On Tue, Sep 10, 2013 at 4:13 AM, Brian Smith <br...@briansmith.org> wrote: > I assume by "prevents people from tracking individual access points" > means the following: Some people have a personal access point on them > (e.g. in their phone). If somebody knows the SSID and MAC of this > personal access point, then they could track this person's location by > polling the database for that (SSID, MAC) pair.
I put "_nomap" at the end of my portable SSID, since Google says they filter out SSIDs ending in "_nomap". However, I don't expect all people to do that. 1) Android has a mechanism for detecting when it is connecting to a portable AP provided by another Android device. Can we use the same or a similar detection mechanism to detect portable APs and filter them out? 2) I think I read somewhere that Mozilla is trying to filter out "_nomap" as well. If Mozilla's servers only see hashes and the client is modifiable, how can the filtering be enforced? 3) There are some APs that move but whose name does not end in "_nomap" and those access points confuse Android. (Consider an AP on a train and trying to look at where you are on the map when you are a passenger on the train and Google has seen the train AP at a different location.) Are there any plans for a crowdsourced mechanism for blacklisting such APs? -- Henri Sivonen hsivo...@hsivonen.fi http://hsivonen.iki.fi/ _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
