58 comments

[ 1.9 ms ] story [ 63.6 ms ] thread
Tangential, sort of: in the early days of mobile phones for the masses, when there was no WiFi/3G in the underground, I will often enable Bluetooth in my phone, look for nearby devices and try to match names and looks.

That was before everyone had their "John's IPhone" or "Samsung A55" boring names everywhere and some of us cared to personalise our device's name.

Anyone else played this game?

What I remember is that you could push OBEX calendar objects without much refusal from the phones and make people have alarms ringing at 3am, fun times!
When I set up my iPhone and it asked who's iPhone it is, I thought it would be funny to put in Kim Jong Un. Now it shows up as "Kim Jong Un's iPhone" when I enable my hotspot. Or even better, it says it out loud when I connect to some Bluetooth speakers.
I read an article in 2012 about the feds (DHS?) placing Bluetooth enabled devices along I5 in Seattle. They were able to make profiles of people based on what Bluetooth devices they had in their cars. Is anyone familiar with this? I've periodically tried to Google it and can't find anything about it
I suspect the e-scooters left around town (Lime, Bird, etc) are massive Bluetooth / LoRa dragnets. You pay them to increase coverage or visibility to social hot spots.
There is a startup (in Stuttgart i believe?) that adds camera ms to these scooters.. this is 100% illegal (and I think the ccc is filing lawsuits?). Some of the earlier Tier model scooters even had a dedicated space for a camera in their head tubes.
About 10 years ago i had HomeAssistant running and thacking my bluetooth devices. It does so per default by jus memorizing a mac adress an recording when it's visible and when not. No need for pairing or anythung. It also stores the custom name if available.

Anyway, the default dashboard also automatically generated a view when my neighbours "Katie's iPhone' was at home and when not, until I actively deleted it and the data it stored.

> We’ve normalised the idea that Bluetooth is always on. Phones, laptops, smartwatches, headphones, cars, and even medical devices constantly broadcast their presence. The standard response to privacy concerns is usually “nothing to hide, nothing to fear.”

I guess anything you send out can be used to profile you.

Some of my friends live on a farm near a semi busy road, however far enough from other farms to not be able to receive their wifi. They showed me their router logging all the wifi accesspoints that appear/disappear. There where A LOT of access points named "Audi", "BMW", "Tesla" etc. similar to those devices leaking bluetooth data. We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.

I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.

> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall

They do but most phones rotate the mac adress these days. So while they can still track you through the store (sadly) they don't have the ability to track your recurring visits.

I wish phones had the option to constantly spam broadcasts with random MAC ids. That would make the practice useless.

Sure, stores use WiFi access points and BT to track MAC addresses and BT device IDs. Google does something similar with location and it provides in real time how busy a location is which I find super convenient. It’s a shame that shaping data into useful information also means it can weaponized.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is.

I worked for a company about 18 years ago where we did just this. We also sold the technology to car dealerships who were very interested in our silent salesman stuff where you could tie interactions with your web campaign directly to the person walking past the dealership and preload the salesman with all their details.

Grubby stuff nearly two decades ago.

>I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.

hmm, I wonder if there is anything about using this to combat shoplifting... short google later, seems there is, but mostly everything I'm finding is just brochures and breathless corporate announcements.

found this uni project https://capstone.cse.msu.edu/2020-01/projects/meijer/

Even when they claim it's "anonymous," the value is in aggregate behavioral patterns: dwell time, repeat visits, path through the space, etc.
I was researching bluetooth low energy for a project, and discovered "Beacons": https://en.wikipedia.org/wiki/Bluetooth_Low_Energy_beacon

What's more insidious than just tracking people through the store is that the beacons can collect the bluetooth IDs of the devices they've seen and send it off to advertisers, who can use the UUID to connect a person's offline shopping with the online advertising profile they've built up for the person.

Doesn't HackRF with Cha0s do something similar?
Bluetooth desperately needs mac randomization. Wifi mac randomization is welcome, but it doesn't do much when many (most?) people have bluetooth accessories broadcasting a persistent identifier whenever they're on.
ran something similar on a home network once and was surprised how many of my neighbors' devices showed up with full manufacturer names and model numbers. you don't even need to try hard.
Yeah here in the city I scan for 2 minutes and I know half the neighbours names and what phones, computers and TVs they use.
(comment deleted)
"We agreed on a 150-day disclosure window". Isn't that longer than Google Project Zero gives to release fixes?
This is not very different from collecting visual cues. You can notice a delivery van arriving. You can see the driver's face, same with passers-by. The biggest difference is that a camera needs to be more conspicuous, while a BT receiver can be invisible and undetectable. Much cheaper, too.
I have an ESP32 Cam in front of me right now. I think I paid maybe 8 bucks for it. If I wanted to, I could very easily hide the tiny camera in my front door, and use it to both collect bluetooth and wifi metadata (including MAC addresses) and correlate images/faces to MAC addresses when people pass by close enough so that I can identify them later from longer range wifi/ble detections.

(I actually do plan to install this at my front door, but aimed mainly to detect when a deliver/parcel in on my doorstep, and I don't (yet?) plan on sniffing bluetooth/wifi with it)

[dead]
I mean.. these services have apps right? It is, mostly, pretty trivial to track drivers and it would not surprise me if they have a fixed ID.
The project describes - and shows - a web interface.

Is there a simple CLI interface that can be redirected or pipelined into other tools ?

This could be used for a truly eye-opening art installation: a screen that as you walk by it, tells you when you were last there..

Even wilder would be to buy data on you in real time and display that.

Has anyone ever studied what happens with Bluetooth contention where thousands of people are gathered in a small space?

Like a marathon mass-start with 10,000 sometimes 20,000 or more people

How does bluetooth handle that? Or it doesn't?

> This isn’t about paranoia. It’s about understanding the trade-offs

> Bluetooth mesh networks—no internet required, no servers, no phone numbers

LLM slop. Both the article and the Python script

I second that. This website, including its look and layout, appears to be a copy of some more prominent indieweb ones that have been frequently featured here, filled with what seems to be almost entirely copied and/or LLM generated content.
Wait doesn't BLE randomize the UUIDs?
Yes, I was surprised there would be enough to go on with the MAC addresses rotating and I had assumed the UUID would too, but it sounds like there's enough to go on to identify targets.
you said " blocking ads network-wide with AdGuard". It's better to block it with a Pihole.
Ring: thank you for the idea, "Introducing Ring Face-Off, face masks covering faces during a break-in is no an issue for Ring, we will track the thieves until they reveal their face to our Ring network."
For immediate release: BLE N95 Facemasks Inc (YCombinator Summer 2025) is proud to come out of stealth mode and announce our acquisition by Ring. This follows a major private angel investment by Palintir with a post money valuation of $500 million.
I can assure you this has been talked about and is known and it's why you still find a headset port on devices handed out to government officials, though most of them ignore the advice to not use bluetooth.
BLE Tire pressure sensors are great vehicle identification devices. Static MAC adress gives 4 unique keys to a vehicle when actively scanning.
I am personally aware that Washington DC, same areas of Maryland, Virginia and Delaware have been tracking car Bluetooth (and EZ-Pass) for decades for "traffic management". The more BT detected the heavier tracking. The longer time between detectors for the unique BT/EZ-Pass, the slower the traffic. Adjust traffic lights down the road to improve traffic flow. (when I write Ez-Pass, i mean the toll transponder, but not detected by a toll booths or overhead arches.)
Heard a talk in Paris about a guy who "war drove" around town using a higher layer Mobile IP ap which could sweep up open SSID, connect, and (ab)use the bandwidth to maintain a link "above" it (I guess like an agile VPN)

he was getting 100mbit class speeds routinely. Also patches of nothing, but it was interesting. That was over 5 years ago.