geo.provider.use_corelocation: true/false # presumably for tracking on MacOS
geo.provider.use_geoclue: true/false # presumably for tracking Linux users with Geoclue2 provider [1]
geo.enabled: true/false # presumably, turns the whole thing off
Some say[2][3], use_ options take precedence over network.url, so you need to set those to false.
It also appears[3][4], that setting geo.provider.testing to true might be required.
One time I worked at a zoom competitor, and our team got to prototype a "detect if these people are in the same room as each other" feature for dealing with echo cancellation etc, where everyone's laptop would emit a unique high frequency, and everyone's laptop would listen for other frequencies. Of course it worked in pristine conditions and fell down in the real world. But it was a fun experiment...
People need to learn manners, nobody should be using video calling without headphones. It's insane whenever someone joins and we hear all their background, feedback of whoever is speaking, etc as if nobody has ever told them to mute or stop using speaker in their life.
My PC doesn't have any wireless connections and the Geolocation API always fails. I guess I'd fail this course (which is apparently correct, as I was supposed to be attending in person with a laptop.)
Edit: Presumably it would be possible to hack the browser to return a false position.
Edit: Make it a convenient browser add-on, perhaps. There must be other applications.
Edit: pkulak points out that you just have to set a Firefox option. Why do I even comment on things I know nothing about.
I assume that smart comp sci kids already have some sort of proxy running on an Android phone that publishes the current in-classroom WiFi environment, and a browser plugin or Linux hack that their stay-at-home friends can run that intercepts the geolocation calls and spoofs the responses with what the in-classroom android phone is seeing.
Oh wow, it's the modern version of the clicker, the physical device assigned to you at the beginning of the term used for classroom participation and attendance checking, and which was most definitely defeatable via "the unpatchable strategy of Having Friends".
As the article mentions this tech has been in widespread use for over two decades now. You have likely used it on your phone today without knowing it. GPS is accurate but also very fickle (takes time to get a lock, battery hog, doesn't work great when surrounded by buildings, doesn't work great when inside a building, doesn't work in bad weather). Wifi data is plentiful today in every urban setting, and you can get an exact location in under a second.
I've had companies send us laptops for VPN access that had LTE modems and GPS specifically for location verification before granting access to the VPN.
Maybe it’s because I studied in Austria where universities generally provide very little handholding to students but I don’t understand the point of compulsory attendance in university lectures. If students think they can pass exams without attending the lectures then they should be able to do that. I certainly did that once or twice when I realized I needed some more credits before the end of the term.
It’s a different thing with lab/exercise sessions but your lack of participation there would be noticed anyway.
My university didn't take attendance either, but some in my country do. As I understand it, the reasons are:
1. Some students think they can skip class and catch up through self-study, but actually they can't. The same I'd-rather-be-partying attitude that stops them attending lectures also stops them finding time to self-study. College is the first time students' time management is put to the test, and some students can't handle it. Giving them some external motivation to get out of bed does them a favour, in the long term.
2. Some courses are discussion-and-debate oriented. Less so in engineering, moreso in arts subjects. If Socratic debate is a key part of the class, students who don't show up will of course lose grades - and accurate record keeping makes sure that's done fairly.
3. Some governments require certain reporting to ensure people getting student visas are, in fact, students. Taking attendance for foreign students is one way to satisfy this.
4. When someone fails a course they'll often lodge an appeal. Perhaps they'll say the course was badly taught, or the exam covered material that wasn't in the lectures. Knowing whether the student attended the lectures helps adjudicate such complaints fairly.
A highly ranked university that attracts smart, self-motivated students has less reason to take attendance - whereas a university with lots of students skipping class, failing and complaining has more reason.
Compulsory attendance used to be far less common in colleges, but teenagers in America mature far more slowly than they used to and undergrads are still effectively children. Universities need to babysit them or they'll wreck the dropout rate
Is it common for North American universities to take attendance? Seems like a whole lot of effort to gain little and infantilize your students. They're paying tuition, and if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments. And if they don't fail their exams/assessments then clearly mandating lecture attendance for them wasn't necessary anyway.
I was punished by getting into grad school, going to the "meet the faculty" party, and having my Algorithms professor greet me with "oh, you're the one who never came to class". (I can't resist pointing out, now that it's safe, that it seemed like his TA taught quite a few of his classes...)
In my experience it’s common for large intro level classes. While I personally never liked these policies, I do think it’s beneficial to the average student to incentivize attendance. Think 18 year olds who aren’t able to self regulate or fully understand the consequences until it’s too late. A “pick yourself up by your bootstraps” mentality just hurts the average quality of education.
> if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments
My (UK) University was very clear that attendance was not mandatory, but if you weren't attending lectures you were not going to get any extra help from the lecturers etc
I don't think that's an unreasonable position to take, but it's nice if you _know_ rather than _guess_ who bothered to make it in to class.
I think it's worth pondering why you feel paying tuition enters the assessment of the situation. The justification would seem to stand on its own either way, right? Or would your opinion change if tuition was free?
Mandatory attendance makes more sense if tuition is free, because it's not the student's resources that are being wasted, it's whoever is paying the universities.
I don't follow how this implies mandatory attendance makes sense in one case but not the other.
If you believe lack of attendance is "wasting resources", then either you think the class isn't doing its part by teaching what students need, or you believe it is and yet students are not learning the material due to lack of attendance. In the former case, the problem is poor teaching, and so attendance isn't the solution. In the latter case, then the same argument would apply regardless of who's paying.
What's the logic here? Is there a third possibility I'm missing?
If you require attendance to graduate, then your degree signals conformity and grit, and thus has some value to show to employers who care about those stats but can't really measure them any other way.
You misunderstand. The customer is the government, which pays for student education through 'student loans'. The government is an absentee farmer who pays a farm labourer to produce a crop many years in the future. The labourer would rather take the money and plant nothing, so the absentee landlord farmer wants him to send photos of the seed being planted.
But why won't the crop grow on its own? It is strongly incentivized to live! And yet it does not. So you need to send photos of tilling the soil, planting the seed, watering, so that one day we might come there and see a harvested crop.
> Small digression: did you know that, until May 2000, GPS satellites (which are owned and operated by the United States Space Force) provided the general public a signal with intentional error built into it?
They wanted to keep accurate global positioning as a US military exclusive capability. It's definitely useful for guided munitions, & alternative satellite positioning systems didn't exist or were less mature at the time, so US GPS was the only system one could realistically use for that. A missile able to hit a target within a 3 meter radius is vastly more effective than one that can only hit within 100m, for instance.
There are still some restrictions around this sort of thing: IIRC a GPS receiver for sale to the public isn't allowed to give accurate data if it's too high up &/or moving too fast, to prevent unauthorized usage in ICBMs & other similar weapons. I think there would be a lot of red tape involved if you wanted to buy an unrestricted GPS device without this limitation.
It was to degrade accuracy. Military (and presumably other gov't and allied gov't owned systems) were able to get more accurate signals. The degraded signals meant that someone couldn't use commercial GPS as a guidance system or for similar applications.
GPS started as a U.S. Department of Defense project, and they had qualms about freely giving the high accuracy positioning information they found so very useful for e.g. targeting bombs and missiles, to every unverified third party in the world. Depending on your preferred flavor of jadedness, one could say it was because of security concerns... or one could say it was because said third parties hadn't paid off the military industrial complex enough!
Error was built in to reduce precision and make it harder to use them for targeting. It stopped being useful once there were other constellations available.
GPS receivers sold to public also required to not operate at certain altitude/speed to prevent it from being used in ballistic (and probably other kinds?) missiles.
The root problem is that a lot of higher education is nurturing a culture of cheaters right now.
Your future doctors, scientists, government officials, etc... will have had to compete and gain coveted academic and career opportunities, in an environment that both has been heavily gamified, and is being overrun by cheaters.
Insulting measures like this TopHat practically endorses the culture of cheating, by telling students that they can't be trusted, and turning into yet another cheating challenge/task.
Schools with any integrity should be bending over backwards to find, nurture, and support students of integrity.
And to save those who only got admitted by being sketchy, but first semester is a chance to unlearn the bad lessons from before.
Not by treating them as criminals to be monitored, but by treating them like the respectable people they should aspire to be, and which the school expects and requires that they be.
And, for any hopelessly shitty students, who fail to honor this first semester extension of trust, the school should smack them to the curb. Lost tuition income, lost named buildings/chairs, and expensive lawsuits from helicopter parents, be damned.
I have an inside perspective on this via an academic integrity company.
A couple weeks ago there was an exam in an R1 institution that double booked the facility so one section did the exam in person on campus and the other did it "from home". The score distribution of the in person exam was a typical bell curve, and the distribution of the online exam looking like a power-law curve with over half the students scoring 100%.
Thankfully this outraged the professor, and through a variety of means (which I will not disclose publicly) over 25% of the students were caught red handed. Actions are being taken against them, though I'm not sure how far they will go. The evidence against them is overwhelmingly conclusive. In some cases the evidence led to more evidence of cheating in other courses. It seems clear that more that 25% cheated, but I guess catching some is better than none.
As someone who is keenly aware of this crisis, I feel tiny bursts of relief when I see these small wins, though it does feel a bit like bailing an ocean with a teacup.
It also doesn't help that our outrage-driven media overwhelmingly exposes us to cheaters.
Everyone's heard of Theranos, Enron, Martin Shkreli, and Bernie Madoff. This week, my 70+ year old aunt asked me about Charlie Javice and Frank. Yet, there are thousands of very successful people quietly building their castles who live and die in relative obscurity because their stories just aren't that thrilling.
If you spend a lot of time interacting with people in the latter category, or if you have them as your mentors, then you will be exposed to a model of what success through hard work and integrity looks like. If you don't, then it's very easy to think everyone successful is a cheater, and that cheating is the only way to break the ceiling into success.
It’s not about individual people - it’s just scale, paired with Goodhart's law.
No number in a spreadsheet will tell you who’s the genuine student. The moment you’re ranking like that you lost.
Long term human interaction in reduced groups is far better at creating genuine environments. But of course, that system doesn’t scale, and it’s a breeding ground for nepotism.
It is verification of attendance, specifically, that "endorses the culture of cheating... telling students they can't be trusted, and turning into yet another cheating challenge/task"? If not, what is fair game for verification, in the pursuit of finding students of integrity?
No, a VPN would only change the source IP of your request which the author specifically states isn't how this system works: the browser uses its host OS' Location Services to self report its location based on GPS or Wi-Fi AP locations.
The SSID (name, like the article mentions) is different than the bSSID (mac address of the access point), so I don't think it would be that easy to spoof.
Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)
Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality
Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)
A device can triangulate its own location locally, given the WiFi hotspots around it, and transmit that information via a JavaScript API. A VPN won't flummox this mechanism.
Trilaterate (or multilaterate). Angulation uses angle, like a directional antenna, constructive/destructive interference for beamforming (this is how airplane landing systems work if I'm understanding it correctly), or optics like our two eyes, to find the angles to a target from known positions in order to determine its position in space
Trilateration is based on distances from known locations, determined either by signal delay (GNSS does that; newer cell towers also but call it "timing advance") or signal strength (used with both WiFis and cell towers)
> locally, given the WiFi hotspots
You'll also need a local database with the hotspots' positions (usually those aren't actually measured but estimated from observations at different locations). I'm not aware of a device that ships with this, nor popular software that uses it as its primary method, as such databases are many gigabytes. Thus this is typically not local; you're sharing your data (thus location) with the server which then kindly tells you where it thinks you are
I use a Firefox preference to pin my location to a spot near, but not at, my house:
user_pref("geo.provider.network.url", 'data:application/json,{"location": {"lat": 45.0, "lng": -122.0}, "accuracy": 128.0}');
I _believe_ this also stops wifi data from leaking anywhere.
Also, I see options:
Some say[2][3], use_ options take precedence over network.url, so you need to set those to false.It also appears[3][4], that setting geo.provider.testing to true might be required.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1063572
[2] https://stackoverflow.com/questions/24932199/how-to-change-f...
[3] https://security.stackexchange.com/a/268825
[4] https://stackoverflow.com/a/24937564
There's also a plugin that allows varying levels of accuracy per-site. - LocationGuard
chrome: https://chromewebstore.google.com/detail/location-guard-v3/h...
firefox: https://addons.mozilla.org/en-US/firefox/addon/location-guar...
One time I worked at a zoom competitor, and our team got to prototype a "detect if these people are in the same room as each other" feature for dealing with echo cancellation etc, where everyone's laptop would emit a unique high frequency, and everyone's laptop would listen for other frequencies. Of course it worked in pristine conditions and fell down in the real world. But it was a fun experiment...
People need to learn manners, nobody should be using video calling without headphones. It's insane whenever someone joins and we hear all their background, feedback of whoever is speaking, etc as if nobody has ever told them to mute or stop using speaker in their life.
My PC doesn't have any wireless connections and the Geolocation API always fails. I guess I'd fail this course (which is apparently correct, as I was supposed to be attending in person with a laptop.)
Edit: Presumably it would be possible to hack the browser to return a false position.
Edit: Make it a convenient browser add-on, perhaps. There must be other applications.
Edit: pkulak points out that you just have to set a Firefox option. Why do I even comment on things I know nothing about.
I assume that smart comp sci kids already have some sort of proxy running on an Android phone that publishes the current in-classroom WiFi environment, and a browser plugin or Linux hack that their stay-at-home friends can run that intercepts the geolocation calls and spoofs the responses with what the in-classroom android phone is seeing.
The API just returns coordinates to the website and it's fairly easy to spoof on major browsers. You'd just need to know where the classroom is.
I've recently vibe-coded "where-am-i", a small CLI that returns your approximate location using the technology described here.
https://github.com/denysvitali/where-am-i
Tbh, I think this geolocation method is amazing, and I'm grateful it exists, because GPS indoor really sucks.
Honest question - what's your use case for needing GPS indoors? I generally know where I am when I'm indoors :)
Maybe indoors is the wrong term: as soon as you don't have direct sky visibility it's relatively hard to get a position.
Some examples: on a train, on the underground, in a train station, in a mall, in an office building, ...
You're in a large building you're unfamiliar with. Particularly one with an unusual layout, like a mall or hospital.
It's useful in shopping malls, airports, train stations, car parks and so on. Anywhere you need to navigate a large complex.
Not OP but navigating large malls, subway terminals, etc is nice
Generally yes, but if you go to a giant mall, train station, airport then you usually don'y.
Oh wow, it's the modern version of the clicker, the physical device assigned to you at the beginning of the term used for classroom participation and attendance checking, and which was most definitely defeatable via "the unpatchable strategy of Having Friends".
As the article mentions this tech has been in widespread use for over two decades now. You have likely used it on your phone today without knowing it. GPS is accurate but also very fickle (takes time to get a lock, battery hog, doesn't work great when surrounded by buildings, doesn't work great when inside a building, doesn't work in bad weather). Wifi data is plentiful today in every urban setting, and you can get an exact location in under a second.
I've had companies send us laptops for VPN access that had LTE modems and GPS specifically for location verification before granting access to the VPN.
Maybe it’s because I studied in Austria where universities generally provide very little handholding to students but I don’t understand the point of compulsory attendance in university lectures. If students think they can pass exams without attending the lectures then they should be able to do that. I certainly did that once or twice when I realized I needed some more credits before the end of the term. It’s a different thing with lab/exercise sessions but your lack of participation there would be noticed anyway.
My university didn't take attendance either, but some in my country do. As I understand it, the reasons are:
1. Some students think they can skip class and catch up through self-study, but actually they can't. The same I'd-rather-be-partying attitude that stops them attending lectures also stops them finding time to self-study. College is the first time students' time management is put to the test, and some students can't handle it. Giving them some external motivation to get out of bed does them a favour, in the long term.
2. Some courses are discussion-and-debate oriented. Less so in engineering, moreso in arts subjects. If Socratic debate is a key part of the class, students who don't show up will of course lose grades - and accurate record keeping makes sure that's done fairly.
3. Some governments require certain reporting to ensure people getting student visas are, in fact, students. Taking attendance for foreign students is one way to satisfy this.
4. When someone fails a course they'll often lodge an appeal. Perhaps they'll say the course was badly taught, or the exam covered material that wasn't in the lectures. Knowing whether the student attended the lectures helps adjudicate such complaints fairly.
A highly ranked university that attracts smart, self-motivated students has less reason to take attendance - whereas a university with lots of students skipping class, failing and complaining has more reason.
I graduated University in the US in 2004. I never took a class that had mandatory lecture attendance.
Compulsory attendance used to be far less common in colleges, but teenagers in America mature far more slowly than they used to and undergrads are still effectively children. Universities need to babysit them or they'll wreck the dropout rate
Is it common for North American universities to take attendance? Seems like a whole lot of effort to gain little and infantilize your students. They're paying tuition, and if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments. And if they don't fail their exams/assessments then clearly mandating lecture attendance for them wasn't necessary anyway.
I was punished by getting into grad school, going to the "meet the faculty" party, and having my Algorithms professor greet me with "oh, you're the one who never came to class". (I can't resist pointing out, now that it's safe, that it seemed like his TA taught quite a few of his classes...)
In my experience it’s common for large intro level classes. While I personally never liked these policies, I do think it’s beneficial to the average student to incentivize attendance. Think 18 year olds who aren’t able to self regulate or fully understand the consequences until it’s too late. A “pick yourself up by your bootstraps” mentality just hurts the average quality of education.
> if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments
My (UK) University was very clear that attendance was not mandatory, but if you weren't attending lectures you were not going to get any extra help from the lecturers etc
I don't think that's an unreasonable position to take, but it's nice if you _know_ rather than _guess_ who bothered to make it in to class.
I think it's worth pondering why you feel paying tuition enters the assessment of the situation. The justification would seem to stand on its own either way, right? Or would your opinion change if tuition was free?
Mandatory attendance makes more sense if tuition is free, because it's not the student's resources that are being wasted, it's whoever is paying the universities.
I don't follow how this implies mandatory attendance makes sense in one case but not the other.
If you believe lack of attendance is "wasting resources", then either you think the class isn't doing its part by teaching what students need, or you believe it is and yet students are not learning the material due to lack of attendance. In the former case, the problem is poor teaching, and so attendance isn't the solution. In the latter case, then the same argument would apply regardless of who's paying.
What's the logic here? Is there a third possibility I'm missing?
The logic is, nobody cares if you waste your own tuition money by not attending class, but people do care if you waste somebody else's tuition money.
If you require attendance to graduate, then your degree signals conformity and grit, and thus has some value to show to employers who care about those stats but can't really measure them any other way.
You misunderstand. The customer is the government, which pays for student education through 'student loans'. The government is an absentee farmer who pays a farm labourer to produce a crop many years in the future. The labourer would rather take the money and plant nothing, so the absentee landlord farmer wants him to send photos of the seed being planted.
But why won't the crop grow on its own? It is strongly incentivized to live! And yet it does not. So you need to send photos of tilling the soil, planting the seed, watering, so that one day we might come there and see a harvested crop.
> Small digression: did you know that, until May 2000, GPS satellites (which are owned and operated by the United States Space Force) provided the general public a signal with intentional error built into it?
What the hell? Why?
They wanted to keep accurate global positioning as a US military exclusive capability. It's definitely useful for guided munitions, & alternative satellite positioning systems didn't exist or were less mature at the time, so US GPS was the only system one could realistically use for that. A missile able to hit a target within a 3 meter radius is vastly more effective than one that can only hit within 100m, for instance.
There are still some restrictions around this sort of thing: IIRC a GPS receiver for sale to the public isn't allowed to give accurate data if it's too high up &/or moving too fast, to prevent unauthorized usage in ICBMs & other similar weapons. I think there would be a lot of red tape involved if you wanted to buy an unrestricted GPS device without this limitation.
It was to degrade accuracy. Military (and presumably other gov't and allied gov't owned systems) were able to get more accurate signals. The degraded signals meant that someone couldn't use commercial GPS as a guidance system or for similar applications.
GPS started as a U.S. Department of Defense project, and they had qualms about freely giving the high accuracy positioning information they found so very useful for e.g. targeting bombs and missiles, to every unverified third party in the world. Depending on your preferred flavor of jadedness, one could say it was because of security concerns... or one could say it was because said third parties hadn't paid off the military industrial complex enough!
Error was built in to reduce precision and make it harder to use them for targeting. It stopped being useful once there were other constellations available.
GPS receivers sold to public also required to not operate at certain altitude/speed to prevent it from being used in ballistic (and probably other kinds?) missiles.
Something something Yujio Hanma
[dead]
The root problem is that a lot of higher education is nurturing a culture of cheaters right now.
Your future doctors, scientists, government officials, etc... will have had to compete and gain coveted academic and career opportunities, in an environment that both has been heavily gamified, and is being overrun by cheaters.
Insulting measures like this TopHat practically endorses the culture of cheating, by telling students that they can't be trusted, and turning into yet another cheating challenge/task.
Schools with any integrity should be bending over backwards to find, nurture, and support students of integrity.
And to save those who only got admitted by being sketchy, but first semester is a chance to unlearn the bad lessons from before.
Not by treating them as criminals to be monitored, but by treating them like the respectable people they should aspire to be, and which the school expects and requires that they be.
And, for any hopelessly shitty students, who fail to honor this first semester extension of trust, the school should smack them to the curb. Lost tuition income, lost named buildings/chairs, and expensive lawsuits from helicopter parents, be damned.
I have an inside perspective on this via an academic integrity company.
A couple weeks ago there was an exam in an R1 institution that double booked the facility so one section did the exam in person on campus and the other did it "from home". The score distribution of the in person exam was a typical bell curve, and the distribution of the online exam looking like a power-law curve with over half the students scoring 100%.
Thankfully this outraged the professor, and through a variety of means (which I will not disclose publicly) over 25% of the students were caught red handed. Actions are being taken against them, though I'm not sure how far they will go. The evidence against them is overwhelmingly conclusive. In some cases the evidence led to more evidence of cheating in other courses. It seems clear that more that 25% cheated, but I guess catching some is better than none.
As someone who is keenly aware of this crisis, I feel tiny bursts of relief when I see these small wins, though it does feel a bit like bailing an ocean with a teacup.
It also doesn't help that our outrage-driven media overwhelmingly exposes us to cheaters.
Everyone's heard of Theranos, Enron, Martin Shkreli, and Bernie Madoff. This week, my 70+ year old aunt asked me about Charlie Javice and Frank. Yet, there are thousands of very successful people quietly building their castles who live and die in relative obscurity because their stories just aren't that thrilling.
If you spend a lot of time interacting with people in the latter category, or if you have them as your mentors, then you will be exposed to a model of what success through hard work and integrity looks like. If you don't, then it's very easy to think everyone successful is a cheater, and that cheating is the only way to break the ceiling into success.
It’s not about individual people - it’s just scale, paired with Goodhart's law.
No number in a spreadsheet will tell you who’s the genuine student. The moment you’re ranking like that you lost.
Long term human interaction in reduced groups is far better at creating genuine environments. But of course, that system doesn’t scale, and it’s a breeding ground for nepotism.
In this moral framework, would it be acceptable for the lecturer to take attendance orally, or is that also insulting?
The instructor clearly sets their expectations for attendance (whether it's mandatory, or otherwise), and then just expects everyone to follow that.
It is verification of attendance, specifically, that "endorses the culture of cheating... telling students they can't be trusted, and turning into yet another cheating challenge/task"? If not, what is fair game for verification, in the pursuit of finding students of integrity?
TL;DR: location API exists. Wifi-based location exists. American universities apparently use this to take "secure" attendance.
Good article, but you could also just use a VPN to trick it.
No, a VPN would only change the source IP of your request which the author specifically states isn't how this system works: the browser uses its host OS' Location Services to self report its location based on GPS or Wi-Fi AP locations.
That said, I hope the service doesn't implicitly trust data sent by untrusted clients like web browsers, otherwise someone could just use something like this to send it a false location: https://chromewebstore.google.com/detail/spoof-geolocation/i...
Even if the browser was super locked down you could trivially spoof a few SSIDs broadcast from the desired area in theory..
The SSID (name, like the article mentions) is different than the bSSID (mac address of the access point), so I don't think it would be that easy to spoof.
Shouldn't be any harder than the name.
Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)
Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality
Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)
Ohh. Yeah I suppose that's what I meant. I thought a VPN also spoofed the location
A device can triangulate its own location locally, given the WiFi hotspots around it, and transmit that information via a JavaScript API. A VPN won't flummox this mechanism.
> A device can triangulate its own location
Trilaterate (or multilaterate). Angulation uses angle, like a directional antenna, constructive/destructive interference for beamforming (this is how airplane landing systems work if I'm understanding it correctly), or optics like our two eyes, to find the angles to a target from known positions in order to determine its position in space
Trilateration is based on distances from known locations, determined either by signal delay (GNSS does that; newer cell towers also but call it "timing advance") or signal strength (used with both WiFis and cell towers)
> locally, given the WiFi hotspots
You'll also need a local database with the hotspots' positions (usually those aren't actually measured but estimated from observations at different locations). I'm not aware of a device that ships with this, nor popular software that uses it as its primary method, as such databases are many gigabytes. Thus this is typically not local; you're sharing your data (thus location) with the server which then kindly tells you where it thinks you are
Some simple Tampermonkey patching would though.