Wi-Fi Sniffing Lets Researchers Build Graph of Offline Social Networks

angry tapir writes "The probe requests emitted by a smartphone as it seeks a Wi-Fi network to connect reveal the device's manufacturer thanks to its MAC address. This can offer some information about a crowd of people by looking at the breakdown by device brand. However, because some OSes include a preferred network list (PNL) in their probes, it may be possible to use Wi-Fi sniffing to infer even more information about a group of people by looking for common SSIDs, and potentially mapping them to known network locations (PDF). A group of Italian researchers has been looking at ways to use the information in probe requests to analyze the social connections of crowds." The idea being that if you share preferred networks (especially ones only seen infrequently) you are more likely to be socially connected.

McDonalds WiFi SSID

[EMG at MU]

Let me guess, if you share that preferred network you might be part of the overweight social circle?

Do strip joints have WiFi? That would be another interesting social circle. Now you can know who in the office likes to kick back and watch the talent.

Re:

[davester666]

...or is the talent...

Re:

[cheater512]

Technically they stored captured data accidentally.
These guys aren't looking at transmitted data, just who is transmitting.

Yeah right

[Fnord666]

Like anyone is using their real MAC address anyway.

Re:

[X0563511]

Newsflash: people still use the accounts they registered when they were teens or children.

Re:

[Hadlock]

You can pry my AIM Screenname created in 1995 from my cold, cramped and carpal tunnel syndrome'd hands.

Illegal

[Solandri]

Didn't you get the memo? The courts think sniffing open wifi networks is a violation of wiretap laws [slashdot.org].

Re:

[Lashat]

They be Italian types...arrr.

Re:

[stenvar]

But... but... I thought European privacy protections were supposed to be so strong. Wasn't that why Google was demonized in Europe so much for their (rather innocent) WiFi capture?

Re:

[semi-extrinsic]

There's Europe, and then there's Europe. The southern countries, and Italy and Greece in particular, are much closer to the US in terms of low consumer rights, low median income and high unemployment than the northern countries are.

Re:

[stenvar]

Here's one set of income data, but you can check plenty of others if you like:

http://www.oecdbetterlifeindex.org/topics/income/ [oecdbetterlifeindex.org]

Norway is doing quite well, of course, but Norway is a xenophobic oil- and resource-rich country of 5 million that stays out of the EU because it knows the EU would suck its wealth away in a heartbeat.

As for consumer rights, where do you think they came from? The Pope? Adorno (as if you'd know who that is)? The EU? Norwegian trolls like you? Find out some time.

Maybe you should go be

Re:

[semi-extrinsic]

If you read my original post, I said median income, not average. The average income in the US is 40% higher than the median income, in large part because the top 4% earn above $ 200,000 per year.

Re:

[stenvar]

If you read my original post, I said median income, not average.

If you read my post, you'd see that I told you to go out and do some research before spouting the kind of nonsense that you did. I'm still telling you that; if you actually do, you'll find that your statements are ludicrous, median or mean.

in large part because the top 4% earn above $ 200,000 per year.

Yes, people like skilled software developers, biomedical researchers, entertainers, commercial artists, doctors, lawyers, professors, etc. make t

Re:

[Anonymous Coward]

Typical for an American to think that the US == the world.

Re:

[detritus.]

Irrespective of whether Google should be liable for legal damages, there's a big distinction between logging 802.11 proble requests with a source MAC address and actual content of communications between two entities. The issue for Google was specifically logging unencrypted data as it channel hopped and dumped the traffic into presumably pcap files. I think it's a question of the scope of what you're logging.

snoopin in places I didn't know I had places

[Iamthecheese]

These scurvy snoops be too interested in things that don't concern them. Must I hide not only me mac, computer name, browser type, and personal information but local network addresses as well? I'm really tired o' puttin' up new curtains. Me treasure maps will be well hid no matter how I have to do it but I'm wanting to put me wooden leg up some CEO asses.

Re:

[djradon]

Arrr, ye must hide PDL, cookies, MAC addy, IP address, hostname, and browser fingerprint. In Soviet Russia 2022, everybody knows everybody's treasure.

Re:

[cheater512]

Except that puts you in the dumbass social circle and get targeted ads for Honey Boo Boo and similar things.

Re:

[X0563511]

I'm not sure I understand how a webserver is supposed to know what your SSID is, or even that you're using wifi.

Hah

[Richy_T]

This is why I keep my phone under my tinfoil hat.

my apartment

[slashmydots]

There's one SSID called "secret government wifi" with inappropriate emoticons and such after it. While there is only one, I can tell you that in reality most of the other residents are douchebags too. So it's actually not that accurate of a method.

Turn off Wi-Fi automatically in Android

[MOSFET Explosion]

There's a couple of apps for Android that can automatically turn on and off wifi depending on you're location. The one I ended up with was Llama [google.com]. It uses cell tower IDs to identify your areas (home, work, etc.) and then you select various actions that activate when entering or leaving those areas (such as turning on/off wifi, bluetooth, changing ringer volume, etc.)

Re:

[semi-extrinsic]

+1 for Llama. I use it to turn my phone to silent at work, and then the sound back on again when I leave work. Also, why do people leave their wifi on? I always do: unlock screen, turn on wifi, do whatever, turn off wifi, lock screen. Gets me almost 20% increase in battery life (Android 2.3).

Another example of data "leakage"

[WuphonsReach]

Eh, the better question is "why does your computer leak data other then the MAC address"? Which is exactly what the PNL (preferred network list) is doing.

Sure, it might save battery life, but information leakage like that should be off by default.

Re:Another example of data "leakage"

[jrumney]

Because some people configure their access points to not broadcast the SSID in the misguided belief that they can add a layer of security by doing that, devices will actively try to connect to networks that they cannot see. So anyone anywhere can see your device periodically trying to connect to every network that it is configured to connect to automatically. This doesn't save battery life, if anything it uses more than sitting passively listening for known networks would, but the idiocy of hidden SSIDs is widespread enough that it is necessary for WiFi to just work for mobile devices.

Re:

[semi-extrinsic]

According to this [taddong.com], Android only broadcasts a partial PNL: it sorts network into those you added from the scanning list and those you have configured manually. It assumes that all SSIDs configured manually are hidden ones, for which it must broadcast the PNLs. So if you have never added a network manually on your Android phone, the PNL broadcast list is empty.