Personal Information on Wifi Login?

My son is in Mobile software in Spain. He recently mentioned that "Wifi is a good way to find people (who don't want to be found); Wifi is a big loud belch of extremely personal information in order to get on the Internet." His specialty is IOS, but he manages Android guys.

We were speaking in a mobile context, but I'm thinking more generally. How true is this?

It depends.

Since what you're doing on WiFi is over the air, the signal can be seen by anyone that wants to see it. If you setup your WiFI SID as something like "Jack Johson's House" then people might know where it is coming from automatically so you should use something anonymous like "None of your Business". That wouldn't prevent anyone from triangulating your WiFi signal but they'd have to do something like that to figure out where it is.

If you've put security on the WiFI and use a non-obvious password then the traffic from your phone or laptop to your WiFi is encrypted. Depending on level of security it might be hackable so you'd want to make sure you were doing highest level available.

Your WiFi talks to your ISP usually over a cable or DSL modem. Traffic from your WiFi device to your modem is likely not encrypted even if it is an all in one device so if someone could hack your modem they might be able to intercept traffic there.

Your modem talks to your ISP over DSL or cable. That traffic with later standards is somewhat secure but anyone who could intercept might be able to see it.

However, if you are logging into https (not http) sites the connection is encrypted from your originating device (mobile or laptop) to the site end to end. It is less likely anyone could hack that. If you use a VPN service that encrypts all your traffic end to end so it would be less likely to be itnercepted and hacked even if it was only http or other tcp/udp traffic.

Any PUBLIC wifi (e.g. Airports, Hotels, etc...) should be assumed to be insecure. Either use a VPN service on such networks or don't do sites that are http (vs https) unless they're uniportant.

Make sure you use a separate password (and login ID if possible) for every site you login to so that even if someeone somehow compromises one (e.g. your Facebook) they don't automaticall have the credentials to another (e.g. your bank).

^ Beyond these general explanations, I think there's something extra Android is doing while looking for WiFi networks.
I don't know exactly, but enough to never run around with my phone's WiFi on, even if it isn't autoconnecting.

Thanks for the replies.

@MensaWater: I could figure most of that as I did some networking, but it's good to see it laid out in such a logical order. I have low opinions of Android security (& IOS, for that matter).

@ondoho:I have low opinions of Android security (& IOS, for that matter). Particularly using GPS, they use cell towers & wifi to locate. The fact that they can use wifi indicates that some part of Big Brother Google must have collected that data

I queried my son on how much could be done with gps without a sim. The sim allows triangulation on cell towers to +/- 5m. In the absence of a sim, wifi is used. Without a sim, in a field with no wifi close, you should be lost, according to him. I intend to try it.

I also intend for years now to get a credit-only sim, but never bothered.

Quote:

Originally Posted by business_kid I queried my son on how much could be done with gps without a sim. The sim allows triangulation on cell towers to +/- 5m. In the absence of a sim, wifi is used. Without a sim, in a field with no wifi close, you should be lost, according to him. I intend to try it.

I thought GPS is a separate device?

Anyhow, trust Google to have it airtight. They will always get that data, and it's no tinfoilhattery to say that they do that even when you explicitely switched it off.