Is hiding your home SSID actually a privacy flaw (broadcasting yourhome SSID at public hotspots)?

SUMMARY:
* Hiding your home SSID (apparently) violates your public hotspot privacy!

WinXP SP3 WZC clients "configured to connect to non-broadcast networks
are constantly disclosing the SSID of those networks, even when those
networks are not in range!"

REQUEST:
Can/would the intelligentsia on alt.internet.wireless (Jeff Lieberman
perhaps?) comment on whether that statement has merit based on what I
just read at technet.microsoft.com (quoted above & reference at the end
of this post).

BACKGROUND:
We all well know that hiding my home-network broadcast SSID does not
effectively increase my home-network privacy or security (so we do not
need to belabor that concept in this thread).

However, I did not (until now) realize that hiding my home-network SSID
might actually REDUCE my public hotspot privacy (i.e., away from home!).

PROBLEM:
According to the reference article, the WinXP SP3 WZC client is
"periodically disclosing its set of preferred non-broadcast wireless
networks".

Therefore, my epiphany goes, the "bad guy" could easily determine my home
network SSID from my single visit to a local public hotspot and, with
enough determination, correlate my preferred non-broadcast wireless
networks to my laptop computer (even if I've changed my MAC address,
hostname, username, proxy server, and SSH tunnel, daily).

QUESTION:
Is it true that hiding the SSID in one place actually broadcasts it in
all others?

That is, by turning of my wireless router SSID broadcast at home, am I,
in effect, now broadcasting that SSID at every public hotspot I
subsequently visit with my WinXP SP3 laptop computer?

REFERENCE:
Why Non-broadcast Networks are not a Security Feature
* http://technet.microsoft.com/en-us/l.../bb726942.aspx

Notes:
* I do realize that the realm of "privacy" protection entails a
thoughtful multi-layered approach, including proxys, SSH tunneling, TORs,
encryption, spoofing, etc.

Therefore, I request the astute advice from the team stay on the specific
topic of whether or not hiding the SSID on your home wireless router
actually broadcasts that SSID at all hotspots on your WinXP SP3 laptop.

On Wed, 16 Feb 2011 21:25:47 +0000, Aaron FIsher wrote:
> That is, by turning of my wireless router SSID broadcast at home, am I,
> in effect, now broadcasting that SSID at every public hotspot I
> subsequently visit with my WinXP SP3 laptop computer?

I don't think modern Linux distributions automaticaly probe by shouting
the service set identifier.

I believe Linuxes only probe if you manually attempt to connect to a
hidden network via the network connections pulldown menu.

So your privacy solution is to switch from Windoze to something like
Ubuntu.

On Wed, 16 Feb 2011 21:25:47 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>REQUEST:
>Can/would the intelligentsia on alt.internet.wireless (Jeff Lieberman
>perhaps?) comment on whether that statement has merit based on what I
>just read at technet.microsoft.com (quoted above & reference at the end
>of this post).

Spell my name correctly and I promise not to bite your head off. Full
moon Friday night and I'm already getting hungry.
<http://802.11junk.com/jeffl/pics/jeffl/slides/jeffl-wolf.html>

>PROBLEM:
>According to the reference article, the WinXP SP3 WZC client is
>"periodically disclosing its set of preferred non-broadcast wireless
>networks".

Sigh. Yes, WZC and probably some other wireless clients try to
connect to the preferred network SSID first. Since encryption is
established AFTER the initial association with the access point, the
SSID is contained inside the association request frame and is NOT
encrypted. See:
<http://www.wi-fiplanet.com/tutorials/article.php/1447501/Understanding-80211-Frame-Types.htm>
However, once your laptop associates successfully with the coffee shop
access point, all such broadcasts cease. Should your laptop go into
standby, when it wakes up, it will NOT try to connect to the preferred
SSID, but instead try to reconnect to the previous SSID (the coffee
shop hot spot). Incidentally, this algorithm is the source of the all
too common problem of coming home and discovering that your laptop
still things it's at the coffee shop, and will not connect to your
home network until you scan for networks and intentionally connect to
your home SSID.

>Therefore, my epiphany goes, the "bad guy" could easily determine my home
>network SSID from my single visit to a local public hotspot

Yep, he could. He would need to know your laptops MAC address in
order to filter the traffic to just see your connection requests.
That's not too difficult but you could easily change your MAC address
for the ocassion and drive the sniffer nuts.

>and, with
>enough determination, correlate my preferred non-broadcast wireless
>networks to my laptop computer (even if I've changed my MAC address,
>hostname, username, proxy server, and SSH tunnel, daily).

Nope. The only things that can be sniffed are the MAC address of your
wireless contrivance and your preferred SSID. All the other junk only
becomes useful after successful association with the access point.

However, hiding your SSID is nothing more than security by obscurity.
Same with juggling your MAC address. It creates more obstacles to
overcome, but doesn't actually add much to your overall security. It's
like the username and password problem. It's generally assumed that
the username (or login name) is generally accessible or guessable.
Only the password needs to be secure. It's the same with wireless.
The ONLY thing that needs to be secure is the WPA2 pass phrase. You
can post all the other info on a sign outside your house and without
the WPA2 pass phase, nobody will be able to do much with your wireless
connection.

The whole issue is not terribly relevent because it's easy to sniff
the association/dassociation and authentication/deauthentication
frames, which contain the access point SSID. If I wanted to break
into your home wireless system, I wouldn't do so at a coffee shop. I
would do it at your home.

If you want to go witch hunting for privacy issues, start by getting
rid of all the Post-it notes on your monitor. Most of them probably
contain various passwords. After that, consider how many machines
have your WPA2 pass phrase on them. Ask yourself how many of those
machines have been in the hands of evil hackers like myself. Then
read about recovering the hash codes for WPA2 access from these
machines.
<http://www.nirsoft.net/utils/wireless_key.html>
Give me a few minutes with your laptop and your WPA2 key is mine. Have
you left your laptop unattended and in the presence of known hackers?
Start worrying. All it takes is about 5 seconds and a USB memory
thing with an autorun.inf file setup to extract
HKLMACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\In terfaces\*
keys from your registry and your shared key is all mine.

Want a fix? Start thinking about NOT using a pre-shared key, but
using a server assigned (RADIUS) delivered key. Each is unique for
each session, and each user. There's nothing saved on the laptop. You
will need a RADIUS server, or RADIUS service provider, a login, and
yet another password.

>QUESTION:
>Is it true that hiding the SSID in one place actually broadcasts it in
>all others?

No. If you did NOT hide your SSID, and broadcast it regularly so that
your neighbors don't land on top of your network and spew trash on the
channel you're using, then when you arrive at the coffee shop, your
laptop will still try to initially connect to the saved preferred
SSID. In other words, you have the same problem with or without a
hidden SSID.

>Why Non-broadcast Networks are not a Security Feature
>* http://technet.microsoft.com/en-us/l.../bb726942.aspx

Actually, a very nice article on some obscure issues some of which I
hadn't considered.

>Notes:
>* I do realize that the realm of "privacy" protection entails a
>thoughtful multi-layered approach, including proxys, SSH tunneling, TORs,
>encryption, spoofing, etc.

Security and privacy are similar but not identical. Security is
preventing anyone from entering your network and then playing tourist.
Privacy is preventing anyone from determining how much ****o or warez
you're downloading on your wireless network.

>Therefore, I request the astute advice from the team stay on the specific
>topic of whether or not hiding the SSID on your home wireless router
>actually broadcasts that SSID at all hotspots on your WinXP SP3 laptop.

"...broadcasts that SSID at all hotspots..." is kinda misleading.
Broadcasts are never aimed at a particular device. They're sent to
anyone or anything that's listening. They're not intended to be
hidden, secret, protected, encrypted, private, or obscured.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

On Wed, 16 Feb 2011 21:28:11 -0800, Jeff Liebermann wrote:
> Spell my name correctly ...

Ouch. < embarrassed > Mea culpa. Two f's; two n's. Sorry. Thanks Jeff.

> ... encryption is established AFTER ... initial association
> ... the SSID is ... is NOT encrypted.
> See: Understanding-80211-Frame-Types.htm [by Jim Geier]
> ... once your laptop associates successfully ...
> ... all such broadcasts cease ...
> ... ... ... ... ... ... ... ... ...
> ... If you did NOT hide your SSID...
> ... then when you arrive at the coffee shop
> ... your laptop will still try to initially connect ...
> ... to the saved preferred SSID.
> ... you have the same problem with or without a hidden SSID

Interesting. I did not realize the laptop wireless client, whether Linux
or Windoze, will always send initial probes shouting out the preferred
SSID of its previous connection (whether or not the previous router
connection hid the SSID broadcast).

I also did not realize that all this shouting (i.e., probing) is in the
initial stages only. That is, when connected at the public hotspot, the
home (hidden or not) SSID is no longer disclosed to all.

While I realize hiding your home SSID at a public hotspot is only a very
minor step toward privacy (security by obscurity) ... I guess the next
step ... if I am to continue in this vein ... is for me to try to figure
out a way NOT to shout "any" SSID whatsoever, when I go to a public
hotspot.

Or, if I'm going to shout an SSID no matter what, how to get the laptop
(dual boot, Windoze or Linux) to shout, in effect, a random SSID in its
initial probes.

> ... The only things that can be sniffed are the MAC address...
> ... and your preferred SSID ...
> ... The ONLY thing that needs to be secure is the WPA2 pass phrase.

I don't disagree with you Jeff (that the WPA2 passphrase is paramount).

But I am still striving to figure out how to (at least) hide the home SSID
shouting (i.e., probing) at the subsequent public hotspot.

> ... privacy issues, start by getting rid of ... the Post-it notes
> ... consider how many machines have your WPA2 pass phrase on them
> ... how many of those machines have been in the hands of evil hackers
> ... read about recovering the hash codes for WPA2 access
> See: http://www.nirsoft.net/utils/wireless_key.html
> ... Give me a few minutes with your laptop and your WPA2 key is mine.

Yikes! I presume that also works from a few feet away at a public hotspot,
especially one which is "open" and unencrypted! < scared >

> Want a fix? ... using a server assigned (RADIUS) delivered key
> ... There's nothing saved on the laptop. ...
> You will need a RADIUS server, or RADIUS service provider

I have your basic Linksys WRT54G wireless router, which, from the
documentation, says it supports "RADIUS server".

All my wireless clients support WPA2 so I will do some research to see if/
how that's all I need to set up my home WRT54G as a RADIUS server.

In summary:
* I had not realized the last-connected SSID was always shouted (probed)!
* I did not know this last-connected preferred SSID probe stopped after
the initial connection at the public hotspot.
* I have more reason to research how to PREVENT the last-connected SSID
from being shouted (under all public hotspot circumstances), if possible.
* And, I have more reason to see if the Linksys WRT54G can be set up at
home as a RADIUS server!

On Wed, 16 Feb 2011 21:28:11 -0800, Jeff Liebermann wrote:
> See: Understanding-80211-Frame-Types.htm [by Jim Geier]

Hi Jeff Liebermann and others,

I read the suggested article (over and over). Then I tried to organize
what (I think) it says specifically about disclosure of the previously-
connected service set identifier (SSID) into the typical sequence of
events.

For a typical unencrypted browser-authenticated public wireless hotspot
access point (AP) connection, did I get the scenario below correct,
specifically with respect to discloser of the previously-connected home
SSID?

a. Good guy disconnects from home network (which had SSID = home_ssid).
b. Good guy drives to "open" public hotspot (which has SSID = open_ssid).
c. Good guy powers up dual-boot laptop with an 802.11 radio NIC.

A. AP periodically sends "beacon frames" disclosing its "open_ssid".
B. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid".
C. However, in most cases, "open_ssid" is not (yet) the "preferred SSID".

Firstly ...
1. Radio NIC sends a single "authentication" frame disclosing the NIC MAC.
2. Hotspot AP responds with a single authentication acceptance frame.

Unfortunately ...
3. Radio NIC sends an "association request" to the hotspot access point.
4. This request shouts out the "preferred SSID", namely "home_ssid"!
5. AP sends an "association response frame" rejecting that request.

Meanwhile ...
I. AP periodically sends "beacon frames" disclosing its "open_ssid".
II. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid".

Confusingly ...
6. Radio NIC sends a "probe request" frame to all access points in range.
7. AP replies with a probe response frame (does this contain an AP SSID?).

Finally ...
8. Radio NIC sends an association request frame with the correct AP SSID.
9. This request shouts out the new preferred SSID namely "open_ssid".

Then ...
10. AP receives the request, for "open_ssid", and accepts that request.
11. AP allocates resources & establishes an association ID for radio NIC.
12. AP sends an "association response frame" accepting that request.

So ...
13. The radio NIC can now "communicate" with the AP ethernet LAN.

Where ...
i. Data frames and acknowledgement frames are passed back and forth.
ii. Authentication is typically forced on port 80 of a web browser.
iii. Only now will OS, HOSTNAME, USERNAME & other data be disclosed.

In summary:
* I'm not sure what purpose or disclosures a "probe request" performs.
* The AP "beacon frame" does not seem to prevent previous-SSID disclosure!
* The radio NIC "probe request" first discloses the NIC MAC address.
* Sadly, the first NIC "association request" discloses the previous SSID!
* Only after receiving a negative association request from the AP, does
the radio NIC belatedly send out an association request that no longer
contains the previously used SSID!

Is my understanding (so far) correct?
If so, the quest will be to randomize the previously connected SSID!

Ooops. I sent that before it was ready.

Is this correct (yet)?

a. Good guy disconnects from home network (which had SSID = home_ssid).
b. Good guy drives to "open" public hotspot (which has SSID =
c. Good guy powers up dual-boot laptop with an 802.11 radio NIC.

A. AP periodically sends "beacon frames" disclosing its "open_ssid".
B. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid".
C. However, in most cases, "open_ssid" is not (yet) the "preferred SSID".

For starters ...
1. Radio NIC sends a single "authentication" frame disclosing the NIC MAC.
2. Hotspot AP responds with a single authentication acceptance frame.

Unfortunately ...
3. Radio NIC sends an "association request" to the hotspot access point.
4. This request shouts out the "preferred SSID", namely "home_ssid"! 5.
AP sends an "association response frame" rejecting that request.

Meanwhile ...
I. AP periodically sends "beacon frames" disclosing its "open_ssid".
II. Radio NIC scans all 802.11 radio channels & is aware of "open_ssid".

Confusingly ...
6. Radio NIC sends a "probe request" frame asking for AP information.
7. AP replies with a probe response frame (data rates, power, etc.).

Finally ...
8. Radio NIC sends an association request frame with the correct AP SSID.
9. This request shouts out the new preferred SSID namely, "open_ssid".

Then ...
10. AP receives the request, for "open_ssid", and accepts that request.
11. AP allocates resources & establishes an association ID for radio NIC.
12. AP sends an "association response frame" accepting that request.

So ...
13. The radio NIC can now "communicate" with the AP ethernet LAN.

Where ...
i. Data frames and acknowledgement frames are passed back and forth.
ii. Authentication is typically forced on port 80 of a web browser.
iii. Only now will OS, HOSTNAME, USERNAME & other data be disclosed.

In summary:
* The AP "beacon frame" does not seem to prevent previous-SSID disclosure!
* The radio NIC "probe request" first discloses the NIC MAC address.
* The first NIC "association request" discloses the previous SSID!
* Only after receiving a negative association request from the AP, does
the radio NIC belatedly send out an association request that no longer
contains the previously used SSID!

If correct, the quest will be to randomize the previously-connected SSID
so that it is no longer disclosed (as the "preferred SSID") in the first
radio NIC "association request".

On Thu, 17 Feb 2011 19:36:13 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>While I realize hiding your home SSID at a public hotspot is only a very
>minor step toward privacy (security by obscurity) ... I guess the next
>step ... if I am to continue in this vein ... is for me to try to figure
>out a way NOT to shout "any" SSID whatsoever, when I go to a public
>hotspot.

The part I don't understand is why you think disclosing the previous
SSID is a privacy or security concern. Can you explain that, please?

On Thu, 17 Feb 2011 19:36:13 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

Short reply. Busy today with customers and paper shuffling.

>Interesting. I did not realize the laptop wireless client, whether Linux
>or Windoze, will always send initial probes shouting out the preferred
>SSID of its previous connection (whether or not the previous router
>connection hid the SSID broadcast).

No, not always. You can disable the preferred network connection
feature in WZC. You can also switch to something better than WZC such
as Intel Proset (for Intel wireless cards only), and Buffalo or
various 3rd party connection managers.
<http://www.avanquest.com/USA/software/avanquest-connection-manager-107347>
<http://www.buffalotech.com/technology/buffalo-advantage/client-manager-3/>

>I also did not realize that all this shouting (i.e., probing) is in the
>initial stages only. That is, when connected at the public hotspot, the
>home (hidden or not) SSID is no longer disclosed to all.

Well, sorta. In the basic Windoze connection manager, the client
stops looking for other access points with which to connect once it
has associated with a single access point. That's not the case with
various seamless roaming schemes, where the client maintains a list of
prospective access point connections, and in some implimentations,
does a "pre-connect". This is roughly how 802.11r works:
<http://en.wikipedia.org/wiki/IEEE_802.11r-2008>

>I don't disagree with you Jeff (that the WPA2 passphrase is paramount).

Fine, but please realize that you're trying to fix a non-problem.
Also, please recognize that security and privacy are quite different.
Various encryption schemes were intended to insure security, not
privacy.

>> See: http://www.nirsoft.net/utils/wireless_key.html
>> ... Give me a few minutes with your laptop and your WPA2 key is mine.
>
>Yikes! I presume that also works from a few feet away at a public hotspot,
>especially one which is "open" and unencrypted! < scared >

Read it again. In order to use this (and other) WPA/WPA2 hash code
extraction tools, I would need to have access to several keys in your
registry. I can't do that via wireless. I have to be either at your
computer running the program, or at a my machine, after having
extracted the keys from your computer.

>> Want a fix? ... using a server assigned (RADIUS) delivered key
>> ... There's nothing saved on the laptop. ...
>> You will need a RADIUS server, or RADIUS service provider
>
>I have your basic Linksys WRT54G wireless router, which, from the
>documentation, says it supports "RADIUS server".

It's not that easy. There are a few routers that have built in RADIUS
servers. ZyXEL G-2000 Plus is one that has a built in PEAP server. In
general, you'll have to either build a Linux box running Free RADIUS,
or subscribe to an online service. I run two small online RADIUS
severs for my customers. I don't have an up to date shopping list,
but here's one Google found:
<http://www.nowiressecurity.com>
Hmmm... login using an email address. So much for privacy.

>All my wireless clients support WPA2 so I will do some research to see if/
>how that's all I need to set up my home WRT54G as a RADIUS server.

WPA2 is encryption which provides your main level of security. WPA
has been cracked for security, but WPA2 is still good with long pass
phrases.
<http://www.aircrack-ng.org/doku.php?id=cracking_wpa>

>In summary:
>* I had not realized the last-connected SSID was always shouted (probed)!

Not always. Just with automatic preferred connections and WZC. Other
connection managers may not do that. Dunno, and am too lazy to check.
<http://compnetworking.about.com/od/windowsxpnetworking/a/automaticwifixp.htm>

>* I did not know this last-connected preferred SSID probe stopped after
>the initial connection at the public hotspot.

Yep, but not if your client and network supports seamless roaming.

>* I have more reason to research how to PREVENT the last-connected SSID
>from being shouted (under all public hotspot circumstances), if possible.

Just turn off automatic preferred network connections and be done with
it.

>* And, I have more reason to see if the Linksys WRT54G can be set up at
>home as a RADIUS server!

Maintaining a RADIUS server is fairly easy. Building one from scratch
is not. However, it does solve the problem of having your pre-shared
key leaked, which is a very real security issue.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

On Thu, 17 Feb 2011 17:30:25 -0600, Char Jackson wrote:
> The part I don't understand is why you think disclosing the previous
> SSID is a privacy or security concern. Can you explain that, please?

Years ago, I wanted to send a nastigram to the head of my company about
what I thought about some, shall we say, questionable activities, within
the company.

Fearing for my livelihood, I researched, at the time, how to send email
anonymously on the web (this was well before public open hotspots were
common but after Yahoo and probably just around the time Gmail free mail
accounts existed).

A set of the tricks I learned in that search, to hide where the email
originated, was to change the MAC address, the host ID, the username, the
browser identification string, etc. of the company computer I was using
to send the email (yea, I know. Using a company computer was folly in the
first place ... but it was all I had at the time).

But, I had never thought about SSID's (actually, those days, I home
wireless routers were not common so I probably hadn't even heard of an
SSID).

From then, 'till now, I thought I knew what needed to be changed to
protect my identity when I needed to be anonymous.

I just realized that all the things I thought I knew about SSIDs are
wrong!

1. I thought I should pick an SSID that was hard to guess; now I realize
I should use something like "NETGEAR" or whatever is the most common SSID
out there!

2. I thought I should hide my SSID at my home router; now I realize I
should broadcast it (see #1 above) for all the world to see (since it's
getting broadcast everywhere I go anyway).

3. I thought only the MAC was disclosed to the router; but now I know the
SSID is also disclosed to the router (although both the MAC and the SSID
go no further than the router).

Losing privacy is by a thousand little things that track your identity or
your activities. Most of our privacy losses can't be prevented if we
first recognize that they exist - and then we take steps to safeguard
them.

Broadcasting your prior SSID is just one of these Orwellian flaws that
doesn't have to be.

On Thu, 17 Feb 2011 15:35:18 -0800, Jeff Liebermann wrote:
> You can disable the preferred network connection feature in WZC.

Hi Jeff,

Thanks for taking the time to help.

I "think" (but need to double check) that a "hidden" SSID has to be set
up as "preferred" for WZC to automatically connect at home. (But, I'll
need to actually test that out to be sure.)

> switch to something better than WZC such as Intel Proset (etc).

Finding & using smarter software is a good idea.

I'll have to see what works best on my dual-boot laptop so that the prior-
connection SSID isn't broadcast unnecessarily ... but ... the connection
to the router is still automatic.

> you're trying to fix a non-problem.
> security and privacy are quite different.

I do realize broadcasting your home SSID is a "small" privacy problem
(maybe even a "trivially small" privacy problem.

And, I do agree that security problems are much more important. Being a
WWII buff, I keep thinking about how both the Germans & Japanese thought
they were secure while we were reading their codes every day. They lost
the war, many people died, partly because they didn't think security was
worth their effort to look at from a different angle.

All I'm doing is looking at my hotspot privacy from a different angle. As
you've said many times, if I try to do to myself exactly what I'm trying
to prevent others from doing, I'll learn better how to protect myself.

> you'll have to either build a Linux box running Free RADIUS, or
> subscribe to an online service. I run two small online RADIUS severs
> for my customers.

Interesting. I live right near you. I should give you a call and see what
your company can do for me. It's 9pm so I won't bother you now (tomorrow
I'll call if that's your preferred method).

I will read, in detail, all the references you quoted and write back.

On Fri, 18 Feb 2011 04:50:09 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>On Thu, 17 Feb 2011 17:30:25 -0600, Char Jackson wrote:
>> The part I don't understand is why you think disclosing the previous
>> SSID is a privacy or security concern. Can you explain that, please?
>
>Years ago, I wanted to send a nastigram to the head of my company about
>what I thought about some, shall we say, questionable activities, within
>the company.
>
>Fearing for my livelihood, I researched, at the time, how to send email
>anonymously on the web (this was well before public open hotspots were
>common but after Yahoo and probably just around the time Gmail free mail
>accounts existed).
>
>A set of the tricks I learned in that search, to hide where the email
>originated, was to change the MAC address, the host ID, the username, the
>browser identification string, etc. of the company computer I was using
>to send the email (yea, I know. Using a company computer was folly in the
>first place ... but it was all I had at the time).
>
>But, I had never thought about SSID's (actually, those days, I home
>wireless routers were not common so I probably hadn't even heard of an
>SSID).
>
>From then, 'till now, I thought I knew what needed to be changed to
>protect my identity when I needed to be anonymous.
>
>I just realized that all the things I thought I knew about SSIDs are
>wrong!
>
>1. I thought I should pick an SSID that was hard to guess; now I realize
>I should use something like "NETGEAR" or whatever is the most common SSID
>out there!
>
>2. I thought I should hide my SSID at my home router; now I realize I
>should broadcast it (see #1 above) for all the world to see (since it's
>getting broadcast everywhere I go anyway).
>
>3. I thought only the MAC was disclosed to the router; but now I know the
>SSID is also disclosed to the router (although both the MAC and the SSID
>go no further than the router).
>
>Losing privacy is by a thousand little things that track your identity or
>your activities. Most of our privacy losses can't be prevented if we
>first recognize that they exist - and then we take steps to safeguard
>them.
>
>Broadcasting your prior SSID is just one of these Orwellian flaws that
>doesn't have to be.

I read your story twice, thanks for sharing. The part I don't get is
what kind of information is contained within the SSID that you're
trying to protect? Does your home SSID consist of your name, your
address, your SSAN, your phone number, or basically any other bit of
personally identifiable information? When I look around my
neighborhood, I see a bunch of linksys, Netgear, Belkin, and 2Wire
SSID's, but nothing that I would be embarrassed or unwilling to share
at another physical location. I guess I'm just not understanding your
concern here.

On 2/17/2011 9:06 PM, Aaron FIsher wrote:
> On Thu, 17 Feb 2011 15:35:18 -0800, Jeff Liebermann wrote:
>> You can disable the preferred network connection feature in WZC.
>
> Hi Jeff,
>
> Thanks for taking the time to help.
>
> I "think" (but need to double check) that a "hidden" SSID has to be set
> up as "preferred" for WZC to automatically connect at home. (But, I'll
> need to actually test that out to be sure.)
SNIP

I also fail to see the issue. First, in a local hot spot, they would
have to know who you are. Second, they would need to know where you
live (or where your WAP is located.) Then perhaps they could associate
your email... no, not if you changed the MAC address and other wise
spoofed the header.

One thing you can do to minimize the security worry is simply turn off
the WAP when you are not using it. That way if someone at the local hot
spot knew you, and sniffed your SSID, then went to your street, they
would find...nothing. (Except the neighbor's unsecured WAP.)

Just in case you are using your WAP as the main router in your network,
perhaps you should use a wired router, and only have the WAP used as the
wireless connection (not doing DHCP or other tasks).

In article <ijktq0$mni$1@four.albasani.net>,
Aaron FIsher <aaronfischer@sbcglobal.net> wrote:

> Fearing for my livelihood, I researched, at the time, how to send email
> anonymously on the web (this was well before public open hotspots were
> common but after Yahoo and probably just around the time Gmail free mail
> accounts existed).

Good grief.

Did you never hear of anonymous remailers?

https://dizum.com/help/remailer.html

(the certificate is broken, but this is a trusted site; a "bastion" as
we say; or at least, as we used to say)
--
If you could teach a cat to dance,
you'd never have to leave the house.
-- Pat Sajak

On Thu, 17 Feb 2011 23:51:19 -0600, Char Jackson wrote:
> Does your home SSID consist of your name, your address, your
> SSAN, your phone number, or basically any other bit of personally
> identifiable information?

It's a valid question.

I was always told to both hide my SSID and make it hard to guess.

So, I use a unique SSID.

Your question is valid whether my SSID in and of itself discloses
personal information. It does not. It is unique though.

So, let's say I sent that email to my company president.

And, let's say (by social engineering of the contents), they had a pretty
good idea of who had sent it (as is often the case when such information
is disclosed). So, they know where I live. And, by virtue of that fact,
they know my home SSID (easy enough to obtain).

Now, they sit in the local hotspot a quarter mile from the company HQ and
see me coming (they also know what I look like). They sniff and see the
same (unique) SSID. Pretty much they know it's the same computer that
sent that email (if they comb the logs of the router).

I do agree that a lot of little things have to line up but the point is
that just recognizing a privacy loophole is the very first step to
plugging it up.

The fact that my unique SSID can be associated with my home (easily
enough at any time, day or night, 24/7) and at a public hotspot (with
admittedly some forethought on the part of the bad guy) was unknown to me
just a couple of days ago.

Now that it is known to me, I think some of the steps I'll do are:
- Broadcast my home SSID
- Make it something VERY common (such as NETGEAR)
- As always, I'll put it on a different channel than other routers nearby
- As always, I'll check first to see if the same name is in use locally

Then, when I go to a hotspot, the SSID that is first shouted out before
connecting will be indistinguishable from many others and not tied
specifically to my home address.

On Fri, 18 Feb 2011 18:15:26 -0500, Warren Oates wrote:
> Did you never hear of anonymous remailers?

Yes. Google is as good as any anonymous remailer (as it doesn't disclose
your IP address). A court order, of course, would reveal your IP address;
but that IP address would be of the hotspot.

The hotspot logs would contain ... hmmm ... what DO the hotspot logs
contain?

Potentially the hotspot log files could contain:
* Your MAC address
* Your SSID first broadcast (do they log this stuff?)
- and, once you connect to the web authentication system ...
* Your OS, browser, username, hostname, and other identifying information

That brings up an interesting question.

Does anyone know what information hotspots keep in their log files?

On Fri, 18 Feb 2011 14:10:27 -0800, Rich Johnson wrote:

> in a local hot spot, they would have to know who you are.
> Second, they would need to know where you live

I'm assuming they have an idea, from the social de-engineering of the
communications, that they know all too well whom they're looking for.

Therefore, they already know where you live.
And, they might even know what hotspots you frequent.

Certainly they can draw a circle around where you live to find the most
convenient hotspots that you might frequent.

Then, the theory goes, it would be as simple as checking the hotspot log
files and crisscrossing the details. (I have no idea though what hotspots
log!)

Now, I realize that this sounds kooky - but the point isn't really trying
to run from Big Brother as much as it is just realizing what is happening
and very simple effective steps to prevent it.

Fact: Your last SSID is disclosed by your NIC at a local hotspot

Danger? Maybe there is very little danger to that. But, at the least,
it's good to know that BOTH your MAC and last-connected SSID are
disclosed at local hotspots.

Now, the question is what information does a hotspot actually log?

On Fri, 18 Feb 2011 14:10:27 -0800, Rich Johnson wrote:

> One thing you can do to minimize the security worry is simply turn off
> the WAP when you are not using it.

That is a great idea. And, I will make more use of that now that I know
that your radio NIC is constantly broadcasting both your MAC (which I
knew) and your last-connected SSID.

BTW, thinking like "the bad guy", I can see a way to gain data about
someone.

Let's say I go to the same hotspot every Monday at 8am for coffee.
Let's say the guy in the black hat knows this and he wants to also know
where I was the previous Sunday. If he simply arrives at my local hotspot
at 7:55am on Monday and sniffs my communications, he has my previous
connection, the night before, whatever that was.

So, it's one more dot he connects. For free.

> Just in case you are using your WAP as the main router in your network,
> perhaps you should use a wired router, and only have the WAP used as the
> wireless connection (not doing DHCP or other tasks).

I don't understand this suggestion. I have only one router, so, yes, I'm
using it as the only router in the network.

Are you suggesting I buy a second router. Wire that second router to the
first router, and then connect wirelessly to that second router?

On Sat, 19 Feb 2011 00:20:31 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>On Thu, 17 Feb 2011 23:51:19 -0600, Char Jackson wrote:
>> Does your home SSID consist of your name, your address, your
>> SSAN, your phone number, or basically any other bit of personally
>> identifiable information?
>
>It's a valid question.
>
>I was always told to both hide my SSID and make it hard to guess.

I believe those instructions are misguided. It's trivial to discover a
hidden SSID, so the question becomes, is there value in hiding it?
Most sources say no, so the obvious follow-up question is, is there
value in broadcasting it? Most sources say yes, as it reduces the
chance of someone stomping on it. Therefore, since you should be
broadcasting it, the part about making it hard to guess becomes
irrelevant.

>So, I use a unique SSID.

Unique is good, IMO, but your aim seems to be to disappear into the
woodwork, so in your case perhaps unique isn't as good.

>Your question is valid whether my SSID in and of itself discloses
>personal information. It does not. It is unique though.

I'm going to snip your post here and simply say that I don't share
your view that disclosing a previous SSID is a security or privacy
breach. That's just my opinion, though, and shouldn't sway you,
especially since I may be overlooking something.

Good luck. I return you to your endeavors.

On 2/18/2011 4:49 PM, Aaron FIsher wrote:
> On Fri, 18 Feb 2011 14:10:27 -0800, Rich Johnson wrote:
>
>> One thing you can do to minimize the security worry is simply turn off
>> the WAP when you are not using it.
>
> That is a great idea. And, I will make more use of that now that I know
> that your radio NIC is constantly broadcasting both your MAC (which I
> knew) and your last-connected SSID.
>
> BTW, thinking like "the bad guy", I can see a way to gain data about
> someone.
>
> Let's say I go to the same hotspot every Monday at 8am for coffee.
> Let's say the guy in the black hat knows this and he wants to also know
> where I was the previous Sunday. If he simply arrives at my local hotspot
> at 7:55am on Monday and sniffs my communications, he has my previous
> connection, the night before, whatever that was.
>
> So, it's one more dot he connects. For free.
>
>> Just in case you are using your WAP as the main router in your network,
>> perhaps you should use a wired router, and only have the WAP used as the
>> wireless connection (not doing DHCP or other tasks).
>
> I don't understand this suggestion. I have only one router, so, yes, I'm
> using it as the only router in the network.
>
> Are you suggesting I buy a second router. Wire that second router to the
> first router, and then connect wirelessly to that second router?
>
Yes.

In my network, I have a wired router as the main router. My wireless
router is simply the access point for wireless connections. As an
example your wired router would be the DHCP server, and likely have the
address of 192.168.1.1. The wireless router on the network would
connect into the wired network, and that router's address would be
192.168.1.253. It would have DHCP disabled and would be simply a
connection into your network. (Of course WPA2 and no SSID would be used
too.)

That way if you have other computers, wired on the network as I do, then
you can work at home without the wireless unit on, unless you have to do
something with a wireless PC. (Like go outside, or sit in the lazy
chair and use the laptop.)

On Sat, 19 Feb 2011 00:30:07 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>Now, the question is what information does a hotspot actually log?

Most public hot spots don't log anything. Nobody wants to sift
through the logs, collect, organize, maintain, etc the logs. In
addition, nobody wants to leave that kind of information floating
around for some enterprising attorney to subpoena. At best, maybe a
total traffic log. Something like this:
<http://802.11junk.com/jeffl/crud/dd-wrt-wan-graph.jpg>
If there's a problem, and the access point supports SNMP, there will
probably be some diagnostic logging, but nothing long term. Corporate,
medical, and government wireless system have their own policies and
procedures, which can vary wildly, but we're not discussing those.

I'm beginning to wonder why you consider it so important to not reveal
your SSID. Did you do something dumb like use your SSID as your
favorite password? The absolute worst thing you can do is use the
same password over and over on multiple sites and accounts. If one is
compromise, they all are automatically compromised.

If you really want anonymity, then use "Linksys" or "default" as your
SSID. Nobody will ever find you among the thousands of other routers
where the owner hasn't bothered to change the SSID and probably the
router password. Think of it as hiding among the herd.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Meanwhile, at the alt.internet.wireless Job Justification Hearings, Jeff
Liebermann chose the tried and tested strategy of:

> The absolute worst thing you can do is use the same password over and over
> on multiple sites and accounts. If one is compromise, they all are
> automatically compromised.

A salutary tale on that theme:

http://arstechnica.com/tech-policy/n...ks-the-inside-
story-of-the-hbgary-hack.ars

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
09:26:29 up 1 day, 12:06, 7 users, load average: 0.04, 0.14, 0.12
"I am utterly appalled at how I have been treated like a criminal"
-- Andrew Crossley, ACS:Law, 13 August 2010

On Sun, 20 Feb 2011 17:50:51 +0100, Axel Hammerschmidt wrote:
> And you're worried that your wife may find out where you were the night
> before?

You betcha! I'm trying not to be "Tigered" by my own clubs! :)

So far, the summary of my epiphany seems to be the following:
* Your radio NIC MAC address (as we all knew) is disclosed
(authentication frame)
* Your last-connected SSID is (often) also revealed (association request)
* And, worst of all, your SSID is used to salt your WPA2 encryption!

I also had the revealing revelations of:
* Hiding the SSID provides almost no "real" benefit
* Using a generic SSID exposed you to hash pre-computation attacks
* Using a unique SSID exposes you to wife-watching-you privacy leaks!

Is there anything else I missed, that I'm clueless of (and which isn't
necessarily obvious) that I need to be concerned about? :)

On Sun, 20 Feb 2011 18:03:17 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>On Sun, 20 Feb 2011 17:50:51 +0100, Axel Hammerschmidt wrote:
>> And you're worried that your wife may find out where you were the night
>> before?
>
>You betcha! I'm trying not to be "Tigered" by my own clubs! :)
>
>So far, the summary of my epiphany seems to be the following:
>* Your radio NIC MAC address (as we all knew) is disclosed
>(authentication frame)
>* Your last-connected SSID is (often) also revealed (association request)

You haven't demonstrated why this is a bad thing.

>* And, worst of all, your SSID is used to salt your WPA2 encryption!

You haven't demonstrated why this is a bad thing. In fact, I'm pretty
sure it doesn't mean what you think it means (or you wouldn't have
added it to this list or given it the "worst of all" label).

>I also had the revealing revelations of:
>* Hiding the SSID provides almost no "real" benefit

I would have said no benefit, only disadvantages.

>* Using a generic SSID exposed you to hash pre-computation attacks

Only if your password falls within the limits of what's contained in
the pre-comp tables. It's easy enough to avoid.

>* Using a unique SSID exposes you to wife-watching-you privacy leaks!

*sigh*

>Is there anything else I missed, that I'm clueless of (and which isn't
>necessarily obvious) that I need to be concerned about? :)

Yes, keep an eye on tin foil futures and stock up if you see a price
increase coming.

On Sun, 20 Feb 2011 18:03:17 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>So far, the summary of my epiphany seems to be the following:
>* Your radio NIC MAC address (as we all knew) is disclosed
>(authentication frame)

Yep. MAC address and SSID (and all management info) are not
encrypted.

>* Your last-connected SSID is (often) also revealed (association request)

Only if you have "connect automatically" or other similar convenience
feature enabled. Actually, it's probably worse. My guess(tm) is that
some clients scan *ALL* your saved SSID connections, trying to connect
to anything that matches. I haven't bothered to sniff for this
feature, might be mistaken, but if I'm correct, not only will we know
your home SSID, but everywhere you've been. For example, if you've
connected to the local whore house wi-fi system, we can find out that
you were once there. I sometimes like to look at the Windoze Wireless
Zero Config list of networks to see where my customers were visiting.
Nothing useful has ever come out of it except for some mild
entertainment. Hmmm... remind me to add the list to registry
extraction tool.

>* And, worst of all, your SSID is used to salt your WPA2 encryption!

Yep. Not a great idea but convenient.

>I also had the revealing revelations of:
>* Hiding the SSID provides almost no "real" benefit

Yep. It was never intended to be hidden or cryptic.

>* Using a generic SSID exposed you to hash pre-computation attacks

Sorta. If you use a short or simple password, you're asking for
problems. I got curious and tried to do a brute force attack on my
WPA-TKIP key last night. After about 12 hours of grinding, nothing
yet. I use my street address as my home SSID, but that's not in the
rainbow tables.

Reminder: I consider the sharing of any key, in this case the
WPA/WPA2 pass phrase, to be convenient, but generally a bad idea.
Would you assign the same login password to everyone in a company?
Certainly not as one leak and everyone's account is compromised. Yet,
this is common practice with WPA/WPA2 pass phrases. This is why I
like WPA-RADIUS (also known as WPA-Enterprise). The WPA key is
automatically generated with each session, unique, long, ugly, and not
reusable.

>* Using a unique SSID exposes you to wife-watching-you privacy leaks!

Yep. However, just saving the SSID's of where you've been may also
cause wife-watching problems. Cover your tracks as best you can and
beware of tech savy wives and ladyfriends. Actually, you're more
likely to get caught by having your kids hack your laptop and then
blackmail you to not telling mom. Security begins in the home(tm).

>Is there anything else I missed, that I'm clueless of (and which isn't
>necessarily obvious) that I need to be concerned about? :)

Well, if you did, I don't think I would tell you, especially in a
public forum. The price of security is eternal vigilance (and
probably some heavy reading). You might want to read up on computer
forensics to see what can be extracted from your laptop.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Sun, 20 Feb 2011 12:35:35 -0600, Char Jackson wrote:
> You haven't demonstrated why this is a bad thing.

I can't describe it any clearer than this:

It's either:
a) A good thing
b) A bad thing
c) Meaningless

Since divulging the last-connected SSID is clearly not meaningless; and
it's clearly not a "good thing", then it's a "bad thing".

The point is not "how bad"; the point is to simply realize that it exists.
And to see what can easily be done to mitigate the risk.

On 2011-02-21, Aaron FIsher <aaronfischer@sbcglobal.net> wrote:
> On Sun, 20 Feb 2011 12:35:35 -0600, Char Jackson wrote:
>> You haven't demonstrated why this is a bad thing.
>
> I can't describe it any clearer than this:
>
> It's either:
> a) A good thing
> b) A bad thing
> c) Meaningless
>
> Since divulging the last-connected SSID is clearly not meaningless; and
> it's clearly not a "good thing", then it's a "bad thing".

Ooo. Wonderful. Set up a set of false categories and prove anything you
want.
>
> The point is not "how bad"; the point is to simply realize that it exists.
> And to see what can easily be done to mitigate the risk.

What risk?

On Mon, 21 Feb 2011 10:05:09 +0000 (UTC), Aaron FIsher
<aaronfischer@sbcglobal.net> wrote:

>On Sun, 20 Feb 2011 12:35:35 -0600, Char Jackson wrote:
>> You haven't demonstrated why this is a bad thing.
>
>I can't describe it any clearer than this:
>
>It's either:
>a) A good thing
>b) A bad thing
>c) Meaningless
>
>Since divulging the last-connected SSID is clearly not meaningless; and
>it's clearly not a "good thing", then it's a "bad thing".
>
>The point is not "how bad"; the point is to simply realize that it exists.
>And to see what can easily be done to mitigate the risk.

I would have picked "c)".

On Mon, 21 Feb 2011 12:51:43 -0600, Char Jackson wrote:
>>I can't describe it any clearer than this:
> I would have picked "c)".

Let's agree to disagree.

You feel absolutely no information is divulged; I feel your last-
connected SSID is revealed.

I, for one, am happy that I know this. You don't care.

And that's OK. Let's just not try to convince each other.

Agree?
I won't try to convince you that I don't want my home SSID disclosed, ok?
And you can stop asking why it matters to me (because it's obvious why it
matters to me as it's in the title of this discussion).

:)

On Mon, 21 Feb 2011 17:02:42 +0000, unruh wrote:
> What risk?

If you feel there is no risk in disclosing your radio NIC MAC, your home
SSID, your current machine hostname, your username, etc. at a public
hotspot, then let's just agree to disagree.

I think there is risk.
You do not think there is risk (apparently).

And, as I said to others, that's OK. Privacy is a personal thing (tm).

I'm not saying there's a LOT of risk, by the way.
All I tried to understand here is what actually happens.

I think we have that information now (for the most part).

It's up to each of us (as individuals) as to what actions we take once
we're aware of the home SSID disclosure.

I, for one, prefer not to disclose my previous whereabouts when I don't
have to. You obviously do prefer to disclose that information - and
that's OK.

Let's just agree that we disagree. OK?

On 2011-02-21, Aaron FIsher <aaronfischer@sbcglobal.net> wrote:
> On Mon, 21 Feb 2011 12:51:43 -0600, Char Jackson wrote:
>>>I can't describe it any clearer than this:
>> I would have picked "c)".
>
> Let's agree to disagree.
>
> You feel absolutely no information is divulged; I feel your last-
> connected SSID is revealed.

He never said that. You are really great at argumentation from
irrelevancies. He said he picked c) Meaningless. That does not mean he
picked "absolutely no information is divulged". It means he feels that
the information divulged is meaningless.

>
> I, for one, am happy that I know this. You don't care.
>
> And that's OK. Let's just not try to convince each other.
>
> Agree?

then why do you keep trying to convince people?

> I won't try to convince you that I don't want my home SSID disclosed, ok?

No, again you have changed the topic. The topic of this thread is not
your likes and desires.

> And you can stop asking why it matters to me (because it's obvious why it
> matters to me as it's in the title of this discussion).

No, the title of this discussion is
"Re: Is hiding your home SSID actually a privacy flaw (broadcasting your
home SSID at public hotspots)?"
There is nothing about Aaron FIsher in that title.