In late March 2024, Apple quietly updated its website to note that anyone can opt out of having the location of their wireless access points collected and shared by Apple — by appending “_nomap” to the end of the Wi-Fi access point’s name (SSID). Adding “_nomap” to your Wi-Fi network name also blocks Google from indexing its location. ..... “You may not have Apple products, but if you have an access point and someone near you owns an Apple device, your BSSID will be in [Apple’s] database,” he said. “What’s important to note here is that every access point is being tracked, without opting in, whether they run an Apple device or not. Only after we disclosed this to Apple have they added the ability for people to opt out.”
OpenWRT's BSSID "randomly generating" MAC addresses in the advanced settings of the wireless network come to the rescue
This is nothing new. This has been the case for at least a decade. Phones use a fusion of (at least) 3 systems to get precise location data: GPS, cellular tower triangulation, and wifi network proximity. Devices without GPS and cellular are also able to get reasonably good location data in many places by using the databases of wifi network proximity.
Since your wifi network is stationary, it doesn't really reveal anything interesting -- it's not like tracking your movements with an airtag -- not the same thing at all. Randomly generating wifi BSSIDs doesn't 'fix' the issue (especially because it's not really an issue). This is also not really an OpenWrt topic... the article talks about appending a string to the end of the SSID -- this can be done on any wifi device and doesn't require any special techniques.
11. Conclusion In this work, we demonstrated the large-scale privacy threat presented by Apple’s WPS. A remote, unprivileged adversary, possessing only the knowledge of which parts of the MAC address space have been assigned by the IEEE, can quickly build a corpus of hundreds of millions of geolocated BSSIDs, spanning all seven continents and extending to even the most remote corners of the Earth. The ability to obtain this worldwide view of Wi-Fi AP distribution is a privacy vulnerability. Because people often move with their AP, querying a WPS for the same BSSIDs over time reveals when routers—and by proxy their owners—move. We demonstrated that this attack could be applied to individual users, such as travel router owners, as they move from location to location. We also showed that WPSes could be used to find sensitive equipment, like Starlink routers in Ukraine. There are practical steps to take to limit this vulnerability. WPS operators can limit access to their APIs, governments can legislate that their citizen’s devices not be used as geolocation landmarks, and users wary of tracking can be sure to not use the same AP at multiple locations. However, the most robust solution to this problem is to implement the same privacy protections that were implemented in mobile devices in Wi-Fi APs. BSSID randomization at each boot, or when the device changes locations prevents user tracking even in a world in which WPS operators permit open access to their APIs.
Ahhhh....good news because about ~10 years my AP is using the SSID appendix "_nomap" ...and yes, I know: All the twenty APs around me don't ;- )
Wouldn't it be better to add "_nomap" to your SSIDs, or even better: Do both measures?
One question about randomly generated BSSIDs: How "good" aka randomly are the OpenWrt generated MACs?
...but it helps to spread the word about the Apple AND Google opt-out in a network and/or security and/or privacy interested multiplier "influencer" group
Well, _nomap does not work at scale as you observed. And does not protect against accidental wardriver.
Addresses are random across full possible address space , /lib/functions/system.sh (base-files) plainly uses /dev/random in place of the flash partition offset to "extract" MAC address.
Also worth noting that MS currently doesn't recognize _nomap; their string is _optout and it can be anywhere in the ssid. so current best practice is probably appending _optout_nomap.
As for not working at scale, "Rye also praised the product security team at SpaceX for moving to address this issue quickly and implement BSSID randomization in their products.
"They had begun having some of their products implement BSSID randomization during our study in 2023, but sped up the implementation on all of their Starlink devices after we spoke to them," he said. "It's worth noting that this vulnerability wasn't caused by SpaceX (they have no control over what Apple or Google does), but they dealt with it promptly and the right way nonetheless."
"It's our position that BSSID randomization is the most robust defense against being tracked by a WPS, as generating a random identifier every time the device boots (or moves locations) will make it appear as a completely different device in a WPS.""
Add support for randomly generating a MAC address for a wifi-iface
instance by setting macaddr to random
When set to random, a new locally administered unicast MAC address
is generated and assigned to the iface everytime it is (re-)configured
To be clear, I didn't criticize you. I simply said that your question was out of scope for this forum.
The original question you asked was the phone operating as a hotspot. this is different than a guest phone joining a wifi network that is running OpenWrt (or for that matter, any firmware). That said, the same thing applies, but generally the guests joining your network are not adversarial and trying to track you. They know where you are since you have presumably invited them into your home and allowed them to connect to your wifi. The issue described in the OP and linked article is about the idea that someone could use the location services database to track wifi hotspots and their locations, thus potentially using this as a mechanism to track where people have gone when they move homes.
And the same goes for pretty much any stationary network (if OpenWrt is involved or not), regardless of the question of the potential tracker being your guest or some unknown entity nearby. Every phone with WLAN capability these days has integrated GPS/ GLONASS/ Galileo capability (and dedicated GPS modules are under 10 bucks), so it always knows where it (and in extension where you are) anyways. While BSSID triangulation can improve the precision of the location, it doesn't open new privacy concerns by itself (we can talk about how Apple/ Google and friends are gathering this information (and what they record in alongside), but that's another can of worms and distinct from MAC based geolocation techniques).
Or to look at it differently, what purpose would it serve you to remove the street number from your house?
as long as your neighbours still have it prominently on their houses
as long as your potential attacker still has GPS and mapping software on their phone
Randomizing MAC addresses for mobile clients does make sense, as that may make it harder for shops and others to track you and/ or to generate movement profiles by combining the data from many sources - and this may extend to using OpenWrt as a travel router (although that's already a different use case, as the travel router often is less mobile than your phone - and if you have to provide log in data of any kind to gain network access (hotel, Wifi voucher, etc.), the tracking happens nevertheless, regardless of the MAC addresses involved.
