[chimeracoder]

> The PoCs on tracking individuals with MAC addresses are old news (and, in fairness, newer iOS devices use random MAC addresses for WiFi probe requests)

MAC address tracking is obsolete. All phones (including iOS devices) broadcast a full list of SSIDs that they have previously connected to when attempting to connect to wireless networks. That alone is enough to uniquely identify most people.

[severine]

I use, perhaps naively, Wi-Fi Privacy Police: https://f-droid.org/en/packages/be.uhasselt.privacypolice/

> Prevents your smartphone or tablet from leaking privacy sensitive information via Wi-Fi networks. It does this in two ways:

It prevents your smartphone from sending out the names of Wi-Fi networks it wants to connect to over the air. This makes sure that other people in your surroundings can not see the networks you’ve connecte to, and the places you’ve visited.

If your smartphone encounters an unknown access point with a known name (for example, a malicious access point pretending to be your home network), it asks whether you trust this access point before connecting. This makes sure that other people are not able to steal your data.

[JBReefer]

I thought iOS doesn't do that anymore?

[chimeracoder]

> I thought iOS doesn't do that anymore?

Last I checked, they did because it's part of the actual spec, though if anyone has definitive evidence to the contrary (either for iOS or flagship Android phones), I'd be curious to see it.

[sanityvampire]

You know, I totally forgot this was a thing. I'm sure modern phones do it. Last time I was on an airplane, couple months ago, I was messing around with airmon-ng, and I was amazed at the amount of personally identifiable information that people's WiFi drivers were just spewing into the ether.