KYC now uses WiFi positioning instead of IP geolocation.

From IP Geolocation to WiFi Positioning: The KYC Evolution

Full article: https://telegra.ph/From-IP-Geolocation-to-WiFi-Positioning-The-KYC-Evolution-06-17

Discussion welcome — counter-detection techniques, vendor behavior, regulatory angles, and real-world deployment notes especially valuable.

KYC now uses WiFi positioning instead of IP geolocation.

https://telegra.ph/From-IP-Geolocation-to-WiFi-Positioning-The-KYC-Evolution-06-17Open link View original on piefed.social

Comments4

refalo

programming.dev

The technology works by measuring the time of flight or signal strength between a user's device and multiple nearby WiFi routers

All of that can still be spoofed, and there's no guarantee any other wifi routers are within range. Some adapters won't even background scan at all while you're connected to a station already. Not to mention information like that is not accessible in the first place unless you're running a real app outside the browser.

onlinepersona

programming.dev

On Android and iOS, apps can get a list of visible BSSIDs without special permissions (on Android 10 and later, ACCESS_FINE_LOCATION is required).

The tech is thwarted without this permission. Unless browsers also share BSSIDs on laptops. Probably chromium does and Firefox followed suit because of Google money

refalo reply

programming.dev

Thwarted in what sense? The vast majority of users on the planet blindly accept fine location permissions for every single app, I think that will make most users of this tech happy enough.

bitfucker reply

programming.dev

I feel like with WebRTC API it is already possible to fingerprint the network so no need for BSSID. They just need the database of that instead of BSSID

Samuel Ellis

piefed.social