2025-08-14 17:07:25 +02:00
3 changed files with 2 additions and 147 deletions
--- a/_includes/head.html
+++ b/_includes/head.html
@ -8,6 +8,7 @@
  <meta name="robots" content="nofollow">
  <meta name="robots" content="max-snippet:-1, max-image-preview:large, max-video-preview:-1">
  <meta name="robots" content="{% if page.robots %}{{ page.robots }} {% else %}{{ site.robots | default: 'nofollow' }}{% endif %}">
  <meta name="msvalidate.01" content="DDF472BEC8E65C680D65A24256C33B24">
  <link rel="icon prefetch" href="{{site.icon}}">
  <link rel="me prefetch" href="{{ site.url }}">
  <link rel="openid.delegate" href="https://aminda.eu/">
--- a/n/hiddenssid.md
+++ b/n/hiddenssid.md
@ -1,143 +0,0 @@
 ---
 title: On hidden WiFi networks
 excerpt:
  Disabling SSID broadcast is not a security measure and may hurt your privacy.
 layout: mini
 permalink: /n/hiddenssid.html
 sitemap: true
 lang: en
 ---
 # {{ page.title }}
 _{{ page.excerpt }} For opting out of location services, refer to
 [n/nomap](nomap.html)_.
 <!-- editorconfig-checker-disable -->
 <!-- prettier-ignore-start -->
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 <em lang="fi">Automaattinen sisällysluettelo</em> / <em lang="en">Automatically generated Table of Contents</em>
 - [The issue with hidden networks](#the-issue-with-hidden-networks)
 - [Connecting to a hidden network](#connecting-to-a-hidden-network)
 - [Seeing hidden networks](#seeing-hidden-networks)
  - [Returning to normalcy](#returning-to-normalcy)
  - [TODO](#todo)
 - [QR codes for hidden SSIDs](#qr-codes-for-hidden-ssids)
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 <!-- prettier-ignore-end -->
 <!-- editorconfig-checker-enable -->
 ## The issue with hidden networks
 When you hide your WiFi network, your access point (AP) will still announce its
 existence with the MAC (Media Access Control) address without name. Some
 location services, such as WiGLE will still records its existence
 ([n/nomap](nomap.html)) and as the Service Set IDentifier (SSID) is required for
 connecting, your devices will shout around everywhere asking for it, so scanning
 around will make you identifiable and possibly trackable as not many people are
 likely to be broadcasting the same set of SSIDs.
 _I have said it before, but I am a fan of
 [openwireless.org](https://openwireless.org) and wonder if making that SSID
 hidden to not reveal myself so obviously on WiGLE (as hidden SSIDs are more
 common) would work for promoting it and those with the ability to see it, would
 be more likely to be interested in opening their network as opposed to people
 not seeing it._
 ## Connecting to a hidden network
 _Please remember to replace `wlan0` with your actual interface name if
 applicable._
 SailfishOS displays the MAC addresses and I understand Windows to display
 "hidden network" or something similar as well. Android and iOS require entering
 the name through manual adding and warn about hidden networks, on Linux at least
 NetworkManager has a button "connect to hidden network".
 `iwd` provides commands `iwctl station wlan0 get-hidden-access-points` and
 `iwctl station wlan0 connect-hidden`, although they may require
 `iwctl station wlan0 scan` at first. In `/var/lib/iwd/<ssid>.<type>` there would
 be
 ```toml
 [Settings]
 Hidden=true
 ```
 ## Seeing hidden networks
 Many platforms have apps for this, however Android prevents getting the hidden
 SSID, so I am focusing on Linux. The required Fedora package is `aircrack-ng`.
 1. Switch to monitoring mode through `airmon-ng start wlan0`
 1. If there are warnings about interfering services, stop them or
   `airmon-ng check kill`. **_This will likely disconnect your network
   connectivity, unless you have multiple NICs._**
 1. `airodump-ng wlan0`
 1. Wait patiently as ESSID `<length:  0>` gets replaced with the actual SSID
   once devices connect. On the bottom you will see devices asking for specific
   SSID.
 - This could be sped up by exploiting WiFi vulnerabilities, but that would no
  longer be in the white hat territory and thus I don't concern myself with it.
 ### Returning to normalcy
 1. Exit `airodump-ng` by `CTRL - C` as usual.
 1. Exit monitoring mode through `airmon-ng stop wlan0phy`
 1. Restart your network management (the `airmon-ng start wlan0` and
   `airmon-ng check-kill` probably gave you a hint), for me it's
   `systemctl restart iwd NetworkManager`, while `wpa_supplicant` would be more
   common.
 ### TODO
 _I should investigate and write about these:_
 - `man airodump-ng` may have nice flags as currently nothing is stored.
  - Security people should have some data to compare to on what is normal in the
    network environment and when changes happen. Then again with less data
    stored, there is less chance of doing something illegal by accident, while I
    think the passive listening this page focuses on is the same as VHF scan all
    button.
 - I think `kismet` does the same as `airodump-ng`, while it may be more focused
  on [wardriving](https://en.m.wikipedia.org/wiki/Wardriving).
 ## QR codes for hidden SSIDs
 [zxing](https://github.com/zxing/zxing/wiki/Barcode-Contents#wi-fi-network-config-android-ios-11)
 and [Wikipedia](https://en.wikipedia.org/wiki/Wi-Fi#Securing_methods) agree on
 `WIFI:T:WPA;S:mynetwork;P:mypass;;` so my wondering would be:
 `WIFI:T:nopass;S:openwireless.org;;H:true;` where only `P:mypass` got omitted.
 <pre>
 # The capital H is the highest error correction, others are LMQ
 % qrencode -l H -t utf8 "WIFI:T:nopass;S:openwireless.org;;H:true;"
 █████████████████████████████████████
 █████████████████████████████████████
 ████ ▄▄▄▄▄ █▀ █▀▀▀▀  ▀▄▄▀█ ▄▄▄▄▄ ████
 ████ █   █ █▀ ▄ █▀▄▀▄█▄▄ █ █   █ ████
 ████ █▄▄▄█ █▀█ █▄▀▀█▀▀█▀██ █▄▄▄█ ████
 ████▄▄▄▄▄▄▄█▄█▄█ █ █▄▀ ▀ █▄▄▄▄▄▄▄████
 ████   ▄ █▄ ▄ ▄█▄█  ██▀▀ ▄▀▄▀ █▄▀████
 █████  █▄▀▄▄  ▀ ▄▄▄▀▀▄▀▀ ▄▀ ▀▀▄█ ████
 ████ ▀▄█▄█▄▄█▄▀▄▀█ ▄▄██▀▀▄ ▄▀▀   ████
 ████▄▄█▀ ▀▄ ▀ ▄█▀ ▀█▄▄█ ▀██ ▀▀███████
 ████▀   ▀▀▄▄ █ █▄▄▀▄▄▄▄█ ▄▀▄ ██▀▀████
 ████ █▄█ ▄▄█▄▀█ ▄███▄▄█▀▀▄▀▀▀█▄▄▀████
 ████▄█▄██▄▄█ ▄▄▄▀▀█▄ ▄▄█ ▄▄▄ ▀▄▄▄████
 ████ ▄▄▄▄▄ █▄▀▄█▀ ▄▄▀  █ █▄█ ▀ █ ████
 ████ █   █ █ ███▄█▄▄█▄▀▀   ▄ ▀▄ █████
 ████ █▄▄▄█ █ ▄  ▄█▀▄  ▀ ▀▄▄▀▄▀  ▀████
 ████▄▄▄▄▄▄▄█▄▄▄▄███▄▄▄█▄▄▄▄▄▄▄▄▄█████
 █████████████████████████████████████
 █████████████████████████████████████
 </pre>
 _While the above looks messy in my `jekyll serve -l`,
 [Binary Eye](https://github.com/markusfisch/BinaryEye) detected it regardless._
--- a/n/nomap.md
+++ b/n/nomap.md
@ -12,7 +12,7 @@ redirect_from:
  - /r/_optout_nomap.html
  - /nomap.html
  - /_nomap.html
-robots: yesai
+robots: noai
 sitemap: true
 excerpt:
  The underscore nomap suffix in SSID indicates your desire to opt-out of Wi-Fi
@ -32,9 +32,6 @@ Microsoft has a separate
 [location services opt-out](https://account.microsoft.com/privacy/location-services-opt-out)
 which uses MAC addresses instead.
 **_Hidden SSID won't work for opt-out in some of those services. Refer to
 [n/hiddenssid](hiddenssid.html)._**
 <!-- editorconfig-checker-disable -->
 <!-- prettier-ignore-start -->