09-27-2020, 02:14 AM
(09-26-2020, 02:41 PM)Humid Stylus Wrote: This thread got me curious so I replaced the url parameter of the geoclue.conf with my own server and made a simple script to read the POST:ed data and save it to a file. So far I have seen long lists of WiFi access points.
I believe it is very easy to fingerprint this data and follow someone around as WiFi networks would disappear one at a time and others appear. This is more information than I like to share with Mozilla or any of it's partners.
I'm ok with using GPS and it is not clear to me if geoclue is needed for that or not but the setting the url to http://127.0.0.1 should atleast keep external parties out of the loop. As an extra precaution one might also blacklist the known location services in the local DNS resolver to add another layer of defence.
Thats really good detective work, wish I had the knowledge to set up a test like that myself.
Would be really interesting to know if changing the setting:
Code:
# Enable WiFi source
enable=falsewould stop all data collection of WiFi access points as you described in your first paragraph. Also besides the BSSID is there other information being sent along as well? Say for example the MAC address of the different APs?
