Precise geolocation via Wi-Fi Positioning System

Posted by nicosalm 11/19/2025

Precise geolocation via Wi-Fi Positioning System(www.amoses.dev)

256 points | 114 commentspage 3

a_state_full 11/20/2025|

[dead]

IshKebab 11/19/2025||

TL;DR: location API exists. Wifi-based location exists. American universities apparently use this to take "secure" attendance.

ralsei 11/19/2025|

Good article, but you could also just use a VPN to trick it.

wsces 11/19/2025||

No, a VPN would only change the source IP of your request which the author specifically states isn't how this system works: the browser uses its host OS' Location Services to self report its location based on GPS or Wi-Fi AP locations.

That said, I hope the service doesn't implicitly trust data sent by untrusted clients like web browsers, otherwise someone could just use something like this to send it a false location: https://chromewebstore.google.com/detail/spoof-geolocation/i...

oceanplexian 11/19/2025|||

Even if the browser was super locked down you could trivially spoof a few SSIDs broadcast from the desired area in theory..

DrawTR 11/19/2025||

The SSID (name, like the article mentions) is different than the bSSID (mac address of the access point), so I don't think it would be that easy to spoof.

runjake 11/20/2025|||

Minor but important correction: The BSSID is almost never the AP MAC address.

The BSSID is unique per SSID, per AP. The BSSID is usually derived (usually by incrementing the last octet) from the AP MAC address, however.

So an AP MAC might be 77:99:44:EE:C4:11.

It has a wireless network called "Bob's SSID". It will have a BSSID of something like 77:99:44:EE:C4:12.

Then, the AP may be broadcasting another called "Mary's SSID", and it will have a BSSID of something like 77:99:44:EE:C4:13.

Edit: More not-well-written info on BSSIDs: https://en.wikipedia.org/wiki/Service_set_(802.11_network)

Looks like the BSSID is derived from the AP serial number by some vendors. Never seen that myself.

DrawTR 11/20/2025||

I see, thanks. I've definitely seen instances where an AP is broadcasting multiple SSIDs with different BSSIDs. I suppose I just thought nothing of it... but that makes sense.

kbaker 11/20/2025||||

That would be a fun project. Capture some WiFi geolocation data and rebroadcast it later with an ESP32 that switches its BSSID/SSID/frequency/transmit power to match an existing fingerprint.

And then see if you can be magically transported somewhere else.

emilburzo 11/20/2025||

Already done: https://hackaday.com/2024/11/15/bypassing-airpods-hearing-ai...

1bpp 11/19/2025|||

Shouldn't be any harder than the name.

DrawTR 11/19/2025||

Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)

Aachen 11/19/2025|||

Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality

Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)

stackskipton 11/20/2025|||

Some will let you change it but it's almost always static since changing AP MAC Address will cause network disruptions for all connected clients.

Sure, some hacker somewhere will screw with these databases by rotating their AP MAC Address regularly but 99.9% are not going to touch it and 99.9% is good enough for location databases.

ralsei 11/19/2025|||

Ohh. Yeah I suppose that's what I meant. I thought a VPN also spoofed the location

bitwize 11/19/2025||

A device can triangulate its own location locally, given the WiFi hotspots around it, and transmit that information via a JavaScript API. A VPN won't flummox this mechanism.

Aachen 11/20/2025|||

> A device can triangulate its own location

Trilaterate (or multilaterate). Angulation uses angle, like a directional antenna, constructive/destructive interference for beamforming (this is how airplane landing systems work if I'm understanding it correctly), or optics like our two eyes, to find the angles to a target from known positions in order to determine its position in space

Trilateration is based on distances from known locations, determined either by signal delay (GNSS does that; newer cell towers also but call it "timing advance") or signal strength (used with both WiFis and cell towers)

> locally, given the WiFi hotspots

You'll also need a local database with the hotspots' positions (usually those aren't actually measured but estimated from observations at different locations). I'm not aware of a device that ships with this, nor popular software that uses it as its primary method, as such databases are many gigabytes. Thus this is typically not local; you're sharing your data (thus location) with the server which then kindly tells you where it thinks you are

IshKebab 11/19/2025|||

Some simple Tampermonkey patching would though.