Is hiding your home SSID actually a privacy flaw (broadcasting your home SSID at public hotspots)?

I don't think modern Linux distributions automaticaly probe by shouting the service set identifier.

I believe Linuxes only probe if you manually attempt to connect to a hidden network via the network connections pulldown menu.

So your privacy solution is to switch from Windoze to something like Ubuntu.

Ouch. < embarrassed > Mea culpa. Two f's; two n's. Sorry. Thanks Jeff.

Interesting. I did not realize the laptop wireless client, whether Linux or Windoze, will always send initial probes shouting out the preferred SSID of its previous connection (whether or not the previous router connection hid the SSID broadcast).

I also did not realize that all this shouting (i.e., probing) is in the initial stages only. That is, when connected at the public hotspot, the home (hidden or not) SSID is no longer disclosed to all.

While I realize hiding your home SSID at a public hotspot is only a very minor step toward privacy (security by obscurity) ... I guess the next step ... if I am to continue in this vein ... is for me to try to figure out a way NOT to shout "any" SSID whatsoever, when I go to a public hotspot.

Or, if I'm going to shout an SSID no matter what, how to get the laptop (dual boot, Windoze or Linux) to shout, in effect, a random SSID in its initial probes.

I don't disagree with you Jeff (that the WPA2 passphrase is paramount).

But I am still striving to figure out how to (at least) hide the home SSID shouting (i.e., probing) at the subsequent public hotspot.

Yikes! I presume that also works from a few feet away at a public hotspot, especially one which is "open" and unencrypted! < scared >

I have your basic Linksys WRT54G wireless router, which, from the documentation, says it supports "RADIUS server".

All my wireless clients support WPA2 so I will do some research to see if/ how that's all I need to set up my home WRT54G as a RADIUS server.

In summary:

• I had not realized the last-connected SSID was always shouted (probed)!

• I did not know this last-connected preferred SSID probe stopped after the initial connection at the public hotspot.

• I have more reason to research how to PREVENT the last-connected SSID from being shouted (under all public hotspot circumstances), if possible.

• And, I have more reason to see if the Linksys WRT54G can be set up at home as a RADIUS server!

Hi Jeff Liebermann and others,

I read the suggested article (over and over). Then I tried to organize what (I think) it says specifically about disclosure of the previously- connected service set identifier (SSID) into the typical sequence of events.

For a typical unencrypted browser-authenticated public wireless hotspot access point (AP) connection, did I get the scenario below correct, specifically with respect to discloser of the previously-connected home SSID?

a. Good guy disconnects from home network (which had SSID = home_ssid). b. Good guy drives to "open" public hotspot (which has SSID = open_ssid). c. Good guy powers up dual-boot laptop with an 802.11 radio NIC.

A. AP periodically sends "beacon frames" disclosing its "open_ssid". B. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid". C. However, in most cases, "open_ssid" is not (yet) the "preferred SSID".

Firstly ...

1. Radio NIC sends a single "authentication" frame disclosing the NIC MAC.
2. Hotspot AP responds with a single authentication acceptance frame.

Unfortunately ...

1. Radio NIC sends an "association request" to the hotspot access point.
2. This request shouts out the "preferred SSID", namely "home_ssid"!
3. AP sends an "association response frame" rejecting that request.

Meanwhile ... I. AP periodically sends "beacon frames" disclosing its "open_ssid". II. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid".

Confusingly ...

1. Radio NIC sends a "probe request" frame to all access points in range.
2. AP replies with a probe response frame (does this contain an AP SSID?).

Finally ...

1. Radio NIC sends an association request frame with the correct AP SSID.
2. This request shouts out the new preferred SSID namely "open_ssid".

Then ...

1. AP receives the request, for "open_ssid", and accepts that request.
2. AP allocates resources & establishes an association ID for radio NIC.
3. AP sends an "association response frame" accepting that request.

So ...

1. The radio NIC can now "communicate" with the AP ethernet LAN.

Where ... i. Data frames and acknowledgement frames are passed back and forth. ii. Authentication is typically forced on port 80 of a web browser. iii. Only now will OS, HOSTNAME, USERNAME & other data be disclosed.

In summary:

• I'm not sure what purpose or disclosures a "probe request" performs.

• The AP "beacon frame" does not seem to prevent previous-SSID disclosure!

• The radio NIC "probe request" first discloses the NIC MAC address.

• Sadly, the first NIC "association request" discloses the previous SSID!

• Only after receiving a negative association request from the AP, does the radio NIC belatedly send out an association request that no longer contains the previously used SSID!

Is my understanding (so far) correct? If so, the quest will be to randomize the previously connected SSID!

Ooops. I sent that before it was ready.

Is this correct (yet)?

a. Good guy disconnects from home network (which had SSID = home_ssid). b. Good guy drives to "open" public hotspot (which has SSID = c. Good guy powers up dual-boot laptop with an 802.11 radio NIC.

A. AP periodically sends "beacon frames" disclosing its "open_ssid". B. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid". C. However, in most cases, "open_ssid" is not (yet) the "preferred SSID".

For starters ...

1. Radio NIC sends a single "authentication" frame disclosing the NIC MAC.
2. Hotspot AP responds with a single authentication acceptance frame. Unfortunately ...
3. Radio NIC sends an "association request" to the hotspot access point.
4. This request shouts out the "preferred SSID", namely "home_ssid"! 5. AP sends an "association response frame" rejecting that request.

Meanwhile ... I. AP periodically sends "beacon frames" disclosing its "open_ssid". II. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid". Confusingly ...

1. Radio NIC sends a "probe request" frame asking for AP information.
2. AP replies with a probe response frame (data rates, power, etc.).

Finally ...

1. Radio NIC sends an association request frame with the correct AP SSID.
2. This request shouts out the new preferred SSID namely, "open_ssid". Then ...
3. AP receives the request, for "open_ssid", and accepts that request.
4. AP allocates resources & establishes an association ID for radio NIC.
5. AP sends an "association response frame" accepting that request.

So ...

1. The radio NIC can now "communicate" with the AP ethernet LAN.

Where ... i. Data frames and acknowledgement frames are passed back and forth. ii. Authentication is typically forced on port 80 of a web browser. iii. Only now will OS, HOSTNAME, USERNAME & other data be disclosed.

In summary:

• The AP "beacon frame" does not seem to prevent previous-SSID disclosure!

• The radio NIC "probe request" first discloses the NIC MAC address.

• The first NIC "association request" discloses the previous SSID!

• Only after receiving a negative association request from the AP, does the radio NIC belatedly send out an association request that no longer contains the previously used SSID!

If correct, the quest will be to randomize the previously-connected SSID so that it is no longer disclosed (as the "preferred SSID") in the first radio NIC "association request".

The part I don't understand is why you think disclosing the previous SSID is a privacy or security concern. Can you explain that, please?

Short reply. Busy today with customers and paper shuffling.

No, not always. You can disable the preferred network connection feature in WZC. You can also switch to something better than WZC such as Intel Proset (for Intel wireless cards only), and Buffalo or various 3rd party connection managers.

Well, sorta. In the basic Windoze connection manager, the client stops looking for other access points with which to connect once it has associated with a single access point. That's not the case with various seamless roaming schemes, where the client maintains a list of prospective access point connections, and in some implimentations, does a "pre-connect". This is roughly how 802.11r works:

Fine, but please realize that you're trying to fix a non-problem. Also, please recognize that security and privacy are quite different. Various encryption schemes were intended to insure security, not privacy.

Read it again. In order to use this (and other) WPA/WPA2 hash code extraction tools, I would need to have access to several keys in your registry. I can't do that via wireless. I have to be either at your computer running the program, or at a my machine, after having extracted the keys from your computer.

It's not that easy. There are a few routers that have built in RADIUS servers. ZyXEL G-2000 Plus is one that has a built in PEAP server. In general, you'll have to either build a Linux box running Free RADIUS, or subscribe to an online service. I run two small online RADIUS severs for my customers. I don't have an up to date shopping list, but here's one Google found:

Hmmm... login using an email address. So much for privacy.

WPA2 is encryption which provides your main level of security. WPA has been cracked for security, but WPA2 is still good with long pass phrases.

Not always. Just with automatic preferred connections and WZC. Other connection managers may not do that. Dunno, and am too lazy to check.

Yep, but not if your client and network supports seamless roaming.

Just turn off automatic preferred network connections and be done with it.

Maintaining a RADIUS server is fairly easy. Building one from scratch is not. However, it does solve the problem of having your pre-shared key leaked, which is a very real security issue.

Years ago, I wanted to send a nastigram to the head of my company about what I thought about some, shall we say, questionable activities, within the company.

Fearing for my livelihood, I researched, at the time, how to send email anonymously on the web (this was well before public open hotspots were common but after Yahoo and probably just around the time Gmail free mail accounts existed).

A set of the tricks I learned in that search, to hide where the email originated, was to change the MAC address, the host ID, the username, the browser identification string, etc. of the company computer I was using to send the email (yea, I know. Using a company computer was folly in the first place ... but it was all I had at the time).

But, I had never thought about SSID's (actually, those days, I home wireless routers were not common so I probably hadn't even heard of an SSID).

From then, 'till now, I thought I knew what needed to be changed to protect my identity when I needed to be anonymous.

I just realized that all the things I thought I knew about SSIDs are wrong!

1. I thought I should pick an SSID that was hard to guess; now I realize I should use something like "NETGEAR" or whatever is the most common SSID out there!
2. I thought I should hide my SSID at my home router; now I realize I should broadcast it (see #1 above) for all the world to see (since it's getting broadcast everywhere I go anyway).
3. I thought only the MAC was disclosed to the router; but now I know the SSID is also disclosed to the router (although both the MAC and the SSID go no further than the router).

Losing privacy is by a thousand little things that track your identity or your activities. Most of our privacy losses can't be prevented if we first recognize that they exist - and then we take steps to safeguard them.

Broadcasting your prior SSID is just one of these Orwellian flaws that doesn't have to be.

Hi Jeff,

Thanks for taking the time to help.

I "think" (but need to double check) that a "hidden" SSID has to be set up as "preferred" for WZC to automatically connect at home. (But, I'll need to actually test that out to be sure.)

Finding & using smarter software is a good idea.

I'll have to see what works best on my dual-boot laptop so that the prior- connection SSID isn't broadcast unnecessarily ... but ... the connection to the router is still automatic.

I do realize broadcasting your home SSID is a "small" privacy problem (maybe even a "trivially small" privacy problem.

And, I do agree that security problems are much more important. Being a WWII buff, I keep thinking about how both the Germans & Japanese thought they were secure while we were reading their codes every day. They lost the war, many people died, partly because they didn't think security was worth their effort to look at from a different angle.

All I'm doing is looking at my hotspot privacy from a different angle. As you've said many times, if I try to do to myself exactly what I'm trying to prevent others from doing, I'll learn better how to protect myself.

Interesting. I live right near you. I should give you a call and see what your company can do for me. It's 9pm so I won't bother you now (tomorrow I'll call if that's your preferred method).

I will read, in detail, all the references you quoted and write back.

I read your story twice, thanks for sharing. The part I don't get is what kind of information is contained within the SSID that you're trying to protect? Does your home SSID consist of your name, your address, your SSAN, your phone number, or basically any other bit of personally identifiable information? When I look around my neighborhood, I see a bunch of linksys, Netgear, Belkin, and 2Wire SSID's, but nothing that I would be embarrassed or unwilling to share at another physical location. I guess I'm just not understanding your concern here.

SNIP

I also fail to see the issue. First, in a local hot spot, they would have to know who you are. Second, they would need to know where you live (or where your WAP is located.) Then perhaps they could associate your email... no, not if you changed the MAC address and other wise spoofed the header.

One thing you can do to minimize the security worry is simply turn off the WAP when you are not using it. That way if someone at the local hot spot knew you, and sniffed your SSID, then went to your street, they would find...nothing. (Except the neighbor's unsecured WAP.)

Just in case you are using your WAP as the main router in your network, perhaps you should use a wired router, and only have the WAP used as the wireless connection (not doing DHCP or other tasks).

Good grief.

Did you never hear of anonymous remailers?

(the certificate is broken, but this is a trusted site; a "bastion" as we say; or at least, as we used to say)

It's a valid question.

I was always told to both hide my SSID and make it hard to guess.

So, I use a unique SSID.

Your question is valid whether my SSID in and of itself discloses personal information. It does not. It is unique though.

So, let's say I sent that email to my company president.

And, let's say (by social engineering of the contents), they had a pretty good idea of who had sent it (as is often the case when such information is disclosed). So, they know where I live. And, by virtue of that fact, they know my home SSID (easy enough to obtain).

Now, they sit in the local hotspot a quarter mile from the company HQ and see me coming (they also know what I look like). They sniff and see the same (unique) SSID. Pretty much they know it's the same computer that sent that email (if they comb the logs of the router).

I do agree that a lot of little things have to line up but the point is that just recognizing a privacy loophole is the very first step to plugging it up.

The fact that my unique SSID can be associated with my home (easily enough at any time, day or night, 24/7) and at a public hotspot (with admittedly some forethought on the part of the bad guy) was unknown to me just a couple of days ago.

Now that it is known to me, I think some of the steps I'll do are:

- Broadcast my home SSID

- Make it something VERY common (such as NETGEAR)

- As always, I'll put it on a different channel than other routers nearby

- As always, I'll check first to see if the same name is in use locally

Then, when I go to a hotspot, the SSID that is first shouted out before connecting will be indistinguishable from many others and not tied specifically to my home address.

Yes. Google is as good as any anonymous remailer (as it doesn't disclose your IP address). A court order, of course, would reveal your IP address; but that IP address would be of the hotspot.

The hotspot logs would contain ... hmmm ... what DO the hotspot logs contain?

Potentially the hotspot log files could contain:

• Your MAC address

• Your SSID first broadcast (do they log this stuff?)

- and, once you connect to the web authentication system ...

• Your OS, browser, username, hostname, and other identifying information

That brings up an interesting question.

Does anyone know what information hotspots keep in their log files?

I'm assuming they have an idea, from the social de-engineering of the communications, that they know all too well whom they're looking for.

Therefore, they already know where you live. And, they might even know what hotspots you frequent.

Certainly they can draw a circle around where you live to find the most convenient hotspots that you might frequent.

Then, the theory goes, it would be as simple as checking the hotspot log files and crisscrossing the details. (I have no idea though what hotspots log!)

Now, I realize that this sounds kooky - but the point isn't really trying to run from Big Brother as much as it is just realizing what is happening and very simple effective steps to prevent it.

Fact: Your last SSID is disclosed by your NIC at a local hotspot

Danger? Maybe there is very little danger to that. But, at the least, it's good to know that BOTH your MAC and last-connected SSID are disclosed at local hotspots.

Now, the question is what information does a hotspot actually log?

That is a great idea. And, I will make more use of that now that I know that your radio NIC is constantly broadcasting both your MAC (which I knew) and your last-connected SSID.

BTW, thinking like "the bad guy", I can see a way to gain data about someone.

Let's say I go to the same hotspot every Monday at 8am for coffee. Let's say the guy in the black hat knows this and he wants to also know where I was the previous Sunday. If he simply arrives at my local hotspot at 7:55am on Monday and sniffs my communications, he has my previous connection, the night before, whatever that was.

So, it's one more dot he connects. For free.

I don't understand this suggestion. I have only one router, so, yes, I'm using it as the only router in the network.

Are you suggesting I buy a second router. Wire that second router to the first router, and then connect wirelessly to that second router?

I believe those instructions are misguided. It's trivial to discover a hidden SSID, so the question becomes, is there value in hiding it? Most sources say no, so the obvious follow-up question is, is there value in broadcasting it? Most sources say yes, as it reduces the chance of someone stomping on it. Therefore, since you should be broadcasting it, the part about making it hard to guess becomes irrelevant.

Unique is good, IMO, but your aim seems to be to disappear into the woodwork, so in your case perhaps unique isn't as good.

I'm going to snip your post here and simply say that I don't share your view that disclosing a previous SSID is a security or privacy breach. That's just my opinion, though, and shouldn't sway you, especially since I may be overlooking something.

Good luck. I return you to your endeavors.

Meanwhile, at the alt.internet.wireless Job Justification Hearings, Aaron FIsher chose the tried and tested strategy of:

Seeing as you're keen on worrying about theoretical risks, you might like to know that wifi encryption salts the key with the SSID. So using a common SSID means your AP is more susceptible to hash precomputation attacks [cf. Rainbow Tables]. This is easily accounted for by using a strong passphrase, which as a keen wearer of tinfoil hats, I'm sure you're already doing.

Yes.

In my network, I have a wired router as the main router. My wireless router is simply the access point for wireless connections. As an example your wired router would be the DHCP server, and likely have the address of 192.168.1.1. The wireless router on the network would connect into the wired network, and that router's address would be

192.168.1.253. It would have DHCP disabled and would be simply a connection into your network. (Of course WPA2 and no SSID would be used too.)

That way if you have other computers, wired on the network as I do, then you can work at home without the wireless unit on, unless you have to do something with a wireless PC. (Like go outside, or sit in the lazy chair and use the laptop.)

Most public hot spots don't log anything. Nobody wants to sift through the logs, collect, organize, maintain, etc the logs. In addition, nobody wants to leave that kind of information floating around for some enterprising attorney to subpoena. At best, maybe a total traffic log. Something like this:

If there's a problem, and the access point supports SNMP, there will probably be some diagnostic logging, but nothing long term. Corporate, medical, and government wireless system have their own policies and procedures, which can vary wildly, but we're not discussing those.

I'm beginning to wonder why you consider it so important to not reveal your SSID. Did you do something dumb like use your SSID as your favorite password? The absolute worst thing you can do is use the same password over and over on multiple sites and accounts. If one is compromise, they all are automatically compromised.

If you really want anonymity, then use "Linksys" or "default" as your SSID. Nobody will ever find you among the thousands of other routers where the owner hasn't bothered to change the SSID and probably the router password. Think of it as hiding among the herd.