When you connect to the Internet, you are given an IP address.

IP addresses, to some degree, can be traced to locations. It’s kind of like how you can roughly tell where a car is from just based on the design of the license plate, even if the actual number on it doesn’t tell you anything. In a somewhat similar way, the first several digits of your I.P. address can tell certain in-the-know parties a lot about where you must be physically located.

Lots of people have devices with applications that have permission to see the user’s network information. This includes your I.P. address and the SSID of the Wi-Fi network you’re connected to. Those same applications may phone that data home to the parent entity who keeps a log of that information, e.g. “NSA Surveillence Van #69420 has IP address xx.xx.xx.xx”.

Now, if another user with a mobile device that’s also scraping network data to that entity sees the Wi-Fi network named “NSA Surveillence Van #69420”, that entity can infer that that device must be somewhere within Wi-Fi range of that I.P address it has on record. And since I.P. addresses can be traced to physical locations, that can thus be used to get the physical location of that device, to some degree of accuracy.

Throw in some triangulation based on relative signal strengths to all of those nearby Wi-Fi networks and you can get a surprisingly clear picture of where a device is located based only on the Wi-Fi networks it can see nearby.

This is essentially the same technique that phone companies can use to geolocate your phone using only mobile data. Just replace “Wi-Fi network” with “cell phone tower”.