From Newsgroup: misc.phone.mobile.iphone

Given no WPS database is as insecure as Apple's GPS database, I followed exactly what the researchers suggested so that now I can easily collect the entire Apple WPS GPS database for the mere cost of 120GB of storage space.

Yes. It's that trivial to get every single GPS location of every single
access point in Apple's highly insecure and very public WPS database.

Apple's implementation is so fundamentally flawed, that this is trivial!
If it's trivial for me to do, think about what the bad guys can do.

Yet, Chris repeatedly claimed it was NOT trivial.

Hence, to prove to Chris (and others) how trivial it is to replicate why researchers were appalled that Apple has no restrictions on access, below
is basically a single-line change to the FOSS code used to query the db.
<https://github.com/darkosancanin/apple_bssid_locator>

I modified the FOSS code so that it returns up to 400 GPS:BSSID pairs with every query now. This slight modification enables me to easily & perfectly reproduce the published research. Bare in mind I have no special coding skills. That's the really scary part of how poorly this is implemented.

#!/usr/bin/env -S uv run --script
# -*- coding: utf-8 -*-

# C:\app\os\python\apple_bssid_locator\apple_bssid_locator.py
# Queries Apple WPS database for GPS:BSSID location pairs
# Implementation based on https://github.com/hubert3/iSniff-GPS
#
# Usage: apple_bssid_locator.py 11:22:33:AA:BB:CC
# Usage: apple_bssid_locator.py 11:22:33:AA:BB:CC --all
# Usage: apple_bssid_locator.py 11:22:33:AA:BB:CC --map
#
# Changelog:
# v1p0 20251205 - Initial version
# v1p1 20251214 - Added logging to results.txt
# v1p2 20251215 - Timestamped results.txt to avoid overwrites
# v1p3 20251219 - Limited output to 6 decimal places
# v1p4 20251219 - Added raw integer output alongside converted decimals
# v1p5 20251222 - Fixed raw to decimal conversion (divide by 100 Million)

import argparse
import requests
import webbrowser
import AppleWLoc_pb2

def parse_arguments():
parser = argparse.ArgumentParser()
parser.add_argument("bssid", type=str, help="display the location of the bssid")
parser.add_argument("-m", "--map", help="shows the location on google maps", action='store_true')
parser.add_argument("-a", "--all", help="shows all results returned, not just the requested one", action='store_true')
args = parser.parse_args()
return args

def format_bssid(bssid):
return ':'.join(e.rjust(2, '0') for e in bssid.split(':'))

def query_bssid(bssid, output_file="results.txt"):
apple_wloc = AppleWLoc_pb2.AppleWLoc()
wifi_device = apple_wloc.wifi_devices.add()
wifi_device.bssid = bssid
apple_wloc.unknown_value1 = 0
apple_wloc.return_single_result = 0 # request ALL results
serialized_apple_wloc = apple_wloc.SerializeToString()
length_serialized_apple_wloc = len(serialized_apple_wloc)

headers = {'User-Agent':'locationd/1753.17 CFNetwork/889.9 Darwin/17.2.0'}
data = b"\x00\x01\x00\x05"+b"en_US"+b"\x00\x13"+b"com.apple.locationd"+b"\x00\x0a"+b"8.1.12B411"+b"\x00\x00\x00\x01\x00\x00\x00" + bytes((length_serialized_apple_wloc,)) + serialized_apple_wloc
r = requests.post('https://gs-loc.apple.com/clls/wloc', headers=headers, data=data)

apple_wloc = AppleWLoc_pb2.AppleWLoc()
apple_wloc.ParseFromString(r.content[10:])

# Build dictionary of results
results = {}
with open(output_file, "w") as f:
for wifi_device in apple_wloc.wifi_devices:
if wifi_device.HasField('location'):
raw_lat = wifi_device.location.latitude
raw_lon = wifi_device.location.longitude
lat = raw_lat * 1e-8
lon = raw_lon * 1e-8
mac = format_bssid(wifi_device.bssid)
results[mac] = (lat, lon, raw_lat, raw_lon)
# Write both raw integers and converted decimals (8 decimal places)
f.write(f"{mac}\t{raw_lat}\t{raw_lon}\t{lat:.8f}\t{lon:.8f}\n")

print(f"Saved {len(results)} entries to {output_file}")
return results

def main():
args = parse_arguments()
print("Searching for location of bssid: %s" % args.bssid)
results = query_bssid(args.bssid)

# Determine which BSSIDs to process
bssids_to_process = results.keys() if args.all else [args.bssid.lower()]

found = False
for bssid in bssids_to_process:
if bssid in results:
lat, lon, raw_lat, raw_lon = results[bssid]
if lat == -180.0 and lon == -180.0:
continue # Skip entries that were not found
if found:
print()
print(f"BSSID: {bssid}")
print(f"Raw latitude integer: {raw_lat}")
print(f"Raw longitude integer: {raw_lon}")
print(f"Latitude (degrees): {lat:.8f}")
print(f"Longitude (degrees): {lon:.8f}")
if args.map:
url = f"http://www.google.com/maps/place/{lat:.8f},{lon:.8f}"
webbrowser.open(url)
found = True
if not found:
print("The bssid was not found.")

if __name__ == '__main__':
main()

# end of C:\app\os\python\apple_bssid_locator\apple_bssid_locator.py
--
The goal is for all of us to help Apple understand it's morally, legally
and ethically reprehensible for Apple's WPS design to remain this bad.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Marian wrote:

I modified the FOSS code so that it returns up to 400 GPS:BSSID pairs with every query now. This slight modification enables me to easily & perfectly reproduce the published research. Bare in mind I have no special coding skills. That's the really scary part of how poorly this is implemented.

Instead of calling the modified FOSS Python script directly, I wrote this extremely trivial Windows batch wrapper to collect & format the output.

Since I have no special coding skills, this proves how trivial it is to collect all two billion access point locations in Apple's highly insecure
yet extremely public WPS database.

That Apple's WPS is so poorly designed that it ignores every tenet of
privacy that Apple "says" it stands for, is patently reprehensible.

@echo off
setlocal EnableDelayedExpansion
:: C:\app\os\python\apple_bssid_locator\bssid.bat
:: Use: bssid.bat <Enter> (then enter desired BSSID to look up)
:: Sample values:
:: 00:18:f8:c1:4a:65
:: 00:07:89:d7:82:e8
:: 04:09:A5:3B:34:67
::
:: Logs up to 400 BSSID:GPS pairs from Apple's WPS public database
:: Loop until user types q
::
:: Changelog:
:: v1p0 20251205 - Query Apple's highly insecure WPS database
:: v1p1 20251214 - Saves to time-date stamped results.txt log file
:: v1p2 20251215 - Timestamp results.txt so it's not overwritten
:: v1p3 20251219 - Limit the human-readable GPS to 6 decimal places
:: v1p4 20251219 - Show original raw integers + converted decimals
:: v1p5 20251219 - Tried to accomodate Google Maps query to new format
:: v1p6 20251219 - Changed to block-aware parsing with debug output
:: v1p7 20251219 - Enable delayed expansion to fix parsing inside loops

set LOGDIR=%~dp0log
if not exist "%LOGDIR%" mkdir "%LOGDIR%"

:: Create a unique session log (YYYYMMDD_HHMMSS)
for /f %%A in ('wmic os get localdatetime ^| find "."') do set dt0=%%A
set "session_ts=%dt0:~0,8%_%dt0:~8,6%"
set "session_log=%LOGDIR%\session_%session_ts%.log"

echo === New BSSID lookup session started at %date% %time% === >> "%session_log%"

echo.
echo === Nearby Wi-Fi Networks ===
netsh wlan show networks mode=bssid
echo =============================

:loop
echo.
set /p BSSID=Enter the BSSID (or q to quit):

if /I "%BSSID%"=="q" goto end

:: --- Clean up input ---
set "BSSID=%BSSID:"=%"
set "BSSID=%BSSID: =%"

:: --- Make filename-safe version ---
set "safeBSSID=%BSSID::=-%"

:: --- Generate timestamp for THIS lookup ---
for /f %%A in ('wmic os get localdatetime ^| find "."') do set dt=%%A
set "ts=%dt:~0,8%_%dt:~8,6%"

:: --- Timestamped output file ---
set "outfile=%LOGDIR%\bssid_%safeBSSID%_%ts%.txt"

:: --- Clear previous coordinates ---
set "LAT="
set "LON="

echo === Lookup started at %date% %time% === > "%outfile%"
echo BSSID: %BSSID% >> "%outfile%"
echo. >> "%outfile%"

:: --- Run Python lookup ---
python.exe apple_bssid_locator.py %BSSID% --all >> "%outfile%"

:: --- Display results ---
echo -----------------------------------------------
type "%outfile%"
echo -----------------------------------------------

:: --- Block-aware parsing of coordinates (with delayed expansion) ---
set "CAPTURE="
set "LAT="
set "LON="

for /f "usebackq delims=" %%L in ("%outfile%") do (
if /i "%%L"=="BSSID: %BSSID%" (
set "CAPTURE=1"
set "LAT="
set "LON="
echo [DEBUG] Found block start for %BSSID%
) else if defined CAPTURE (
echo [DEBUG] Line in block: %%L

echo %%L | findstr /i /c:"Latitude (degrees):" >nul
if not errorlevel 1 (
for /f "tokens=2 delims=:" %%A in ("%%L") do set "LAT=%%A"
if defined LAT set "LAT=!LAT: =!"
echo [DEBUG] Parsed LAT candidate = "!LAT!"
)

echo %%L | findstr /i /c:"Longitude (degrees):" >nul
if not errorlevel 1 (
for /f "tokens=2 delims=:" %%B in ("%%L") do set "LON=%%B"
if defined LON set "LON=!LON: =!"
echo [DEBUG] Parsed LON candidate = "!LON!"
)

if defined LAT if defined LON (
goto :gotCoords
)

echo %%L | findstr /i /c:"BSSID:" >nul
if not errorlevel 1 (
set "CAPTURE="
)
)
)

:gotCoords
echo [DEBUG] Final LAT = "!LAT!"
echo [DEBUG] Final LON = "!LON!"

:: --- Validate parsed coordinates ---
if not defined LAT echo [DEBUG][ERROR] Latitude not captured. Check Python output format near "BSSID: %BSSID%".
if not defined LON echo [DEBUG][ERROR] Longitude not captured. Check Python output format near "BSSID: %BSSID%".

:: --- Save results ---
echo === Lookup finished at %date% %time% === >> "%outfile%"
echo. >> "%outfile%"

:: --- Append to session log ---
echo [%date% %time%] BSSID: %BSSID% >> "%session_log%"
echo Latitude: !LAT! >> "%session_log%"
echo Longitude: !LON! >> "%session_log%"
echo. >> "%session_log%"

:: --- Append to master log ---
echo [%date% %time%] BSSID: %BSSID% >> "%LOGDIR%\results.log"
echo Latitude: !LAT! >> "%LOGDIR%\results.log"
echo Longitude: !LON! >> "%LOGDIR%\results.log"
echo. >> "%LOGDIR%\results.log"

:: --- Open in Google Maps ---
if defined LAT if defined LON start msedge "https://www.google.com/maps/search/?api=1&query=!LAT!,!LON!"

goto loop

:end
echo Exiting. Goodbye!
endlocal

:: end of C:\app\os\python\apple_bssid_locator\bssid.bat
--
The goal is for all of us to help Apple understand it's morally, legally
& ethically reprehensible for Apple's WPS design to remain this way.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Marian wrote:

Since I have no special coding skills, this proves how trivial it is to collect all two billion access point locations in Apple's highly insecure yet extremely public WPS database.

Once you have collected the location of every access point you want to
track movements of, all you need then is a trivial comparison script.

Again, I have no special coding skills, where I'm simply following the recommendations the researchers explained showing how trivial it is to
track the location of every access point in Apple's highly insecure WPS db.

Remember, once you're in this highly insecure but very public Apple WPS database, you can't opt out of it. Ever. So you're tracked forever!

@echo off
:: This is C:\app\os\python\apple_bssid_locator\bssidcompare.bat
:: v1p0 20251215
:: Outputs if there is movecment for any given BSSID in results.txt

setlocal enabledelayedexpansion

:: Threshold for movement (where 0.001 degrees is roughly 100 kilometers)
set THRESH=0.001

:: Input file collected using apple_bssid_locator open source code
:: These are actual BSSID:GPS pairs which you can test yourself!
:: 28:6d:97:c8:5a:30 35.2948265 126.77577972
:: 00:22:3f:a5:7b:33 35.29422378 126.77641296
:: 10:62:e5:b1:8f:12 35.29444885 126.77671051
:: 12:09:a5:53:df:13 35.29491043 126.77599334
:: 28:6d:97:4f:be:d0 35.29439163 126.77655029
:: 28:6d:97:b9:89:96 35.29463195 126.77554321000001
:: 42:09:a5:53:df:13 35.294940940000004 126.7760086

set INFILE=results.txt

echo Checking for GPS movement greater than %THRESH% degrees...
echo.

:: Loop through each line of results.txt
for /f "tokens=1,2,3 delims= " %%A in (%INFILE%) do (
set BSSID=%%A
set LAT=%%B
set LON=%%C

:: If we've seen this BSSID before, compare
if defined lastLAT[!BSSID!] (
set /a diffLAT=1000000*( !LAT! - !lastLAT[!BSSID!]! )
set /a diffLON=1000000*( !LON! - !lastLON[!BSSID!]! )

:: Convert to absolute values
if !diffLAT! lss 0 set /a diffLAT=-!diffLAT!
if !diffLON! lss 0 set /a diffLON=-!diffLON!

:: Compare against threshold (scaled by 1,000,000)
set /a threshScaled=%THRESH%*1000000
if !diffLAT! gtr !threshScaled! (
echo BSSID !BSSID! moved in LAT by more than %THRESH% degrees
)
if !diffLON! gtr !threshScaled! (
echo BSSID !BSSID! moved in LON by more than %THRESH% degrees
)
)

:: Store current coordinates
set lastLAT[!BSSID!]=!LAT!
set lastLON[!BSSID!]=!LON!
)

echo.
echo Comparison complete.
endlocal

:: end of C:\app\os\python\apple_bssid_locator\bssidcompare.bat
--
We need to impress upon Apple management that they have designed a WPS
system that directly disregards everything Apple "says" they stand for.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Marian wrote:

Once you have collected the location of every access point you want to
track movements of, all you need then is a trivial comparison script.

If you don't want to start with your own BSSID, it's trivial to generate
valid BSSIDs by the tens, hundreds, and thousands, using a simple script.

@echo off
:: C:\app\os\python\apple_bssid_locator\bssidgenerate.bat
:: Runs bssidgenerate.ps1 to generate random/sequential realistic BSSIDs
set "SCRIPT=%~dp0bssidgenerate.ps1"

echo Running PowerShell script:
echo %SCRIPT%
echo.

powershell -NoLogo -NoProfile -ExecutionPolicy Bypass -File "%SCRIPT%"

This is the method the researchers published since it's trivial to find
valid BSSID:GPS locations to then "snowball" outward in increasing radii.

# C:\app\os\python\apple_bssid_locator\bssidgenerate.ps1
# Usemodel: bssidgenerate.bat (runs this powershell script)
# v1p0 20251217
# Generates BSSIDs based on user input.
# Prompts for:
# 1. OUI (first half), e.g., F4:F2:6D (TP-Link)
# 2. Number of BSSIDs to generate (e.g., 100)
# 3. Mode: R = random, S = sequential
# v1p1 20251217
# Saves results to bssidinput.txt
# Forces an OUI in case enter is hit prematurely
# v1p2 20251217
# Added menu of the ten most common USA OUI's
# v1p3 20251217
# Added sequential-mode starting block
# v1p4 20251217
# Added wraparound protection (at FF:FF:FF)

# --- BEGIN OUI MENU BLOCK ---
Write-Host ""
Write-Host "Select an OUI from the menu or press Enter to type your own:"
Write-Host " 1) TP-Link F4:F2:6D"
Write-Host " 2) Netgear 44:94:FC"
Write-Host " 3) Arris 60:31:97"
Write-Host " 4) Ubiquiti 24:A4:3C"
Write-Host " 5) Technicolor 10:13:31"
Write-Host " 6) Cisco/Linksys 00:25:9C"
Write-Host " 7) ASUS AC:9E:17"
Write-Host " 8) Google/Nest F4:F5:D8"
Write-Host " 9) Amazon/Eero 74:83:C2"
Write-Host " 10) Hitron C8:3A:35"
Write-Host ""

$choice = Read-Host "Enter menu number (1-10) or press Enter to type your own"

switch ($choice) {
"1" { $oui = "F4:F2:6D" }
"2" { $oui = "44:94:FC" }
"3" { $oui = "60:31:97" }
"4" { $oui = "24:A4:3C" }
"5" { $oui = "10:13:31" }
"6" { $oui = "00:25:9C" }
"7" { $oui = "AC:9E:17" }
"8" { $oui = "F4:F5:D8" }
"9" { $oui = "74:83:C2" }
"10" { $oui = "C8:3A:35" }
default { $oui = $null }
}
# --- END OUI MENU BLOCK ---

# Ask for the first half (OUI)
if (-not $oui) {
$oui = Read-Host "Enter the first half (e.g., F4:F2:6D)"
}
$oui = $oui.ToUpper().Replace("-",":").Trim()

# Prevent empty OUI
if (-not $oui) {
Write-Host "You must enter an OUI such as F4:F2:6D."
exit
}

# Ask how many BSSIDs to generate
$count = Read-Host "How many BSSIDs do you want to generate?"
$count = [int]$count

# Ask for mode: random or sequential
$mode = Read-Host "Random or Sequential? (R/S)"
$mode = $mode.ToUpper()

Write-Host ""
Write-Host "Generating BSSIDs..."
Write-Host ""

# Output file
$outfile = "bssidinput.txt"
Clear-Content -Path $outfile -ErrorAction SilentlyContinue

# Function to format a number 0iV255 as two hex digits
function To-Hex([int]$n) {
return "{0:X2}" -f $n
}

# Sequential mode
if ($mode -eq "S") {

# Ask for starting second-half (e.g., AB:CD:EF)
$startHex = Read-Host "Enter starting second-half (e.g., AB:CD:EF) or press Enter for 00:00:00"
if (-not $startHex) { $startHex = "00:00:00" }

# Normalize
$startHex = $startHex.ToUpper().Replace("-",":").Trim()

# Convert to integer
$parts = $startHex.Split(":")
if ($parts.Count -ne 3) {
Write-Host "Invalid starting value. Must be three bytes like AB:CD:EF."
exit
}

$startVal = ([Convert]::ToInt32($parts[0],16) -shl 16) `
+ ([Convert]::ToInt32($parts[1],16) -shl 8) `
+ [Convert]::ToInt32($parts[2],16)

$maxVal = 0xFFFFFF

for ($i = 0; $i -lt $count; $i++) {

$val = $startVal + $i

if ($val -gt $maxVal) {
Write-Host "Reached maximum value FF:FF:FF. Stopping."
break
}

$b1 = ($val -shr 16) -band 0xFF
$b2 = ($val -shr 8) -band 0xFF
$b3 = $val -band 0xFF

$bssid = "${oui}:{0}:{1}:{2}" -f (To-Hex $b1), (To-Hex $b2), (To-Hex $b3)
Write-Host $bssid
Add-Content -Path $outfile -Value $bssid
}
}

# Random mode
elseif ($mode -eq "R") {
$rand = New-Object System.Random
for ($i = 0; $i -lt $count; $i++) {
$b1 = $rand.Next(0,256)
$b2 = $rand.Next(0,256)
$b3 = $rand.Next(0,256)

$bssid = "${oui}:{0}:{1}:{2}" -f (To-Hex $b1), (To-Hex $b2), (To-Hex $b3)
Write-Host $bssid
Add-Content -Path $outfile -Value $bssid
}
}

else {
Write-Host "Invalid choice. Please enter R or S."
}

Write-Host ""
Write-Host "Output file saved to: $(Resolve-Path $outfile)"

# end of C:\app\os\python\apple_bssid_locator\bssidgenerate.ps1
--
What's scary is this easily proves everything about privacy that
Apple claims to stand for, is easily proven to be a brazen mistruth.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Marian wrote:

If you don't want to start with your own BSSID, it's trivial to generate valid BSSIDs by the tens, hundreds, and thousands, using a simple script.

Once you have a handful of valid BSSIDs, you can check each one with this trivially simple script to find where that BSSID is, anywhere in the world.

@echo off
:: This is C:\app\os\python\apple_bssid_locator\bssidcheck.bat
:: v1p0 20251217
:: reads a list of made-up BSSIDs from bssidcheck.txt
:: outputs to the console and into a timestamped log file
:: v1p1 20251217
:: added fullpath to output files in the console output
:: v1p2 20251217
:: only log when a lookup is successful
:: v1p3 20251217
:: added summary section of bssid's that were found

:: Begin Log setup
set LOGDIR=%~dp0log
if not exist "%LOGDIR%" mkdir "%LOGDIR%"

for /f %%A in ('wmic os get localdatetime ^| find "."') do set dt0=%%A
set "session_ts=%dt0:~0,8%_%dt0:~8,6%"
set "session_log=%LOGDIR%\session_%session_ts%.log"
:: End Log setup

:: --- begin Success list setup ---
set "FOUND_LIST="
:: --- end Success list setup ---

echo === New BSSID lookup session started at %date% %time% === >> "%session_log%"
echo Session log: %session_log%

:: Begin FILE MODE
if exist "%~dp0bssidcheck.txt" (
echo Processing BSSIDs from bssidcheck.txt...
for /f "usebackq tokens=*" %%X in ("%~dp0bssidcheck.txt") do (
set "BSSID=%%X"
call :process_bssid
)
goto end
)
:: End FILE MODE

:: Begin INTERACTIVE MODE
:loop
echo.
set /p BSSID=Enter the BSSID (or q to quit):
if /I "%BSSID%"=="q" goto end

call :process_bssid
goto loop

:: End INTERACTIVE MODE

:: Begin PROCESS ONE BSSID
:process_bssid
:: --- Clean up input ---
set "BSSID=%BSSID:"=%"
set "BSSID=%BSSID: =%"

:: --- begin Make filename-safe version ---
set "safeBSSID=%BSSID::=-%"
:: --- end Make filename-safe version ---

:: --- begin Generate timestamp for THIS lookup ---
for /f %%A in ('wmic os get localdatetime ^| find "."') do set dt=%%A
set "ts=%dt:~0,8%_%dt:~8,6%"
:: --- end Generate timestamp for THIS lookup ---

:: --- begin Timestamped output file ---
set "outfile=%LOGDIR%\bssidlookup_%ts%_%safeBSSID%.log"
:: --- end Timestamped output file ---

:: --- begin Clear previous coordinates ---
set LAT=
set LON=
:: --- end Clear previous coordinates ---

:: --- begin Run Python lookup ---
echo === Lookup started at %date% %time% === > "%outfile%"
echo BSSID: %BSSID% >> "%outfile%"
echo. >> "%outfile%"

python.exe apple_bssid_locator.py %BSSID% --all >> "%outfile%"
:: --- end Run Python lookup ---

:: --- begin Display results ---
echo -----------------------------------------------
type "%outfile%"
echo -----------------------------------------------
if defined LAT if defined LON echo Log written to: %outfile%
:: --- end Display results ---

:: --- begin Extract coordinates ---
for /f "tokens=2 delims=: " %%A in ('findstr /i "Latitude" "%outfile%"') do set LAT=%%A
for /f "tokens=2 delims=: " %%B in ('findstr /i "Longitude" "%outfile%"') do set LON=%%B

echo === Lookup finished at %date% %time% === >> "%outfile%"
echo. >> "%outfile%"
:: --- end Extract coordinates ---

:: --- begin Append to session log ---
if defined LAT if defined LON (
echo [%date% %time%] BSSID: %BSSID% >> "%session_log%"
echo Latitude: %LAT% >> "%session_log%"
echo Longitude: %LON% >> "%session_log%"
echo. >> "%session_log%"

:: Add to success list
set "FOUND_LIST=%FOUND_LIST% %BSSID%"
)
:: --- end Append to session log ---

:: --- begin Append to master log ---
if defined LAT if defined LON (
echo [%date% %time%] BSSID: %BSSID% >> "%LOGDIR%\bssidcheck_%session_ts%.log"
echo Latitude: %LAT% >> "%LOGDIR%\bssidcheck_%session_ts%.log"
echo Longitude: %LON% >> "%LOGDIR%\bssidcheck_%session_ts%.log"
echo. >> "%LOGDIR%\bssidcheck_%session_ts%.log"
)
:: --- end Append to master log ---

:: --- begin Open in Google Maps ---
if defined LAT if defined LON start msedge "https://www.google.com/maps/search/?api=1&query=%LAT%,%LON%"
:: --- end Open in Google Maps ---

goto :eof
:: End PROCESS ONE BSSID


:end

:: --- begin Summary of successful lookups ---
echo.
echo ===== Summary of Successful BSSID Lookups =====
if defined FOUND_LIST (
echo %FOUND_LIST%
) else (
echo No BSSIDs were successfully located.
)
echo ===============================================
echo.
:: --- end Summary of successful lookups ---

echo Exiting. Goodbye!
:: end of C:\app\os\python\apple_bssid_locator\bssidcheck.bat
--
The fundamental question is not only why does Apple's design allow
everything about privacy that Apple "says" they stand for to be so easily proven a farce, but worse, why won't Apple allow us to opt out from WPS?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Marian wrote:

Once you have a handful of valid BSSIDs, you can check each one with this trivially simple script to find where that BSSID is, anywhere in the world.

Now that you have tens, hundreds, thousands, etc., of GPS locations tied to unique BSSIDs in Apple's highly insecure yet very public WPS database, it's trivial to then map them, en masse, using mapping tools available to all.
<https://i.postimg.cc/43ysV3Mr/fermium.jpg>

import folium
# This is C:\app\os\python\bssidplot.py
# USAGE: python bssidplot.py (which reads results.txt & plots it)
# v1p0 20251214
# Plots en masse GPS:BSSID pairs from results.txt using FOSS Folium
# v1p1 20251215
# Generates bssid_map.html from results.txt using Folium
# v1p2 20251215
# Brings up the bssid_map.html plot using the default web browser

import folium

# Read results.txt
points = []
with open("results.txt") as f:
for line in f:
parts = line.strip().split("\t")
if len(parts) == 3:
mac, lat, lon = parts
points.append((mac, float(lat), float(lon)))

if not points:
print("No points found in results.txt")
exit()

# Center map on the first point
start_lat, start_lon = points[0][1], points[0][2]
m = folium.Map(location=[start_lat, start_lon], zoom_start=15)

# Add markers
for mac, lat, lon in points:
folium.Marker(
location=[lat, lon],
popup=f"{mac}\n({lat}, {lon})",
icon=folium.Icon(color="blue", icon="wifi", prefix="fa")
).add_to(m)

# Save map
m.save("bssid_map.html")
print("Map saved to bssid_map.html")

# Open map in Microsoft Edge
import subprocess
import os
map_path = os.path.abspath("bssid_map.html")
import subprocess
subprocess.Popen(['cmd', '/c', 'start', '', map_path])
# end of C:\app\os\python\bssidplot.py
--
The goal is to help Apple execs understand that they're making the
wrong decision on privacy byrunning roughshod over our privacy
(and by not allowing us to ever opt out of their WPS collection!).
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Marian wrote:

Now that you have tens, hundreds, thousands, etc., of GPS locations tied to unique BSSIDs in Apple's highly insecure yet very public WPS database, it's trivial to then map them, en masse, using mapping tools available to all.
<https://i.postimg.cc/43ysV3Mr/fermium.jpg>

Here's just a small sample of valid GPS locations of access points located,
in this case, near the household at 4302 Josey Cir, Shreveport, LA 71109.

The first set of coordinates are how Apple stores them in cleartext.
The second set is merely adding back the omitted decimal place.

02:aa:a0:e3:5f:38 3245891571 -9381494140 32.45891571 -93.81494140
00:18:f8:c1:4a:65 3245990371 -9381384277 32.45990371 -93.81384277
44:1c:12:99:23:58 3245911026 -9381490325 32.45911026 -93.81490325
44:1c:12:99:23:5b 3245911026 -9381489562 32.45911026 -93.81489562
44:1c:12:99:23:5d 3245911407 -9381490325 32.45911407 -93.81490325
44:1c:12:99:23:5e 3245912170 -9381490325 32.45912170 -93.81490325
06:aa:a0:e3:5f:38 3245893096 -9381491088 32.45893096 -93.81491088
72:13:01:01:99:9a 3245925521 -9381433868 32.45925521 -93.81433868
72:13:01:01:99:9d 3245924758 -9381433868 32.45924758 -93.81433868
ec:aa:a0:e3:5f:38 3245892715 -9381493377 32.45892715 -93.81493377
fa:aa:a0:e3:5f:38 3245892715 -9381492614 32.45892715 -93.81492614
00:71:c2:b2:32:68 3245961380 -9381240844 32.45961380 -93.81240844
12:36:aa:7d:3d:b1 3245916748 -9381277465 32.45916748 -93.81277465
12:36:aa:7d:3d:b2 3245917510 -9381276702 32.45917510 -93.81276702
12:36:aa:7d:3d:b6 3245916748 -9381275939 32.45916748 -93.81275939
12:36:aa:c2:2c:01 3245956039 -9381256866 32.45956039 -93.81256866
12:59:32:64:b2:bc 3245960617 -9381244659 32.45960617 -93.81244659
14:c0:3e:38:ef:36 3245925521 -9381269073 32.45925521 -93.81269073
16:c0:3e:38:ef:36 3245927047 -9381270599 32.45927047 -93.81270599
1a:71:c2:b2:32:68 3245961380 -9381240081 32.45961380 -93.81240081
1a:c0:3e:38:ef:36 3245927047 -9381269836 32.45927047 -93.81269836
02:aa:a0:79:a6:b8 3245922088 -9381248474 32.45922088 -93.81248474
38:17:b1:28:28:46 3245930099 -9381246948 32.45930099 -93.81246948
40:48:6e:f1:9f:34 3245960617 -9381307983 32.45960617 -93.81307983
42:17:b1:28:28:46 3245930862 -9381245422 32.45930862 -93.81245422
46:d8:78:a3:03:a3 3245965194 -9381226348 32.45965194 -93.81226348
5c:b0:66:13:26:c1 3245907211 -9381225585 32.45907211 -93.81225585
5e:b0:66:13:26:c1 3245906829 -9381225585 32.45906829 -93.81225585
06:aa:a0:79:a6:b8 3245921325 -9381248474 32.45921325 -93.81248474
72:13:01:46:3c:c1 3245979690 -9381225585 32.45979690 -93.81225585
72:13:01:46:3c:c6 3245980453 -9381227111 32.45980453 -93.81227111
7e:b0:66:13:26:c1 3245906829 -9381226348 32.45906829 -93.81226348
88:ad:43:48:4a:a8 3245935440 -9381262207 32.45935440 -93.81262207
8c:76:3f:b7:b7:97 3245985412 -9381258392 32.45985412 -93.81258392
8e:76:3f:b7:b7:97 3245985412 -9381258392 32.45985412 -93.81258392
96:76:3f:b7:b7:97 3245984649 -9381257629 32.45984649 -93.81257629
98:52:4a:86:fa:4c 3245909500 -9381267547 32.45909500 -93.81267547
98:52:4a:86:fa:4f 3245909118 -9381267547 32.45909118 -93.81267547
98:52:4a:86:fa:51 3245909118 -9381266784 32.45909118 -93.81266784
98:52:4a:86:fa:52 3245909500 -9381268310 32.45909500 -93.81268310
9e:ad:43:48:4a:a8 3245935440 -9381262969 32.45935440 -93.81262969
9e:b0:66:13:26:c1 3245906829 -9381226348 32.45906829 -93.81226348
b2:4f:b8:7f:cb:83 3245939636 -9381261444 32.45939636 -93.81261444
c2:d2:f3:e0:f8:38 3245959472 -9381250762 32.45959472 -93.81250762
ce:6c:6d:83:12:4d 3245934677 -9381251525 32.45934677 -93.81251525
d4:6c:6d:83:12:4d 3245932769 -9381249237 32.45932769 -93.81249237
d6:6c:6d:83:12:4d 3245933532 -9381252288 32.45933532 -93.81252288
da:13:99:28:92:b0 3245917892 -9381269836 32.45917892 -93.81269836
e8:97:b8:8e:5d:0a 3245926284 -9381252288 32.45926284 -93.81252288
0e:c0:3e:38:ef:36 3245925903 -9381269073 32.45925903 -93.81269073
ec:aa:a0:79:a6:b8 3245921707 -9381248474 32.45921707 -93.81248474
f4:0e:83:d7:fb:68 3245945358 -9381261444 32.45945358 -93.81261444
fa:aa:a0:79:a6:b8 3245921707 -9381249237 32.45921707 -93.81249237
fc:ae:34:94:57:f0 3245947265 -9381229400 32.45947265 -93.81229400
fe:ae:34:94:57:f1 3245946502 -9381230926 32.45946502 -93.81230926
10:93:97:0a:e7:80 3245981216 -9381555938 32.45981216 -93.81555938
12:36:aa:62:9c:39 3245927047 -9381568145 32.45927047 -93.81568145
12:36:aa:62:9c:3a 3245927429 -9381570434 32.45927429 -93.81570434
12:36:aa:62:9c:3e 3245926284 -9381569671 32.45926284 -93.81569671
12:36:aa:85:84:c9 3245957946 -9381566619 32.45957946 -93.81566619
18:9c:27:b6:4b:8a 3245974349 -9381589508 32.45974349 -93.81589508
02:cb:7a:c2:d1:42 3245952224 -9381558990 32.45952224 -93.81558990
02:cb:7a:c2:d1:43 3245952224 -9381558227 32.45952224 -93.81558227
02:cb:7a:c2:d1:45 3245951461 -9381559753 32.45951461 -93.81559753
36:e6:e6:86:cd:1c 3245980834 -9381568908 32.45980834 -93.81568908
3a:9c:27:b6:4b:8a 3245975112 -9381591033 32.45975112 -93.81591033
5a:9c:27:b6:4b:8a 3245974731 -9381588745 32.45974731 -93.81588745
8c:85:80:e4:35:dd 3245977401 -9381558990 32.45977401 -93.81558990
8c:0f:6f:21:c8:80 3245981979 -9381555175 32.45981979 -93.81555175
8c:0f:6f:d3:3b:68 3245903015 -9381517791 32.45903015 -93.81517791
8e:76:3f:d4:13:8d 3245980072 -9381594085 32.45980072 -93.81594085
94:a6:7e:31:02:35 3245885467 -9381507873 32.45885467 -93.81507873
9a:0f:6f:21:c8:80 3245981597 -9381555175 32.45981597 -93.81555175
9a:0f:6f:d3:3b:68 3245905303 -9381517791 32.45905303 -93.81517791
a2:0f:6f:21:c8:80 3245981597 -9381555175 32.45981597 -93.81555175
a2:0f:6f:d3:3b:68 3245903778 -9381517791 32.45903778 -93.81517791
a6:0f:6f:21:c8:80 3245981979 -9381557464 32.45981979 -93.81557464
a6:0f:6f:d3:3b:68 3245905685 -9381520080 32.45905685 -93.81520080
ca:3a:6b:db:9b:ba 3245902252 -9381513977 32.45902252 -93.81513977
ce:6c:6d:53:02:e5 3245966339 -9381594848 32.45966339 -93.81594848
d4:6c:6d:53:02:e5 3245965957 -9381594848 32.45965957 -93.81594848
d6:6c:6d:53:02:e5 3245965576 -9381597900 32.45965576 -93.81597900
da:e3:5e:f7:08:87 3245980453 -9381555938 32.45980453 -93.81555938
f8:aa:3f:fe:b2:1e 3245911407 -9381508636 32.45911407 -93.81508636
4e:6b:b8:aa:8c:80 3245885086 -9381540679 32.45885086 -93.81540679
78:b2:13:e7:91:39 3245882797 -9381607055 32.45882797 -93.81607055
be:61:e9:cd:aa:a8 3245883178 -9381620788 32.45883178 -93.81620788
de:cd:2f:5e:91:a2 3245986557 -9381545257 32.45986557 -93.81545257
9e:b3:f7:21:91:e7 3245910263 -9381617736 32.45910263 -93.81617736
ce:8b:66:31:a1:df 3245933532 -9381556701 32.45933532 -93.81556701
80:30:dc:c2:05:26 3245886993 -9381635284 32.45886993 -93.81635284
6e:29:90:f7:23:74 3245903396 -9381517791 32.45903396 -93.81517791
00:cb:7a:d0:d1:47 3245967483 -9381575775 32.45967483 -93.81575775
0c:73:29:ff:29:93 3245893096 -9381542968 32.45893096 -93.81542968
7e:27:bc:95:f5:35 3245974349 -9381566619 32.45974349 -93.81566619
00:cb:7a:d0:d1:42 3245967102 -9381575775 32.45967102 -93.81575775
2c:7e:81:ab:cd:1b 3245812225 -9381465911 32.45812225 -93.81465911
2c:fb:0f:0f:66:06 3245825958 -9381486511 32.45825958 -93.81486511
36:fb:0f:0f:66:06 3245829772 -9381487274 32.45829772 -93.81487274
4e:7e:81:ab:cd:1b 3245809936 -9381464385 32.45809936 -93.81464385
6e:7e:81:ab:cd:1b 3245811462 -9381464385 32.45811462 -93.81464385
84:00:2d:41:9a:38 3245838165 -9381490325 32.45838165 -93.81490325
88:6a:e3:e0:51:c4 3245842361 -9381488800 32.45842361 -93.81488800
92:00:2d:41:9a:38 3245837783 -9381490325 32.45837783 -93.81490325
9a:00:2d:41:9a:38 3245838165 -9381491088 32.45838165 -93.81491088
9a:9d:5d:df:f0:6a 3245786285 -9381488800 32.45786285 -93.81488800
9e:00:2d:41:9a:38 3245837402 -9381490325 32.45837402 -93.81490325
be:8c:cd:2f:95:16 3245823669 -9381494903 32.45823669 -93.81494903
c2:18:03:fb:7c:5e 3245796585 -9381478118 32.45796585 -93.81478118
0c:83:cc:c6:58:4f 3245821762 -9381491088 32.45821762 -93.81491088
ce:3f:cb:da:f6:1b 3245834732 -9381475067 32.45834732 -93.81475067
ce:ab:82:cf:55:98 3245823669 -9381490325 32.45823669 -93.81490325
d4:3f:cb:da:f6:1b 3245832824 -9381475830 32.45832824 -93.81475830
d4:ab:82:cf:55:98 3245822906 -9381489562 32.45822906 -93.81489562
d6:3f:cb:da:f6:1b 3245834350 -9381475830 32.45834350 -93.81475830
d6:ab:82:cf:55:98 3245822143 -9381489562 32.45822143 -93.81489562
da:3f:cb:da:f6:1b 3245833969 -9381475067 32.45833969 -93.81475067
da:ab:82:cf:55:98 3245822143 -9381490325 32.45822143 -93.81490325
0e:fe:7b:7e:0e:29 3245786285 -9381475067 32.45786285 -93.81475067
f8:aa:3f:fe:b2:3b 3245836639 -9381486511 32.45836639 -93.81486511
42:9e:9d:73:67:ef 3245817947 -9381486511 32.45817947 -93.81486511
6e:57:25:f3:7c:e5 3245834732 -9381487274 32.45834732 -93.81487274
9e:73:b1:ef:ad:77 3245817184 -9381499481 32.45817184 -93.81499481
1c:56:8e:0b:3b:34 3246091079 -9381423950 32.46091079 -93.81423950
24:de:8a:10:6e:a4 3246073150 -9381475830 32.46073150 -93.81475830
24:de:8a:60:04:14 3246070480 -9381466674 32.46070480 -93.81466674
48:e2:ad:ad:39:f4 3246045684 -9381437683 32.46045684 -93.81437683
54:2b:57:35:d6:c5 3246044921 -9381445312 32.46044921 -93.81445312
54:b2:03:53:16:68 3246036148 -9381391143 32.46036148 -93.81391143
56:2b:57:2f:ff:cf 3246063232 -9381448364 32.46063232 -93.81448364
62:b2:03:53:16:68 3246035003 -9381391906 32.46035003 -93.81391906
6a:b2:03:53:16:68 3246037292 -9381391143 32.46037292 -93.81391143
6e:b2:03:53:16:68 3246029281 -9381388854 32.46029281 -93.81388854
82:da:c2:2d:1f:12 3246074295 -9381421661 32.46074295 -93.81421661
82:da:c2:2d:1f:15 3246072006 -9381420898 32.46072006 -93.81420898
a6:0f:6f:18:7c:00 3246032714 -9381385040 32.46032714 -93.81385040
c0:94:35:dc:33:1a 3246075057 -9381478881 32.46075057 -93.81478881
ce:94:35:dc:33:1a 3246072769 -9381480407 32.46072769 -93.81480407
d6:94:35:dc:33:1a 3246074295 -9381480407 32.46074295 -93.81480407
28:c2:dd:dc:c9:b8 3246021270 -9381389617 32.46021270 -93.81389617
30:13:8b:2b:28:10 3246051025 -9381438446 32.46051025 -93.81438446
8c:0f:6f:18:7c:00 3246031951 -9381383514 32.46031951 -93.81383514
9a:0f:6f:18:7c:00 3246032333 -9381385040 32.46032333 -93.81385040
a2:0f:6f:18:7c:00 3246033096 -9381385803 32.46033096 -93.81385803
2a:ad:18:fc:8b:1f 3246102142 -9381381988 32.46102142 -93.81381988
3a:e7:c0:83:c1:a7 3246105575 -9381404876 32.46105575 -93.81404876
c6:98:5c:db:c2:43 3246094512 -9381495666 32.46094512 -93.81495666
--
What this easily proves is Apple is not abiding by everything that
Apple 'says' it stands for in terms of protecting our privacy.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

On 2025-12-24 10:12, Marian wrote:

Given no WPS database...

Wow.

You do yammer on, don't you?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

On 2025-12-24 10:17, Marian wrote:

Marian wrote:

I modified the FOSS code so that it returns up to 400 GPS:BSSID pairs
with every query now. This slight modification enables me to easily &
perfectly reproduce the published research. Bare in mind I have no
special coding skills. That's the really scary part of how poorly this
is implemented.

Instead of calling the modified FOSS Python script directly...

Wow.

You do yammer on, don't you?


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

On 2025-12-24 10:23, Marian wrote:

Marian wrote:

Since I have no special coding skills, this proves how trivial it is
to collect all two billion access point locations in Apple's highly
insecure yet extremely public WPS database.

Once you have collected the location of every access point you want...

Wow.

You do yammer on, don't you?

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

On 2025-12-24 10:29, Marian wrote:

Marian wrote:

Once you have collected the location of every access point you want to
track movements of, all you need then is a trivial comparison script.

If you don't want to start with your own BSSID...

Wow.

You do yammer on, don't you?

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

On Dec 24, 2025 at 5:46:36rC>PM EST, "Alan" <nuh-uh@nope.com> wrote:

On 2025-12-24 10:12, Marian wrote:

Given no WPS database...

Wow.

You do yammer on, don't you?

It IS fascinating to see a troll talking to himself.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

On Dec 24, 2025 at 5:46:56rC>PM EST, "Alan" <nuh-uh@nope.com> wrote:

On 2025-12-24 10:17, Marian wrote:

Marian wrote:

I modified the FOSS code so that it returns up to 400 GPS:BSSID pairs
with every query now. This slight modification enables me to easily &
perfectly reproduce the published research. Bare in mind I have no
special coding skills. That's the really scary part of how poorly this
is implemented.

Instead of calling the modified FOSS Python script directly...

Wow.

You do yammer on, don't you?

Because he thinks he is "teaching" us. But of course, all he is doing a
making a fool of himself.

Again.

He STILL thinks that "tracking a router" is 100% "tracking a person".

"Bare in mind I have no special coding skills"?

He has no English skills either.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Tyrone wrote:

talking to himself.

Ignoring the ad hominems, I hope you all have a very Merry Christmas!

For those on this newsgroup who comprehend at an adult level, the following tested working scripts were posted for your benefit (& at the request of
Chris so as to prove everything I've said in this ng about the WPS db).

In addition to my gifts of knowledge to this newsgroup, this thread has:
1. modified working & tested "apple_bssid_locator.py"
2. 'bssid.bat' (looks up an AP)
3. 'bssidcompare.bat' (determines if/where the AP moved)
4. 'bssidgenerate.bat' (generates random BSSIDs to test)
5. 'bssidcheck.bat' (checks which BSSID is in Apple's insecure WPS DB)
6. 'bssidplot.py' (plots results en masse onto a map using Fermium)
7. gps:bssid results (text output directly from Apple's insecure WPS DB)

Consider these a gift of insight for those who can appreciate wisdom.
Merry Christmas!
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Tyrone wrote:

Because he thinks he is "teaching" us. But of course, all he is doing a making a fool of himself.

Hi Tyrone,

Merry Christmas!

You are capable of learning that everything we've said about the Apple WPS database is supported by the scripts provided, and you're on Windows also.

What did you learn when you ran those scripts proving the veracity of the assessments we've made about Apple's insecure WPS database implementation?
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

Andy Burns wrote:

The research papers I listed which most have likely read by now explain the >> variety of ways that access points can easily be tracked by use of the
Apple WPS implementation

But people don't care if APs can be tracked, unless *they* can be
associated with specific APs.

Hi Andy,

I'm simply informing you and others on this newsgroup of this problem set.
And I'm asking for solutions (in another thread) for resolving the problem.

I know you're intelligent and well informed, and I realize you're trying to make the point that carrying an access point in your pocket doesn't mean
the access point is you, but my point is that being able to easily track it from anywhere in the world means anyone can essentially atrack you.

Or, um, er... specifically they can track that which is in your pocket.
Your point may be you can leave your pants at someone else's house, and, in that case, it's really allowing the tracking of the location of your pants.

Especially since the GPS location is as accurate as it is for tracking us.
To prove how easy it is to track anyone's movements from place to place,
I'm setting up these three routers to prove that I can easily be tracked:
<https://i.postimg.cc/44WKMKpJ/apple-wps-testing.jpg>

I'm going to simulate renting an apartment (flat to you in the UK) in Palo
Alto at a friend's house who works for Google & then I'm going to "move" to
an apartment in Cupertino (to simulate my movements over the next month).
From: Marian <marianjones@helpfulpeople.com>
Newsgroups: alt.comp.os.windows-10,comp.mobile.android,alt.internet.wireless
Subject: Help! How do we get Apple to care about privacy for entities who
own access points?
Date: Tue, 23 Dec 2025 23:42:17 -0700
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Message-ID: <10ig209$29kr$1@nnrp.usenet.blueworldhosting.com>

My tests will prove that Apple's WPS implementation is the antithesis of everything that Apple "says" they stand for, in terms of my privacy, in
that anyone in the world can track my movements tied to my use of APs.

Also note that Apple themselves can track any device that uploads the
router AP location information, but that flaw is NOT my concern today.

If I were to summarize my main issues, I would say that they are:
1. Apple's WPS implementation is vastly different than all others
3. Apple has no limits on who can obtain & track BSSID locations
2. Apple does not follow their own public privacy policy

This has nothing whatsoever to do with whether you own or use Apple
products as it affects every entity who manages any Wi-Fi access point.

That's not only basically every home and apartment/flat in the developed
world, but also many businesses, hospitals, government agencies, etc.

The research papers noted Apple's WPS allows easy tracking of smartphones
in hotspot mode, portable travel routers, IoT gadgets, delivery robots,
drones, vehicles with embedded Wi-Fi modules, buses, trains, and rideshare vehicles with onboard Wi-Fi (and individual Starlink devices also).

Apparently, even Starlink terminals could be tracked if their Wi-Fi BSSIDs
are collected by nearby Apple devices.

That's because these all broadcast stable identifiers, so their movement patterns can be reconstructed just like a person's. The tracking risk goes
far beyond fixed home routers.

Apple's WPS implementation makes it trivial to track billions of APs.
I already proved that (just try the FOSS scripts that I modified).

As for whether or not people care that they're being tracked, I care.
That's all that matters. I know more about privacy than most people do.

And I care about privacy.
But I am not the only one in the world who cares about privacy, Andy.

If people didn't care, then Mozilla wouldn't need this opt-out policy.
<https://en.wikipedia.org/wiki/Mozilla_Location_Service>
"Mozilla's client applications do not collect information
about WiFi access points whose SSID is hidden or ends with
the string '_nomap' (e.g. 'Simpson-family-wifi_nomap')."

If I didn't care, then I wouldn't need to follow Apple's opt-out policy.
<https://support.apple.com/en-us/102515>
"The owner of a Wi-Fi access point can opt it out of
Apple's Location Services - which prevents its location
from being sent to Apple to include in Apple's crowd-sourced
location database - by changing the access point's SSID (name)
to end with '_nomap.' For example, 'Access_Point' would be
changed to 'Access_Point_nomap.'"

The University of Maryland paper "Surveilling the Masses with Wi-Fi-Based Positioning Systems" shows that Apple's WPS (the Wi-Fi Positioning System
used by iPhones, Macs, and many apps) can be queried at massive scale to retrieve the physical locations of Wi-Fi access points worldwide.

All I did was reproduce what the researchers said was easily possible.
And I proved that it is trivial for anyone in the world to do.
I'd put these in the sig but you said you don't look at sig references.

*Surveilling the Masses with Wi-Fi-Based Positioning Systems*
<https://par.nsf.gov/servlets/purl/10540853>

Cybernews: *Anyone can tap into your WiFi location data to track you*
explains how Apple's WPS can be exploited for mass surveillance. <https://cybernews.com/privacy/apple-beams-wifi-location-data-privacy-risk/>

Cybersecurity News: *Hackers Can Abuse Apple's Wi-Fi Positioning System* details the University of Maryland study showing global tracking risks.
<https://cybersecuritynews.com/apples-wi-fi-positioning-system/>

Dark Reading: *Apple Geolocation API Exposes Wi-Fi Access Points Worldwide* notes that researchers could query hundreds of millions of APs in days. <https://www.darkreading.com/endpoint-security/apple-geolocation-api-exposes-wi-fi-access-points-worldwide>

Krebs on Security: *Why Your Wi-Fi Router Doubles as an Apple AirTag*
describes how Apple's data was used to track billions of devices globally <https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/>

Register: *Apple Wi-Fi Positioning System open to global tracking abuse*
covers the academic paper "Surveilling the Masses with Wi-Fi-Based
Positioning Systems" by Erik Rye and Dave Levin
<https://www.theregister.com/2024/05/23/apple_wifi_positioning_system/>
--
My posts aim to explore how Apple's WPS actually works beneath the surface,
in ways most users may never understand because Apple doesn't tell them.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: misc.phone.mobile.iphone

At Wed, 24 Dec 2025 14:46:36 -0800, Alan <nuh-uh@nope.com> wrote:

On 2025-12-24 10:12, Marian wrote:

Given no WPS database...

Wow.

You do yammer on, don't you?

Heard a rumor that if he keeps doing that, he'll go blind.
--
-v ASUS TUF DASH F15 x86_64 Mem: 16G
OS: Linux 6.14.0-37-generic D: Mint 22.2 DE: Xfce 4.18 (X11)
NVIDIA GeForce RTX 3060 Mobile (6G) (510.47.03)
"How long will a floating point operation float?"
--- Synchronet 3.21a-Linux NewsLink 1.2