Facebook is testing a new feature that helps users find nearby public Wi-Fi networks, but it’s unclear whether its tool undermines users’ privacy.
In November 2016, the security community first heard reports about Facebook’s decision to test a public Wi-Fi locator. As a company spokesperson told Mashable at the time:
“To help people stay connected to the friends and experiences they care about, we are rolling out a new feature that surfaces open Wi-Fi networks associated with nearby places.”
As of this writing, the feature is available only for iOS users in certain countries. There are apps out there that mimic the function of this tool, but Facebook’s is different in that it displays each network on a map along with its address and distance away from the user.
It’s also unique in that the feature works inside of Facebook, which means the company would likely need to collect information about those who use it. At the very least, Facebook recommends that individuals who use the feature give it access to their location history.
Ken Yeung of Venture Beat explains the company’s reasoning:
“It will not only show you the business offering free Wi-Fi, but also how long it’ll take to get there and the network you can connect to. Facebook recommends that you give the app permission to access your location history, claiming it will ‘allow Facebook to build a history of precise locations received through your device.'”
Facebook could also theoretically collect other information about the user to provide them with advertising content that’s unique to them based upon their location.
Uses need to carefully weigh these considerations before they decide to enable the public Wi-Fi locator, which isn’t Facebook’s only new feature that has given us pause. Do they want to provide Facebook with more information about themselves? Would another app with similar functionality serve them better?
Additionally, users should always think twice before connecting to a public Wi-Fi network. They can’t be sure whether a hacker is sitting on that network waiting to spy on them and steal their information.
We all know what connecting to a public Wi-Fi network can reveal about a person. With that said, users should try to avoid connecting to these networks unless they absolutely need to do so. In the event that they do, they should use a VPN.
Finally, users should consider installing a tool that scans a public Wi-Fi hotspot for vulnerabilities, like the one offered by Avast.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
6 comments on “Facebook’s new public Wi-Fi locator is raising privacy concerns”
It never ceases to amaze me how many people use public Wi-Fi.
Mobile data packages are so cheap that there's no reason to expose yourself to the dangers of connecting to public Wi-Fi.
I don't connect to public Wi-Fi, not even with a VPN, because if I can't trust the network I can't be certain that the Wi-Fi operator hasn't undermined the security of my VPN.
I'm interested in your personal opinion on this software, and if you use Android, I've been using it for months now. Like you mentioned, VPN is not always completely safe either, but this is a DNS filter that works off the native VPN on Android. https://block-this.com/
I know that 'Block This' stopped requiring root access* in order to run but I'm concerned at the operating model of the software.
As you know it's free software and mostly open source but by installing their software you're effectively channelling your data requests via their DNS.
My concerns are thus:
how can you trust them?
why should you trust them?
how are they generating revenue?
DNS resolution costs a fair amount of money (to operate the infrastructure) and it's not unfeasible to believe that, unbeknownst to their users, data is being aggregated and sold.
*Google have blocked the software from the Play Store because of their own security concerns. Of course Block This suggest that it's exclusively because it blocks advertisements; this isn't the full story.
I personally agree with Jobs' comments that Android is a "toxic hell stew". My reasons for agreeing include:
competing standards from manufacturers
piss-poor implementation of full disk encryption**
high percentage of apps in Google Play with ads or malware
inability to update OS version if handset manufacturer refuses to update
inability to update OS version if network refuse to allow their customers to update
inability to update OS version if Android developers deem the version incompatible
ineffective sandboxing of critical processes
ad-driven revenue model
snooping by Google on devices by use of their linked advertising ID
apps don't work on all models because of disparate nature of Android
87% of Android devices are insecure***
old kernel which has inadequate hardening
**it can be bypassed even on the latest models (including Google Pixel)!
Thanks Bob! Hope you didn't hold back on anything (-: But, I did a fair amount of investigation and Sava looks to be legit. He does have PayPal, Patreon, and now after the recent update, apps, or rather games that if you choose to download, he gets a fee. The apps are available on Google Playstore, and I just corresponded with him about adding easier ways to donate. He's not looking to get rich of Block This, but is getting enough money to cover the bills, and maybe buy a pizza or two. He is basically doing the same as Adgaurd, and Disconnect Me, did when they first started. It was for Sava, more a personal project. There is also lots more information at XDA Developers forums. So, for me, I'd rather let him filter than have my data going thru Russia.
But, hey, I really appreciate the time you took to respond so thoroughly. But, I'm committed to Android, and might change if that Rubin guy gets his project off the ground. Since Cyanogen Mod is going native again, there's still hope for updates from the grassroots developer's once again. The way I'm set up with sprint, I get a free device every 2 years, and just make the os upgrades. Like my HTC One m9, started at lollipop and any day now, nougat. And I only paid $1.00 for my device less than a year ago.
I completely agree, I never use Wi-Fi! What's the point if I have unlimited data?! If I can't get service well, then, it'll have to wait or I'll use my phone's hotspot (password protected & only devices I approve can connect to it). Same thing goes with Location–so many people just leave it ON 24/7! I only have it on when using Maps to get somewhere then it immediately gets turned off. I showed this video in an annual training I did and people were shocked…https://youtu.be/9M6bC0z3uA4. There are a lot of uneducated people so I try to teach them how to keep themselves safe.
I completely agree with Bob, but I have all but permanently killed Wi-Fi on my Android, and if I find I have an app trying to use Wi-Fi for location assistance, it's gone right after I confirm it.