Source? I ask because I searched for “Microsoft nomap” and only found a bunch of posts/articles circa 2020 that stated the opposite: Google recognizes “nomap” but Microsoft recognizes “optout”. The common recommendation was to include both (*_optout_nomap).
1 Like
It depends on the model. It can then depend on if there is an exploit in the web based config, serial ports, or headers which can be flashed via serial. It is not a quick and easy process like installing GrapheneOS on a Pixel for example.
Often DSL and radio chipsets (cellular network) aren’t supported and require “binary” blob drivers.
What we would generally recommend is to get some generic device (with 2 network interfaces) and run openwrt or opnsense on that and put the modem into “bridge mode”. In that configuration it bridges the WAN connection straight through to the router behind it.
Generally barebones ones are not supported, they don’t have enough flash. That model isn’t listed.
2 Likes
Thanks for clarifying, from random forums I have heard that putting this particular modem into bridge mode is pretty difficult for some reason, though I have no idea why.
Because the feature isn’t implemented. Apparently it is in newer firmwares for the device. The optus ones are probably locked down though.
According to some forums they can be unlocked (with some wizardry), but the risk is the router craps itself 
, so I dunno if it’s worth the risk. So crappy of Optus to lock down routers like that, then again Optus leaked all of their customers info to the dark web and had a national outage for days.
This makes me wonder how we can maximise our privacy form our own internet providers, aside from a VPN.
No one probably cares but here is an interesting blog by someone on how to change the firmware of this severely (is this fair to say?) restricted router: Huawei E5186 Firmware Upgrade with Multicast Upgrade Tool - Hacker's ramblings.
Don’t buy a super barebones device first and make sure to do a bit of checking around it can support bridge mode before buying that device.
Some ISPs provide a “basic” model, and a more advanced one, which can do things like that.
Seems they don’t sell that anymore and offer the Huawei B628 now so that might have some relevant information. Though I’m not even sure the ZTE MF289D does either. These devices are cheap garbage made to be as cheap as possible with as few firmware updates as they can get away with.
Like everything they are basically full linux systems running underneath (just super locked down) so they do need updates from time to time.
Hmmm interesting. You are certainly very knowledgeable on this subject. FYI this router was prescribed to us by Optus as apart of our plan, so my assumption is that I can either flash this garbage with some firmware, or take out the SIM card and put it into a better router? Does the router effect internet speed, I presume it does, but I also know that Optus can modulate your internet speed regardless of the router, I have seen them do it before myself.
I would never pay for their “advanced” models if I didn’t have to, especially if I can go for third party router brands that are made in good faith, and do not exist solely to maximise their profits, while throwing their customers under the bus (cough* Optus).
Here someone mentions uncapped speeds by unlocking their router with firmware, so it may be worth the risk of flashing the router I suppose.
Thanks though for your response it was very informative and gives me hope.
They’re generally very locked down, so flashing firmware isn’t something necessarily easily done with any old router.
You can likely take the SIM and put it in a better one. Optus also has a tendency to network lock the modem that comes with your plan so if it’s an option to not buy the modem from them I’d probably do that.
Something worth keeping in mind if you get a 5G modem at some point.
No, it won’t they won’t care as long as it supports the necessary network features. Can’t find anything about their 5G modem which appears to be the ZTE NH8091. I think it’s some locked modem just for them.
If it was me personally on my connection i’d probably look toward more business grade devices like the Digi TX40 5G. I’m not a fan of Huawei/ZTE consumer garbage. Though they’re super expensive like Cisco expensive 
Probably more economical option would be something like GL-XE3000. What you need to do is compare the bands to make sure the device supports it.
For example Optus requires:
- 5G 900
- 5G 1800
- 5G 2100
- TD-5G 2300
- 5G 3500
- 5G 28000
Which corresponds to:
- n8
- n80
- n48
- n95
But I don’t think it supports the 28ghz band for example.
1 Like
Thanks a lot!
This may not be the time nor place, but I feel like making the knowledge base focus on fundamental networking and other computer science topics pertinent to computer science, could answer a lot of people’s (noobs like me) questions, I definitely feel like having a hardware recommendations list could also be A LOT of fun too!
The Portable Wi-Fi 6 5G NR Router looks like a beast. So I assume I can chuck an Optus SIM card into it and it should work fine. No idea about how to identify a good router compared to a bad one, because I have no idea what specs to look out for but I will 100% take your word for it and keep my eye on the MEET Puli AX Router which looks like a weapon!
Do you recommend AliExpress for electronics in general, in this case for a router?
I got a keyboard and mouse from them, where big brands like Logitech just get them from anyway.
Sheesh, these routers are expensive but that’s okay, on one Aussie forum you linked me someone mentioned using a phone as a router.
For cellular I doubt we ever would becuase it varies depending on geographical location/provider and it would simply become a website on it’s own. Combine this with availability factors it would be impossible to tell people to get this or that device. It requires a lot of research and would be something we could never keep up with as it constantly changes.
Unless you’re using a device as a travel device don’t get a portable one, it won’t have as good coverage as one with aerials.
Yeah but you’d want to make sure it can do 28GHz, those bands are used by Optus and Telstra. Some provider somewhere elsewhere may not use them. This means it might work, but maybe not as fast. Cellular internet gets messy like that.
You can run a router behind your ISP supplied router (which is also another option). Probably what I would do in the case of Optus. This does still mean that routing is done by the border device placed in what we call a “DMZ”:
physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet
as opposed to “bridge mode” where it does nothing but forwards it’s external addresses through.
That way you still have a modern secondary router behind the modem which does receive it’s updates. This should work fine for most cellular providers. It is a bit more complicated however for fixed line communications like FTTH/FTTN, because providers in Australia (which is I assume where you’re from) normally offer that require DHCPv6-PD "prefix delegation to split up a larger network range. That has to be on the device closest to the ISP (meaning your modem needs bridge mode). Fortunately FTTH/FTTC connection boxes provided by NBNCo are configured like that by default.
Typically though cellular providers don’t offer that in Australia. Telstra uses 464XLAT to offer customers single IPv6 addresses (without IPv4).
1 Like
Cellular is definitely messy like that, all of the terms you used are completely foreign to me, but I did grasp the overall message. If I do ever get a router it will be one capable of doing a “28GHz band”. Alternatively, I could run two routers or use bridge mode to connect my router to a generic device with two “network interfaces”. Just because of my environmental consciousness I will probably not do the later options, although I do appreciate the suggestions! Where I quote things, these are specialised terms that I do not know the meaning of.
Anyway, thanks a lot!
That was a worry, I tried to use as least amount of jargon as possible, but yes it gets a bit like that.
Network interface simply refers to the place where the connection happens, a router will typically have an external network interface pointing at the ISP, and an internal one pointing at the LAN. That could be an ethernet network, ie RJ45 socket with 8P8C plug, or it could be a 802.11 WLAN network (portable cellular routers tend to do the latter).
After having another look at it the Puli AX (GL-XE3000) does not support 28GHz, n258 which is used by all the providers. Spectrum Tracker shows that Optus that. Whirlpool also has a list of what is required, and I know from experience they tend to keep things like that updated.
Maybe a newer version from GL.Inet will support it, who knows. The 28GHz “band” is just the modes in which it operates on.
N258: Covers 24.25 to 27.5 GHz for Europe and China. The mmWave 24 to 29 GHz range is a widely tested 5G band. Development of mmWave 26 GHz band is continuing and headed up by the 3GPP TR 38.815. N258 is intended for short range transmission at high data rates.
The US providers probably use:
The N261, 28 GHz band is currently the highest-defined frequency 5G band in the FR2 range. Covers narrower 27.5 to 28.35 GHz for operation alongside n260 (39 GHz) in the USA. Like all millimeter wave bands, N261 is intended for short range tx/rx at high data rates.
So yes, without it it might be slower.
1 Like
Thanks you did a good job at making it understandable!
I seem to remember the feature being removed some time ago when they killed Wi-Fi Sense. The feature is no longer available.
I did find this usenet post about it, apparently nomap means something entirely different elsewhere in the world 
.
1 Like
Yeah, I’d say this qualifies as malicious compliance at this point. I’m not so paranoid that I assume it was intentionally such from the start, but not changing it is ridiculous.
In order to opt out of an invasive data collection, we’re supposed to tag our publicly broadcast wifi SSID with a phrase that happens to be homonym to the name of an extremely controversial group?
Why doesn’t Google ask us to wear scarlet P’s while they’re at it?
In summary, is there a consensus that adding “_optout_nomap” to WiFi name does not bring value?
There is no harm but yeah I’d agree that there isn’t much point. There are much more effective surface level things you can do like not putting PII in your Wi-Fi SSID.
Or just use wired networking.
1 Like
Like much in the privacy community, a lot of what we do is based on assumptions and best guesses if not experience and I see a lot of that in this thread… because unless you work for google maps, then you really don’t know how a randomized MAC AP will be recorded or treated internally. It’s not like there are many Snowdens out there either.
Well we also have experience… so to get back on track…
I have been randomizing the MAC on my openwrt routers for YEARS before this showed up last year as it just seemed obvious to me. Now you don’t have to do anything complicated to do this, it’s just a simple setting to add to the network config or button to click via the LUCI web interface. The complicated scripts posted above are so overblown because any time the interface is brought up or down with this setting active, the MAC changes anyway. This means that (since you should be rebooting your router regularly anyway for security purposes) you will have regularly updated MAC with out even trying too hard. For instance, if you set your router to reboot every day, then you will have a different MAC every day.
Now experience.
I live in a touristic place, in an apartment building on the main high street with an airbnb literally next door to me no less and have never once seen my unique network (again necessary for the security of the router and its PSK) show up on WIGLE or elsewhere. I have even contributed some data using pwnagotchi etc. but never once have I seen any reference to any AP I’ve ever had anywhere show up. This is not the case for my neighbors with their static SSID and MACs.
Now assumptions.
-
When an AP has a randomized MAC it looks like a hotspot. This in itself is not at all useful to FAANGs as far as location is concerned since hotspots are obviously mobile.
-
For Gmaps to link location data to a physical AP’s MAC, they need androids and chromecasts with wifi-scanning and they need at least 3 trustworthy data points to triangulate accurately the location of an AP.
-
With a daily MAC change, there is not enough data to accurately track an APs location over time and since its ephemeral, if it does get tracked, then it will not last.
-
The MAC is the only thing that can be used to accurately track location since it is possible to tell whether that is randomized or not. A static SSID and MAC is a useful data point. A random MAC with ‘known’ SSID is useless for triangulating location.
-
No one is combing through data looking at why a particular SSID has lots of hits in one general location with many random MAC addresses recorded. The machine is only looking to log accurate location data, not make conjectures on what could be happening.
Now just to end this, there is one point that I didn’t notice being made… TURN YOUR FUCKING AP DOWN! As I said, I live in an apartment and, with my 5G radio turned down to half power, and 2G radio turned down to 1/10th power, I have more than enough coverage even in my garden. There is no advantage to blasting wifi at full power in MOST cases. Apart from security benefits of making it harder to attack your wireless devices at range, better battery life for your devices, and longer life for your AP’s, it also stops people driving by from accurately scanning your SSID. If your AP is showing at -90dbm to a random android, then I don’t think google maps is really going to give much of a shit about it at all.
3 Likes