Hiding not used known wifi networks in sys-net

Is there any way to hide wifi networks of my neighbors in sys-net?

What do you mean by “hide” your neighbour’s wifi networks?

Do you mean:

  • Not have them show up in the list in nmapplet?
  • Blacklist your neighbour’s SSIDs to prevent Qubes OS from communicating with them
  • Something else…?

Just thinking about first option, but if the second is also possible it will be great.

I don’t see how that would be possible without a complete recompile of nmapplet. That’s a lot of work for something that’s purely aesthetic, but you’re more than welcome to do it if you really want to. Bear in mind that you’d essentially be altering the code to reference a “whitelist”, and not list any options that are not in that whitelist.

I also don’t really fully understand why you’d actually want to do this in the first place. There isn’t really any significant benefit in doing so, other than having an empty list of nearby wifi networks show up in the menu when you’re somewhere you’ve never been before…

Having wifi networks “not show up” in the menu doesn’t mean that your machine still doesn’t shout at the top of it’s lungs ”Hi everyone! My name is XXXXXXX! Lovely to meet you all! Any DHCP servers or access points nearby!?!?!?!”….

(And yes, that shouting can be heard by anyone within range of the radio waves of your machine, and there’s nothing you can do about this, because that’s just how wireless communications works :wink:)

Please feel free to correct me on this. If there’s a use case I’ve missed, please tell me :slight_smile:

Even if your neighbours were to name their SSIDs identically to yours (in the hopes that your machine would connect to their access point “by mistake”, and inadvertently handing over the key/password to your real SSID), it would be difficult to hide networks purely based on SSID, and you’d need to do “some other verification” as well (MAC address whitelisting, pre-shared certificates, etc.)

Does it really bug you that much to see other people’s SSIDs?

If it does, then by all means, go for it. Your machine, your rules :slight_smile:

However, in terms of “security”, it won’t really do much…. :sweat_smile:


As for the blacklisiting, that already happens by default unless you actually successfully connect to their wifi network…

There are several privacy-friendly tricks one can use. From the top of my head:

  • spoof hostname (let’s say as I do - I’m having an implementation so my sys-net gets named like a random Windows laptop) or don’t send hostname at all
  • make your sys-net disposable as I have so on the next boot there are no traces of networks one has been connected to
  • spoof MAC address
  • any more ideas?

We are missing the goal here. What is to be achieved by hiding networks.

1 Like

I just thinking about it since there is such option on Windows. It mostly have cosmetic meaning I think, and maybe help to minimize human error (but yeah all of them are encrypted so rather no possibility to log in by mistake).

1 Like

@Szewcu, yeah, I have a feeling that it’s cosmetic. I’m guessing that your wifi card would still be emitting the same “Hi everyone!” signals that any wifi antennas nearby would be able to hear, including your neighbours’ wifi.

Interesting feature, though…

It would mean that the OS would have to have a pre-established blacklist or whitelist of SSIDs.

I do know that the latest version of nmapplet in the latest Qubes OS ISO Fedora sys-net does have a sub-menu called “Available Networks” where SSIDs that you’ve never connected to before will be listed (which would include your neighbours’ wifi networks, and wouldn’t really do anything if your sys-net was disposable :stuck_out_tongue_winking_eye:), but that seems to be the best “stock” option that’s on offer for now.

@enmus is right.