From IP Geolocation to WiFi Positioning: The KYC Evolution
telegra.ph
From IP Geolocation to WiFi Positioning: The KYC Evolution. In 2023, a major European fintech platform rejected a high-value transaction not because the credit card was stolen, but because the user's device was detected within a specific coffee shop in Berlin, despite the user claiming to be in a different district. The system utilized a technique known as WiFi positioning to triangulate the device's location with meter-level precision, overriding the broader geographic data provided by the user's IP address.…
  • refalo@programming.dev
    2·
    7 days ago

    The technology works by measuring the time of flight or signal strength between a user’s device and multiple nearby WiFi routers

    All of that can still be spoofed, and there’s no guarantee any other wifi routers are within range. Some adapters won’t even background scan at all while you’re connected to a station already. Not to mention information like that is not accessible in the first place unless you’re running a real app outside the browser.

  • onlinepersona@programming.dev
    11·
    6 days ago

    On Android and iOS, apps can get a list of visible BSSIDs without special permissions (on Android 10 and later, ACCESS_FINE_LOCATION is required).

    The tech is thwarted without this permission. Unless browsers also share BSSIDs on laptops. Probably chromium does and Firefox followed suit because of Google money

    • refalo@programming.dev
      3·
      5 days ago

      Thwarted in what sense? The vast majority of users on the planet blindly accept fine location permissions for every single app, I think that will make most users of this tech happy enough.

    • bitfucker@programming.dev
      3·
      5 days ago

      I feel like with WebRTC API it is already possible to fingerprint the network so no need for BSSID. They just need the database of that instead of BSSID