I guess anything you send out can be used to profile you.
Some of my friends live on a farm near a semi busy road, however far enough from other farms to not be able to receive their wifi. They showed me their router logging all the wifi accesspoints that appear/disappear. There where A LOT of access points named "Audi", "BMW", "Tesla" etc. similar to those devices leaking bluetooth data. We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.
I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
I can’t really care about obscure Bluetooth tracking when every business has CCTV doing facial recognition.
That's one of the funniest things about wardriving with Wigle on your phone. I can often see the SSID of "Jennifer's Equinox", "Jacks Suburban" right after I get cut off by someone in said vehicle. The vast majority of car bluetooth/wifi I see tends to have varying amounts of identifying information. It's almost as bad as the fact that apple still defaults to Jacks iPhone/iPad etc with no option to rename the device until you've finished setting it up.
Companies are not out to protect us with default settings and the majority of users need to wake up to this fact.
It can be done, relatively easily.
I used it in train stations, and get hits when passing highways via train or bus. Esp. fun if you stand still due to traffic lights or traffic jam, since you can try to get a visual.
The only lesson to be learned here is that it allowed one to learn in 2019 Musk is overrated. But you can also learn that lesson from the book The PayPal Wars which predates this by 15 years.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
Not allowed in EU.
This phrasing needs to die.
Not allowed is something your parents imposed on you when you were a child.
You’re not allowed to have an ice cream, or you’re not allowed to hang out with that boy.
Laws don’t not allow anything, they only sometimes impose penalties if you’re caught breaking them.
https://media.licdn.com/dms/image/v2/D4D12AQHCyctOFz_EJg/art...
I'm surprised, I know for a fact that some stores definitely have the ability to do that on their hardware.
In the EU this is forbidden unless they explicitly ask your permission. They can still gather aggregate stats but they cannot build a profile on you.
Even the airports here track everyone. They say it's for public safety but I'm sure they use it for market analysis for their expensive sandwich shops too.
Yes, I remember Cisco had a product like this all the way back in 2011. They could pinpoint a customer to an exact position inside a store using triangulation, they would know which shelf you spent time in front of etc. In the 15 years since then, I expect the technology is much scarier and intrusive.
Ever been in an Apple store? Look up. In the dark voids between the edge-to-edge backlit ceiling. There are secrets there. Watching you.
Edit: iOS
I have a "store mode" button that just kills wifi/bt that I hit before I go into any store.
You could also read the numberplate directly with OpenALPR. It can be finicky to set up a camera to do this reliably in all conditions (particularly at night and high speed) but once done you could detect any car passing, not just ones with wifi access points.
When the law requires us to have numberplates, I think this just has to be considered public information for anyone who is nearby or can leave a camera nearby. It's not ideal to leak it in additional forms that might be easier for people to grab (say, with an ESP32), but it's a matter of degree rather than of kind.
But yeah, I'm with you on some of these others, particularly the medical devices. That's not great.
They do but most phones rotate the mac adress these days. So while they can still track you through the store (sadly) they don't have the ability to track your recurring visits.
I wish phones had the option to constantly spam broadcasts with random MAC ids. That would make the practice useless.
There is also a Bluetooth shutoff app on F-Droid.
https://f-droid.org/en/packages/com.mystro256.autooffbluetoo...
I have also put an Airtag clone in my car (Loshall in iOS mode). That is probably leaking my arrival times. My water meter is also now bluetooth.
hmm, I wonder if there is anything about using this to combat shoplifting... short google later, seems there is, but mostly everything I'm finding is just brochures and breathless corporate announcements.
found this uni project https://capstone.cse.msu.edu/2020-01/projects/meijer/
What's more insidious than just tracking people through the store is that the beacons can collect the bluetooth IDs of the devices they've seen and send it off to advertisers, who can use the UUID to connect a person's offline shopping with the online advertising profile they've built up for the person.
Many places do this. The department stores in the mall, target, even grocery stores do it.
I worked for a company about 18 years ago where we did just this. We also sold the technology to car dealerships who were very interested in our silent salesman stuff where you could tie interactions with your web campaign directly to the person walking past the dealership and preload the salesman with all their details.
Grubby stuff nearly two decades ago.
I mean yes, said medical devices are a whole lot less useful to me if they are not transmitting data. For some of this stuff you can't have your cake and eat it too.
> "But here’s the thing: even if you have nothing to hide, you’re still giving away information you probably don’t intend to."
Whenever I see talk like this, I always like to post this quote that not only still rings true, but rings even louder today.
> "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
~ Cardinal Richelieu (Cardinal and former Secretary of State for Foreign Affairs of France)
That was before everyone had their "John's IPhone" or "Samsung A55" boring names everywhere and some of us cared to personalise our device's name.
Anyone else played this game?
2006, sat in a job interview. Interviewer says he'll Bluetooth over a file to me - what's by phone's name?
2006, the year that Tool's 10,000 Days had been released, which I was enjoying and, being a bit of an Edge Lord, I'd named my device after a lyric from Vicarious - which, IIRC fit perfectly into the name space and made me very happy:
> ILikeToWatchThingsDie
Excellent. Still got the job though!
"[Agency-acronym] Surveillance Van #43/44/etc.."
It was interesting to see what people named stuff as even back then I figured you could use that metadata for tracking devices...but even more interesting was looking at the Mac address to see the manufacturer and try and find some rare or cool device.
Features automatic notifications if no movement detected for more than two days.
(I actually do plan to install this at my front door, but aimed mainly to detect when a deliver/parcel in on my doorstep, and I don't (yet?) plan on sniffing bluetooth/wifi with it)
Bluetooth already has a well developed MAC randomization scheme.
Lookup "resolvable private address". The short of it is, your phone can find your headphones or vice-versa, despite one or both having random addresses. The addresses can be regenerated or rotate at an interval (say 15 minutes). The first part of the address is a nonce (pRand), and the rest of the address is a 24-bit hash of pRand with an identity resolving key (IRK). So the other party just listens passively for addresses, and sees if any of them happen to have the right hash.
I don't think this is as airtight as people think it is. Certainly, if you are following somebody and one address disappears right as another appears (rotation), it's quite easy to infer the new/old addresses belong to one device. I tried briefly to convince the Android developers to synchronize that rotation globally.
You can also probably infer that if you see a pair of random MACs arrive, and they have a certain pattern of timing and payload size, you can say with some certainty that they are particular devices, say an iPhone and an Apple Watch. But that requires sophisticated equipment since most Bluetooth LE communication is over a non-cryptographic frequency hopping arrangement.
Lastly, radio fingerprinting is widely known in academia, but requires special equipment.
Is that just for the connection phase? Or does it then start publicly broadcasting a persistent MAC onced it's connected, so if you earbuds or watch are connected and communicating with your phoine, would a sniffer see a persisten MAC address or the session randomised one?
That's a problam (one of many problems) with WiFi MAC address randomisation - you can sniff the network names a phone is trying to connect to, then stand up a wifi access point with one of those names and the phone will reveal its real MAC address when it connects. I experimented a long time back with having a raspi that broadcast itself as a McDonalds free wifi access point, a huge number of phones would try to connect while I was out in public with it.
Anyway, the default dashboard also automatically generated a view when my neighbours "Katie's iPhone' was at home and when not, until I actively deleted it and the data it stored.
https://www.reddit.com/r/homeassistant/comments/1306pcw/home...
For me, it's worth the extra trouble because I noticed a significant reduction in battery life on my mobile devices. The reduction coincided with the rollout of Apple's "Find My" service, which was followed by Google's "Find Hub" service. (I have devices in both ecosystems.)
I wish there was a separate way to opt out of the "Find" services, but AFAIK, even if you opt out, your device may still relay traffic from other nearby devices. So it seems that the only way to preserve device battery life is to just shut off the BT.
i've been doing that since the inception of BT being available on my devices. I'm just surprised at so many people's cavalier attitude to security and privacy. And then later, it is too late to reverse course.
head explodes
do these people writing these blog posts not recognize just how super bad their blog posts look with this slop?
Even wilder would be to buy data on you in real time and display that.
he was getting 100mbit class speeds routinely. Also patches of nothing, but it was interesting. That was over 5 years ago.
Each person would get a unique fingerprint of named network locations
If Bluetooth is used, it may be a way to get a count of passengers or if the passengers change. I know based on newspaper accounts that they are particularly interested in cars that stop in Philly or Baltimore.
This stuff is frequently used against cops too so they may use the tech in similar ways. If you’re someone worried about getting raided, spotting a large number of new signals at the front door is an early warning potentially.
What a world to be alive..
[0] https://actu.epfl.ch/news/using-bluetooth-to-track-crowds-at...
> Bluetooth mesh networks—no internet required, no servers, no phone numbers
LLM slop. Both the article and the Python script
Has anyone done this or can give me ideas where to start?
Like a marathon mass-start with 10,000 sometimes 20,000 or more people
How does bluetooth handle that? Or it doesn't?
The amount of data needed to send audio to your ear-buds is quite small compared to the spectrum available, so only needs tiny slices of spectrum and for relatively tiny slices of time. And also relatively tiny amounts of power since it's only going max 100 feet, hence a pretty small chunk of space.
If all those 10K-30K devices are constantly jumping around the frequency band to transmit tiny payloads a tiny distance, then a whole metric fuck-ton of them can interoperate in what seems to us to be very tight quarters. But to those specialzied radios it probably seems like a fairly wide open field.
Is there a simple CLI interface that can be redirected or pipelined into other tools ?
> Bluehood isn’t a hacking tool. It’s an educational demonstration of what’s possible with commodity hardware and a bit of patience.
> This isn’t about paranoia. It’s about understanding the trade-offs we make when we leave wireless radios enabled on our devices.
This LLM spam needs to end. Tons of people on HN got tired of this, and it often shows in the comments. Let's maybe start adding [LLM] to the titles of AI generated submissions?
Part of the testing involves using the 'nRF Connect' app, which lists all nearby Bluetooth devices, plots signal strengths, and allows for some rudimentary communication. It doesn't seem to be Nordic-specific.
I'd frequently leave the app open scanning during development late in the evening, and rarely, an unidentified Bluetooth LE device would pop up for a few minutes then disappear.
Turns out it was my dad's pacemaker, which sends telemetry via Bluetooth to a 4G gateway they gave him (this only happens after he lies down with little movement apparently).
This prompted me to look into pacemakers and deactivation after death of course. I wish I hadn't, it turns out they leave it in the corpse unless it's scheduled for cremation.
Because of the aforementioned research, and the open field tests I was performing, it somehow devolved into me having a nightmare where I was RF testing at a graveyard, and the app suddenly displaying a bunch of pacemakers underground.
...I really hope this isn't possible - The signal through 6ft of dirt and concrete would be marginal but still detectable.
Also super random question but would you happen to have any idea/advice on how to get a Raytac MDBT50Q-CX Nordic nRF52840 Dongle (https://www.amazon.com/gp/product/B0DP6MVDZQ) flashed with ButteRFly (https://github.com/whad-team/butterfly)?
I got it flashed through nrfutil with sniffer and sweyntooth, but butterfly has not been working no matter what I try and do…
Thanks for even taking the time to read this :)
Good luck though!
