Quite interesting article. The original research article shows that WiFi networks can be used similarly to camera surveillance, and can identify a person with high accuracy “across different walking styles and perspectives” (think sonar-style identification). Early days, but this was not anywhere on my 2026 bingo card.
“BFId: Identity Inference Attacks Utilizing Beamforming Feedback Information” by Julian Todt, Felix Morsbach and Thorsten Strufe, 22 November 2025, CCS ’25: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. DOI: 10.1145/3719027.3765062“
In what ways would a GOS Pixel with silent.link esim be less private than using a Mudi v2? Simply because you can’t rotate the device IDs when switching sims?
The video above explains it a little: it’s the fact that the E-sim is not running 24/7 in the phone but rather in another device without the baseband processor being linked to it.
Having GOS is already super nice but not having a SIM into your phone goes a level deeper into the privacy aspect. Also, you can just switch the device off fully (while you cannot remove the battery from your phone), share the connection to other people and have a few other goodies as explained in the link above.
Not sure I can quantify how much better it is but definitely even more extreme.
I personally do not have any sort of SIM into my phone either and I kinda like that approach.
I think this is a bit different than what is being explained here: This method of identification does not even require you to have any device/receiver on you - it detects your physical presence and likely some sort of shape/physical characteristics (in some abstract dimensional space) that enables identification. You literally just have to walk past a router for it to “see” you as would be the case with a traditional surveillance camera.
I guess the above suggestions would protect you at home if you switched out your own WiFi router for that configuration - but I don’t think the likely threat would be identifying you in your own home, but rather if this is used in the public space at large, where it could detect you whether you have a device/receiver or not. I know it’s not around the corner, but the prospect and possibility seems to be there.
That sounds really interesting, but does it really work? The new Mudi 7 is coming out and I just placed a preorder. I’m wondering if I should get a Mudi v2 in the interim and try out that setup. Any actual guide to set it up?
I’m by no means an expert on this field, but the problem with a SIM, especially with postpaid plans in the US, is that you’re not anonymous. You have to go through an ID and credit check to get on a postpaid plan, so GrapheneOS doesn’t guarantee total privacy.
Researchers say a new technology can identify individuals even when they are not carrying a WiFi device by passively recording signals in radio networks, raising serious privacy concerns and prompting calls for stronger protections.
My two cents: This is a theoretical threat that has no record of being used in practice. Instead, we should focus on license plate readers and AI surveillance cameras because they are actually being used in real life.
Oh, I absolutely agree! This was not meant to be “we should focus on this now”, thus the “News” tag.
I do think it is interesting to think about; on a societal level, we are very aware of the privacy-infringing nature of surveillance cameras, and thus there are requirements before setting them up in the public space.
WiFi routers are not met with the same requirements - they are everywhere now, as we think of them as something that can only be used to track you if you connect to it. But what if this threat becomes common 10 years from now? It will be difficult to backtrack on the wide distribution of WiFi routers, so the cogs for such surveillance will have been laid out. Just as the current level of AI recognition was unthinkable 10-20 years ago.
I meant installing that software onto the GL.iNet GL-iNet Mudi v2 (E750v2). It’s my first time hearing about it. Does it really work and enhance my privacy and security?
I think this can be pretty much mitigated by BSSID randomization that introduced in Gl.iNet and MAC randomization on your device (better use random instead of stable
I’m suggesting a second gos Pixel used as a mobile router. The phone can be switched off and put in a Faraday bag when not in use. Aside from switching hardware identifiers, which I wouldn’t do anyway because it’s not legal in my country, I think this is a superior privacy and security solution to the Mudi. A used Pixel is also cheaper than the new Mudi.
And yes, as someone else already pointed out, this does nothing to prevent the theoretical attack in this study. (I actually remember seeing studies on this capability as far back as two years ago, so I don’t really think this is theoretical… I’m pretty sure authorities in certain places “tap” proprietary home routers to tell when people are home.)
