Risk of always leaving Wi-Fi on?

optic-chiasm

Since there is per connection MAC address randomization, how does this become an issue to always leave your Wi-Fi on, even if you are not using it?

Revliss

One could fake you previously connected access points, tricking your phone to connect to it. Once within the local network it becomes easy to start recording outbound connections, sending payloads, etc... Moreover, sometimes you simply want to hide or be offgrid, a WiFi signal is trackable if you are in a forest, randomisation or not.

de0u

Revliss One could fake you previously connected access points, tricking your phone to connect to it. Once within the local network it becomes easy to start recording outbound connections, sending payloads, etc...

It would be possible to trick a phone into trying to connect, but successful impersonation would require the impersonator to know the Wi-Fi network's password. So an impersonator would not be able to track outbound connections because they wouldn't happen, unless the impersonator were impersonating a public Wi-Fi network and the device is configured to make those outbound connections via public Wi-Fi networks.

Revliss Moreover, sometimes you simply want to hide or be offgrid, a WiFi signal is trackable if you are in a forest, randomisation or not.

If the phone is not configured to attempt connection to open Wi-Fi networks, there shouldn't be a significantly trackable "Wi-Fi signal". It is true that running a receiver results in some leakage, but tracking that from any distance would require specialized equipment, and that leakage would be very difficult to tie to a specific device.

It is a common misunderstanding that Wi-Fi clients routinely identify themselves by sending connection requests to known networks even if they don't hear them. This is true only for clients that have saved network information for "hidden" (non-beaconing) access points, which are generally not recommended. Paradoxically, people concerned about being tracked through their Wi-Fi activity should avoid "hidden" Wi-Fi networks, or at least should be very careful to turn Wi-Fi off. In general, "hidden" Wi-Fi networks pose privacy risks rather than increasing privacy.

de0u

Revliss a WiFi signal is trackable if you are in a forest, randomisation or not.

de0u If the phone is not configured to attempt connection to open Wi-Fi networks, there shouldn't be a significantly trackable "Wi-Fi signal". It is true that running a receiver results in some leakage, but tracking that from any distance would require specialized equipment, and that leakage would be very difficult to tie to a specific device.

Revliss If by expensive speciqlied hardware you mean a 30$ RTL-SDR, than yes.

If it is possible to cite a report about tracking people through a forest by detecting passive Wi-Fi leakage with a $30 SDR receiver, I suspect that would be of interest to readers of this forum.

Buffering

I'm pretty sure stores use it to track your movements throughout the store. I was in Costco one day and somehow they sent a push notification message to my phone (Pixel with GoS) to connect to their wifi. To this day I couldn't figure out how they did it. Note: I don't have any Costco Apps and never connected to their wifi before. From that point on I setup GoS to auto turn off my wifi when I leave the house.

de0u

Buffering I was in Costco one day and somehow they sent a push notification message to my phone (Pixel with GoS) to connect to their wifi. To this day I couldn't figure out how they did it.

See: Settings, Network & internet, Internet, Network preferences, "Notify for public networks". If that is on then GrapheneOS may display a notification about the presence of a public Wi-Fi network. That is not a "push notification" and it is not from the network operator. If network randomization is on it is possible to track within the store within a single visit but not to associate across visits.

Revliss

Public open networks generally have the same name across the city or country in some cases. So if you connect to your local library in another neighborhood and the impersonator simply tries randomly to copy the library SSID, a few dozen phones would connect.
If by expensive speciqlied hardware you mean a 30$ RTL-SDR, than yes.
That coso thing is scary and it has happened to me with a random open network on GOS recently. I was very surprised.

de0u

Revliss Public open networks generally have the same name across the city or country in some cases. So if you connect to your local library in another neighborhood and the impersonator simply tries randomly to copy the library SSID, a few dozen phones would connect.

I expect that some phones would indeed connect. I also suspect that the phones of many users of the GrapheneOS forum would make a quick connectivity check and one outgoing VPN connection and then everything else would go through that. And most devices without a VPN would still be fairly protected by TLS: a fake network provider would see connections to WhatsApp, YouTube, etc., but not much of interest.

Revliss That coso thing is scary and it has happened to me with a random open network on GOS recently. I was very surprised.

Users who find the behavior of "Notify for public networks" alarming may wish to disable it (and/or may wish to turn Wi-Fi off).