Anchor
Episode 44 – Signal Me Br0
ShowNotes –https://forum.closednetwork.io/t/episode-44-signal-me-br0/147
BTC Lightning Donations – [email protected] / [email protected]
Thank You Patreons! –
https://www.patreon.com/closednetwork
- Michael Bates – Privacy Bad Ass
- Richard G. – Privacy Bad Ass
- Daniel J Martin – Privacy Bad Ass
- TK – Privacy Bad Ass
- David – Privacy Bad Ass
- MrMilkMustache – Privacy Supporter
- Hutch – Privacy Advocate
- Cici – Privacy Advocate
TOP LIGHTNING BOOSTERS !!!! THANK YOU !!!
- @bon – 35,801 sats
- @wartime – 666 sats
- @d0n14d 500 sats
- @niko – 200 sats
Thank You To Our Moderators:
Unintelligentseven – Follow on NOSTR primal.net/p/npub15rp9gyw346fmcxgdlgp2y9a2xua9ujdk9nzumflshkwjsc7wepwqnh354d
MaddestMax – Follow on NOSTR primal.net/p/npub133yzwsqfgvsuxd4clvkgupshzhjn52v837dlud6gjk4tu2c7grqq3sxavt
Closed Network Forum – https://forum.closednetwork.io
Join Our Matrix Channels!
Main – https://matrix.to/#/#closedntwrk:matrix.org
Off Topic – https://matrix.to/#/#closednetworkofftopic:matrix.org
Join Our Mastodon server!
https://closednetwork.social
Follow Simon On The Socials
Mastodon – https://closednetwork.social/@simon
NOSTR – Public Address – npub186l3994gark0fhknh9zp27q38wv3uy042appcpx93cack5q2n03qte2lu2 – primal.net/simon
Twitter / X – @ClosedNtwrk
Instagram – https://www.instagram.com/closednetworkpodcast/
YouTube – https://www.youtube.com/@closednetwork
Email – [email protected]
Discuss
- AI Agents and the future of device assistants
- Needing essentially root level access to perform all of the functions desired by the user
- By default AI access. iPhone users Apple Intelligence is on by default, and selecting all apps including Signal. In order to perform advertised funcitonality from Google / Apple AI assistants or agentic integrated systems, they will need information from contacts, payment info, addresses, messaging platform, calendars etc. just to book a ballgame or concert for you and friends.
- Secure encryption and online anonymity are now at risk in Switzerland – here’s what you need to know
- https://www.techradar.com/vpn/vpn-privacy-security/secure-encryption-and-online-anonymity-are-now-at-risk-in-switzerland-heres-what-you-need-to-know
- Is decentralized better than centralized?
- TOR has been target in the past and ongoing by trying to run multiple relay servers – https://www.schneier.com/blog/archives/2021/12/someone-is-running-lots-of-tor-relays.html
- Bitcoin mining has been centralized to handfuls of companies and nation states
- Erik Rye – Third-year PhD student at University of Maryland specializing in network security and privacy at university of Maryland gives a presentation at the 2025 Black Hat conference on Surveilling the Masses with Wi-Fi Positioning Systems. Wi-Fi Positioning Systems are used by modern mobile operating systems to geolocate themselves without the use of GPS. Both Google and Apple, for instance, run Wi-Fi Positioning Systems for Android and iOS devices to obtain their own location using nearby Wi-Fi access points as landmarks. In this work, we show that Apple’s Wi-Fi Positioning System represents a global threat to the privacy of hundreds of millions of people. When iOS devices need to geolocate themselves using nearby Wi-Fi landmarks, they transmit a list of hardware identifiers to Apple and receive the geolocations of those access points in return. Unfortunately, this process can be replicated by an unprivileged adversary, who can recreate a copy of Apple’s Wi-Fi geolocation database by requesting the locations of access points around the world with no prior knowledge. To make matters worse, we demonstrate that by repeatedly querying Apple’s Wi-Fi Positioning System for the same identifiers, we can detect Wi-Fi router movement over time. In our data, we see evidence of home relocations, family vacations, and the aftermath of natural disasters like the 2023 Maui wildfires. More disturbingly, we also observe troop and refugee movements into and out of the Ukraine war and the impact of the war in Gaza. – https://www.youtube.com/watch?v=hlbjUvkoyBA
- https://www.theregister.com/2024/05/23/apple_wifi_positioning_system/
- https://github.com/acheong08/apple-corelocation-experiments
- What is a Wi-Fi Positioning System (WPS)?
- A system that allows mobile devices to geolocate using nearby Wi-Fi access points (routers).
- Operated by companies like Apple, Google, Microsoft, and Skyhook.
- Devices send BSSID (MAC address of a router) and GPS location to companies, creating a global geolocation database.
- Apple’s system is unique: when you ask for one BSSID’s location, it returns that plus up to 400 nearby unrequested BSSIDs and their locations.
- Apple’s WPS unintentionally allows unauthenticated, rate-unlimited access to this location data.
- Almost every Wi-Fi access point (even if you’re not an Apple user) is included due to iPhone presence nearby.
- Before their paper, there was no public opt-out mechanism.
- Random Guessing: Brute-forcing BSSIDs isn’t effective due to the massive 48-bit space.
- OUI Filtering Strategy: By using Organizationally Unique Identifiers (OUIs), which identify manufacturers, guessing becomes far more efficient.
- Only ~36,000 OUIs exist (a 99% reduction in search space).
- Each successful query provides a large batch of extra BSSIDs (400), compounding data collection quickly.
- Scale of Discovery:
- In a few days, Ry and team collected over 500 million BSSIDs with location data.
- Mapped hotspots worldwide—including remote areas like Antarctica.
- Tracking Access Points:
- Persistent BSSIDs allow for long-term tracking (e.g., domestic violence, law enforcement, or stalking use cases).
- Surveillance by Manufacturer:
- You can geolocate all devices from a specific manufacturer (e.g., Starlink routers in Ukraine, including in front-line areas).
- Device Movement Analysis:
- Identified mobile routers (like travel routers) by observing which BSSIDs moved.
- Tracked movements from Russia into war zones in Ukraine.
- Disappearances:
- Observed large drops in BSSIDs (e.g., Gaza Strip after October 7, 75% vanished post power cuts and attacks).
- Apple was informed in Dec. 2022.
- March 2023: Apple added an opt-out method—rename your SSID to end in “_nomap”.
- Recommended mitigations:
- Limit API queries per IP.
- Require authentication.
- Reduce the number of extra BSSIDs returned.
- None implemented by Apple yet.
- SpaceX (Starlink): Now randomizes BSSIDs globally for privacy.
- GL.iNet (travel routers): Initially declined, but later implemented randomization after press coverage.
- What is a Wi-Fi Positioning System (WPS)?
- Signal gate – should you be concerned about using Signal?
- I noticed today actually that after linking my thinkpad back to my Signal, about two hours later it sent me a notification that a new device was linked at what time and took me to the linked device in the app. Is this new? I haven’t seen this before. I delink and relink devices often as I am a habitual Linux “Distro Hopper”
- What is cape? – https://www.cape.co/
- OTF / USGAM – discussions
