most/all smartphones do have a GPS, those are notoriously bad
at determing elevation (which is not really a surprise, if you look at where the GPS satelites are located in relation to the GPS receiver).

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

[quote=me]

proposed in 1994. Its now more than 36 years later

My apologies, its only 32 years ago.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Dec 23, 2025, Chris wrote
(in article <10idp84$67nc$1@dont-email.me>):

Char Jackson <none@none.invalid> wrote:

On Mon, 22 Dec 2025 18:00:14 +0000, Andy Burns <usenet@andyburns.uk>
wrote:

Marian wrote:

I (can) have every access point location
in the world (over 2 billion) if I felt like getting it (and storing it).

But which of those 2 billion belong to me?

Well, *you* know which it is, and ve haf vays of making you talk, so...

Do *you* know your MAC address if presented with a list? I certainly don't.

It would be easier just to ask me for my physical address.

https://en.wiktionary.org/wiki/ve_haf_vays_of_making_you_talk

Am surprised there isn't a reference to the 80's comedy show 'Allo 'Allo!

Listen very carefully, I shall say this only once.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

On Thu, 1 Jan 2026 21:05:12 +0100, "R.Wieser" <address@is.invalid>
wrote:

Jeff,

Adding location information to DNS, DHCP, SNMP etc have been proposed.

...

An early scheme is RFC 1712

proposed in 1994. Its now more than 36 years later (which is, for >technology, a loooong time), and nothing like it has been implemented.

I'm 77 years old and am still proposing ideas which could easily be
labeled as science fiction. I've also seen projects that were
proposed, complete with detailed documentation, that didn't function
until funding was found many years later. I suggest you not pass
judgment on technology that you might consider old and instead
concentrate on whether they might actually work. Also, if you wish to
pass judgment on whether some technology is worth doing, there are
seats in the various houses of government awaiting your political
involvement.

Maybe that is because there is no automated way to determine the "floor >number". Especially for devices which task it is to do DNS, DHCP and so
on - those do not even contain hardware to determine their own X/Y location.

Quoting myself: "Note that the data does not need to be derived from
GPS data. Since it doesn't change (often), it could be entered into
the database when the DNS record was created."

That means that in 1994, there was no requirement to identify the
location of a router, server, computer, etc using GPS. Merely
entering the location data the SNMP MIB (management information base)
would be sufficient. Obviously, that won't work for moving objects,
but GPS was not fully operational until 1995 and was not useable for
indoor applications until High Sensitivity GPS arrived in about 1999 <https://www.furuno.com/en/gnss/technical/tec_high>
and Selective Availability was disabled in May 2000. If someone
proposes a geographic network equipment location system prior to about
2000, it wouldn't have worked very well.

I must say that that RFC does have a joke smell to it. You know, like the >"I'm a teapot" HTTP status, the "evil bit" for ethernet packets and lets not >forget "IP over avian carriers" (which, by the way /does/ work).

The RFC's I mentioned don't seem to be in the official book of April
Fools RFC's.
<https://www.rfchumor.com>

And although most/all smartphones do have a GPS, those are notoriously bad >at determing elevation (which is not really a surprise, if you look at where >the GPS satelites are located in relation to the GPS receiver).

That's true which is why sports GPS receivers often include a
barometric altimeter: <https://support.garmin.com/en-US/?faq=WlvNrOungC28xGtwB7hLY5>
"With proper calibration, the barometric altimeter of a Garmin watch
or outdoor handheld will report elevation readings ranging from -2,000
to 30,000 feet with an accuracy of +/-10 feet at any given point."
"Elevation calibrated by GPS is accurate to +/-400 feet at any given
point with a strong GPS signal"

Regards,
Rudy Wieser

--
Jeff Liebermann jeffl@cruzio.com
PO Box 272 http://www.LearnByDestroying.com
Ben Lomond CA 95005-0272 AE6KS 831-336-2558

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

R.Wieser wrote:

And happy year to you - and everyone else here. :-)

Happy New Year!

Every January 1st, I change the moniker on many of my accounts for privacy. Maria Sophia <mariasophia@comprehension.com> is what the moniker is now.

The rest of the headers are completely random from dictionary lookups
(as my "newsreader" is actually a bunch of scripts using telnet & gVim).

I'm not "hiding from you". I change nothing but the headers. Hence, if you can't figure out who I am in less than about ten seconds based on what I
write and how I write it and how I post excellent research often backed up
by detailed annotated screenshots & photos, please don't exclaim a thousand posts from now that you finally eventually figured it out - as when you do
that - it's absurd you think I'm "hiding" from you.

If you have no understanding of privacy, then save us all the trouble and
just put me in your killfile because anyone saying that they "found me" is someone who has nothing to offer because if it's that difficult for anyone
to figure out what is never hidden, then they have no right to exclaim
they're a genius for finally figuring out what was never hidden from them.

Note that while the headers are dictionary lookups, I did take what Andy & Chris suggested into account by adding scripts to identify the fontset.
--
My goal on these Usenet newsgroups is to teach, learn and to help others.
I post so many thousands of times a year, that privacy is inherently key.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: alt.comp.os.windows-11

Jeff,

Maybe that is because there is no automated way to determine the
"floor number". Especially for devices which task it is to do
DNS, DHCP and so on - those do not even contain hardware to
determine their own X/Y location.

Quoting myself: "Note that the data does not need to be derived
from GPS data. Since it doesn't change (often), it could be
entered into the database when the DNS record was created."

Two things about that :

1) You are talking about *users*, the ones who cannot even be arsed to
change a default password.

2) There is no reason to put the truth in there - it has zero function for them.

Worse, privacy-concious people would leave it at its default on purpose (I certainly would).

And than there is the problem how a human would determine the floor number he's on. Besides all the houses/buildings that have a half-sunken/elevated "cellar" (where you have to go up half a flight of stairs to reach the front door) there are also houses where going up/down half a flight of stairs gets you to the next room.

I suggest you not pass judgment on technology that you
might consider old and instead concentrate on whether
they might actually work.

You misunderstood : I did not say it was old, I indicated that it had a
*lot* of time to come to fruition, but that has not happened.

As for "might actually work" ? It doesn't bring any benefits to the user,
so most of them will simply not bother with it.

As I assume that the people who wrote that RFC where aware of the "if /everybody/ has to do it to make it work, than it won't work" saying I have
to assume it was put up as a joke.

That's true which is why sports GPS receivers often include a
barometric altimeter:

Which are also a problem : it relies on air pressure, which varies under the different weather types. /Way/ enough to make the measurement go up/down a number of floors. Its also a relative measurement, and needs to be
calibrated before use.

Regards,
Rudy Wieser


--- Synchronet 3.21a-Linux NewsLink 1.2