Precise geolocation via Wi-Fi Positioning System

Posted by nicosalm 6 hours ago

Precise geolocation via Wi-Fi Positioning System(www.amoses.dev)

108 points | 59 commentspage 2

UltraSane 3 hours ago|

I've had companies send us laptops for VPN access that had LTE modems and GPS specifically for location verification before granting access to the VPN.

neilv 5 hours ago||

The root problem is that a lot of higher education is nurturing a culture of cheaters right now.

Your future doctors, scientists, government officials, etc... will have had to compete and gain coveted academic and career opportunities, in an environment that both has been heavily gamified, and is being overrun by cheaters.

Insulting measures like this TopHat practically endorses the culture of cheating, by telling students that they can't be trusted, and turning into yet another cheating challenge/task.

Schools with any integrity should be bending over backwards to find, nurture, and support students of integrity.

And to save those who only got admitted by being sketchy, but first semester is a chance to unlearn the bad lessons from before.

Not by treating them as criminals to be monitored, but by treating them like the respectable people they should aspire to be, and which the school expects and requires that they be.

And, for any hopelessly shitty students, who fail to honor this first semester extension of trust, the school should smack them to the curb. Lost tuition income, lost named buildings/chairs, and expensive lawsuits from helicopter parents, be damned.

FloorEgg 4 hours ago||

I have an inside perspective on this via an academic integrity company.

A couple weeks ago there was an exam in an R1 institution that double booked the facility so one section did the exam in person on campus and the other did it "from home". The score distribution of the in person exam was a typical bell curve, and the distribution of the online exam looking like a power-law curve with over half the students scoring 100%.

Thankfully this outraged the professor, and through a variety of means (which I will not disclose publicly) over 25% of the students were caught red handed. Actions are being taken against them, though I'm not sure how far they will go. The evidence against them is overwhelmingly conclusive. In some cases the evidence led to more evidence of cheating in other courses. It seems clear that more that 25% cheated, but I guess catching some is better than none.

As someone who is keenly aware of this crisis, I feel tiny bursts of relief when I see these small wins, though it does feel a bit like bailing an ocean with a teacup.

Centigonal 4 hours ago|||

It also doesn't help that our outrage-driven media overwhelmingly exposes us to cheaters.

Everyone's heard of Theranos, Enron, Martin Shkreli, and Bernie Madoff. This week, my 70+ year old aunt asked me about Charlie Javice and Frank. Yet, there are thousands of very successful people quietly building their castles who live and die in relative obscurity because their stories just aren't that thrilling.

If you spend a lot of time interacting with people in the latter category, or if you have them as your mentors, then you will be exposed to a model of what success through hard work and integrity looks like. If you don't, then it's very easy to think everyone successful is a cheater, and that cheating is the only way to break the ceiling into success.

kace91 4 hours ago|||

It’s not about individual people - it’s just scale, paired with Goodhart's law.

No number in a spreadsheet will tell you who’s the genuine student. The moment you’re ranking like that you lost.

Long term human interaction in reduced groups is far better at creating genuine environments. But of course, that system doesn’t scale, and it’s a breeding ground for nepotism.

munchler 4 hours ago||

In this moral framework, would it be acceptable for the lecturer to take attendance orally, or is that also insulting?

neilv 4 hours ago||

The instructor clearly sets their expectations for attendance (whether it's mandatory, or otherwise), and then just expects everyone to follow that.

nlawalker 4 hours ago||

It is verification of attendance, specifically, that "endorses the culture of cheating... telling students they can't be trusted, and turning into yet another cheating challenge/task"? If not, what is fair game for verification, in the pursuit of finding students of integrity?

neilv 1 hour ago||

Finding students with integrity is hard now, because the culture is already full of poo.

But one starting point is to communicate that you expect and require integrity, explain what that means, and then expect it. Trying to make metrics or tests or whatever to detect, rate, rank, etc. it just turns it into a game, like the same load of poo.

Though here is one thing you can do. Explain that you expect integrity, and then watch the students raise their hands and ask how they will be tested on this. You say it's expected. Back and forth a few times, until eventually some of them start crying, and then their heads explode, because they can't figure out how to game that. Those students sadly were too far gone.

Then, after that first semester of integrity culture, some of the students who didn't explode will cheat, and they will be expelled with the fury of an angry god, and everyone on campus will know why. News stories will be written, word will spread, college guides will be updated. The next batch of applicants after that will have fewer cheaters than before, and will have disproportionately attracted students who aspire to integrity and who wouldn't have known to apply to this school before the news.

A school with an honor code that students and faculty take seriously wasn't that newsworthy decades ago, but it's news now.

IshKebab 5 hours ago||

TL;DR: location API exists. Wifi-based location exists. American universities apparently use this to take "secure" attendance.

ralsei 6 hours ago|

Good article, but you could also just use a VPN to trick it.

wsces 6 hours ago||

No, a VPN would only change the source IP of your request which the author specifically states isn't how this system works: the browser uses its host OS' Location Services to self report its location based on GPS or Wi-Fi AP locations.

That said, I hope the service doesn't implicitly trust data sent by untrusted clients like web browsers, otherwise someone could just use something like this to send it a false location: https://chromewebstore.google.com/detail/spoof-geolocation/i...

oceanplexian 6 hours ago|||

Even if the browser was super locked down you could trivially spoof a few SSIDs broadcast from the desired area in theory..

DrawTR 6 hours ago||

The SSID (name, like the article mentions) is different than the bSSID (mac address of the access point), so I don't think it would be that easy to spoof.

kbaker 53 minutes ago|||

That would be a fun project. Capture some WiFi geolocation data and rebroadcast it later with an ESP32 that switches its BSSID/SSID/frequency/transmit power to match an existing fingerprint.

And then see if you can be magically transported somewhere else.

1bpp 5 hours ago|||

Shouldn't be any harder than the name.

DrawTR 5 hours ago||

Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)

stackskipton 47 minutes ago|||

Some will let you change it but it's almost always static since changing AP MAC Address will cause network disruptions for all connected clients.

Sure, some hacker somewhere will screw with these databases by rotating their AP MAC Address regularly but 99.9% are not going to touch it and 99.9% is good enough for location databases.

Aachen 4 hours ago|||

Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality

Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)

ralsei 6 hours ago|||

Ohh. Yeah I suppose that's what I meant. I thought a VPN also spoofed the location

bitwize 6 hours ago||

A device can triangulate its own location locally, given the WiFi hotspots around it, and transmit that information via a JavaScript API. A VPN won't flummox this mechanism.

Aachen 4 hours ago|||

> A device can triangulate its own location

Trilaterate (or multilaterate). Angulation uses angle, like a directional antenna, constructive/destructive interference for beamforming (this is how airplane landing systems work if I'm understanding it correctly), or optics like our two eyes, to find the angles to a target from known positions in order to determine its position in space

Trilateration is based on distances from known locations, determined either by signal delay (GNSS does that; newer cell towers also but call it "timing advance") or signal strength (used with both WiFis and cell towers)

> locally, given the WiFi hotspots

You'll also need a local database with the hotspots' positions (usually those aren't actually measured but estimated from observations at different locations). I'm not aware of a device that ships with this, nor popular software that uses it as its primary method, as such databases are many gigabytes. Thus this is typically not local; you're sharing your data (thus location) with the server which then kindly tells you where it thinks you are

IshKebab 5 hours ago|||

Some simple Tampermonkey patching would though.