Most devices actively ask around for the hidden SSIDs they know about. As in, they send a broadcast in cleartext called a “probe request” containing the list of hidden SSIDs every time they scan for access points.
Today usually the scans use randomised MAC addressess for privacy, but that doesn’t help if you have any hidden SSIDs stored because of this list. Places like shopping malls are known to use these beacons to track the movements of individual people.
Before 802.11w (that still works almost always because 802.11w tends to be deactivated for compatibility), there was a trivial way to “unmask” a hidden SSID, you have to wait for someone to talk to the target access point, send a disassociation frame to the victim, and wait for the probe request / response when the victim automatically reconnects.
boring answer: do not broadcast an SSID
Don’t do this, your phone will periodically ask for hidden SSIDs everywhere you go, making you easy to track passively.
How does that make you easier to track?
Unless you turn off WiFi, phones are always searching for WiFi anyway.
Most devices actively ask around for the hidden SSIDs they know about. As in, they send a broadcast in cleartext called a “probe request” containing the list of hidden SSIDs every time they scan for access points.
Today usually the scans use randomised MAC addressess for privacy, but that doesn’t help if you have any hidden SSIDs stored because of this list. Places like shopping malls are known to use these beacons to track the movements of individual people.
Before 802.11w (that still works almost always because 802.11w tends to be deactivated for compatibility), there was a trivial way to “unmask” a hidden SSID, you have to wait for someone to talk to the target access point, send a disassociation frame to the victim, and wait for the probe request / response when the victim automatically reconnects.
How do you have friends who visit log into your WiFi?
easy, i dont!