I _believe_ this also stops wifi data from leaking anywhere.
Also, I see options:
geo.provider.use_corelocation: true/false # presumably for tracking on MacOS
geo.provider.use_geoclue: true/false # presumably for tracking Linux users with Geoclue2 provider [1]
geo.enabled: true/false # presumably, turns the whole thing off
Some say[2][3], use_ options take precedence over network.url, so you need to set those to false.
It also appears[3][4], that setting geo.provider.testing to true might be required.
One time I worked at a zoom competitor, and our team got to prototype a "detect if these people are in the same room as each other" feature for dealing with echo cancellation etc, where everyone's laptop would emit a unique high frequency, and everyone's laptop would listen for other frequencies. Of course it worked in pristine conditions and fell down in the real world. But it was a fun experiment...
People need to learn manners, nobody should be using video calling without headphones. It's insane whenever someone joins and we hear all their background, feedback of whoever is speaking, etc as if nobody has ever told them to mute or stop using speaker in their life.
> People need to learn manners, nobody should be using video calling without headphones.
OK? it still sucks even with headphones. Imagine the following scenario: You are in a meeting using your headphones as you suggest. A coworker a few seats away from you are in the same meeting using their own headsphones. When they talk you hear their real voice reach your ears first (this happens with even the best noise canceling headphones to some extent) and then you hear their voice with some delay from the meeting.
This is not about manners or headphones.
Better meeting software identifies when this is happening and they suppress the streamed voice of your coworker just for you.
This is a great answer. But I would add that while a technical solution is welcomed, an organizational one could help too: why are multiple people in the same meeting joining from nearby desks instead of a conference room?
I was in such a meeting yesterday where multiple participants were required by law to be each in same meeting from different computers in same room and with their mics and speakers on, and same law prevents use of conference room camera speakers and mic. There was a constant and annoying audio echo for everyone.
That is a bonkers edge case that it never occurred to me would happen. I am glad to not be under those regulations
Get that law abolished ASAP, sounds ridiculous
There's a downside to the conference room angle; the camera is far away, and the image of the room occupies the same amount of space on my monitor as the seven other heads in the call who are calling in remotely.
So unless I know the voice of everyone in the conference room, I have no idea who's speaking at any given point unless they're also gesticulating wildly.
Oh, I know this one: your team’s too big.
Because all the conference rooms were already booked.
This is about 3 people in a meeting room joining with their laptops, without a meeting room audio setup (or it being bad)
Tbh, I think this geolocation method is amazing, and I'm grateful it exists, because GPS indoor really sucks.
Honest question - what's your use case for needing GPS indoors? I generally know where I am when I'm indoors :)
[deleted]
You're in a large building you're unfamiliar with. Particularly one with an unusual layout, like a mall or hospital.
For a variety of reasons I've set a personal best for time in large hospitals in the last year. They can be very difficult to navigate in the best of times, much less in the less-than-ideal mental state that often accompanies time in a hospital.
Maybe indoors is the wrong term: as soon as you don't have direct sky visibility it's relatively hard to get a position.
Some examples: on a train, on the underground, in a train station, in a mall, in an office building, ...
Probably depends on the construction of the roof and windows. At least on European trains I've never had an issue getting GPS (unless you are in a tunnel or subway system). It takes a bit longer to get the first fix if you don't have AGPS, but no worse than in a car. Same with planes. On the other hand in a building it it pretty much only works next to a window, and malls don't have windows
Even if you do, it will often take more time to acquire a fix than most people are used to
It's useful in shopping malls, airports, train stations, car parks and so on. Anywhere you need to navigate a large complex.
Not OP but navigating large malls, subway terminals, etc is nice
[dead]
Generally yes, but if you go to a giant mall, train station, airport then you usually don'y.
/usr/libexec/geoclue-2.0/demos/where-am-i
Now the question: can you spoof your location? Say you are an admin on your system (for instance you run a Linux distro), can you make your OS return the same list of SSID/BSSIDs as your friend who is in the classroom (or as you recorded the day before) to pretend you are there?
Would be a fun experiment, and a nice follow-up post :-).
Nice! Still would be cool to do it right from the computer.
I assume that smart comp sci kids already have some sort of proxy running on an Android phone that publishes the current in-classroom WiFi environment, and a browser plugin or Linux hack that their stay-at-home friends can run that intercepts the geolocation calls and spoofs the responses with what the in-classroom android phone is seeing.
The API just returns coordinates to the website and it's fairly easy to spoof on major browsers. You'd just need to know where the classroom is.
[deleted]
My PC doesn't have any wireless connections and the Geolocation API always fails. I guess I'd fail this course (which is apparently correct, as I was supposed to be attending in person with a laptop.)
Edit: Presumably it would be possible to hack the browser to return a false position.
Edit: Make it a convenient browser add-on, perhaps. There must be other applications.
Edit: pkulak points out that you just have to set a Firefox option. Why do I even comment on things I know nothing about.
[deleted]
The question is, can we patch our browser to respond with whatever we want when getCurrentPosition() is called?
Then we can be wherever we want, super precisely!
Oh wow, it's the modern version of the clicker, the physical device assigned to you at the beginning of the term used for classroom participation and attendance checking, and which was most definitely defeatable via "the unpatchable strategy of Having Friends".
I held onto Symbian longer than I should have, but am surprised this practice hadn't crossed my path before now. IMHO it's insidious. It's one thing for a Google Street View car to war scan my WiFi router, but another for my own phone to secretly rat me out. Not that I use Location myself, but I can't stop other members of the household. I assume this is yet another practice that Android forks like GrapheneOS disables?
Gives you verifiable control over, at least.
Maybe it’s because I studied in Austria where universities generally provide very little handholding to students but I don’t understand the point of compulsory attendance in university lectures. If students think they can pass exams without attending the lectures then they should be able to do that. I certainly did that once or twice when I realized I needed some more credits before the end of the term.
It’s a different thing with lab/exercise sessions but your lack of participation there would be noticed anyway.
My university didn't take attendance either, but some in my country do. As I understand it, the reasons are:
1. Some students think they can skip class and catch up through self-study, but actually they can't. The same I'd-rather-be-partying attitude that stops them attending lectures also stops them finding time to self-study. College is the first time students' time management is put to the test, and some students can't handle it. Giving them some external motivation to get out of bed does them a favour, in the long term.
2. Some courses are discussion-and-debate oriented. Less so in engineering, moreso in arts subjects. If Socratic debate is a key part of the class, students who don't show up will of course lose grades - and accurate record keeping makes sure that's done fairly.
3. Some governments require certain reporting to ensure people getting student visas are, in fact, students. Taking attendance for foreign students is one way to satisfy this.
4. When someone fails a course they'll often lodge an appeal. Perhaps they'll say the course was badly taught, or the exam covered material that wasn't in the lectures. Knowing whether the student attended the lectures helps adjudicate such complaints fairly.
A highly ranked university that attracts smart, self-motivated students has less reason to take attendance - whereas a university with lots of students skipping class, failing and complaining has more reason.
I take attendance (the old-fashioned way) in my college classes for a couple of reasons:
- Some students are "sponsored" by scholarships or organizations that request attendance data.
- I want to know the attendance record for a student who is asking for an extension, or extra-credit work, or some other informal accommodation.
- I like to draw fancy graphs correlating attendance and final grades.
But other than that, I don't care if students are in class or not. They're adults. Learning is their responsibility.
It was the same when I studied applied physics in England many years ago. No one checked or cared if we attended lectures in the physics and maths departments. In fact anyone could have attended the lectures even if they were not a student because there was always plenty of room. But the law department where my wife studied, at the same university, did check who was attending.
As for laboratory exercises in the physics department, they were in theory compulsory but still no one checked. The final year included a long experimental project that had to be documented and conclusions defended in a viva. Again no one formally checked that we actually did it but as we were grouped into small teams for this anyone who didn't pull their weight would have been reported by their fellow students and would not have had access to the experimental results which would have made it difficult to write it up and defend.
I graduated University in the US in 2004. I never took a class that had mandatory lecture attendance.
Compulsory attendance used to be far less common in colleges, but teenagers in America mature far more slowly than they used to and undergrads are still effectively children. Universities need to babysit them or they'll wreck the dropout rate
Glad to see a fellow Madisonian make it to HN frontpage. Great work!
As the article mentions this tech has been in widespread use for over two decades now. You have likely used it on your phone today without knowing it. GPS is accurate but also very fickle (takes time to get a lock, battery hog, doesn't work great when surrounded by buildings, doesn't work great when inside a building, doesn't work in bad weather). Wifi data is plentiful today in every urban setting, and you can get an exact location in under a second.
> Apple’s instructional opt out page (appending
_nomap) to the SSID.
this is good information.
on the other hand, it is pretty impossible to turn off wifi on some apple computers. (when I look at wifi, I get a greyed out off toggle)
You have to get into csrutil to disable the chips from powering up.
Does the "Stop broadcasting SSID" option in most Wifi access points / routers prevent wardriving or is the BSSID still leaked?
In this case the AP still beacons (which includes the BSSID), just with the SSID field set to "".
I don't think it's appropriate for a professor to use this feature. Am I in the minority?
It's a good sales job. Someone sold them a "high tech" solution for a problem that's already been solved. We had attendance rolls long before we had computers.
Times are getting so much tougher. I remember my early morning organic chemistry classes using top hat. I never showed up to class, but I had my top hat app open.
The answers were usually kept simple, so I'd guess things like 0 or 1 (the questions were never written in the app). I think I ended up with 60% or so on them, which was nice, since it was a bonus component meant to be a little boost to the grade anyways.
Is it common for North American universities to take attendance? Seems like a whole lot of effort to gain little and infantilize your students. They're paying tuition, and if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments. And if they don't fail their exams/assessments then clearly mandating lecture attendance for them wasn't necessary anyway.
I was punished by getting into grad school, going to the "meet the faculty" party, and having my Algorithms professor greet me with "oh, you're the one who never came to class". (I can't resist pointing out, now that it's safe, that it seemed like his TA taught quite a few of his classes...)
It's a protection for the faculty and students.
If you fail someone who rarely attended class, and they claim that they did, asked you for support, and never received it, how might you defend yourself?
If you have an excellent student who encounters a hardship, how might you petition for leniency to allow them to drop without penalty beyond a cutoff, or delay submitting final grades until they can complete makeup work?
In my experience it’s common for large intro level classes. While I personally never liked these policies, I do think it’s beneficial to the average student to incentivize attendance. Think 18 year olds who aren’t able to self regulate or fully understand the consequences until it’s too late. A “pick yourself up by your bootstraps” mentality just hurts the average quality of education.
I think it's worth pondering why you feel paying tuition enters the assessment of the situation. The justification would seem to stand on its own either way, right? Or would your opinion change if tuition was free?
Mandatory attendance makes more sense if tuition is free, because it's not the student's resources that are being wasted, it's whoever is paying the universities.
I don't follow how this implies mandatory attendance makes sense in one case but not the other.
If you believe lack of attendance is "wasting resources", then either you think the class isn't doing its part by teaching what students need, or you believe it is and yet students are not learning the material due to lack of attendance. In the former case, the problem is poor teaching, and so attendance isn't the solution. In the latter case, then the same argument would apply regardless of who's paying.
What's the logic here? Is there a third possibility I'm missing?
The logic is, nobody cares if you waste your own tuition money by not attending class, but people do care if you waste somebody else's tuition money.
You didn't answer my question at all. I understand whose money is involved, that had nothing to do with my point.
Ok, let me reframe then. Imagine you paid for someone's tuition. Would you like them to go to class and get the education you paid for? If they, after several years of them not attending lectures, fail to be educated, was your money wasted?
Now imagine you're a big donor. You donate enough money for, say, 10 scholarships. None of them attend class. None of them get degrees. Are you likely to donate again?
If you require attendance to graduate, then your degree signals conformity and grit, and thus has some value to show to employers who care about those stats but can't really measure them any other way.
> if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments
My (UK) University was very clear that attendance was not mandatory, but if you weren't attending lectures you were not going to get any extra help from the lecturers etc
I don't think that's an unreasonable position to take, but it's nice if you _know_ rather than _guess_ who bothered to make it in to class.
[deleted]
You misunderstand. The customer is the government, which pays for student education through 'student loans'. The government is an absentee farmer who pays a farm labourer to produce a crop many years in the future. The labourer would rather take the money and plant nothing, so the absentee landlord farmer wants him to send photos of the seed being planted.
But why won't the crop grow on its own? It is strongly incentivized to live! And yet it does not. So you need to send photos of tilling the soil, planting the seed, watering, so that one day we might come there and see a harvested crop.
[deleted]
I've had companies send us laptops for VPN access that had LTE modems and GPS specifically for location verification before granting access to the VPN.
Imagine having your services so poorly secured or authenticated that you need to protect Layer 3 access this tightly.
It is just another layer of authentication.
> Small digression: did you know that, until May 2000, GPS satellites (which are owned and operated by the United States Space Force) provided the general public a signal with intentional error built into it?
What the hell? Why?
They wanted to keep accurate global positioning as a US military exclusive capability. It's definitely useful for guided munitions, & alternative satellite positioning systems didn't exist or were less mature at the time, so US GPS was the only system one could realistically use for that. A missile able to hit a target within a 3 meter radius is vastly more effective than one that can only hit within 100m, for instance.
There are still some restrictions around this sort of thing: IIRC a GPS receiver for sale to the public isn't allowed to give accurate data if it's too high up &/or moving too fast, to prevent unauthorized usage in ICBMs & other similar weapons. I think there would be a lot of red tape involved if you wanted to buy an unrestricted GPS device without this limitation.
Which is idiotic, because nowadays it is trivial to build your own GPS received compared to the complexity of building a reliable ICBM.
Error was built in to reduce precision and make it harder to use them for targeting. It stopped being useful once there were other constellations available.
GPS receivers sold to public also required to not operate at certain altitude/speed to prevent it from being used in ballistic (and probably other kinds?) missiles.
GPS started as a U.S. Department of Defense project, and they had qualms about freely giving the high accuracy positioning information they found so very useful for e.g. targeting bombs and missiles, to every unverified third party in the world. Depending on your preferred flavor of jadedness, one could say it was because of security concerns... or one could say it was because said third parties hadn't paid off the military industrial complex enough!
It was to degrade accuracy. Military (and presumably other gov't and allied gov't owned systems) were able to get more accurate signals. The degraded signals meant that someone couldn't use commercial GPS as a guidance system or for similar applications.
Something something Yujio Hanma
[dead]
The root problem is that a lot of higher education is nurturing a culture of cheaters right now.
Your future doctors, scientists, government officials, etc... will have had to compete and gain coveted academic and career opportunities, in an environment that both has been heavily gamified, and is being overrun by cheaters.
Insulting measures like this TopHat practically endorses the culture of cheating, by telling students that they can't be trusted, and turning into yet another cheating challenge/task.
Schools with any integrity should be bending over backwards to find, nurture, and support students of integrity.
And to save those who only got admitted by being sketchy, but first semester is a chance to unlearn the bad lessons from before.
Not by treating them as criminals to be monitored, but by treating them like the respectable people they should aspire to be, and which the school expects and requires that they be.
And, for any hopelessly shitty students, who fail to honor this first semester extension of trust, the school should smack them to the curb. Lost tuition income, lost named buildings/chairs, and expensive lawsuits from helicopter parents, be damned.
I have an inside perspective on this via an academic integrity company.
A couple weeks ago there was an exam in an R1 institution that double booked the facility so one section did the exam in person on campus and the other did it "from home". The score distribution of the in person exam was a typical bell curve, and the distribution of the online exam looking like a power-law curve with over half the students scoring 100%.
Thankfully this outraged the professor, and through a variety of means (which I will not disclose publicly) over 25% of the students were caught red handed. Actions are being taken against them, though I'm not sure how far they will go. The evidence against them is overwhelmingly conclusive. In some cases the evidence led to more evidence of cheating in other courses. It seems clear that more that 25% cheated, but I guess catching some is better than none.
As someone who is keenly aware of this crisis, I feel tiny bursts of relief when I see these small wins, though it does feel a bit like bailing an ocean with a teacup.
Catching cheaters is easy. The problem is that incentives are not aligned. Students are also customers, and you can’t simply fire a quarter of your customers and stay in business.
I agree with the latter 100% (the biggest problem is incentives), however I don't agree catching cheaters is easy. It's an arms race, and reminds me of catching cheaters in video games.
Using every means available (multiple technologies and in-person proctored exams) cuts down cheating to probably ~2%... But online programs have serious integrity challenges.
It also doesn't help that our outrage-driven media overwhelmingly exposes us to cheaters.
Everyone's heard of Theranos, Enron, Martin Shkreli, and Bernie Madoff. This week, my 70+ year old aunt asked me about Charlie Javice and Frank. Yet, there are thousands of very successful people quietly building their castles who live and die in relative obscurity because their stories just aren't that thrilling.
If you spend a lot of time interacting with people in the latter category, or if you have them as your mentors, then you will be exposed to a model of what success through hard work and integrity looks like. If you don't, then it's very easy to think everyone successful is a cheater, and that cheating is the only way to break the ceiling into success.
[deleted]
It’s not about individual people - it’s just scale, paired with Goodhart's law.
No number in a spreadsheet will tell you who’s the genuine student. The moment you’re ranking like that you lost.
Long term human interaction in reduced groups is far better at creating genuine environments. But of course, that system doesn’t scale, and it’s a breeding ground for nepotism.
In this moral framework, would it be acceptable for the lecturer to take attendance orally, or is that also insulting?
The instructor clearly sets their expectations for attendance (whether it's mandatory, or otherwise), and then just expects everyone to follow that.
It is verification of attendance, specifically, that "endorses the culture of cheating... telling students they can't be trusted, and turning into yet another cheating challenge/task"? If not, what is fair game for verification, in the pursuit of finding students of integrity?
Finding students with integrity is hard now, because the culture is already full of poo.
But one starting point is to communicate that you expect and require integrity, explain what that means, and then expect it. Trying to make metrics or tests or whatever to detect, rate, rank, etc. it just turns it into a game, like the same load of poo.
Though here is one thing you can do. Explain that you expect integrity, and then watch the students raise their hands and ask how they will be tested on this. You say it's expected. Back and forth a few times, until eventually some of them start crying, and then their heads explode, because they can't figure out how to game that. Those students sadly were too far gone.
Then, after that first semester of integrity culture, some of the students who didn't explode will cheat, and they will be expelled with the fury of an angry god, and everyone on campus will know why. News stories will be written, word will spread, college guides will be updated. The next batch of applicants after that will have fewer cheaters than before, and will have disproportionately attracted students who aspire to integrity and who wouldn't have known to apply to this school before the news.
A school with an honor code that students and faculty take seriously wasn't that newsworthy decades ago, but it's news now.
> Explain that you expect integrity, and then watch the students raise their hands and ask how they will be tested on this. You say it's expected. Back and forth a few times, until eventually some of them start crying, and then their heads explode, because they can't figure out how to game that.
This assumes that the students are untrustworthy and the faculty/institution are ultimately trusted. In a world in which that is not true (such as the world that produces the article we're commenting on), and students sometimes encounter problems due to unclear expectations or vague criteria that are not the student's fault, it is not unreasonable for people to ask questions whose goal is to find out the actual non-vague criteria to avoid unpleasant surprises.
By way of one of many examples: many excellent classes encourage students to talk about assignments with each other, as long as the work they turn in is their own. Now consider what happens if a student accustomed to such a policy encounters a class taught with a different policy, where that policy has not been made clear in advance.
Honor codes and integrity are excellent things to enforce. Transparency and crystal-clear criteria are also excellent things to enforce. Not to allow gaming the system, but to ensure the system doesn't game anyone.
> This assumes that the students are untrustworthy and the faculty/institution are ultimately trusted.
True. This proposal requires expecting and requiring the faculty to have integrity.
And you really need the college/university as a whole to commit to this, not just isolated professors, partly so that there can be no confusion by students.
(Some battle-scarred faculty and grad students could tell speak of entire departments that need to be shut down completely, because the administration and faculty are too far gone. I think you could never do this with one of those departments. You'd only get posturing, and the same arrogant and underhanded behaviors as before, and students would briefly be a little confused, but quickly realize that the old sketchy game-playing is still fully on.)
> True. This proposal requires expecting and requiring the faculty to have integrity.
Not just integrity, but also consistency, objectivity, absence of caprice or bias...
[dead]
TL;DR: location API exists. Wifi-based location exists. American universities apparently use this to take "secure" attendance.
Good article, but you could also just use a VPN to trick it.
No, a VPN would only change the source IP of your request which the author specifically states isn't how this system works: the browser uses its host OS' Location Services to self report its location based on GPS or Wi-Fi AP locations.
Even if the browser was super locked down you could trivially spoof a few SSIDs broadcast from the desired area in theory..
The SSID (name, like the article mentions) is different than the bSSID (mac address of the access point), so I don't think it would be that easy to spoof.
Minor but important correction: The BSSID is almost never the AP MAC address.
The BSSID is unique per SSID, per AP. The BSSID is usually derived (usually by incrementing the last octet) from the AP MAC address, however.
So an AP MAC might be 77:99:44:EE:C4:11.
It has a wireless network called "Bob's SSID". It will have a BSSID of something like 77:99:44:EE:C4:12.
Then, the AP may be broadcasting another called "Mary's SSID", and it will have a BSSID of something like 77:99:44:EE:C4:13.
Looks like the BSSID is derived from the AP serial number by some vendors. Never seen that myself.
I see, thanks. I've definitely seen instances where an AP is broadcasting multiple SSIDs with different BSSIDs. I suppose I just thought nothing of it... but that makes sense.
That would be a fun project. Capture some WiFi geolocation data and rebroadcast it later with an ESP32 that switches its BSSID/SSID/frequency/transmit power to match an existing fingerprint.
And then see if you can be magically transported somewhere else.
Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)
Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality
Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)
Some will let you change it but it's almost always static since changing AP MAC Address will cause network disruptions for all connected clients.
Sure, some hacker somewhere will screw with these databases by rotating their AP MAC Address regularly but 99.9% are not going to touch it and 99.9% is good enough for location databases.
Ohh. Yeah I suppose that's what I meant. I thought a VPN also spoofed the location
A device can triangulate its own location locally, given the WiFi hotspots around it, and transmit that information via a JavaScript API. A VPN won't flummox this mechanism.
> A device can triangulate its own location
Trilaterate (or multilaterate). Angulation uses angle, like a directional antenna, constructive/destructive interference for beamforming (this is how airplane landing systems work if I'm understanding it correctly), or optics like our two eyes, to find the angles to a target from known positions in order to determine its position in space
Trilateration is based on distances from known locations, determined either by signal delay (GNSS does that; newer cell towers also but call it "timing advance") or signal strength (used with both WiFis and cell towers)
> locally, given the WiFi hotspots
You'll also need a local database with the hotspots' positions (usually those aren't actually measured but estimated from observations at different locations). I'm not aware of a device that ships with this, nor popular software that uses it as its primary method, as such databases are many gigabytes. Thus this is typically not local; you're sharing your data (thus location) with the server which then kindly tells you where it thinks you are
I use a Firefox preference to pin my location to a spot near, but not at, my house:
user_pref("geo.provider.network.url", 'data:application/json,{"location": {"lat": 45.0, "lng": -122.0}, "accuracy": 128.0}');
I _believe_ this also stops wifi data from leaking anywhere.
Also, I see options:
Some say[2][3], use_ options take precedence over network.url, so you need to set those to false.It also appears[3][4], that setting geo.provider.testing to true might be required.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1063572
[2] https://stackoverflow.com/questions/24932199/how-to-change-f...
[3] https://security.stackexchange.com/a/268825
[4] https://stackoverflow.com/a/24937564
There's also a plugin that allows varying levels of accuracy per-site. - LocationGuard
chrome: https://chromewebstore.google.com/detail/location-guard-v3/h...
firefox: https://addons.mozilla.org/en-US/firefox/addon/location-guar...
One time I worked at a zoom competitor, and our team got to prototype a "detect if these people are in the same room as each other" feature for dealing with echo cancellation etc, where everyone's laptop would emit a unique high frequency, and everyone's laptop would listen for other frequencies. Of course it worked in pristine conditions and fell down in the real world. But it was a fun experiment...
People need to learn manners, nobody should be using video calling without headphones. It's insane whenever someone joins and we hear all their background, feedback of whoever is speaking, etc as if nobody has ever told them to mute or stop using speaker in their life.
> People need to learn manners, nobody should be using video calling without headphones.
OK? it still sucks even with headphones. Imagine the following scenario: You are in a meeting using your headphones as you suggest. A coworker a few seats away from you are in the same meeting using their own headsphones. When they talk you hear their real voice reach your ears first (this happens with even the best noise canceling headphones to some extent) and then you hear their voice with some delay from the meeting.
This is not about manners or headphones.
Better meeting software identifies when this is happening and they suppress the streamed voice of your coworker just for you.
This is a great answer. But I would add that while a technical solution is welcomed, an organizational one could help too: why are multiple people in the same meeting joining from nearby desks instead of a conference room?
I was in such a meeting yesterday where multiple participants were required by law to be each in same meeting from different computers in same room and with their mics and speakers on, and same law prevents use of conference room camera speakers and mic. There was a constant and annoying audio echo for everyone.
That is a bonkers edge case that it never occurred to me would happen. I am glad to not be under those regulations
Get that law abolished ASAP, sounds ridiculous
There's a downside to the conference room angle; the camera is far away, and the image of the room occupies the same amount of space on my monitor as the seven other heads in the call who are calling in remotely.
So unless I know the voice of everyone in the conference room, I have no idea who's speaking at any given point unless they're also gesticulating wildly.
Oh, I know this one: your team’s too big.
Because all the conference rooms were already booked.
This is about 3 people in a meeting room joining with their laptops, without a meeting room audio setup (or it being bad)
... I mean Google meet handles it pretty well
Microsoft Teams does this: https://techcommunity.microsoft.com/discussions/microsofttea...
That's what Google Meet does too: https://support.google.com/meet/answer/14263133?hl=en-NZ
>where everyone's laptop would emit a unique high frequency,
This sounds like an awful idea.
https://www.science.org/content/article/sounds-you-cant-hear...
sounds like how Cisco Teams/Webex could detect if you're in a certain meeting room using an ultrasonic frequency.
I've recently vibe-coded "where-am-i", a small CLI that returns your approximate location using the technology described here.
https://github.com/denysvitali/where-am-i
Tbh, I think this geolocation method is amazing, and I'm grateful it exists, because GPS indoor really sucks.
Honest question - what's your use case for needing GPS indoors? I generally know where I am when I'm indoors :)
You're in a large building you're unfamiliar with. Particularly one with an unusual layout, like a mall or hospital.
For a variety of reasons I've set a personal best for time in large hospitals in the last year. They can be very difficult to navigate in the best of times, much less in the less-than-ideal mental state that often accompanies time in a hospital.
Maybe indoors is the wrong term: as soon as you don't have direct sky visibility it's relatively hard to get a position.
Some examples: on a train, on the underground, in a train station, in a mall, in an office building, ...
Probably depends on the construction of the roof and windows. At least on European trains I've never had an issue getting GPS (unless you are in a tunnel or subway system). It takes a bit longer to get the first fix if you don't have AGPS, but no worse than in a car. Same with planes. On the other hand in a building it it pretty much only works next to a window, and malls don't have windows
Even if you do, it will often take more time to acquire a fix than most people are used to
It's useful in shopping malls, airports, train stations, car parks and so on. Anywhere you need to navigate a large complex.
Not OP but navigating large malls, subway terminals, etc is nice
[dead]
Generally yes, but if you go to a giant mall, train station, airport then you usually don'y.
/usr/libexec/geoclue-2.0/demos/where-am-i
Now the question: can you spoof your location? Say you are an admin on your system (for instance you run a Linux distro), can you make your OS return the same list of SSID/BSSIDs as your friend who is in the classroom (or as you recorded the day before) to pretend you are there?
Would be a fun experiment, and a nice follow-up post :-).
https://github.com/adamhrv/skylift but doesn’t use the OS, it broadcasts the necessary beacons with ESP8266 / ESP32 hardware.
Nice! Still would be cool to do it right from the computer.
I assume that smart comp sci kids already have some sort of proxy running on an Android phone that publishes the current in-classroom WiFi environment, and a browser plugin or Linux hack that their stay-at-home friends can run that intercepts the geolocation calls and spoofs the responses with what the in-classroom android phone is seeing.
The API just returns coordinates to the website and it's fairly easy to spoof on major browsers. You'd just need to know where the classroom is.
My PC doesn't have any wireless connections and the Geolocation API always fails. I guess I'd fail this course (which is apparently correct, as I was supposed to be attending in person with a laptop.)
Edit: Presumably it would be possible to hack the browser to return a false position.
Edit: Make it a convenient browser add-on, perhaps. There must be other applications.
Edit: pkulak points out that you just have to set a Firefox option. Why do I even comment on things I know nothing about.
The question is, can we patch our browser to respond with whatever we want when getCurrentPosition() is called?
Then we can be wherever we want, super precisely!
Oh wow, it's the modern version of the clicker, the physical device assigned to you at the beginning of the term used for classroom participation and attendance checking, and which was most definitely defeatable via "the unpatchable strategy of Having Friends".
I held onto Symbian longer than I should have, but am surprised this practice hadn't crossed my path before now. IMHO it's insidious. It's one thing for a Google Street View car to war scan my WiFi router, but another for my own phone to secretly rat me out. Not that I use Location myself, but I can't stop other members of the household. I assume this is yet another practice that Android forks like GrapheneOS disables?
Gives you verifiable control over, at least.
Maybe it’s because I studied in Austria where universities generally provide very little handholding to students but I don’t understand the point of compulsory attendance in university lectures. If students think they can pass exams without attending the lectures then they should be able to do that. I certainly did that once or twice when I realized I needed some more credits before the end of the term. It’s a different thing with lab/exercise sessions but your lack of participation there would be noticed anyway.
My university didn't take attendance either, but some in my country do. As I understand it, the reasons are:
1. Some students think they can skip class and catch up through self-study, but actually they can't. The same I'd-rather-be-partying attitude that stops them attending lectures also stops them finding time to self-study. College is the first time students' time management is put to the test, and some students can't handle it. Giving them some external motivation to get out of bed does them a favour, in the long term.
2. Some courses are discussion-and-debate oriented. Less so in engineering, moreso in arts subjects. If Socratic debate is a key part of the class, students who don't show up will of course lose grades - and accurate record keeping makes sure that's done fairly.
3. Some governments require certain reporting to ensure people getting student visas are, in fact, students. Taking attendance for foreign students is one way to satisfy this.
4. When someone fails a course they'll often lodge an appeal. Perhaps they'll say the course was badly taught, or the exam covered material that wasn't in the lectures. Knowing whether the student attended the lectures helps adjudicate such complaints fairly.
A highly ranked university that attracts smart, self-motivated students has less reason to take attendance - whereas a university with lots of students skipping class, failing and complaining has more reason.
I take attendance (the old-fashioned way) in my college classes for a couple of reasons:
- Some students are "sponsored" by scholarships or organizations that request attendance data. - I want to know the attendance record for a student who is asking for an extension, or extra-credit work, or some other informal accommodation. - I like to draw fancy graphs correlating attendance and final grades.
But other than that, I don't care if students are in class or not. They're adults. Learning is their responsibility.
It was the same when I studied applied physics in England many years ago. No one checked or cared if we attended lectures in the physics and maths departments. In fact anyone could have attended the lectures even if they were not a student because there was always plenty of room. But the law department where my wife studied, at the same university, did check who was attending.
As for laboratory exercises in the physics department, they were in theory compulsory but still no one checked. The final year included a long experimental project that had to be documented and conclusions defended in a viva. Again no one formally checked that we actually did it but as we were grouped into small teams for this anyone who didn't pull their weight would have been reported by their fellow students and would not have had access to the experimental results which would have made it difficult to write it up and defend.
I graduated University in the US in 2004. I never took a class that had mandatory lecture attendance.
Compulsory attendance used to be far less common in colleges, but teenagers in America mature far more slowly than they used to and undergrads are still effectively children. Universities need to babysit them or they'll wreck the dropout rate
Glad to see a fellow Madisonian make it to HN frontpage. Great work!
As the article mentions this tech has been in widespread use for over two decades now. You have likely used it on your phone today without knowing it. GPS is accurate but also very fickle (takes time to get a lock, battery hog, doesn't work great when surrounded by buildings, doesn't work great when inside a building, doesn't work in bad weather). Wifi data is plentiful today in every urban setting, and you can get an exact location in under a second.
> Apple’s instructional opt out page (appending _nomap) to the SSID.
this is good information.
on the other hand, it is pretty impossible to turn off wifi on some apple computers. (when I look at wifi, I get a greyed out off toggle)
You have to get into csrutil to disable the chips from powering up.
Does the "Stop broadcasting SSID" option in most Wifi access points / routers prevent wardriving or is the BSSID still leaked?
In this case the AP still beacons (which includes the BSSID), just with the SSID field set to "".
I don't think it's appropriate for a professor to use this feature. Am I in the minority?
It's a good sales job. Someone sold them a "high tech" solution for a problem that's already been solved. We had attendance rolls long before we had computers.
Times are getting so much tougher. I remember my early morning organic chemistry classes using top hat. I never showed up to class, but I had my top hat app open.
The answers were usually kept simple, so I'd guess things like 0 or 1 (the questions were never written in the app). I think I ended up with 60% or so on them, which was nice, since it was a bonus component meant to be a little boost to the grade anyways.
Is it common for North American universities to take attendance? Seems like a whole lot of effort to gain little and infantilize your students. They're paying tuition, and if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments. And if they don't fail their exams/assessments then clearly mandating lecture attendance for them wasn't necessary anyway.
I was punished by getting into grad school, going to the "meet the faculty" party, and having my Algorithms professor greet me with "oh, you're the one who never came to class". (I can't resist pointing out, now that it's safe, that it seemed like his TA taught quite a few of his classes...)
It's a protection for the faculty and students.
If you fail someone who rarely attended class, and they claim that they did, asked you for support, and never received it, how might you defend yourself?
If you have an excellent student who encounters a hardship, how might you petition for leniency to allow them to drop without penalty beyond a cutoff, or delay submitting final grades until they can complete makeup work?
In my experience it’s common for large intro level classes. While I personally never liked these policies, I do think it’s beneficial to the average student to incentivize attendance. Think 18 year olds who aren’t able to self regulate or fully understand the consequences until it’s too late. A “pick yourself up by your bootstraps” mentality just hurts the average quality of education.
I think it's worth pondering why you feel paying tuition enters the assessment of the situation. The justification would seem to stand on its own either way, right? Or would your opinion change if tuition was free?
Mandatory attendance makes more sense if tuition is free, because it's not the student's resources that are being wasted, it's whoever is paying the universities.
I don't follow how this implies mandatory attendance makes sense in one case but not the other.
If you believe lack of attendance is "wasting resources", then either you think the class isn't doing its part by teaching what students need, or you believe it is and yet students are not learning the material due to lack of attendance. In the former case, the problem is poor teaching, and so attendance isn't the solution. In the latter case, then the same argument would apply regardless of who's paying.
What's the logic here? Is there a third possibility I'm missing?
The logic is, nobody cares if you waste your own tuition money by not attending class, but people do care if you waste somebody else's tuition money.
You didn't answer my question at all. I understand whose money is involved, that had nothing to do with my point.
Ok, let me reframe then. Imagine you paid for someone's tuition. Would you like them to go to class and get the education you paid for? If they, after several years of them not attending lectures, fail to be educated, was your money wasted?
Now imagine you're a big donor. You donate enough money for, say, 10 scholarships. None of them attend class. None of them get degrees. Are you likely to donate again?
If you require attendance to graduate, then your degree signals conformity and grit, and thus has some value to show to employers who care about those stats but can't really measure them any other way.
> if they don't show up to class they get punished by not learning enough and subsequently failing their exams/assessments
My (UK) University was very clear that attendance was not mandatory, but if you weren't attending lectures you were not going to get any extra help from the lecturers etc
I don't think that's an unreasonable position to take, but it's nice if you _know_ rather than _guess_ who bothered to make it in to class.
You misunderstand. The customer is the government, which pays for student education through 'student loans'. The government is an absentee farmer who pays a farm labourer to produce a crop many years in the future. The labourer would rather take the money and plant nothing, so the absentee landlord farmer wants him to send photos of the seed being planted.
But why won't the crop grow on its own? It is strongly incentivized to live! And yet it does not. So you need to send photos of tilling the soil, planting the seed, watering, so that one day we might come there and see a harvested crop.
I've had companies send us laptops for VPN access that had LTE modems and GPS specifically for location verification before granting access to the VPN.
Imagine having your services so poorly secured or authenticated that you need to protect Layer 3 access this tightly.
It is just another layer of authentication.
> Small digression: did you know that, until May 2000, GPS satellites (which are owned and operated by the United States Space Force) provided the general public a signal with intentional error built into it?
What the hell? Why?
They wanted to keep accurate global positioning as a US military exclusive capability. It's definitely useful for guided munitions, & alternative satellite positioning systems didn't exist or were less mature at the time, so US GPS was the only system one could realistically use for that. A missile able to hit a target within a 3 meter radius is vastly more effective than one that can only hit within 100m, for instance.
There are still some restrictions around this sort of thing: IIRC a GPS receiver for sale to the public isn't allowed to give accurate data if it's too high up &/or moving too fast, to prevent unauthorized usage in ICBMs & other similar weapons. I think there would be a lot of red tape involved if you wanted to buy an unrestricted GPS device without this limitation.
Which is idiotic, because nowadays it is trivial to build your own GPS received compared to the complexity of building a reliable ICBM.
But they said 2000.
https://www.gps.gov/selective-availability https://en.wikipedia.org/wiki/Error_analysis_for_the_Global_...
Error was built in to reduce precision and make it harder to use them for targeting. It stopped being useful once there were other constellations available.
GPS receivers sold to public also required to not operate at certain altitude/speed to prevent it from being used in ballistic (and probably other kinds?) missiles.
GPS started as a U.S. Department of Defense project, and they had qualms about freely giving the high accuracy positioning information they found so very useful for e.g. targeting bombs and missiles, to every unverified third party in the world. Depending on your preferred flavor of jadedness, one could say it was because of security concerns... or one could say it was because said third parties hadn't paid off the military industrial complex enough!
It was to degrade accuracy. Military (and presumably other gov't and allied gov't owned systems) were able to get more accurate signals. The degraded signals meant that someone couldn't use commercial GPS as a guidance system or for similar applications.
Something something Yujio Hanma
[dead]
The root problem is that a lot of higher education is nurturing a culture of cheaters right now.
Your future doctors, scientists, government officials, etc... will have had to compete and gain coveted academic and career opportunities, in an environment that both has been heavily gamified, and is being overrun by cheaters.
Insulting measures like this TopHat practically endorses the culture of cheating, by telling students that they can't be trusted, and turning into yet another cheating challenge/task.
Schools with any integrity should be bending over backwards to find, nurture, and support students of integrity.
And to save those who only got admitted by being sketchy, but first semester is a chance to unlearn the bad lessons from before.
Not by treating them as criminals to be monitored, but by treating them like the respectable people they should aspire to be, and which the school expects and requires that they be.
And, for any hopelessly shitty students, who fail to honor this first semester extension of trust, the school should smack them to the curb. Lost tuition income, lost named buildings/chairs, and expensive lawsuits from helicopter parents, be damned.
I have an inside perspective on this via an academic integrity company.
A couple weeks ago there was an exam in an R1 institution that double booked the facility so one section did the exam in person on campus and the other did it "from home". The score distribution of the in person exam was a typical bell curve, and the distribution of the online exam looking like a power-law curve with over half the students scoring 100%.
Thankfully this outraged the professor, and through a variety of means (which I will not disclose publicly) over 25% of the students were caught red handed. Actions are being taken against them, though I'm not sure how far they will go. The evidence against them is overwhelmingly conclusive. In some cases the evidence led to more evidence of cheating in other courses. It seems clear that more that 25% cheated, but I guess catching some is better than none.
As someone who is keenly aware of this crisis, I feel tiny bursts of relief when I see these small wins, though it does feel a bit like bailing an ocean with a teacup.
Catching cheaters is easy. The problem is that incentives are not aligned. Students are also customers, and you can’t simply fire a quarter of your customers and stay in business.
I agree with the latter 100% (the biggest problem is incentives), however I don't agree catching cheaters is easy. It's an arms race, and reminds me of catching cheaters in video games.
Using every means available (multiple technologies and in-person proctored exams) cuts down cheating to probably ~2%... But online programs have serious integrity challenges.
It also doesn't help that our outrage-driven media overwhelmingly exposes us to cheaters.
Everyone's heard of Theranos, Enron, Martin Shkreli, and Bernie Madoff. This week, my 70+ year old aunt asked me about Charlie Javice and Frank. Yet, there are thousands of very successful people quietly building their castles who live and die in relative obscurity because their stories just aren't that thrilling.
If you spend a lot of time interacting with people in the latter category, or if you have them as your mentors, then you will be exposed to a model of what success through hard work and integrity looks like. If you don't, then it's very easy to think everyone successful is a cheater, and that cheating is the only way to break the ceiling into success.
It’s not about individual people - it’s just scale, paired with Goodhart's law.
No number in a spreadsheet will tell you who’s the genuine student. The moment you’re ranking like that you lost.
Long term human interaction in reduced groups is far better at creating genuine environments. But of course, that system doesn’t scale, and it’s a breeding ground for nepotism.
In this moral framework, would it be acceptable for the lecturer to take attendance orally, or is that also insulting?
The instructor clearly sets their expectations for attendance (whether it's mandatory, or otherwise), and then just expects everyone to follow that.
It is verification of attendance, specifically, that "endorses the culture of cheating... telling students they can't be trusted, and turning into yet another cheating challenge/task"? If not, what is fair game for verification, in the pursuit of finding students of integrity?
Finding students with integrity is hard now, because the culture is already full of poo.
But one starting point is to communicate that you expect and require integrity, explain what that means, and then expect it. Trying to make metrics or tests or whatever to detect, rate, rank, etc. it just turns it into a game, like the same load of poo.
Though here is one thing you can do. Explain that you expect integrity, and then watch the students raise their hands and ask how they will be tested on this. You say it's expected. Back and forth a few times, until eventually some of them start crying, and then their heads explode, because they can't figure out how to game that. Those students sadly were too far gone.
Then, after that first semester of integrity culture, some of the students who didn't explode will cheat, and they will be expelled with the fury of an angry god, and everyone on campus will know why. News stories will be written, word will spread, college guides will be updated. The next batch of applicants after that will have fewer cheaters than before, and will have disproportionately attracted students who aspire to integrity and who wouldn't have known to apply to this school before the news.
A school with an honor code that students and faculty take seriously wasn't that newsworthy decades ago, but it's news now.
> Explain that you expect integrity, and then watch the students raise their hands and ask how they will be tested on this. You say it's expected. Back and forth a few times, until eventually some of them start crying, and then their heads explode, because they can't figure out how to game that.
This assumes that the students are untrustworthy and the faculty/institution are ultimately trusted. In a world in which that is not true (such as the world that produces the article we're commenting on), and students sometimes encounter problems due to unclear expectations or vague criteria that are not the student's fault, it is not unreasonable for people to ask questions whose goal is to find out the actual non-vague criteria to avoid unpleasant surprises.
By way of one of many examples: many excellent classes encourage students to talk about assignments with each other, as long as the work they turn in is their own. Now consider what happens if a student accustomed to such a policy encounters a class taught with a different policy, where that policy has not been made clear in advance.
Honor codes and integrity are excellent things to enforce. Transparency and crystal-clear criteria are also excellent things to enforce. Not to allow gaming the system, but to ensure the system doesn't game anyone.
> This assumes that the students are untrustworthy and the faculty/institution are ultimately trusted.
True. This proposal requires expecting and requiring the faculty to have integrity.
And you really need the college/university as a whole to commit to this, not just isolated professors, partly so that there can be no confusion by students.
(Some battle-scarred faculty and grad students could tell speak of entire departments that need to be shut down completely, because the administration and faculty are too far gone. I think you could never do this with one of those departments. You'd only get posturing, and the same arrogant and underhanded behaviors as before, and students would briefly be a little confused, but quickly realize that the old sketchy game-playing is still fully on.)
> True. This proposal requires expecting and requiring the faculty to have integrity.
Not just integrity, but also consistency, objectivity, absence of caprice or bias...
[dead]
TL;DR: location API exists. Wifi-based location exists. American universities apparently use this to take "secure" attendance.
Good article, but you could also just use a VPN to trick it.
No, a VPN would only change the source IP of your request which the author specifically states isn't how this system works: the browser uses its host OS' Location Services to self report its location based on GPS or Wi-Fi AP locations.
That said, I hope the service doesn't implicitly trust data sent by untrusted clients like web browsers, otherwise someone could just use something like this to send it a false location: https://chromewebstore.google.com/detail/spoof-geolocation/i...
Even if the browser was super locked down you could trivially spoof a few SSIDs broadcast from the desired area in theory..
The SSID (name, like the article mentions) is different than the bSSID (mac address of the access point), so I don't think it would be that easy to spoof.
Minor but important correction: The BSSID is almost never the AP MAC address.
The BSSID is unique per SSID, per AP. The BSSID is usually derived (usually by incrementing the last octet) from the AP MAC address, however.
So an AP MAC might be 77:99:44:EE:C4:11.
It has a wireless network called "Bob's SSID". It will have a BSSID of something like 77:99:44:EE:C4:12.
Then, the AP may be broadcasting another called "Mary's SSID", and it will have a BSSID of something like 77:99:44:EE:C4:13.
Edit: More not-well-written info on BSSIDs: https://en.wikipedia.org/wiki/Service_set_(802.11_network)
Looks like the BSSID is derived from the AP serial number by some vendors. Never seen that myself.
I see, thanks. I've definitely seen instances where an AP is broadcasting multiple SSIDs with different BSSIDs. I suppose I just thought nothing of it... but that makes sense.
That would be a fun project. Capture some WiFi geolocation data and rebroadcast it later with an ESP32 that switches its BSSID/SSID/frequency/transmit power to match an existing fingerprint.
And then see if you can be magically transported somewhere else.
Already done: https://hackaday.com/2024/11/15/bypassing-airpods-hearing-ai...
Shouldn't be any harder than the name.
Do most consumer APs/routers allow you to just change the MAC address on the fly? I don't think the ones I've owned have ever allowed that. But that would certainly be interesting to try (if you were somewhere without any other address interference that would tip it off)
Pretty sure the laptop I had from like 2012 until 2018 could do that. Haven't tried anymore since (haven't played around with deauths) but I thought this was common functionality
Consumer router firmware UIs, typically owned by ISPs, I'd not expect that yeah. Some don't even let you pick a WiFi band anymore and require other changes to be submitted through an ISP portal on the web somewhere (thinking of Belgium here, not sure which ISP it was)
Some will let you change it but it's almost always static since changing AP MAC Address will cause network disruptions for all connected clients.
Sure, some hacker somewhere will screw with these databases by rotating their AP MAC Address regularly but 99.9% are not going to touch it and 99.9% is good enough for location databases.
Ohh. Yeah I suppose that's what I meant. I thought a VPN also spoofed the location
A device can triangulate its own location locally, given the WiFi hotspots around it, and transmit that information via a JavaScript API. A VPN won't flummox this mechanism.
> A device can triangulate its own location
Trilaterate (or multilaterate). Angulation uses angle, like a directional antenna, constructive/destructive interference for beamforming (this is how airplane landing systems work if I'm understanding it correctly), or optics like our two eyes, to find the angles to a target from known positions in order to determine its position in space
Trilateration is based on distances from known locations, determined either by signal delay (GNSS does that; newer cell towers also but call it "timing advance") or signal strength (used with both WiFis and cell towers)
> locally, given the WiFi hotspots
You'll also need a local database with the hotspots' positions (usually those aren't actually measured but estimated from observations at different locations). I'm not aware of a device that ships with this, nor popular software that uses it as its primary method, as such databases are many gigabytes. Thus this is typically not local; you're sharing your data (thus location) with the server which then kindly tells you where it thinks you are
Some simple Tampermonkey patching would though.