Are we all handing to Google the SSID of our home routers?

Without using cars in the street, if my Android device sends its GPS co-ordinates to Google then presumably Google could also see the wireless router's MAC address.

I guess Google could make an association between the GPS co-ords and MAC adress and then store the info in its database. Along with the IP address and perhaps SSID for good measure.

Reply to
pamela
Loading thread data ...

Surely they know how to decrypt it, too.

=sw

Reply to
Sqwertz

Delve deeper. Homeless folks, without phones, can have email, accessing it from internet-connected public libraries. Ask your local public librarian what services they get email through, and how. HTH. Cheers, -- tlvp

Reply to
tlvp

Thank you for bringing this up.

formatting link

I had not realized there was a distinction between a. Google Account b. Google Apps Account c. Gmail Account

From the blog, it seems that the a. Gmail Account === snipped-for-privacy@gmail.com Gives access to Gmail, Google Docs, Google Calendar, Google Sites b. Google Apps Account === snipped-for-privacy@anydomain.com (@gmail or @otherwise) Gives access to Google Docs, Google Calendar, Google Sites, Google Maps, Google Search c. Google (Business) Account === anydomain Gives access to internal messaging, & Gmail, Google Docs, Google Calendar, Google Sites

One detail missing from that description is what kind of minimum account is required to download files on Android from Google Play?

Reply to
Alice J.

For me... a. Google Play === I can't log out of it! :( b. Google Search === logged out by default c. Google Gmail === logged out by default (I use K9 instead) d. Youtube === logged out by default e. Chrome === logged out by default (I use Firefox) f. Google Maps === logged out by default (seems to work just fine) g. Google Hangouts === logged out by default (but logs in when started) h. Google My Tracks === doesn't seem to have *any* login

Are there any other Google Apps that I need to be aware of to manually log out from?

Reply to
Alice J.

You hit the nail on the head.

I don't know if anyone confirmed this for sure, but it seemed to me people are telling us that Google is saving our GPS location and our SSID and our SSID MAC address which our Android phones are giving to them.

Even if "our" phone isn't giving these identifications to Google, our

*neighbor's* phones are giving it to Google!

Two of those three bits of information are unique and unchangeable!

  1. The GPS location is unique in the world & is impossible to change
  2. The LAN wifi MAC address is unique in the world & is impossible to change
  3. The SSID may or may not be unique and is easily changed

Is this three-part statement above correct?

Reply to
Alice J.

I'm confused. Those instructions look like the Linux instructions for changing the wlan0 NIC (which is easy to change the MAC address of).

Since your router runs Linux, I'm confused if those Linux commands were run *on* the router or on the linux desktop/laptop computer?

Reply to
Alice J.

I am confused.

If what Jeff said is true (and Jeff is usually right on the money), we may as well consider the SSID and MAC address that Google gets from us to be permanent and unchangeable because it is the SSID and MAC address of the router's 2.4GHz and 5GHz WiFi NIC that Google gets.

I am confused.

Jeff said it wouldn't be easy to change the SSID and MAC address of the router's 2.4GHz and 5GHz WiFi NIC without changing the default operating system of the router itself.

  1. Wifi Analyzer, by farproc
    formatting link
  2. WiFi SNR, by Javali Inc.
    formatting link
  3. inSSIDer, by MetaGeek
    formatting link
  4. FRITZ!App WLAN, by AVM GmbH
    formatting link
Reply to
Alice J.

Yes. But.

It's always good to get in the practice of good privacy hygiene.

Reply to
Alice J.

One problem, on computers anyway, is that the duckduckgo.xml file located in the "distribution" directory actually throws you under the bus with respect to revealing your operating system!

On Linux, the tattletale duckduckgo.xml file is located in /usr/lib/firefox/distribution/searchplugins/locale/en-US/duckduckgo.xml

The solution is to remove the line that tattles on your OS.

Does anyone know if the same problem exists on Android?

Reply to
Alice J.

I don't profess to be the expert but I *think* the problem isn't what *you* do, but what your stoooopid neighbors do.

Assume they have everything set at the default, then I think what people are telling us is that our neighbors are throwing us under the bus by associating *their* GPS location with *our SSID/MAC*.

Since they must be within a few hundred feet in order to even *see* our SSID/MAC, then essentially their GPS location is our GPS location.

Reply to
Alice J.

THIS IS A GREAT OBSERVATION!

I generally use Firefox as my browser, but I was *not* clearing cookies after periodically deleting and creating a new Google Play Account!

Here's what I just added to my privacy repertoire!

Firefox: HardMenu > Settings > Privacy > CLEAR PRIVATE DATA > Clear now Firefox: HardMenu > Settings > Privacy > CLEAR PRIVATE DATA > Clear on exit = yes "Firefox will automatically clear your data whenever you select "Quit" from the main menu." [ ] Browsing history [ ] Search history [ ] Downloads [ ] Form history [ ] Cookies & active logins [ ] Saved logins [ ] Cache [ ] Offline website data [ ] Site settings [ ] Synced tabs

Reply to
Alice J.

Here's the *entire* privacy repertoire (please improve!)

Android 4.3 Basic Android Privacy Settings: Settings > Accounts > Google > Privacy > {Search, Location settings, Ads}

  1. Settings > Accounts > Google Account: snipped-for-privacy@bar.com Sync turned off
  2. Settings > Accounts > Google > Privacy > Search > a. Google Account Signed out for Google Search, and no Google Now cards can be shown. b. Google location settings A. Access location: [unchecked] [Do not] Let Google apps use this device's location any time it is on. B. Google Location History = blank c. SafeSearch filter [unchecked]SafeSearch is not active d. Legal Web History = off Personal Results = off
  3. Settings > Accounts > Google > Privacy > Location settings > a. Location access for your phone is off. Google applications are unable to access your location because location access for the phone has been turned off. To turn it back on click below to go to Settings > Location Access b. Settings > More > Location services > Access to my location = [unchecked] c. Settings > More > Location services > Location sources > Use GPS statellites = [unchecked](and grayed out) Use wireless networks = [unchecked](and grayed out)
  4. Settings > Accounts > Google > Privacy > Ads > a. Ads: Reset advertising ID (click it to reset) b. Opt out of interest-based ads (check it to opt out) c. Ads by Google (clicking it will pop up a browser session)
    formatting link
    (x) [where (x) is a huge encrypted mess of characters]
  5. Firefox: HardMenu > Settings > Privacy > CLEAR PRIVATE DATA > Clear now Firefox: HardMenu > Settings > Privacy > CLEAR PRIVATE DATA > Clear on exit = yes "Firefox will automatically clear your data whenever you select 'Quit' from the main menu." [x] Browsing history [x] Search history [x] Downloads [x] Form history [x] Cookies & active logins [x] Saved logins [x] Cache [x] Offline website data [x] Site settings [x] Synced tabs
  6. Log out of all known Google Apps:
    formatting link
    a. Google Play Store* Hamburger > {Settings, My account} There does not seem to be any way to sign OUT of Google Play!
    formatting link
    b. Google Search HardMenu > Settings > Privacy & accounts > Google Account = I seem to be signed out permanently.
    formatting link
    c. Google Maps HardMenu > Settings > Sign in I seem to be signed out permanently.
    formatting link
    d. Google Gmail Hamburger > Sign in I seem to be signed out permanently.
    formatting link
    e. Google YouTube Hamburger > Sign in I seem to be signed out permanently.
    formatting link
    f. Google Chrome HardMenu > Settings I seem to be signed out permanently.
    formatting link
    g. Google Hangouts* Automatically logs you in when you start the app! Signing out kills the app! HardMenu > Settings > Sign out
    formatting link
    h. Google My Tracks HardMenu > Settings Does not seem to have any log in capability
    formatting link
Reply to
Alice J.

They were run on the router, the wlan0 and wlan1 are the interfaces whose MAC addresses form the BSSIDs (I have differently named 2.4GHz and

5.2GHz SSIDs)
Reply to
Andy Burns

This is good to know that, if we are root in the console of the router OS, that we can change the MAC address of the LAN SSIDs!

Reply to
Alice J.

No. You can change the SSID of your WiFi access point any time you like; you'll just have to create a new connection in each of the devices you want to access your access point.

You can change the MAC associated with that SSID any time you like and the devices connecting to your access point won't care at all; they'll just look for the same SSID as before, find it, and log in (assuming the password is the same as before). It makes no difference whether you re-program the router or put in a different one.

SSIDs aren't unique or fixed. MACs are meant to be both but might not be.

Depends on the router. Some can have their OS changed, most consumer-type models can't. But how hard is it to pop into a chainstore or pawn shop and buy another router? That gets you a different MAC for your WiFi access point - all you have to do is set it up to work with your ISP and give it the SSID and password that your devices expect.

If you really want to, you can use a PC or laptop as a router - with as many WiFi access points as you care to provide network cards for, and clone or spoof all the MACs too if you want. If you know how, of course it's easy. If you haven't a clue, then it's not so easy.

I've never encountered a router that can't have its SSID changed to whatever you like whenever you feel like it. It surprises me that so few people seem to bother to change it from the factory setting; presumably they don't know and think it's normal to have to re-configure all their WiFi gadgets every time the router is replaced, rather than just change the router settings to match what the devices expect. These are the people who get someone else to change the router for them, find that Word document they saved last night, put that icon back where it should be, and panic when Microsoft Update changes the look of something.

But it is convenient to be able to log in to a relative's WiFi just by finding the 'password' printed on the back of the router, when said relative doesn't know what you're talking about. (I did turn the router so that the password was no longer visible through the window ...).

The same people probably think they have to use their current ISP's email service too, and notify all their contacts every time they change. Or refuse to change for fear of losing their contacts.

Like the people who don't keep the same number when they get a new mobile phone or change service provider.

At least not many people still think you need a different email address for each physical location you send emails from or that you have to be at that place to read the replies.

That's the one I generally use.

Reply to
Whiskers

the stage of bleaching your toothbrush, however. Yes; there's hygiene, and there's scrubbing your skin off.

Reply to
Whiskers

Why not disable or uninstall all the things you aren't using?

Reply to
Whiskers

I can't see how Google would be able to see the MAC or SSID of whichever access point a smartphone used to get internet access. That information certainly isn't part of what the router passes up the wire to Google but I suppose there might be a program running on the smartphone that does that but what would be the point?

If Google's location service is running on the phone then the SSIDs of all the access points within range may be reported back to Google - but they don't need to know which, if any, is being used for internet access by that device at that moment or at any other time. Likewise the identifying details of all the cellphone 'towers' within range.

Google will be able to see the IP number of the internet account being used. That tells them which ISP is being used, and that in turn gives some very broad geographical information (eg in the UK most ISPs operate throughout the whole of the UK). The ISP will know which telephone or cable company provide the physical connection, and that company will know the particular customer's physical location - because they need to be able to service the wire or cable being used. So Google would have a hard time getting a user location from the IP number, and no way of associating a given internet IP number with a particular SSID.

1) Change it by moving to somewhere else. Stop telling people where you are. Don't use a mobile phone of any sort - or just get a cheap one then throw it away or destroy it as soon as you've finished your call. (Any cell phone can be traced while it's in use or standby; triangulation of its signal from nearby cellphone 'towers' can be done from anywhere by the phone companies, and of course the phone's own signal can be tracked by anyone within range). In fact, don't use any telephone at all. 2) The MAC number of the network interface card operating the WiFi access point is normally hard-coded into the card, but can be over-ridden by the 'driver' or 'firmware' if the computer operating the interface card is set up to permit that, or by changing the network interface card for a different one. Most people use 'consumer grade' modem/router or access point devices which don't offer the facility of plugging in a new network interface card or changing the MAC number published by the device. The simplest way of getting a new MAC is thus to get a different modem/router or access point device.

If you don't want to risk anyone associating you with a WiFi access point, don't have one and don't use any.

3) Yes. The sensible and practical approach is to keep the same SSID and security settings and password when changing the access point hardware, so that all the things you want to connect to your network can still do so without being set up again. Choose an SSID that is easily spotted by you amongst all those used by your neighbours.

Changing the SSID does nothing to increase your own privacy but does inconvenience you and anyone else with devices you want to be able to use your network. It might also get the attention of anyone in the area paying attention to local access points - especially if they notice that you've changed the SSID but are still using the same router.

Reply to
Whiskers

No ... it's a salt. A salt is not a secure quantity -- it doesn't matter that a potential attacker may know the salt you are using. What does matter is that you use a different salt from everyone else, so that the putative attacker can't use rainbow table techniques to attack everyone's password at once.

So that's another reason why it would be a Really Bad Idea for everyone to use the same SSID.

Passphrases do have to be strong, but not more so because the salt may be known.

Reply to
Daniel James

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.