I’m going to be a little pedantic here, I hope you don’t mind.

I wouldn’t say your location can be triangulated by SSID. you’re 100% correct about them being findable online, and that’s why its important to rotate your said every few months to a year. also, don’t be creative with it, just have it be the generic manufacturer string or something similar if you can.

with that database, people can tell where you’ve BEEN, not where you ARE. it doesn’t necessarily compromise your immediate location.

however, yes, it can assist with that. most phones, when not connected to WiFi, broadcast all the SSIDs they have saved in an attempt to connect to one of them. that’s another fingerprint. the caveat is that someone needs to be relatively close to you to be able to snoop those broadcasts, or have a device installed somewhere that’s snooping all traffic. in those cases someone is already following you or you’re (probably) in a fairly public place.

this is also an easy one to foil. when you leave a location where you connect to WiFi, turn your WiFi off so that your phone isn’t constantly broadcasting for it. this saves battery as a nice bonus. grapheneOS enables this by default.

basically, a SIM is what connects your phone to your mobile provider’s network. Any time you want to use that infrastructure (the phone turns on, you turn off airplane mode, you turn on your eSIM) your phone makes a request to the network, which requires an authentication via the IMSI number provided by the SIM. When this happens, your location is triangulated and your status as a cell network subscriber is verified. this process also happens periodically, and more frequently if you’re on the move. The technical reason for this is that your phone needs to know which towers to route requests to, and that you are paying for the service.

Theoretically, your phone is capable of being triangulated even without a SIM. However, for this to happen (outside of calling emergency services) as far as I’m aware this requires some sort of device compromise and is therefore out of most people’s scope. If you’re paranoid of tracking, remove your sim (or disable it if it is an eSIM) and if you’re super paranoid, grab a faraday bag to put it in.

let me know if i didnt explain anything well enough.

you’re kind of giving me a blank slate to talk here so let me hit the biggest point that is tangential to this conversation.

the easiest point for me to make is that if, on your phone, you bought your SIM card (and attached phone number) with payment info that can be tracked to your bank and your real name, your location is compromised whenever that card is online. this is something that the vast majority of privacy enthusiasts either neglect due to lack of knowledge, or cannot afford to remove from their threat profile due to the pervasiveness of cell networks in day to day life.

The most recent example i can give of this being necessary to consider in your privacy posture: In the US, ICE is using this combination of personal information and compromised locations to focus their efforts in neighborhoods with a primarily minority population.

not necessarily. if ‘you’ are sending traffic, i (someone interested in your data) don’t really care where it comes from. Em is correct that it’s trivial to filter out, but it’s also another data point that is interesting and potentially relevant for them, so in practice they won’t.

tracking has gotten to the point where they can infer connections based off of users that have no interaction but otherwise share a location for a period of time (think coffee shop wifi, work). you have things in common with those people. maybe not a lot, but enough to be relevant in someone’s dataset somewhere.

so no, it doesn’t have to be running on your primary device to be relevant. i’d argue that it simply being on your home network would be enough.

i only did a quick readthrough so my understanding of how it works is probably flawed. that said:

you could consider split-tunneling a browser outside of your normal stack for fauxx to pollute. that way your real activity remains as close to “ghost” as possible, and gives your device a fake fingerprint that will fool anyone not directly targeting you.

the reason I’d suggest doing it that way is that nobody’s personal device hygiene is perfect. flooding with synthetic data is a great way to help conceal when you slip up.

my friends don’t get that. its an extra credit boss in a single player game, why would I spoil that for myself with a guide someone else made?

i haven’t beaten him yet, I give it a few tries every month or so. my way of prolonging the beauty of the game I guess lol

the gospel according to daggermoon 🙏

I remember something about homes owned by nonresidents, so I believe the second.

exactly right. positioning the solution as "buy different hardware and swap OSs’ is short term thinking that solves the problem for the individual and exactly nobody else.

privacy should not be niche, it should be standard. go to city council meetings and make your voice known during flock safety hearings. write your legislators to make your stance known on OS DOB registry. its not nearly as cool as a de-googled phone you can show your friends. its not technical. but we’re sliding backwards because we’re distracted from tried and true solutions.

absolutely. we all have to individually decide our priorities in an era where our choices are incredibly limited.

my choice is to have as rock solid of a foundation as possible, so that every step afterwards is harder to compromise. that choice will not be the same for everybody depending on their starting motivations and end-goal posture.

simply sharing where my experience has informed my opinion.

I’m putting that first sentence in my back pocket lol

without going too in depth:

Google and apple have the most money, they create the best hardware (relevant in this case for the hardware root of trust)

A privacy focused individual should also be concerned about security to some degree, making the hardware root of trust a high priority.

Apple locks down their boot process too rigidly to load a new OS without compromising that security.

that’s why we’re left with Pixels as the only option. Apparently Motorola will be on the table soon. I have no experience with their chip design so I’m curious to see what they release.

If the post is getting deleted on one forum, they should post the findings somewhere else. that thread smells FUDdy to me

I checked gadgetbridge and it doesn’t look like there’s a solution for omnipod. That’s about as far as my knowledge can take me.

As far as workarounds: does the app require an internet connection? Could you buy a used android, go to a place with public WiFi to make a throwaway google account, download the app, never reconnect the phone to WiFi again?

my repos are NOT going to make their code less sloppy let me tell you

almost like its not about security

blaming the ATC is a shitty thing to do here, friend.

in a job that requires you to be ‘always on’, these poor fucks are overworked and understaffed. its a miracle there aren’t more of these accidents.

It’s my rocket fuel, and it was either the safe or the toilet, alright

I want to read it. Go write it.

Anecdotally, I haven’t run into a single Mikrotik deployment since university.