Probe requests help mobile devices discover active Wi-Fi networks. They often contain a multitude of data that can be used to identify and track devices and thereby their users. The past years have been a cat-and-mouse game of improving fingerprinting and introducing countermeasures against fingerprinting. This paper analyses the content of probe requests sent by mobile devices and operating systems in a field experiment. In it, we discover that users (probably by accident) input a wealth of data into the SSID field and find passwords, e-mail addresses, names and holiday locations. With these findings we underline that probe requests should be considered sensitive data and be well protected. To preserve user privacy, we suggest and evaluate a privacy-friendly hash-based construction of probe requests and improved user controls.
翻译:探测器请求帮助移动设备发现活跃的无线网络,其中往往包含大量数据,可用于识别和跟踪设备,从而跟踪其用户。过去几年来,在改进指纹和对指纹采取应对措施方面,一直在玩猫捉摸游戏。本文分析了移动设备和操作系统在现场实验中发出的探测请求的内容。在这份文件中,我们发现用户(可能是意外的)将大量数据输入SSID字段,并找到密码、电子邮件地址、名称和假日地点。我们强调,根据这些发现,调查请求应被视为敏感数据,并受到妥善保护。为了保护用户隐私,我们建议并评价以方便隐私的散列方式构建探测请求并改进用户控制。