I frequently get something like "why would you want to do that" running my unconventional browser settings. It's like people can't even comprehend people don't want to get tracked by FAANG
This is probably related to them getting in trouble for scanning networks while mapping. If I remember correctly they were doing a bit of port scanning and looking for share drives in an attempt to id which SSID was attached to which address. This is probably part of the wrist slap they got from FCC. "Oh well you can totally opt out now so it's ok"
If I have a unique SSID (let's say, my social security number because why not at this point) and I move to a different apartment and keep the same SSID... then Google's effectively tracking a person. If you have basic address/name info you can even pinpoint who owns the SSID.
When you frame it like that it isn't, but that's because you're ignoring the second part of the equation which is "then Google can tell where an Android device is when it sees that BSSID even if its location services are turned off."
Turning WiFi SSIDs in to location data doesn't track people directly, but it does enable the mass surveillance of people's devices, and that's something that's quite reasonable to opt out of.
I do not have the source code for my phone and this switch is a SW switch. There is no guarantee that it does what it claims. It's like the mute label in conferencing SW: you cough and the SW tells you that "you are *sic" muted"
>I'm not sure how "associating a publicly broadcast BSSID with coordinates" is tracking a person.
But it's not just that is it? If you log in to a google site from that publicly broadcast BSSID, you will get tracked by association, even if you have your location tracking turned off.
No you won't. What BSSID you're connected to isn't sent by any browser. Browsers (as in all of them, including Firefox, see https://location.services.mozilla.com/ ) will use the visible BSSIDs if the website asks for your location & you approve it, but it's not just silently done automatically. It's part of all the existing location permission & request flows (indeed it's how those work on laptops at all in the first place).
Am I being tinfoil hat grade cynical if my first thought there was "Sure, browsers might not send BSSIDs, but who knows what Android is doing underneath?"
I wouldn't bet against Google being capable of exfiltrating BSSIDs via their broad swathe of 'Google Services' most Android devices are running (and probably most iOS devices too).
Like I said, I may be overly cynical, but I do have a particular reason to believe the largest surveillance capitalism and advertising company in the world might be ignoring my privacy preferences...
(And Apple might be too, but they've got different motivations and incentives around iOS user privacy that Google for Android users...)
