When MAC changing doesn't help ...

I already wrote a bit about Pry-Fi itself yesterday ( https://plus.google.com/113517319477420052449/posts/Y4fjP6cH45v ), but this is not about the app itself.

Requests to implement this in Android itself as well as Firefox OS have popped up ( https://code.google.com/p/android/issues/detail?id=71084 and https://bugzilla.mozilla.org/show_bug.cgi?id=1022444 ).

I'm pretty sure I saw the wpa_supplicant maintainer stated wpa_supplicant wasn't the right place to fix this somewhere the past week, but I can't find it now - if anyone has that link, please do share it again.

There are different ways to scan for Wi-Fi networks. For this (terrible) analogy, we're leaving hidden SSIDs out of the equation.

Imagine a big dark room you (Alice) walk into - you can't see anything. There are other people in this room (Bob, Charlie, Eve, and John). These people are a tad on the narcissistic side, and occasionally call out their own name.

You are trying to find Eve, Henry, or Mark (only Eve is actually in the room). There are three options open to you:

(1) You wait for a potentially very long time, checking if Eve, Henry, or Mark calls out their own name. Nobody has to know you are there if this is what you do.

(2) You can shout "Hey, I'm Alice! Is anybody in here?", to which everyone will reply "Hey Alice! I'm <name>!". Now they know you're Alice, but if you would say a random name instead of Alice - you still get to know if Eve, Henry or Mark are in here, while they don't get to know you.

(3) You can shout "Hey, I'm Alice! Who is in here? I know Eve! I also know Henry! Oh, oh, I also know Mark! I don't know anybody else, though... Any of you guys here? Helloooooo?". Regardless of you shouting a random name for yourself, you laying bare your entire social network graph every time you go into a dark room, is giving away more than enough of a fingerprint for the people in that room to know you are the same nutjob who came in yesterday and gave away all that information.

So, changing the MAC address is shouting a different name than Alice. This doesn't necessarily break anything. The actual systems that are in place to track you via Wi-Fi will use the other information (the networks you know: Eve, Henry and Mark) to track you as well - or so I've been told.

What some have asked for - merely changing the MAC address - is not nearly a complete solution. You need to make sure you're not spewing out your entire connection history for all the world the see either.

During Pry-Fi development I learned something odd about this: even though some (Android) devices are setup to not normally broadcast this information actively, when you put the phone to sleep, the OS itself is no longer managing this. It'll tell the Wi-Fi chip a list of networks, and lets that chip do the work. The main CPU goes to sleep, while Wi-Fi will keep scanning, and wakes the main CPU when it finds something interesting.

The funny thing about that is that when the Wi-Fi chip is doing the work (most likely when you're walking around outside, running on battery power), it may still actively be broadcasting all that information, even though the OS itself wouldn't do this.

One obvious fix to that is simply not telling the Wi-Fi chip about the network list (which is why Pry-Fi clears the network list). It's an easy issue to overlook, as during on-device testing you're usually on AC power and the OS is (usually) in charge of scanning... 

Note that this may well be fixed in the latest Android versions, I just know there are devices in the wild that do this on stock firmwares.

I have no idea how this will be implemented in iOS 8, but from a quick test with my iPad running iOS 7, at least this specific iPad doesn't seem to be giving away any such information, which gives me good hope that iOS 8 will indeed actually be safe in this regard. I do believe Apple deserves a tip of the hat for that.
Shared publiclyView activity