Re: How does connman handle scan_ssid?
Hi Sven, ConnMan does a "known networks" scan, so indeed it leaks the known SSIDs. We could easily add a main.conf parameter to prevent that. Tomasz Cf. http://blog.viraptor.info/post/your-wifi-shows-me-where-you-live-work-and-travel How does connman handle this? There don't seem to be configuration options for it. ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: How does connman handle scan_ssid?
On 2015-03-17 12:09, Tomasz Bursztyka wrote: > Hi Sven, > > ConnMan does a "known networks" scan, so indeed it leaks the known SSIDs. > We could easily add a main.conf parameter to prevent that. Sounds good. What would be the trade-offs? More time needed to authenticate? > > Tomasz > >> Cf. >> http://blog.viraptor.info/post/your-wifi-shows-me-where-you-live-work-and-travel >> >> >> How does connman handle this? There don't seem to be configuration >> options for it. >> >> >> >> ___ >> connman mailing list >> connman@connman.net >> https://lists.connman.net/mailman/listinfo/connman > > ___ > connman mailing list > connman@connman.net > https://lists.connman.net/mailman/listinfo/connman -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http://software.tao.at signature.asc Description: OpenPGP digital signature ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: How does connman handle scan_ssid?
ConnMan does a "known networks" scan, so indeed it leaks the known SSIDs. >We could easily add a main.conf parameter to prevent that. Sounds good. What would be the trade-offs? More time needed to authenticate? More time to autoconnect on known-networks basically. For instance, one passive scan might miss some results (the time frame just missed some beacons etc...). But fortunately in ConnMan handles automatic scans, as long as the user has not disabled it from main.conf of course. Maybe some seconds more to autoconnect on worst cases. There is an issue however: the hidden SSIDs. These ones, to autoconnect, definitely need an active scan. We could run it if only a hidden service is created for instance. But that means we could still leak some SSIDs - the hidden ones - if we are not located where these could be found. The best ever solution would be to get ConnMan knows always its location and could then run active scans relevantly (i.e. running an active scan for the home AP since it knows this AP is located there and it is where we are currently etc...). Tomasz ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: How does connman handle scan_ssid?
On 17.03.2015 13:02, Sven Schwedas wrote: > Cf. > http://blog.viraptor.info/post/your-wifi-shows-me-where-you-live-work-and-travel > > How does connman handle this? There don't seem to be > configuration options for it. ConnMan will actively scan any previously connected network(s) (or networks which have been configured as hidden) when not connected, but uses passive scanning when being connected. Yes, this will make your device as track-able but its relatively easy to patch the ConnMan to only use passive scanning for networks which are not hidden. Another option would be to randomize the MAC-address of the used interface for each scan but it is easier said than done. ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: How does connman handle scan_ssid?
On 17.03.2015 14:04, Tomasz Bursztyka wrote: > There is an issue however: the hidden SSIDs. These ones, to > autoconnect, definitely need an active scan. We could run it if > only a hidden service is created for instance. But that means we > could still leak some SSIDs - the hidden ones - if we are not > located where these could be found. This is exactly what we (Jolla) been doing in the Sailfish OS with ConnMan since July 2014 per customer request. No huge or minor issues experienced. Br, Pasi ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: How does connman handle scan_ssid?
On 2015-03-17 16:47, Pasi Sjöholm wrote: > On 17.03.2015 14:04, Tomasz Bursztyka wrote: >> There is an issue however: the hidden SSIDs. These ones, to >> autoconnect, definitely need an active scan. We could run it if >> only a hidden service is created for instance. But that means we >> could still leak some SSIDs - the hidden ones - if we are not >> located where these could be found. > > This is exactly what we (Jolla) been doing in the Sailfish OS with > ConnMan since July 2014 per customer request. No huge or minor issues > experienced. Can this patch be mainlined? Or is it too specific? > Br, > Pasi > ___ > connman mailing list > connman@connman.net > https://lists.connman.net/mailman/listinfo/connman > -- Mit freundlichen Grüßen, / Best Regards, Sven Schwedas Systemadministrator TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz Mail/XMPP: sven.schwe...@tao.at | +43 (0)680 301 7167 http://software.tao.at signature.asc Description: OpenPGP digital signature ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: How does connman handle scan_ssid?
On Tue, 2015-03-17 at 17:47 +0200, Pasi Sjöholm wrote: > This is exactly what we (Jolla) been doing in the Sailfish OS with > ConnMan since July 2014 per customer request. No huge or minor issues > experienced. And you haven't been sending the patch upstream because...? ;-) Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: How does connman handle scan_ssid?
On 17.03.2015 17:57, Sven Schwedas wrote: > On 2015-03-17 16:47, Pasi Sjöholm wrote: >> On 17.03.2015 14:04, Tomasz Bursztyka wrote: >>> There is an issue however: the hidden SSIDs. These ones, to >>> autoconnect, definitely need an active scan. We could run it if >>> only a hidden service is created for instance. But that means >>> we could still leak some SSIDs - the hidden ones - if we are >>> not located where these could be found. >> >> This is exactly what we (Jolla) been doing in the Sailfish OS >> with ConnMan since July 2014 per customer request. No huge or >> minor issues experienced. > > Can this patch be mainlined? Yes I guess so, didn't have the time to send the patch this week but will try to do it on the next week. Br, Pasi ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
