I think "hiding" the SSID is a particularly stupid advise. The access point will still send the beacon frames, just with an empty SSID, so the network will show up as "hidden network", or similar, drawing more attention. In the end, it doesn't even matter because those that know how to crack a network with a weak password will also know how to recover the SSID from the clients, which is trivial.

Even worse, since the clients can't see the presence of the known network, the only way they have to connect is to continuously probe for the network (this is what reveals the SSID). Besides draining the battery faster, it's a massive privacy concern: imagine walking around with a megaphone announcing all the places you recently have been.

For SSID's the one thing I would recommend is appending "_nomap" onto the name to opt-out of location service databases from Google, Microsoft and Apple.

„_nomap“ at the end of the SSID seems to only work for Apple and Google, Microsoft requires „optout“ to be present anywhere in the name [1].

So, the recommended opt-out change would be „SSID_optout_nomap“.

[1] https://superuser.com/a/1202168

If you have OpenWrt, or other firmware that gives you root access, you can randomize the BSSID, which is actually what they collect.

how do you know this will work at all?

No other way than taking their word for it [1]

> In late March 2024, Apple quietly updated its website to note that anyone can opt out of having the location of their wireless access points collected and shared by Apple — by appending “_nomap” to the end of the Wi-Fi access point’s name (SSID). Adding “_nomap” to your Wi-Fi network name also blocks Google from indexing its location.

> Asked about the changes, Apple said they have respected the “_nomap” flag on SSIDs for some time, but that this was only called out in a support article earlier this year.

[1] https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-do...

Anyone know of a good list of consumer routers to avoid, regarding lax software/firmware updates past the 12-month warranty (which is sometimes it's artificial EoL)?

The reason I run a router based on open-source, is I know it's going to get updates for years. Previously I've encountered a number of vendors that either only provide updates for their flagship models, hide behind the latest revisions of their hardware getting updates, or they just ship the occasional major update when a CVE hits the news (ie too late to provide protection).

Active firmware updates, specially if we are talking about home routers. If the firmware can be changed to some actively maintained distribution that cares about security, like OpenWRT, the better.

Do change the default name of the SSID, but avoid choosing a new one that sounds cool, fun, or original.

Take a look at the rest of networks on your area and choose an SSID name as similar as possible to the rest. Better keep a low profile than drawing unnecessary attention on yourself.