Is this really something to worry about? How can I prevent / mask wifi mapping? Who would know what wifi I am connected to? I guess like if my device was compromised they could see my wifi and know my location. Or is it something worse than that, like can any site I’m connecting to on the internet see my wifi SSID and therefore know my location?
Probably not, don’t think it’s very likely someone who is able to read the Wi-Fi list off your phone couldn’t get your location by other means, like GSM triangulation.
Graphene OS generates a new MAC every time your phone connects to an access point, to prevent the phone leaking your identity.
If you think/know the NSA is looking for you, like Snowden, you probably should carry your devices in a Faraday bag disassembled just to be safe.
When it comes to Wi-Fi, users can be tracked via what are called Probes. Essentially in order to connect to an access point/wireless router, devices send out probes containing the SSIDs of every saved Wi-Fi network on the device.
These probes are very easily captured using tools such as the open source aircrack-ng suite (airmon-ng, specifically), at which point the captured SSIDs can be searched through any of the crowd sourced or closed sourced SSID maps such as WIGLE.net.
I can only imagine that the big tech players such as Google, Apple, Facebook, etc also have these maps given that their apps all require permissions (at least on android) to view your wifi/network connections. I can’t imagine why they would grant themselves permissions to see your wifi networks if not to harvest that information for their own gain (namely geolocating users). At least that’s what I would recommend assuming given it’s quite possible and good opsec involves assuming that if something is possible and companies stand to financially gain from it, then assume it’s already happening.
I can imagine anyone interested using Wigle at an observation post, combined with video you could cross reference known information to collected data from Wigle.
Then a little wardriving and now there at your location.
Edit, I respect others privacy as much as my own, but I keep Wigle installed on a Google phone for map integration which you loose the map when you use the FOSS app. I never upload to Wigle.
In the future I have a pixel 1 that I would like to build out as a look out observation post, Wigle will be a key app in that project.
Talking strictly on your own network, there is no ways to prevent WiFi mapping, aside from good firewall and/or VLAN rules. However, there are ways to “opt out”. For Google, just add “_nomap”, to your SSID. This is more well known, and some other companies will also respect it. Back in the Win7 era, MicroSoft USED TO have a web page for you to fill in, but I can no longer find it. It might still exist, but a quick search came up empty.
