> We’ve normalised the idea that Bluetooth is always on. Phones, laptops, smartwatches, headphones, cars, and even medical devices constantly broadcast their presence. The standard response to privacy concerns is usually “nothing to hide, nothing to fear.”
I guess anything you send out can be used to profile you.
Some of my friends live on a farm near a semi busy road, however far enough from other farms to not be able to receive their wifi. They showed me their router logging all the wifi accesspoints that appear/disappear. There where A LOT of access points named "Audi", "BMW", "Tesla" etc. similar to those devices leaking bluetooth data. We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.
I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
You can do this for much cheaper - all four of your tires are broadcasting a unique ID to report tire pressure, the radio to pick it up is cheap (because cars), and TPMS has no facility to randomize or otherwise secure this.
It’s actually even easier, your car has a plate on the front with a unique ID that a camera scans, often to automatically track your park time for ticketing.
I can’t really care about obscure Bluetooth tracking when every business has CCTV doing facial recognition.
and similar things have happened about once a year ever since. Now in the news article I linked to a huge part of the problem was that the police didn't follow it up correctly, went to where the accident had been reported rather than where it had occurred, didn't see anything, and then gave up.
But if the car had rung from where it had actually crashed then the incident would have EISEC[1] data tagged to it, which would have given them actual co-ordinates to hit.
The plate is pretty trivial to fake though. For one thing you can just remove it, but it's trivial to alter with just spray paint. Or using an outdated plate, or someone else's plate, etc. it's identifying sort of how an phone number is supposed to be identifying: nominal, but not secure and trivially abused for fraud
It's trivial if you're concealing your conceal your identity when committing a crime, but a huge pain in the ass and a crime itself if you just want to protect yourself from creeps tracking you.
Sure it is, but people can't realistically think to randomize their plate numbers to avoid tracking... IANAL but is it probably a criminal offense to do so.
In Europe and the US all new vehicles now have a visible ID under their front window glass, it’s called a VIN. It’s even standardized where it must be.
I'm pretty sure it should be possible if one really wants to do it. Think of a high-power IR flash and a high-res camera synchronized with the flash, with fixed focus on where the VIN would be passing. If the flash pulse is short but strong enough, it should be possible to read the VIN. Maybe some polarizing filters to remove glass reflections are needed.
Only reason I know is because I wondered if I could walk to the booth and press the button for a new parking ticket and pay for 5 minutes instead of 4 hours..
A camera has quite a few failure modes (bad lighting, fog, dirty lens, obscured by plant growth, privacy laws, etc.) which a TPMS receiver & directional antenna don't.
Even easier, electromagnetic radiation can be used to detect the presence and exact location and movements of not just automobiles, but also people! Many people have detectors for these things that can literally see through transparent material that makes up large sections of the walls of many houses and apartments.
Not all cars have active TPMS. my Volvo xc90 had them but in later models they switched back to passive ones. So it is not even a given for higher end models.
That's not as far as BLE or TPMS can work at, but it's not exactly like the NFC arrangement in a credit card, either. 5 meters is enough for a motivated attacker to do some undetected bulk data collection.
I believe that every morning someone in the tech industry wakes up and devises a new place to cram some sort of radio. And it's appealing enough the the unwashed masses such that it becomes widely adopted and then unavoidable. I don't want TPMS in my tires. It's not as if checking tire pressure is difficult. No one will consider moving away from TPMS. You'll only hear technologists say "yes, but we could improve the standard! Perhaps encrypt it." They only know how to solve technological problems with more technology.
>There where A LOT of access points named "Audi", "BMW", "Tesla" etc.
That's one of the funniest things about wardriving with Wigle on your phone. I can often see the SSID of "Jennifer's Equinox", "Jacks Suburban" right after I get cut off by someone in said vehicle. The vast majority of car bluetooth/wifi I see tends to have varying amounts of identifying information. It's almost as bad as the fact that apple still defaults to Jacks iPhone/iPad etc with no option to rename the device until you've finished setting it up.
Companies are not out to protect us with default settings and the majority of users need to wake up to this fact.
This might just be me being uninformed as someone who doesn't drive but how are you seeing what wifi networks are available so quickly right after being cut off? My very naive instinct is that looking at your phone or opening up a menu with the available wifi networks on your car's display seems like it would require a noticeable decrease in attention to the road, so I'd almost expect an uptick in being cut off from other people who are annoyed with your driving.
Small town, phone is on a dash mounted holder. Sometimes I leave Wigle up just to eye every now and then to see how much crap I'm picking up while war driving.
I am not without sin when it comes to driving a car.
Don't worry about Tesla's being tracked. Via Bluetooth this has existed for at least 7 years [1] (was mentioned on HN as well). Tesla know (also for 7 years), Musk doesn't care 'since license plates can also be tracked'.
I used it in train stations, and get hits when passing highways via train or bus. Esp. fun if you stand still due to traffic lights or traffic jam, since you can try to get a visual.
The only lesson to be learned here is that it allowed one to learn in 2019 Musk is overrated. But you can also learn that lesson from the book The PayPal Wars which predates this by 15 years.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
I explicitly said I was being annoying for no valid reason. If you want to justify something here, you should probably justify that you weren't annoying for no valid reason.
Does your dictionary say that "not allowed" is specific to parents and children?
I consider businesses who do this to track customers naughty, and I find their behaviour childish (scriptkiddie level). Therefore, 'not allowed' is exactly the phrasing I like to use in this context, and readers are expected to understand this refers to legal status.
You should also consider not everyone on HN is a native speaker, and consider to focus on the content of posts instead of minor tangents.
It’s done in Europe’s second busiest airport, Amsterdam Schiphol. I saw the advisory signs (so they can pretend that you gave informed consent by walking out of the jetbrige) up just last week.
There's an Android app that can find devices, make profiles, and you can track location for as long as they're connected. So you can profile passerbys and even get notified when the profile passes through again. I forgot what is was called
Years ago when BT beacons were newish, I was talking to an AdTechBro that wanted to create the ability from Minority Report where the kiosk recognizes a user, not by eye scans but by recognizing mobile device, so they could offer a personalized whatever. The creepiness wasn't something they eased into. It was pretty much instant.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at
In the EU this is forbidden unless they explicitly ask your permission. They can still gather aggregate stats but they cannot build a profile on you.
I find it curious that the EU, despite it having such a complex parliamentary structure, is able to consistently enact such laws that are good for ordinary people. Are the two connected, I wonder...
That's the outcome of cherry picking the good things and ignoring the bad, not their decision making structure. Try asking critics of the EU what they don't like (a quick search on here will provide plenty of examples) and you'll see laws that are not good for ordinary people. Repeat with any jurisdiction, making sure to choose the opposite of your preconception (e.g. ask proponents of the USA's system what they like about it) and you'll get a better, less biased and more challenging view.
True but I wouldn't put it past them tbh. It's very easy to hide or claim a 'misconfiguration'.
Even the airports here track everyone. They say it's for public safety but I'm sure they use it for market analysis for their expensive sandwich shops too.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
Yes, I remember Cisco had a product like this all the way back in 2011. They could pinpoint a customer to an exact position inside a store using triangulation, they would know which shelf you spent time in front of etc. In the 15 years since then, I expect the technology is much scarier and intrusive.
The only step missing from their description is having the app- or company- specific app installed. For Apple, that is the Apple Store app which everyone has. If you have BT enabled, it can detect the iBeacon and Apple Store can send that back for tracking.
> We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.
You could also read the numberplate directly with OpenALPR. It can be finicky to set up a camera to do this reliably in all conditions (particularly at night and high speed) but once done you could detect any car passing, not just ones with wifi access points.
When the law requires us to have numberplates, I think this just has to be considered public information for anyone who is nearby or can leave a camera nearby. It's not ideal to leak it in additional forms that might be easier for people to grab (say, with an ESP32), but it's a matter of degree rather than of kind.
But yeah, I'm with you on some of these others, particularly the medical devices. That's not great.
There's a difference between public and Public. I go outside with my face visible and I don't mind if my neighbors see me. I do mind if my neighbors stand outside my door with a notepad sketching faces every time they see me or anyone else, especially if they're selling the data. Systematic tracking that isn't subject to the constraints of human memory and apathy fundamentally changes the equation.
> Systematic tracking that isn't subject to the constraints of human memory and apathy fundamentally changes the equation.
I definitely don't approve of mass collection across many cameras, accessible to who-knows-who with minimal if any privacy controls (Flock). But it wouldn't surprise or bother me if my next-door neighbor had ALPR enabled, as long as it's not part of that cloud. YMMV.
Full disclosure: I develop an open source home/hobbyist-oriented NVR, although it doesn't have an ALPR feature or any other analytics today.
I have the opposite experience: GrapheneOS has an option to automatically turn your bluetooth off after a configurable period of not being used. So when I need to use bluetooth, I turn it on like normal. Then, without thinking about it, it automatically turns off. The end result is my bluetooth is only ever on for a couple hours each month when I'm making phone calls.
I used to fervently keep my bluetooth off on iOS, and I learned that if you turn it off via the Control Center, then it automatically gets turned back on the next day. But if you turn it off via Settings, then it only gets turned back on when the system software updates. (I stopped doing this a couple iOS versions ago, though, so it may have changed since then.)
Bluetooth (and wifi) aren't turned off at all through the Control Center - they changed the wording to say "disconnected", meaning that your phone only disconnects from known devices. But both are still turned on for other purposes such as CarPlay, Handoff, and Location Services (via wifi). For the purposes of this discussion, they are potentially still transmitting a known identifier.
Apple reconnects to known devices and networks at 5am:
With iOS the easiest way to make sure it off and stays off is to build a shortcut to cut off wifi/bluetooth. Otherwise it's typically off until you get geolocated as being back home/work and wifi comes back on.
I have a "store mode" button that just kills wifi/bt that I hit before I go into any store.
Peace of mind that I'm not being tracked around the store by wifi/bt, and/or having my device fingerprinted for further identification on future visits.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall
They do but most phones rotate the mac adress these days. So while they can still track you through the store (sadly) they don't have the ability to track your recurring visits.
I wish phones had the option to constantly spam broadcasts with random MAC ids. That would make the practice useless.
>I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
hmm, I wonder if there is anything about using this to combat shoplifting...
short google later, seems there is, but mostly everything I'm finding is just brochures and breathless corporate announcements.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is.
I worked for a company about 18 years ago where we did just this. We also sold the technology to car dealerships who were very interested in our silent salesman stuff where you could tie interactions with your web campaign directly to the person walking past the dealership and preload the salesman with all their details.
Sure, stores use WiFi access points and BT to track MAC addresses and BT device IDs. Google does something similar with location and it provides in real time how busy a location is which I find super convenient. It’s a shame that shaping data into useful information also means it can weaponized.
> even medical devices constantly broadcast their presence
I mean yes, said medical devices are a whole lot less useful to me if they are not transmitting data. For some of this stuff you can't have your cake and eat it too.
I was wardriving my neighborhood and realized my elderly neighbor's CPAP machine is broadcasting some type of BT signal 24/7. I imagine it's transmitting some important stats, but it did make me have a 2nd thought about medical devices being IoT or BT enabled.
Please don’t conflate these two. I have lots of BLE wearables and other sensors. They only send data to my own computer which I control, unlike IoT devices which by definition send to a third party on the Internet. To me it is far more important to protect against strangers on the Internet versus someone wardriving the neighborhood.
On a related note, did you know that EU has a Radio Equipment Directive (RED 2014/53/EU) that came into effect in 2025. It all but guarantees that such Bluetooth communication will be encrypted.
> I have lots of BLE wearables and other sensors. They only send data to my own computer which I control
That's perhaps technically correct, but a naive interpretation of the risk. I don't need to see the data your BLE devices are sending you, all I need is traffic analysis and meta data from the signals they are broadcasting - and they broadcast that to anyone within detection range which includes attackers with much higher gain antennas than you who can likely pick up those broadcasts at ten times the distance any of your devices will communicate at.
"Flying helicopters low and slow over the Tucson desert in Arizona, the FBI has been using "signal sniffers" to try to locate Nancy Guthrie's pacemaker.
As the search for the 84-year-old mother of US Today show anchor Savannah Guthrie entered its third week, investigators took to the sky with advanced bluetooth technology.
They were hoping to pick up signals emitted from the device implanted in Ms Guthrie's chest to help trace her whereabouts, US media outlets NewsNation and Fox News reported."
It’s not naïve. It’s called having a reasonable threat model. I worry a lot more about random people on the Internet than random people who can get physically close to me. And if you do get physically close, you will find thousands of Bluetooth devices, just by virtue of living in a dense city.
Yeah I always keep my cpap on airplane mode. It even had 5G. The therapist complains they can't monitor it but I have to come in with the machine and SD card every few months so they can check it then. They don't need 24/7 access.
What bothers me more is that my sex toys broadcast on Bluetooth even when I'm using them through WiFi. It even says the brand in the device name.
Not that I give a fuck what the neighbours think but it's just none of their business. And some toys are for discreet outdoor use too. Though that's not my thing.
In the past I renamed one of my phones to "Lovense Hush" to troll, though I've never seen anyone looking suspiciously. I guess most people aren't creeps like me who check stuff like that :)
There’s a middle ground here. There is no technical reason a pacemaker constantly broadcasts itself - there is ways to allow communication to such devices without yelling your name all the time. And there is definitely no reason for such a name to be a unique identifier.
That middle ground has been eroded by cost-cutting.
Example: my mother had a cardic resynchronization device, and it had some kind of NFC type thing to enable the full wireless comms mode: wave a wand over her shoulder and the device's radio wakes up for a set time to send data or receive adjustments. So it wasn't always transmitting, but it did require the doctor's office or hospital to have that NFC wand to initiate any kind of data aquisition or reconfiguration. If it has an always-on BLE radio, the provider would just needs the phone/tablet/laptop with appropriate software that is already required.
Since any device like is already going to have a radio equivalent to a BLE radio, then removing the NFC parts from the device (and especially from the provider side) is some amount of cost savings. I think most patients would disagree that this privacy trade-off is NOT worth it, but you have remember that the patients aren't usually the actual customers in the US health care system. (And most manufacturers are going to have the US market as a target at least somewhat.) The most common actual customer is actually the insurance companies, and they'll take every single fraction of a penny, along with "an arm and a leg".
Let's suppose we have a pacemaker, and it has data that is beneficial to read -- maybe even in real-time on their pocket computer, or opportunistically as the patient walks by their reader-device, or however that is done.
So we want this data, and we want it over RF. It probably seems obvious that it should only transmit when it is told to do so, right?
So how do we tell the pacemaker to transmit? On its face, that problem seems solved by integrating a receiver that sits and waits for a valid instruction.
Except: That receiver takes power to run. And since changing batteries inside of a person is problematic, we want them to last as long as they can while still performing the desired task.
Now we get to the not-obvious part: In terms of power, it's often less costly to intermittently transmit a string of data than to continuously operate a radio receiver. And maybe it's a bad idea to have an implanted pacemaker that has an open receiver for anything nearby to try to fuck with, anyway.
But a transmit-only radio? Good luck hacking that.
So... we do intermittent transmission, and this works for pacemakers. It also works for the cheap Zigbee thermometer I have (wherein I don't normally request the temperature; it just delivers it periodically, and it runs for years and years on a coin cell).
(Now: Should that pacemaker data be encrypted? Yes, of course. And so should the ID. In fact, the whole transmission should be indistinguishable from background noise by unrelated devices. In this way, authorized devices can then use pre-shared keys to receive and decode these messages and others receive nothing. That kind of cuts BLE and thus also the pocket computer out of the monitoring mix, but tradeoffs are tradeoffs.)
> The fair comparison would be intermittently transmitting a string of data versus intermittently operating a radio receiver, wouldn't it?
Good point. I don't know that this would actually work with BLE, as implemented on our pocket supercomputers (which I presume to be a useful part of the support system of a modern pacemaker).
But if we change the requirements to "Some kind of maybe not-even-invented-yet RF thing, maybe with a rechargeable translator device that a person keeps in their pocket to convert to BLE when that's useful" then: Sure. Intermittent receive could be used instead.
Whether that's more efficient or not is an interesting problem.
Transmitters tend to use more instantaneous power (ie, Watts) than receivers do, but a transmission can be very, very short. It doesn't care whether anything is listening or not. Transmitter wakes up, blurts out what it has to say, and goes back to sleep.
If a chunk of BLE data of this size takes 1ms of transmit time (it might), and it happens every 60 seconds (it might), then that's transmitting for 1.44 seconds per day.
So total consumed power over time (ie, Joules per day, or whatever) can be very low. That's part of how we got here -- BLE is built around this concept, and it all converges to make this easy to accomplish.
Meanwhile: An intermittent receiver tends to use less instantaneous power, but it usually needs to operate for a longer period. It wakes up and actively listens for instructions for a period of time. If none are received, then it goes back to sleep. Synchronizing free-running clocks is hard (and disciplining them is expensive, power-wise, compared to a sleep state), so maybe that receive window is 50ms every minute. Worst-case: The receiver operates for 72 seconds per day.
Even if receiving uses just 1/10th the instantaneous power as transmitting does (this is probably in the right ballpark), then the intermittent receiver still uses a ton more power over time -- especially if there are no transmissions to receive. (The receive window obviously closes if/when a transmission is received, so having something to hear can improve this some.)
But the end goal isn't just to wake the pacemaker up by pinging it. The end goal is for it to transmit data. So we still get to wake up the transmitter and have it do that.
Now, these are all made up numbers -- I think they're somewhere near reality, but maybe not. But it seems like kind of a double-whammy, to me, compared to intermittent transmit. :)
Because these BLE devices are so cheap that they don’t have storage. And BLE transmission is already very power efficient: the power consumption of BLE is probably the same order of magnitude as powering flash storage.
What's more insidious than just tracking people through the store is that the beacons can collect the bluetooth IDs of the devices they've seen and send it off to advertisers, who can use the UUID to connect a person's offline shopping with the online advertising profile they've built up for the person.
I guess anything you send out can be used to profile you.
Some of my friends live on a farm near a semi busy road, however far enough from other farms to not be able to receive their wifi. They showed me their router logging all the wifi accesspoints that appear/disappear. There where A LOT of access points named "Audi", "BMW", "Tesla" etc. similar to those devices leaking bluetooth data. We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.
I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.