Leebra privacy
login register

KYC now uses WiFi positioning instead of IP geolocation.

4 days ago by Samuel Ellis to c/privacy

save

share

report

From IP Geolocation to WiFi Positioning: The KYC Evolution. In 2023, a major European fintech platform rejected a high-value transaction not because the credit card was stolen, but because the user's device was detected within a specific coffee shop in Berlin, despite the user claiming to be in a different district. The system utilized a technique known as WiFi positioning to triangulate the device's location with meter-level precision, overriding the broader geographic data provided by the user's IP address.…

From IP Geolocation to WiFi Positioning: The KYC Evolution

Full article: https://telegra.ph/...

Discussion welcome — counter-detection techniques, vendor behavior, regulatory angles, and real-world deployment notes especially valuable.

refalo 5 points 4 days ago

The technology works by measuring the time of flight or signal strength between a user's device and multiple nearby WiFi routers

All of that can still be spoofed, and there's no guarantee any other wifi routers are within range. Some adapters won't even background scan at all while you're connected to a station already. Not to mention information like that is not accessible in the first place unless you're running a real app outside the browser.

save

path: 0 24336884, hotness: undefined, score: 5, children: 0
SamuelEllis 1 point 4 days ago

save

path: 0 24333644, hotness: undefined, score: 1, children: 0
onlinepersona 0 points 3 days ago

On Android and iOS, apps can get a list of visible BSSIDs without special permissions (on Android 10 and later, ACCESS_FINE_LOCATION is required).

The tech is thwarted without this permission. Unless browsers also share BSSIDs on laptops. Probably chromium does and Firefox followed suit because of Google money

save

path: 0 24344653, hotness: undefined, score: 0, children: 2
bitfucker 3 points 2 days ago

I feel like with WebRTC API it is already possible to fingerprint the network so no need for BSSID. They just need the database of that instead of BSSID

save

path: 0 24344653 24357093, hotness: undefined, score: 3, children: 0
refalo 3 points 2 days ago

Thwarted in what sense? The vast majority of users on the planet blindly accept fine location permissions for every single app, I think that will make most users of this tech happy enough.

save

path: 0 24344653 24357728, hotness: undefined, score: 3, children: 0
privacy
privacy

@programming.dev

login for more options
4696
1746
2889

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

go to feed...