From Newsgroup: alt.internet.wireless

bad sector wrote on Sat, 8 Jun 2024 16:24:07 -0400 :

Why is there any restriction AT ALL on the password syntax? Since I will
be doing this often after Factory Resets until I'm happy with the entire process it's a royal PITA not to be able enter just a single character
or none at all whenever it so tickles my fancy! This is an
administrative function which is entirely an owner prerogative.

I was unaware there is a restriction on the password syntax, but I don't
doubt that there is - where - I get your point that it's not their Wi-Fi
that you're logging into - but your own Wi-Fi access point.

So they should stay out of it. In a similar vein, there are Netgear routers which, when upgraded, do nothing more than change the password syntax (from
the minimum of 8 characters to 10).

In the end, you end up having every router but one with an 8-character password, and one has all zeros appended to pad it out - but that stinks.

If it's for equipment that you control, the password syntax should not be determined by someone else.

BTW, I hope you're appending "_nomap" to the SSID (for reasons of privacy). And, I hope you're considering not broadcasting the SSID (again, not for security, but for reasons of privacy). Having suggested those two changes,
I'm well aware that 999 out of 1,000 people won't understand in the least
why I suggested those two privacy focused SSID changes; I hope you do.
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

Andrew wrote on Sun, 9 Jun 2024 01:10:49 -0000 (UTC) :

I was unaware there is a restriction on the password syntax, but I don't doubt that there is - where - I get your point that it's not their Wi-Fi
that you're logging into - but your own Wi-Fi access point.

Or were you speaking about the Android lock screen password?

For that, I've had no password for many years (so certainly Android 13
allows no lock screen password at all).

Given my phone is set up for privacy by design, I have no need for a
lockscreen password - but I realize probably 999,999 out of a million
people don't understand a word of what I say as to the logically sensible reasons it's absurd to have a lockscreen password (if you set up the phone right in the first place).
--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

On 6/8/24 21:10, Andrew wrote:

bad sector wrote on Sat, 8 Jun 2024 16:24:07 -0400 :

Why is there any restriction AT ALL on the password syntax? Since I will
be doing this often after Factory Resets until I'm happy with the entire
process it's a royal PITA not to be able enter just a single character
or none at all whenever it so tickles my fancy! This is an
administrative function which is entirely an owner prerogative.

I was unaware there is a restriction on the password syntax, but I don't doubt that there is - where - I get your point that it's not their Wi-Fi
that you're logging into - but your own Wi-Fi access point.

So they should stay out of it. In a similar vein, there are Netgear routers which, when upgraded, do nothing more than change the password syntax (from the minimum of 8 characters to 10).

In the end, you end up having every router but one with an 8-character password, and one has all zeros appended to pad it out - but that stinks.

If it's for equipment that you control, the password syntax should not be determined by someone else.

It's for the WiFi network set up using my phone as hotspot. A default so-many-characters long SSID appears which I edit down to a single
character but the dialog will not accept any password or no password. I
think I could get a no-security mode going without a password at all
though, haven't tried that yet.

BTW, I hope you're appending "_nomap" to the SSID (for reasons of privacy). And, I hope you're considering not broadcasting the SSID (again, not for security, but for reasons of privacy). Having suggested those two changes, I'm well aware that 999 out of 1,000 people won't understand in the least
why I suggested those two privacy focused SSID changes; I hope you do.

For now and for many months to come I am and will remain at greenhorn
level as far as smart-phones go. I have absolutely no time for it all
summer long and on the other hand I want to get to a high degree of
control which is likely to take two years at least. I do lots of factory resets and am learning to re-tweak the setup in as irreverent a manner
as I can and mostly by junking 90% of what got installed without being
asked if I want it.

What does adding _nomap to the SSID accomplish? Does that depend on any mutation of trust?
--
Oh Lord of the Keyrings on high, have I got bad news for you: the word
trust is nowhere to be found in my security dictionary.


--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: alt.internet.wireless

bad0a+0#+sector wrote on Sat, 8 Jun 2024 21:49:14 -0400 :

If it's for equipment that you control, the password syntax should not be
determined by someone else.

It's for the WiFi network set up using my phone as hotspot. A default so-many-characters long SSID appears which I edit down to a single
character but the dialog will not accept any password or no password. I think I could get a no-security mode going without a password at all
though, haven't tried that yet.

Most people likely hate me on this newsgroup (because most people are
morons who hate that I debunk all their myths - IMHO); but I strive to help people who ask questions by testing out those questions on my phone.

So I tested it... using my Galaxy A32-5G T-Mobile, USA, Android 13.
1. Settings > Connections > Mobile hotspot and tethering > Mobile Hotspot
2. Turning that on said the following warming:
Mobile Hotspot may not be available
You're connected to a 5GHz Wi-Fi network using Wi-Fi sharing.
Some devices don't support 5GHz networks. If you have any trouble
connecting to your Mobile Hotspot from another device, try turning
off Wi-Fi sharing. [OK]
3. Longpressing on the now-turned-on "Mobile Hotspot" on/off setting brings
up an Android activity asking for the Network name, Password, Band,
and then an option to configure "Auto Hotspot" and a listing of
"Connected Devices" along with a QR code and Help-link icon.

The Password is set to "None" as it was previously configured when my WISP Internet had gone out so I know it accepts no password by pressing
"Configure", which brings up a form with a few items on it as expected.
Network name = myphone_nomap
Band = 2.4GHz
Security = Open
Maximum connections = 5
Set mobile data limit = unset
Turn off when no device connected for = 10 minutes
Broadcast network name (SSID) = off
Protected Management Frames = on
Wi-Fi sharing = on

But again, while people hate me for giving them facts, I do try very much
to help people (even those who hate me), so I will try to set the password.

The choices for security are:
None
WPA2-Personal
WPA2/WPA3-Personal
WPA3-Personal

I set it to WPA2-Personal and entered 1 as the password, but as you noted,
it said in red "Enter password of at least 8 characters" which I then set
to 12345678 and it took that.

BTW, I hope you're appending "_nomap" to the SSID (for reasons of privacy). >> And, I hope you're considering not broadcasting the SSID (again, not for
security, but for reasons of privacy). Having suggested those two changes, >> I'm well aware that 999 out of 1,000 people won't understand in the least
why I suggested those two privacy focused SSID changes; I hope you do.

For now and for many months to come I am and will remain at greenhorn
level as far as smart-phones go.

If you're a greenhorn, then you will not be able to set up your phone (or anything, for that matter, not even a router) for privacy. It takes time.

I have absolutely no time for it all
summer long and on the other hand I want to get to a high degree of
control which is likely to take two years at least.

The best way to get a high degree of control over a cellphone is to root
it, but I suspect one out of 10,000 people roots their Android phones.

I do lots of factory
resets and am learning to re-tweak the setup in as irreverent a manner
as I can and mostly by junking 90% of what got installed without being
asked if I want it.

My advice is for you to do one very important thing for privacy, which is
to press the "SKIP" button when the phone asks you to set up a Google
Account on that phone.

This advice is for privacy.

What does adding _nomap to the SSID accomplish?

Do you read the news? There must be thousands of articles about this over
the years, and even scores of them due to recent issues with how Apple is throwing the privacy of all Android users under the bus due to it.

Whatg's App's solution?
heh heh heh ... add "_nomap" to the end of your SSID.
<https://www.macworld.com/article/2343297/apple-wi-fi-network-wps-vulnerability-location-services-leak.html>

Does that depend on any mutation of trust?

I don't even know what that question is asking, but here's more about how
Apple recently threw everyone under the bus who didn't add the "_nomap".

[https://www.theregister.com/2024/05/23/apple_wifi_positioning_system/]
"The threat applies even to users that do not own devices for which the
WPSes are designed - individuals who own no Apple products, for instance,
can have their AP in Apple's WPS merely by having Apple devices come
within
Wi-Fi transmission range."

<https://www.cs.umd.edu/~dml/papers/wifi-surveillance-sp24.pdf>
In this work, we show that Apples WPS implementation can easily
be abused to create a serious privacy threat on a global scale.

[https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/]
"There is one crucial difference between the way in which
Apple and Google devices carry out this task
and that's exactly where the privacy issue arises."

[https://www.macworld.com/article/2343297/apple-wi-fi-network-wps-vulnerability-location-services-leak.html]
"Researchers have discovered a crucial vulnerability in the way
only Apple's location services work"

[https://www.govinfosecurity.com/surveillance-risk-apples-wifi-based-positioning-system-a-25330]
"The attack risk stems from Apple's WiFi-based Positioning System, or WPS"

[https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/]
"We need to understand Apple devices figure out locations differently"

[https://securityboulevard.com/2024/05/apple-wi-fi-location-privacy-richixbw/]
"An unrestricted Apple API endpoint allows for easy tracking."


[https://cybernews.com/privacy/apple-beams-wifi-location-data-privacy-risk/]
"Anyone can exploit Apple's flawed WiFi-based positioning system (WPS)*

[https://arxiv.org/abs/2405.14975]
"In this work, we show that Apple's flawed WPS can too easily be abused"


<https://cyberinsider.com/apples-wi-fi-based-positioning-system-is-a-privacy-nightmare/>
"" <https://www.bizcommunity.com/article/apple-may-have-turned-wi-fi-routers-into-a-privacy-threat-239637a>
"Researchers from the University of Maryland have uncovered a
significant privacy vulnerability in Apple's Wi-Fi-based
Positioning System (WPS). This vulnerability enables attackers
to track devices globally by exploiting the way Apple's WPS
operates, raising serious privacy concerns."

<https://www.bizcommunity.com/article/apple-may-have-turned-wi-fi-routers-into-a-privacy-threat-239637a>
"Researchers from the University of Maryland have uncovered a
significant privacy vulnerability in Apple's Wi-Fi-based
Positioning System (WPS). This vulnerability enables attackers
to track devices globally by exploiting the way Apple's WPS
operates, raising serious privacy concerns."

<https://cyberinsider.com/apples-wi-fi-based-positioning-system-is-a-privacy-nightmare/>
*Apple's Wi-Fi-Based Positioning System is a Privacy Nightmare*
"Researchers from the University of Maryland have uncovered a
significant privacy vulnerability in Apple's Wi-Fi-based Positioning
System (WPS). This vulnerability enables attackers to track devices
globally by exploiting the way Apple's WPS operates, raising
serious privacy concerns."

In summary, people hate me because I tell them things they don't want to understand, where I hope you at least appreciate I'm trying to help you.
--- Synchronet 3.21d-Linux NewsLink 1.2