Home WiFi is now fully set up. Wired APs, minimum transmit power, fast transition, band steering, etc.

Ryan Castellucci :nonbinary_flag:

Neat seeing my phone seamlessly switch between access points as I walk around.

Then I realized I was observing that by tailing a log, and have now talked with my partner about retention policies.

Aris Adamantiadis :verified:💲Paid

@ryanc what WiFi hardware did you choose? I have netgear crap that I have to reboot when it's too warm in the cellar

Ryan Castellucci :nonbinary_flag:

Not sure how many people are aware, but enterprise WiFi systems can track your location, often to within a few meter radius.

Connected your phone to the WiFi at work? Theoretically they could just check the logs to see when you've gone to the toilet.

There's big money in this for retail.

Aris Adamantiadis :verified:💲Paid

@ryanc That and bluetooth. A colleague at previous workplace made experiments tracking BLE devices around the building to evaluate how bad it is for privacy...
They stopped and deleted everything because they captured a BT buttplug and they definitively didn't want to know anything about its owner.

Ryan Castellucci :nonbinary_flag:

@aris Rooted EnGenius EAP1300s. They're only 2x2 802.11ac wave 2 (electric boogaloo), but they're ceiling mounted, have official OpenWRT support, and will move several hundred megabits per second under normal conditions.

Aris Adamantiadis :verified:💲Paid

@ryanc Thanks, I might consider this when I'm switching

Ryan Castellucci :nonbinary_flag:

@aris They're currently like $40 refurbished on eBay, but might not continue to be available much longer.

Fully operational gator system

@ryanc They already do this, Target is known for doing this. They also track your phone's Bluetooth polling requests as well as the camera system being able to track you.

They can also track your eyes and have behavior monitoring, so they know when you notice a display or if you're about to steal something. They also own one of the largest crime labs.

Ryan Castellucci :nonbinary_flag:

@aris and my admin user -> ssh with root shell exploit for the vendor firmware is on github.

It probably works on some of the other devices from EnGenius.

Ryan Castellucci :nonbinary_flag:

@MontgomeryGator It's been widely done in retail for well over a decade, including monitoring "probe requests" that happen when the radio is merely on.

This is why Google and Apple added MAC address randomization, but it mostly doesn't help when you actually connect, because it'll keep using the same randomized address for the same network.

John Deters

@ryanc @MontgomeryGator iPhones have 3 settings for Private WiFi Address for each AP: off, fixed, or rotating. "Fixed" acts as you describe above, but "rotating" changes every time you connect/auth.

Uncoincidentally, "rotating" breaks a lot of guest-WiFi portals, so I end up using fixed more often than I'd like.

Ryan Castellucci :nonbinary_flag:

@targetdrone @MontgomeryGator Does "rotating" change the DUID and randomize/suppress the hostname?

Ryan Castellucci :nonbinary_flag:

@targetdrone @MontgomeryGator The sweet spot would be rotating after you haven't used a network for 24 hours.

Marc Haber

@ryanc What Vendor did you chose?

Ryan Castellucci :nonbinary_flag:

@Zugschlus I'm using second hand EnGenius EAP1300/EAP1300EXT acces points.

I guess I ought to do a blog post about my home network setup?

Marc Haber

@ryanc I would be the first reader.

Ryan Castellucci :nonbinary_flag:

@Zugschlus These were just about the only option for smoke detector style ceiling mount that can run mainline OpenWRT.

Ryan Castellucci :nonbinary_flag:

@Zugschlus Did you see the MDF photos I posted a few weeks ago?