> We’ve normalised the idea that Bluetooth is always on. Phones, laptops, smartwatches, headphones, cars, and even medical devices constantly broadcast their presence. The standard response to privacy concerns is usually “nothing to hide, nothing to fear.”
I guess anything you send out can be used to profile you.
Some of my friends live on a farm near a semi busy road, however far enough from other farms to not be able to receive their wifi. They showed me their router logging all the wifi accesspoints that appear/disappear. There where A LOT of access points named "Audi", "BMW", "Tesla" etc. similar to those devices leaking bluetooth data. We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.
I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
luma 1 days ago [-]
You can do this for much cheaper - all four of your tires are broadcasting a unique ID to report tire pressure, the radio to pick it up is cheap (because cars), and TPMS has no facility to randomize or otherwise secure this.
Gigachad 1 days ago [-]
It’s actually even easier, your car has a plate on the front with a unique ID that a camera scans, often to automatically track your park time for ticketing.
I can’t really care about obscure Bluetooth tracking when every business has CCTV doing facial recognition.
wolvoleo 24 hours ago [-]
Yeah exactly, with a car I would no longer be expecting any type of privacy, sadly.
Here in Holland we must even have a mobile phone module in every car so it can call the emergencies in case of a crash.
sneak 21 hours ago [-]
It’s all of the EU. It’s literally illegal to sell new cars without a radio transceiver in them.
userbinator 20 hours ago [-]
But is it illegal to personally disable it?
ThePowerOfFuet 16 hours ago [-]
Nope.
ErroneousBosh 13 hours ago [-]
I'm in two minds about this. Yes, there are severe privacy implications.
But also this happened, just a couple of hour's drive from where I live, about ten years ago:
and similar things have happened about once a year ever since. Now in the news article I linked to a huge part of the problem was that the police didn't follow it up correctly, went to where the accident had been reported rather than where it had occurred, didn't see anything, and then gave up.
But if the car had rung from where it had actually crashed then the incident would have EISEC[1] data tagged to it, which would have given them actual co-ordinates to hit.
Also, you can read the plate from much farther away than the TPMS sensors.
throwaway27448 11 hours ago [-]
The plate is pretty trivial to fake though. For one thing you can just remove it, but it's trivial to alter with just spray paint. Or using an outdated plate, or someone else's plate, etc. it's identifying sort of how an phone number is supposed to be identifying: nominal, but not secure and trivially abused for fraud
franga2000 10 hours ago [-]
It's trivial if you're concealing your conceal your identity when committing a crime, but a huge pain in the ass and a crime itself if you just want to protect yourself from creeps tracking you.
ale42 10 hours ago [-]
> The plate is pretty trivial to fake though.
Sure it is, but people can't realistically think to randomize their plate numbers to avoid tracking... IANAL but is it probably a criminal offense to do so.
Asmod4n 10 hours ago [-]
In Europe and the US all new vehicles now have a visible ID under their front window glass, it’s called a VIN. It’s even standardized where it must be.
Barbing 7 hours ago [-]
I wonder what the first vehicle to have the VIN under the windshield was. I believe I saw that for the first time maybe 20 years ago (USA).
Are there cameras that can actually read VINs on moving vehicles?
ale42 10 hours ago [-]
I'm pretty sure it should be possible if one really wants to do it. Think of a high-power IR flash and a high-res camera synchronized with the flash, with fixed focus on where the VIN would be passing. If the flash pulse is short but strong enough, it should be possible to read the VIN. Maybe some polarizing filters to remove glass reflections are needed.
bell-cot 9 hours ago [-]
A camera has quite a few failure modes (bad lighting, fog, dirty lens, obscured by plant growth, privacy laws, etc.) which a TPMS receiver & directional antenna don't.
hammock 21 hours ago [-]
Wait they use this for parking meters?! Which cities?
20 hours ago [-]
omgmajk 10 hours ago [-]
Here in Sweden it's uncommon. Especially in big parking lots/houses.
harrall 20 hours ago [-]
I think they’re pretty common.
Only reason I know is because I wondered if I could walk to the booth and press the button for a new parking ticket and pay for 5 minutes instead of 4 hours..
stinkbeetle 16 hours ago [-]
Even easier, electromagnetic radiation can be used to detect the presence and exact location and movements of not just automobiles, but also people! Many people have detectors for these things that can literally see through transparent material that makes up large sections of the walls of many houses and apartments.
everdrive 12 hours ago [-]
I believe that every morning someone in the tech industry wakes up and devises a new place to cram some sort of radio. And it's appealing enough the the unwashed masses such that it becomes widely adopted and then unavoidable. I don't want TPMS in my tires. It's not as if checking tire pressure is difficult. No one will consider moving away from TPMS. You'll only hear technologists say "yes, but we could improve the standard! Perhaps encrypt it." They only know how to solve technological problems with more technology.
spockz 1 days ago [-]
Not all cars have active TPMS. my Volvo xc90 had them but in later models they switched back to passive ones. So it is not even a given for higher end models.
ssl-3 1 days ago [-]
That's not quite the end of the road, though: The tires themselves often have RFID tags embedded.
That's not as far as BLE or TPMS can work at, but it's not exactly like the NFC arrangement in a credit card, either. 5 meters is enough for a motivated attacker to do some undetected bulk data collection.
stirfish 1 days ago [-]
I've had trouble reading these from more than a few feet away, but I concede that I have no idea what I'm doing
officeplant 1 days ago [-]
>There where A LOT of access points named "Audi", "BMW", "Tesla" etc.
That's one of the funniest things about wardriving with Wigle on your phone. I can often see the SSID of "Jennifer's Equinox", "Jacks Suburban" right after I get cut off by someone in said vehicle. The vast majority of car bluetooth/wifi I see tends to have varying amounts of identifying information. It's almost as bad as the fact that apple still defaults to Jacks iPhone/iPad etc with no option to rename the device until you've finished setting it up.
Companies are not out to protect us with default settings and the majority of users need to wake up to this fact.
saghm 1 days ago [-]
This might just be me being uninformed as someone who doesn't drive but how are you seeing what wifi networks are available so quickly right after being cut off? My very naive instinct is that looking at your phone or opening up a menu with the available wifi networks on your car's display seems like it would require a noticeable decrease in attention to the road, so I'd almost expect an uptick in being cut off from other people who are annoyed with your driving.
officeplant 1 days ago [-]
Small town, phone is on a dash mounted holder. Sometimes I leave Wigle up just to eye every now and then to see how much crap I'm picking up while war driving.
I am not without sin when it comes to driving a car.
reactordev 1 days ago [-]
What would be next level wardriving would be to break into their Bluetooth and have a conversation about their driving habits.
It can be done, relatively easily.
Fnoord 1 days ago [-]
Don't worry about Tesla's being tracked. Via Bluetooth this has existed for at least 7 years [1] (was mentioned on HN as well). Tesla know (also for 7 years), Musk doesn't care 'since license plates can also be tracked'.
I used it in train stations, and get hits when passing highways via train or bus. Esp. fun if you stand still due to traffic lights or traffic jam, since you can try to get a visual.
The only lesson to be learned here is that it allowed one to learn in 2019 Musk is overrated. But you can also learn that lesson from the book The PayPal Wars which predates this by 15 years.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
Not allowed is something your parents imposed on you when you were a child.
You’re not allowed to have an ice cream, or you’re not allowed to hang out with that boy.
Laws don’t not allow anything, they only sometimes impose penalties if you’re caught breaking them.
palata 13 hours ago [-]
> This phrasing needs to die.
If we're being annoying about language for no valid reason, I would say that a "phrasing" cannot "die", because a "phrasing" is not a living creature.
> Laws don’t not allow anything, they only sometimes impose penalties if you’re caught breaking them.
How does it work with your parents? Do they cast a spell that prevents you from hanging out with that boy? Nobody was "allowed" to smoke, and yet...
nandomrumber 10 hours ago [-]
Fortunately for me, words are allowed to have more than one meaning.
die
/dī/
intransitive verb
2. To cease existing, especially by degrees; fade.
palata 9 hours ago [-]
I explicitly said I was being annoying for no valid reason. If you want to justify something here, you should probably justify that you weren't annoying for no valid reason.
Does your dictionary say that "not allowed" is specific to parents and children?
nandomrumber 5 hours ago [-]
From the HN guidelines:
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
Thank you! That's exactly what you did not do. The strongest plausible interpretation of "not allowed in Europe" was perfectly fine.
I'm glad we agree.
xaldir 1 days ago [-]
> Not allowed in EU.
I'm surprised, I know for a fact that some stores definitely have the ability to do that on their hardware.
Fnoord 8 hours ago [-]
Only under strict rules, i.e. anonymized one way hash not relatable to a legal person. It isn't allowed to track a person that way.
thenthenthen 22 hours ago [-]
Utrecht Central Station does this, there are stickers at the entrance notifying the ‘public’ of this. Or its just a sticker;p
m-s-y 22 hours ago [-]
and i can commit crimes with my kitchen knives, yet they’re still legal
sneak 21 hours ago [-]
It’s done in Europe’s second busiest airport, Amsterdam Schiphol. I saw the advisory signs (so they can pretend that you gave informed consent by walking out of the jetbrige) up just last week.
There's an Android app that can find devices, make profiles, and you can track location for as long as they're connected. So you can profile passerbys and even get notified when the profile passes through again. I forgot what is was called
Years ago when BT beacons were newish, I was talking to an AdTechBro that wanted to create the ability from Minority Report where the kiosk recognizes a user, not by eye scans but by recognizing mobile device, so they could offer a personalized whatever. The creepiness wasn't something they eased into. It was pretty much instant.
jorvi 1 days ago [-]
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at
In the EU this is forbidden unless they explicitly ask your permission. They can still gather aggregate stats but they cannot build a profile on you.
stevage 19 hours ago [-]
I find it curious that the EU, despite it having such a complex parliamentary structure, is able to consistently enact such laws that are good for ordinary people. Are the two connected, I wonder...
brigandish 15 hours ago [-]
That's the outcome of cherry picking the good things and ignoring the bad, not their decision making structure. Try asking critics of the EU what they don't like (a quick search on here will provide plenty of examples) and you'll see laws that are not good for ordinary people. Repeat with any jurisdiction, making sure to choose the opposite of your preconception (e.g. ask proponents of the USA's system what they like about it) and you'll get a better, less biased and more challenging view.
wolvoleo 23 hours ago [-]
True but I wouldn't put it past them tbh. It's very easy to hide or claim a 'misconfiguration'.
Even the airports here track everyone. They say it's for public safety but I'm sure they use it for market analysis for their expensive sandwich shops too.
tskulbru 1 days ago [-]
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
Yes, I remember Cisco had a product like this all the way back in 2011. They could pinpoint a customer to an exact position inside a store using triangulation, they would know which shelf you spent time in front of etc. In the 15 years since then, I expect the technology is much scarier and intrusive.
nofunsir 1 days ago [-]
iBeacon. They know what shelf you're standing in front of. What products you touch and read.
Ever been in an Apple store? Look up. In the dark voids between the edge-to-edge backlit ceiling. There are secrets there. Watching you.
astafrig 22 hours ago [-]
Not what iBeacon does but an entertainingly dramatic description nonetheless.
pests 18 hours ago [-]
The only step missing from their description is having the app- or company- specific app installed. For Apple, that is the Apple Store app which everyone has. If you have BT enabled, it can detect the iBeacon and Apple Store can send that back for tracking.
Macys pioneered it before there even were Apple Stores. Back when most people didn't even know their phones had Bluetooth.
shafoshaf 1 days ago [-]
Macy's has Santa clause since 1947 because that is when Miracle on 24th Street came out. And he even knows when you are sleeping.
scottlamb 1 days ago [-]
> We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.
You could also read the numberplate directly with OpenALPR. It can be finicky to set up a camera to do this reliably in all conditions (particularly at night and high speed) but once done you could detect any car passing, not just ones with wifi access points.
When the law requires us to have numberplates, I think this just has to be considered public information for anyone who is nearby or can leave a camera nearby. It's not ideal to leak it in additional forms that might be easier for people to grab (say, with an ESP32), but it's a matter of degree rather than of kind.
But yeah, I'm with you on some of these others, particularly the medical devices. That's not great.
AlotOfReading 1 days ago [-]
There's a difference between public and Public. I go outside with my face visible and I don't mind if my neighbors see me. I do mind if my neighbors stand outside my door with a notepad sketching faces every time they see me or anyone else, especially if they're selling the data. Systematic tracking that isn't subject to the constraints of human memory and apathy fundamentally changes the equation.
scottlamb 1 days ago [-]
> Systematic tracking that isn't subject to the constraints of human memory and apathy fundamentally changes the equation.
I definitely don't approve of mass collection across many cameras, accessible to who-knows-who with minimal if any privacy controls (Flock). But it wouldn't surprise or bother me if my next-door neighbor had ALPR enabled, as long as it's not part of that cloud. YMMV.
Full disclosure: I develop an open source home/hobbyist-oriented NVR, although it doesn't have an ALPR feature or any other analytics today.
thedrexster 1 days ago [-]
> constraints of human memory and apathy
i like that a lot, brother, thank you!
SoftTalker 1 days ago [-]
I disable bluetooth on my phone, though periodically I find that it's back on.
Edit: iOS
craftkiller 1 days ago [-]
I have the opposite experience: GrapheneOS has an option to automatically turn your bluetooth off after a configurable period of not being used. So when I need to use bluetooth, I turn it on like normal. Then, without thinking about it, it automatically turns off. The end result is my bluetooth is only ever on for a couple hours each month when I'm making phone calls.
9991 20 hours ago [-]
Your problem is that you chose an OS that respects you and treats you with dignity.
rationalist 1 days ago [-]
I only see an option to turn back on tomorrow. How do you find this option?
craftkiller 24 hours ago [-]
It's under Settings > Security and Privacy > Exploit Protection > Turn off bluetooth automatically
Definitely not the most obvious location. I would have expected to find this under the bluetooth settings.
rationalist 19 hours ago [-]
Awesome, thank you.
I don't recall that being there when I first installed GrapheneOS. I need to go through the settings more often I guess.
It might be a cool feature if settings were highlighted or had a red dot or something until it was viewed (like an unread notification).
littlecorner 1 days ago [-]
Did not realize I could do that! Thank you!
joemi 24 hours ago [-]
I used to fervently keep my bluetooth off on iOS, and I learned that if you turn it off via the Control Center, then it automatically gets turned back on the next day. But if you turn it off via Settings, then it only gets turned back on when the system software updates. (I stopped doing this a couple iOS versions ago, though, so it may have changed since then.)
jerlam 23 hours ago [-]
Bluetooth (and wifi) aren't turned off at all through the Control Center - they changed the wording to say "disconnected", meaning that your phone only disconnects from known devices. But both are still turned on for other purposes such as CarPlay, Handoff, and Location Services (via wifi). For the purposes of this discussion, they are potentially still transmitting a known identifier.
Apple reconnects to known devices and networks at 5am:
I miss wired headphones for this purpose. It's the only reason I even have BT enabled.
poolnoodle 15 hours ago [-]
Wired headphones do still exist. :-)
I often use a pair of cheap USB C Apple earpods with my Google Pixel.
1 days ago [-]
officeplant 1 days ago [-]
With iOS the easiest way to make sure it off and stays off is to build a shortcut to cut off wifi/bluetooth. Otherwise it's typically off until you get geolocated as being back home/work and wifi comes back on.
I have a "store mode" button that just kills wifi/bt that I hit before I go into any store.
mcosta 1 days ago [-]
what do you gain doing this?
officeplant 1 days ago [-]
Peace of mind that I'm not being tracked around the store by wifi/bt, and/or having my device fingerprinted for further identification on future visits.
silon42 1 days ago [-]
Android now has an option to enable it every day.. (I have it disabled).
wolvoleo 24 hours ago [-]
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall
They do but most phones rotate the mac adress these days. So while they can still track you through the store (sadly) they don't have the ability to track your recurring visits.
I wish phones had the option to constantly spam broadcasts with random MAC ids. That would make the practice useless.
bryanrasmussen 17 hours ago [-]
>I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
hmm, I wonder if there is anything about using this to combat shoplifting...
short google later, seems there is, but mostly everything I'm finding is just brochures and breathless corporate announcements.
I have also put an Airtag clone in my car (Loshall in iOS mode). That is probably leaking my arrival times. My water meter is also now bluetooth.
KolibriFly 13 hours ago [-]
Even when they claim it's "anonymous," the value is in aggregate behavioral patterns: dwell time, repeat visits, path through the space, etc.
King-Aaron 20 hours ago [-]
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is.
I worked for a company about 18 years ago where we did just this. We also sold the technology to car dealerships who were very interested in our silent salesman stuff where you could tie interactions with your web campaign directly to the person walking past the dealership and preload the salesman with all their details.
Grubby stuff nearly two decades ago.
autoexec 1 days ago [-]
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is.
Many places do this. The department stores in the mall, target, even grocery stores do it.
voidmain0001 24 hours ago [-]
Sure, stores use WiFi access points and BT to track MAC addresses and BT device IDs. Google does something similar with location and it provides in real time how busy a location is which I find super convenient. It’s a shame that shaping data into useful information also means it can weaponized.
pixl97 1 days ago [-]
> even medical devices constantly broadcast their presence
I mean yes, said medical devices are a whole lot less useful to me if they are not transmitting data. For some of this stuff you can't have your cake and eat it too.
0x1ch 1 days ago [-]
I was wardriving my neighborhood and realized my elderly neighbor's CPAP machine is broadcasting some type of BT signal 24/7. I imagine it's transmitting some important stats, but it did make me have a 2nd thought about medical devices being IoT or BT enabled.
kccqzy 1 days ago [-]
> being IoT or BT enabled
Please don’t conflate these two. I have lots of BLE wearables and other sensors. They only send data to my own computer which I control, unlike IoT devices which by definition send to a third party on the Internet. To me it is far more important to protect against strangers on the Internet versus someone wardriving the neighborhood.
On a related note, did you know that EU has a Radio Equipment Directive (RED 2014/53/EU) that came into effect in 2025. It all but guarantees that such Bluetooth communication will be encrypted.
bigiain 1 days ago [-]
> I have lots of BLE wearables and other sensors. They only send data to my own computer which I control
That's perhaps technically correct, but a naive interpretation of the risk. I don't need to see the data your BLE devices are sending you, all I need is traffic analysis and meta data from the signals they are broadcasting - and they broadcast that to anyone within detection range which includes attackers with much higher gain antennas than you who can likely pick up those broadcasts at ten times the distance any of your devices will communicate at.
"Flying helicopters low and slow over the Tucson desert in Arizona, the FBI has been using "signal sniffers" to try to locate Nancy Guthrie's pacemaker.
As the search for the 84-year-old mother of US Today show anchor Savannah Guthrie entered its third week, investigators took to the sky with advanced bluetooth technology.
They were hoping to pick up signals emitted from the device implanted in Ms Guthrie's chest to help trace her whereabouts, US media outlets NewsNation and Fox News reported."
Yeah I always keep my cpap on airplane mode. It even had 5G. The therapist complains they can't monitor it but I have to come in with the machine and SD card every few months so they can check it then. They don't need 24/7 access.
What bothers me more is that my sex toys broadcast on Bluetooth even when I'm using them through WiFi. It even says the brand in the device name.
Not that I give a fuck what the neighbours think but it's just none of their business. And some toys are for discreet outdoor use too. Though that's not my thing.
In the past I renamed one of my phones to "Lovense Hush" to troll, though I've never seen anyone looking suspiciously. I guess most people aren't creeps like me who check stuff like that :)
1 days ago [-]
xanrah 1 days ago [-]
There’s a middle ground here. There is no technical reason a pacemaker constantly broadcasts itself - there is ways to allow communication to such devices without yelling your name all the time. And there is definitely no reason for such a name to be a unique identifier.
just6979 20 hours ago [-]
That middle ground has been eroded by cost-cutting.
Example: my mother had a cardic resynchronization device, and it had some kind of NFC type thing to enable the full wireless comms mode: wave a wand over her shoulder and the device's radio wakes up for a set time to send data or receive adjustments. So it wasn't always transmitting, but it did require the doctor's office or hospital to have that NFC wand to initiate any kind of data aquisition or reconfiguration. If it has an always-on BLE radio, the provider would just needs the phone/tablet/laptop with appropriate software that is already required.
Since any device like is already going to have a radio equivalent to a BLE radio, then removing the NFC parts from the device (and especially from the provider side) is some amount of cost savings. I think most patients would disagree that this privacy trade-off is NOT worth it, but you have remember that the patients aren't usually the actual customers in the US health care system. (And most manufacturers are going to have the US market as a target at least somewhat.) The most common actual customer is actually the insurance companies, and they'll take every single fraction of a penny, along with "an arm and a leg".
ssl-3 24 hours ago [-]
There are technical reasons, though.
Let's suppose we have a pacemaker, and it has data that is beneficial to read -- maybe even in real-time on their pocket computer, or opportunistically as the patient walks by their reader-device, or however that is done.
So we want this data, and we want it over RF. It probably seems obvious that it should only transmit when it is told to do so, right?
So how do we tell the pacemaker to transmit? On its face, that problem seems solved by integrating a receiver that sits and waits for a valid instruction.
Except: That receiver takes power to run. And since changing batteries inside of a person is problematic, we want them to last as long as they can while still performing the desired task.
Now we get to the not-obvious part: In terms of power, it's often less costly to intermittently transmit a string of data than to continuously operate a radio receiver. And maybe it's a bad idea to have an implanted pacemaker that has an open receiver for anything nearby to try to fuck with, anyway.
But a transmit-only radio? Good luck hacking that.
So... we do intermittent transmission, and this works for pacemakers. It also works for the cheap Zigbee thermometer I have (wherein I don't normally request the temperature; it just delivers it periodically, and it runs for years and years on a coin cell).
(Now: Should that pacemaker data be encrypted? Yes, of course. And so should the ID. In fact, the whole transmission should be indistinguishable from background noise by unrelated devices. In this way, authorized devices can then use pre-shared keys to receive and decode these messages and others receive nothing. That kind of cuts BLE and thus also the pocket computer out of the monitoring mix, but tradeoffs are tradeoffs.)
palata 13 hours ago [-]
> In terms of power, it's often less costly to intermittently transmit a string of data than to continuously operate a radio receiver.
The fair comparison would be intermittently transmitting a string of data versus intermittently operating a radio receiver, wouldn't it?
Maybe it's still less costly to transmit, that I don't know. But I am interested about it :-).
> And maybe it's a bad idea to have an implanted pacemaker that has an open receiver for anything nearby to try to fuck with, anyway.
This part resonates more with me.
ssl-3 3 hours ago [-]
> The fair comparison would be intermittently transmitting a string of data versus intermittently operating a radio receiver, wouldn't it?
Good point. I don't know that this would actually work with BLE, as implemented on our pocket supercomputers (which I presume to be a useful part of the support system of a modern pacemaker).
But if we change the requirements to "Some kind of maybe not-even-invented-yet RF thing, maybe with a rechargeable translator device that a person keeps in their pocket to convert to BLE when that's useful" then: Sure. Intermittent receive could be used instead.
Whether that's more efficient or not is an interesting problem.
Transmitters tend to use more instantaneous power (ie, Watts) than receivers do, but a transmission can be very, very short. It doesn't care whether anything is listening or not. Transmitter wakes up, blurts out what it has to say, and goes back to sleep.
If a chunk of BLE data of this size takes 1ms of transmit time (it might), and it happens every 60 seconds (it might), then that's transmitting for 1.44 seconds per day.
So total consumed power over time (ie, Joules per day, or whatever) can be very low. That's part of how we got here -- BLE is built around this concept, and it all converges to make this easy to accomplish.
Meanwhile: An intermittent receiver tends to use less instantaneous power, but it usually needs to operate for a longer period. It wakes up and actively listens for instructions for a period of time. If none are received, then it goes back to sleep. Synchronizing free-running clocks is hard (and disciplining them is expensive, power-wise, compared to a sleep state), so maybe that receive window is 50ms every minute. Worst-case: The receiver operates for 72 seconds per day.
Even if receiving uses just 1/10th the instantaneous power as transmitting does (this is probably in the right ballpark), then the intermittent receiver still uses a ton more power over time -- especially if there are no transmissions to receive. (The receive window obviously closes if/when a transmission is received, so having something to hear can improve this some.)
But the end goal isn't just to wake the pacemaker up by pinging it. The end goal is for it to transmit data. So we still get to wake up the transmitter and have it do that.
Now, these are all made up numbers -- I think they're somewhere near reality, but maybe not. But it seems like kind of a double-whammy, to me, compared to intermittent transmit. :)
palata 29 minutes ago [-]
Very interesting insights, thanks a lot!
pixl97 1 days ago [-]
I mean if not a name, how would a mac id be any different?
dietr1ch 1 days ago [-]
What forces devices to constantly stream data? You can batch updates and probably save power thanks to it.
kccqzy 1 days ago [-]
Because these BLE devices are so cheap that they don’t have storage. And BLE transmission is already very power efficient: the power consumption of BLE is probably the same order of magnitude as powering flash storage.
What's more insidious than just tracking people through the store is that the beacons can collect the bluetooth IDs of the devices they've seen and send it off to advertisers, who can use the UUID to connect a person's offline shopping with the online advertising profile they've built up for the person.
NoSalt 7 hours ago [-]
> "The standard response to privacy concerns is usually 'nothing to hide, nothing to fear.'"
> "But here’s the thing: even if you have nothing to hide, you’re still giving away information you probably don’t intend to."
Whenever I see talk like this, I always like to post this quote that not only still rings true, but rings even louder today.
> "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
~ Cardinal Richelieu (Cardinal and former Secretary of State for Foreign Affairs of France)
WaitWaitWha 21 hours ago [-]
I am personally aware that Washington DC, same areas of Maryland, Virginia and Delaware have been tracking car Bluetooth (and EZ-Pass) for decades for "traffic management". The more BT detected the heavier tracking. The longer time between detectors for the unique BT/EZ-Pass, the slower the traffic. Adjust traffic lights down the road to improve traffic flow. (when I write Ez-Pass, i mean the toll transponder, but not detected by a toll booths or overhead arches.)
TheSilva 1 days ago [-]
Tangential, sort of: in the early days of mobile phones for the masses, when there was no WiFi/3G in the underground, I will often enable Bluetooth in my phone, look for nearby devices and try to match names and looks.
That was before everyone had their "John's IPhone" or "Samsung A55" boring names everywhere and some of us cared to personalise our device's name.
Anyone else played this game?
herghost 1 days ago [-]
hmmmmm...
2006, sat in a job interview. Interviewer says he'll Bluetooth over a file to me - what's by phone's name?
2006, the year that Tool's 10,000 Days had been released, which I was enjoying and, being a bit of an Edge Lord, I'd named my device after a lyric from Vicarious - which, IIRC fit perfectly into the name space and made me very happy:
> ILikeToWatchThingsDie
Excellent. Still got the job though!
jjkaczor 1 days ago [-]
Hah, I change my device name and wifi hotspot all the time...
"[Agency-acronym] Surveillance Van #43/44/etc.."
fer 23 hours ago [-]
What I remember is that you could push OBEX calendar objects without much refusal from the phones and make people have alarms ringing at 3am, fun times!
keraf 13 hours ago [-]
When I set up my iPhone and it asked who's iPhone it is, I thought it would be funny to put in Kim Jong Un. Now it shows up as "Kim Jong Un's iPhone" when I enable my hotspot. Or even better, it says it out loud when I connect to some Bluetooth speakers.
Yeah, but it stopped pretty soon stores figured out that they could flood you with advertisements over Bluetooth. In some places it was bad enough that I had to turn off Bluetooth.
patja 1 days ago [-]
How did this play out? Were the ads from an app from the store that you had installed? Or did they spam you over SMS because they associated your bluetooth info with an account you have with the store, or contact info they bought from a third party?
dylan604 1 days ago [-]
> Were the ads from an app from the store that you had installed?
This is my main concern over installing apps in general but specifically store apps. I've noticed that grocery stores are moving past existing loyalty cards and want you to use their apps for exclusively available digital coupons. The prices I'm seeing are very compelling and are on top of existing loyalty card discounts, and I could see lots of people using the app because of it. The assumed amount of abuse keeps me from lemminging my way through the store.
nonamenoslogan 5 hours ago [-]
Kroger here has done that with their app. The loyalty card/phone number still works for many of the specials, but the "digital deals" thing by using the app and scanning a QR code on the price sticker gives BIGGER discounts. Its not the most convenient way to shop, but I am willing to save 15-20% more usually.
edent 24 hours ago [-]
Neither. They used to discover your device and then send a Bluetooth push. "Would you like to receive a file from …"
It was usually an image, movie, or audio file.
patja 22 hours ago [-]
Wow that is wild. Thanks for explaining.
I've never seen a prompt like that on my phone and would not have guessed this.
oarla 21 hours ago [-]
As someone explained it below in this thread, walk into a mall with Bluetooth turned on and phone starts chiming with multiple "... wants to send you a media/audio/image etc." Not just ads, some bad actors would try to infect the phone with malware. Luckily never happened to me, but I heard from my acquaintances.
tonetegeatinst 1 days ago [-]
Yep 100% did the same.
It was interesting to see what people named stuff as even back then I figured you could use that metadata for tracking devices...but even more interesting was looking at the Mac address to see the manufacturer and try and find some rare or cool device.
mytailorisrich 1 days ago [-]
I do the reverse. I set my wifi hotspot or bluetooth to "MetPoliceUnit355" and I look for people making faces or looking around.
moontear 16 hours ago [-]
Introducing the „are they home“ device to assist burglars. Just slap that miniature device somewhere non-suspicious on the place of your potential marks and let it run for the battery life of 7 days. Afterwards you collect it and know movements patterns.
Features automatic notifications if no movement detected for more than two days.
KolibriFly 13 hours ago [-]
To be fair, that's basically a variation of techniques that have existed long before Bluetooth
moontear 13 hours ago [-]
I don't disagree, nothing new to see here. I just thought that this would be a nifty device to sell via nefarious shops. Include some more passive tracking of WiFi and bob's your uncle. Maybe add mesh functionality via LoRaWAN and track the whole neighborhood.
KolibriFly 13 hours ago [-]
Bluetooth, Wi-Fi, even things like tire pressure sensors... they were designed primarily for convenience and interoperability, not adversarial environments. Now we're retrofitting privacy onto systems that were never really built with that as a first principle
nine_k 1 days ago [-]
This is not very different from collecting visual cues. You can notice a delivery van arriving. You can see the driver's face, same with passers-by. The biggest difference is that a camera needs to be more conspicuous, while a BT receiver can be invisible and undetectable. Much cheaper, too.
bigiain 1 days ago [-]
I have an ESP32 Cam in front of me right now. I think I paid maybe 8 bucks for it. If I wanted to, I could very easily hide the tiny camera in my front door, and use it to both collect bluetooth and wifi metadata (including MAC addresses) and correlate images/faces to MAC addresses when people pass by close enough so that I can identify them later from longer range wifi/ble detections.
(I actually do plan to install this at my front door, but aimed mainly to detect when a deliver/parcel in on my doorstep, and I don't (yet?) plan on sniffing bluetooth/wifi with it)
nine_k 22 hours ago [-]
A decent optical part is comparably expensive, and somehow visible.
dalemhurley 1 days ago [-]
Ring: thank you for the idea, "Introducing Ring Face-Off, face masks covering faces during a break-in is no an issue for Ring, we will track the thieves until they reveal their face to our Ring network."
bigiain 24 hours ago [-]
For immediate release: BLE N95 Facemasks Inc (YCombinator Summer 2025) is proud to come out of stealth mode and announce our acquisition by Ring. This follows a major private angel investment by Palintir with a post money valuation of $500 million.
clarabennett26 1 days ago [-]
The part about passively detecting delivery driver patterns from a home office is wild. I knew BLE was chatty but being able to correlate device pairs (phone + watch) to build movement profiles with just a Pi is genuinely unsettling. Makes me want to audit which of my devices are broadcasting when they don't need to be.
thenthenthen 21 hours ago [-]
I mean.. these services have apps right? It is, mostly, pretty trivial to track drivers and it would not surprise me if they have a fixed ID.
gruez 1 days ago [-]
Bluetooth desperately needs mac randomization. Wifi mac randomization is welcome, but it doesn't do much when many (most?) people have bluetooth accessories broadcasting a persistent identifier whenever they're on.
avidiax 1 days ago [-]
> Bluetooth desperately needs mac randomization.
Bluetooth already has a well developed MAC randomization scheme.
Lookup "resolvable private address". The short of it is, your phone can find your headphones or vice-versa, despite one or both having random addresses. The addresses can be regenerated or rotate at an interval (say 15 minutes). The first part of the address is a nonce (pRand), and the rest of the address is a 24-bit hash of pRand with an identity resolving key (IRK). So the other party just listens passively for addresses, and sees if any of them happen to have the right hash.
I don't think this is as airtight as people think it is. Certainly, if you are following somebody and one address disappears right as another appears (rotation), it's quite easy to infer the new/old addresses belong to one device. I tried briefly to convince the Android developers to synchronize that rotation globally.
You can also probably infer that if you see a pair of random MACs arrive, and they have a certain pattern of timing and payload size, you can say with some certainty that they are particular devices, say an iPhone and an Apple Watch. But that requires sophisticated equipment since most Bluetooth LE communication is over a non-cryptographic frequency hopping arrangement.
Lastly, radio fingerprinting is widely known in academia, but requires special equipment.
bigiain 1 days ago [-]
> Lookup "resolvable private address". The short of it is, your phone can find your headphones or vice-versa, despite one or both having random addresses.
Is that just for the connection phase? Or does it then start publicly broadcasting a persistent MAC onced it's connected, so if you earbuds or watch are connected and communicating with your phoine, would a sniffer see a persisten MAC address or the session randomised one?
That's a problam (one of many problems) with WiFi MAC address randomisation - you can sniff the network names a phone is trying to connect to, then stand up a wifi access point with one of those names and the phone will reveal its real MAC address when it connects. I experimented a long time back with having a raspi that broadcast itself as a McDonalds free wifi access point, a huge number of phones would try to connect while I was out in public with it.
gruez 24 hours ago [-]
>That's a problam (one of many problems) with WiFi MAC address randomisation - you can sniff the network names a phone is trying to connect to, then stand up a wifi access point with one of those names and the phone will reveal its real MAC address when it connects.
That's not how mac address randomization works now for both android and ios. Both connects with a randomized mac as well, which might be persistent per-network, but it still heavily hampers data collection. For ios specifically, it also seems to have some sort of heuristic to detect which network names are common/guessable, and use a rotating mac for those. Moreover "you can sniff the network names a phone is trying to connect to" isn't really a thing unless the network is using hidden ssid, which isn't the default for almost all routers.
bigiain 24 hours ago [-]
Oh cool, thanks. My last time playing with this was pre covid, possibly 5 or more years pre covid.
I do know for sure that my iOS devices connect with persistent MAC addresses on both my home and work wifi networks - I'd _assumed_ it was the same MAC address on both networks, but I'll be curious to see if that's correct next time I'm in the office.
gruez 23 hours ago [-]
You don't even need to be in the office to see it. Just go to wifi -> edit, and it'll bring up a list of saved networks. Tap on one of them and it'll show the mac address used.
bigiain 21 hours ago [-]
Thanks!
neilalexander 1 days ago [-]
Random Bluetooth MACs are already possible. iOS devices have been doing it for years alongside the random Wi-Fi MACs.
anonymousiam 18 hours ago [-]
Within the past two years, I began leaving BT turned off on all of my devices unless I needed it. It means that I need to pause a moment to turn it on when I get in the car, use my headphones/airpods, or other BT devices.
For me, it's worth the extra trouble because I noticed a significant reduction in battery life on my mobile devices. The reduction coincided with the rollout of Apple's "Find My" service, which was followed by Google's "Find Hub" service. (I have devices in both ecosystems.)
I wish there was a separate way to opt out of the "Find" services, but AFAIK, even if you opt out, your device may still relay traffic from other nearby devices. So it seems that the only way to preserve device battery life is to just shut off the BT.
chii 16 hours ago [-]
> I began leaving BT turned off on all of my devices unless I needed it
i've been doing that since the inception of BT being available on my devices. I'm just surprised at so many people's cavalier attitude to security and privacy. And then later, it is too late to reverse course.
GordonS 16 hours ago [-]
Same. Security aside, I also didn't want to waste the battery when I knew I was unlikely to use Bluetooth.
jeena 1 days ago [-]
About 10 years ago i had HomeAssistant running and thacking my bluetooth devices. It does so per default by jus memorizing a mac adress an recording when it's visible and when not. No need for pairing or anythung. It also stores the custom name if available.
Anyway, the default dashboard also automatically generated a view when my neighbours "Katie's iPhone' was at home and when not, until I actively deleted it and the data it stored.
avel 1 days ago [-]
Similar story - "Home assistant picked up my neighbours Bluetooth toothbrush and now I can see when they brush their teeth"
The AI written blog posts will continue until morale improves.
stingraycharles 12 hours ago [-]
> The Problem Nobody Talks About
head explodes
do these people writing these blog posts not recognize just how super bad their blog posts look with this slop?
cm-t 13 hours ago [-]
Parisians Métro 's ads screen are equiped with BT scanner, with a hidden sticker on the side to link you with a qrcode to a RGPD output website, where you have to log your private data to register your devices to be not scanned...
What a world to be alive..
stevage 19 hours ago [-]
Years ago I was interested to discover that my local road authority uses Bluetooth tracking of drivers to monitor traffic speed on certain major roads. Detect a particular Bluetooth ID at one point, pick it up again 2km down the road, you know how fast the traffic is going. Pretty useful for getting an immediate alert if traffic speed suddenly plummets.
ggm 19 hours ago [-]
Heard a talk in Paris about a guy who "war drove" around town using a higher layer Mobile IP ap which could sweep up open SSID, connect, and (ab)use the bandwidth to maintain a link "above" it (I guess like an agile VPN)
he was getting 100mbit class speeds routinely. Also patches of nothing, but it was interesting. That was over 5 years ago.
cadamsdotcom 1 days ago [-]
This could be used for a truly eye-opening art installation: a screen that as you walk by it, tells you when you were last there..
Even wilder would be to buy data on you in real time and display that.
This gives me a homebrew project idea - to create something portable that would allow me to sniff Bluetooth devices on my daily train commute into the office.
Has anyone done this or can give me ideas where to start?
keraf 13 hours ago [-]
Over a decade ago, I already saw a music festival using Bluetooth tracking to monitor crowd movements [0]. There's an assumption that people just leave their Bluetooth on out of convenience.
That one doesn't seem to do bluetooth at all, I think?
haberlerm 24 hours ago [-]
BLE Tire pressure sensors are great vehicle identification devices. Static MAC adress gives 4 unique keys to a vehicle when actively scanning.
dwedge 15 hours ago [-]
Something about them saying they use Proton pass so they don't need to have secrets in pipelines as an example of being into privacy rubbed me the wrong way
jjbiotech 1 days ago [-]
I suspect the e-scooters left around town (Lime, Bird, etc) are massive Bluetooth / LoRa dragnets. You pay them to increase coverage or visibility to social hot spots.
thenthenthen 21 hours ago [-]
There is a startup (in Stuttgart i believe?) that adds camera ms to these scooters.. this is 100% illegal (and I think the ccc is filing lawsuits?). Some of the earlier Tier model scooters even had a dedicated space for a camera in their head tubes.
hammock 1 days ago [-]
Wow e-scooter wardriving is something I hadn’t thought of. Could be happening somewhere
f0r3st 1 days ago [-]
you said " blocking ads network-wide with AdGuard". It's better to block it with a Pihole.
catsquirrel28 1 days ago [-]
> This isn’t about paranoia. It’s about understanding the trade-offs
> Bluetooth mesh networks—no internet required, no servers, no phone numbers
LLM slop. Both the article and the Python script
the-anarchist 22 hours ago [-]
I second that. This website, including its look and layout, appears to be a copy of some more prominent indieweb ones that have been frequently featured here, filled with what seems to be almost entirely copied and/or LLM generated content.
bigbuppo 1 days ago [-]
I can assure you this has been talked about and is known and it's why you still find a headset port on devices handed out to government officials, though most of them ignore the advice to not use bluetooth.
kevincloudsec 1 days ago [-]
ran something similar on a home network once and was surprised how many of my neighbors' devices showed up with full manufacturer names and model numbers. you don't even need to try hard.
wolvoleo 23 hours ago [-]
Yeah here in the city I scan for 2 minutes and I know half the neighbours names and what phones, computers and TVs they use.
SUDEEPSD25 6 hours ago [-]
Weirdly intriguing!
farkanoid 17 hours ago [-]
Somewhat related - I've been working on a design using Nordic's NRF52840 SOC for work; Intensely focusing for the past few weeks on antenna tuning for maximum BLE range.
Part of the testing involves using the 'nRF Connect' app, which lists all nearby Bluetooth devices, plots signal strengths, and allows for some rudimentary communication. It doesn't seem to be Nordic-specific.
I'd frequently leave the app open scanning during development late in the evening, and rarely, an unidentified Bluetooth LE device would pop up for a few minutes then disappear.
Turns out it was my dad's pacemaker, which sends telemetry via Bluetooth to a 4G gateway they gave him (this only happens after he lies down with little movement apparently).
This prompted me to look into pacemakers and deactivation after death of course. I wish I hadn't, it turns out they leave it in the corpse unless it's scheduled for cremation.
Because of the aforementioned research, and the open field tests I was performing, it somehow devolved into me having a nightmare where I was RF testing at a graveyard, and the app suddenly displaying a bunch of pacemakers underground.
...I really hope this isn't possible - The signal through 6ft of dirt and concrete would be marginal but still detectable.
Footprint0521 9 hours ago [-]
Random question, but will this be open sourced at any point? Just asking as a curious party who just bought one for exploration lol
I got it flashed through nrfutil with sniffer and sweyntooth, but butterfly has not been working no matter what I try and do…
Thanks for even taking the time to read this :)
rsync 1 days ago [-]
The project describes - and shows - a web interface.
Is there a simple CLI interface that can be redirected or pipelined into other tools ?
kccqzy 1 days ago [-]
The article says the data is in a SQLite database.
rsync 1 days ago [-]
Yes I see that and I wonder if the project includes a CLI tool.
webdoodle 1 days ago [-]
Doesn't HackRF with Cha0s do something similar?
HNisCIS 1 days ago [-]
And kismet
fennec-posix 1 days ago [-]
Emit at your own peril
12 hours ago [-]
0xdeadbeefbabe 1 days ago [-]
Wait doesn't BLE randomize the UUIDs?
nmstoker 21 hours ago [-]
Yes, I was surprised there would be enough to go on with the MAC addresses rotating and I had assumed the UUID would too, but it sounds like there's enough to go on to identify targets.
dncornholio 14 hours ago [-]
FYI WiFi leaks the same metadata, so turn that off too if you disable BT.
zoklet-enjoyer 1 days ago [-]
I read an article in 2012 about the feds (DHS?) placing Bluetooth enabled devices along I5 in Seattle. They were able to make profiles of people based on what Bluetooth devices they had in their cars. Is anyone familiar with this? I've periodically tried to Google it and can't find anything about it
Spooky23 1 days ago [-]
Possible, but they buy data from the carriers with similar profile possibilities. The DEA operates long standing and pervasive surveillance in “drug corridors” like I-95 from Maine to Miami. They do things like LPR and grabbing passenger pictures.
If Bluetooth is used, it may be a way to get a count of passengers or if the passengers change. I know based on newspaper accounts that they are particularly interested in cars that stop in Philly or Baltimore.
This stuff is frequently used against cops too so they may use the tech in similar ways. If you’re someone worried about getting raided, spotting a large number of new signals at the front door is an early warning potentially.
parpfish 1 days ago [-]
I remember an art exhibit by an online privacy activist made where it’d ping people’s phones to get a list of “known WiFi networks” and then display them on a screen in a room.
Each person would get a unique fingerprint of named network locations
I believe Houston used bluetooth to measure congestion on 45.
ck2 1 days ago [-]
Has anyone ever studied what happens with Bluetooth contention where thousands of people are gathered in a small space?
Like a marathon mass-start with 10,000 sometimes 20,000 or more people
How does bluetooth handle that? Or it doesn't?
username_here 1 days ago [-]
In my experience, just fine. I recently ran a large (~30k) marathon and my AirPods and watch never glitched once, streaming the whole time including in the packed start corrals. I had the same thought about RF contention, but Bluetooth didn't seem to care.
The amount of data needed to send audio to your ear-buds is quite small compared to the spectrum available, so only needs tiny slices of spectrum and for relatively tiny slices of time. And also relatively tiny amounts of power since it's only going max 100 feet, hence a pretty small chunk of space.
If all those 10K-30K devices are constantly jumping around the frequency band to transmit tiny payloads a tiny distance, then a whole metric fuck-ton of them can interoperate in what seems to us to be very tight quarters. But to those specialzied radios it probably seems like a fairly wide open field.
supertrope 1 days ago [-]
Even licensed wireless stops functioning. All circuits are busy.
1 days ago [-]
efilife 18 hours ago [-]
I am fucking sick of seeing this everywhere. I gave this article a benefit of the doubt until:
> Bluehood isn’t a hacking tool. It’s an educational demonstration of what’s possible with commodity hardware and a bit of patience.
> This isn’t about paranoia. It’s about understanding the trade-offs we make when we leave wireless radios enabled on our devices.
This LLM spam needs to end. Tons of people on HN got tired of this, and it often shows in the comments. Let's maybe start adding [LLM] to the titles of AI generated submissions?
kittbuilds 8 hours ago [-]
[dead]
Rendered at 22:48:31 GMT+0000 (Coordinated Universal Time) with Vercel.
I guess anything you send out can be used to profile you.
Some of my friends live on a farm near a semi busy road, however far enough from other farms to not be able to receive their wifi. They showed me their router logging all the wifi accesspoints that appear/disappear. There where A LOT of access points named "Audi", "BMW", "Tesla" etc. similar to those devices leaking bluetooth data. We had a discussion that it would be easy to determine who was passing by at what times due to these especially when you can "de-anonymize" the data for example link it to a numberplate.
I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
I can’t really care about obscure Bluetooth tracking when every business has CCTV doing facial recognition.
Here in Holland we must even have a mobile phone module in every car so it can call the emergencies in case of a crash.
But also this happened, just a couple of hour's drive from where I live, about ten years ago:
https://www.bbc.co.uk/news/uk-scotland-tayside-central-33505...
and similar things have happened about once a year ever since. Now in the news article I linked to a huge part of the problem was that the police didn't follow it up correctly, went to where the accident had been reported rather than where it had occurred, didn't see anything, and then gave up.
But if the car had rung from where it had actually crashed then the incident would have EISEC[1] data tagged to it, which would have given them actual co-ordinates to hit.
[1] https://www.derbyshire.police.uk/SysSiteAssets/foi-media/der... (first hit on google)
Sure it is, but people can't realistically think to randomize their plate numbers to avoid tracking... IANAL but is it probably a criminal offense to do so.
https://scholarlycommons.law.case.edu/cgi/viewcontent.cgi?ar...
Only reason I know is because I wondered if I could walk to the booth and press the button for a new parking ticket and pay for 5 minutes instead of 4 hours..
https://rfid.michelin.com/what-is-rfid/
My read through this document suggests that the maximum usable range may be as far as 5 meters, or as little as 1 meter: https://rfid.michelin.com/wp-content/uploads/2024/07/dataShe...
That's not as far as BLE or TPMS can work at, but it's not exactly like the NFC arrangement in a credit card, either. 5 meters is enough for a motivated attacker to do some undetected bulk data collection.
That's one of the funniest things about wardriving with Wigle on your phone. I can often see the SSID of "Jennifer's Equinox", "Jacks Suburban" right after I get cut off by someone in said vehicle. The vast majority of car bluetooth/wifi I see tends to have varying amounts of identifying information. It's almost as bad as the fact that apple still defaults to Jacks iPhone/iPad etc with no option to rename the device until you've finished setting it up.
Companies are not out to protect us with default settings and the majority of users need to wake up to this fact.
I am not without sin when it comes to driving a car.
It can be done, relatively easily.
I used it in train stations, and get hits when passing highways via train or bus. Esp. fun if you stand still due to traffic lights or traffic jam, since you can try to get a visual.
The only lesson to be learned here is that it allowed one to learn in 2019 Musk is overrated. But you can also learn that lesson from the book The PayPal Wars which predates this by 15 years.
> I believe shopping malls often use such signals (wifi, bluetooth) to track what your travel pattern through the mall is. They know what section of the store you spend most of your time in and what storefronts you stall at.
Not allowed in EU.
[1] https://www.teslaradar.com/
This phrasing needs to die.
Not allowed is something your parents imposed on you when you were a child.
You’re not allowed to have an ice cream, or you’re not allowed to hang out with that boy.
Laws don’t not allow anything, they only sometimes impose penalties if you’re caught breaking them.
If we're being annoying about language for no valid reason, I would say that a "phrasing" cannot "die", because a "phrasing" is not a living creature.
> Laws don’t not allow anything, they only sometimes impose penalties if you’re caught breaking them.
How does it work with your parents? Do they cast a spell that prevents you from hanging out with that boy? Nobody was "allowed" to smoke, and yet...
die /dī/
intransitive verb
2. To cease existing, especially by degrees; fade.
Does your dictionary say that "not allowed" is specific to parents and children?
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
https://news.ycombinator.com/newsguidelines.html
I'm glad we agree.
I'm surprised, I know for a fact that some stores definitely have the ability to do that on their hardware.
https://media.licdn.com/dms/image/v2/D4D12AQHCyctOFz_EJg/art...
[1] https://www.linkedin.com/pulse/what-wi-fi-bluetooth-tracking...
https://github.com/BLE-Research-Group/MetaRadar
https://f-droid.org/packages/f.cking.software
In the EU this is forbidden unless they explicitly ask your permission. They can still gather aggregate stats but they cannot build a profile on you.
Even the airports here track everyone. They say it's for public safety but I'm sure they use it for market analysis for their expensive sandwich shops too.
Yes, I remember Cisco had a product like this all the way back in 2011. They could pinpoint a customer to an exact position inside a store using triangulation, they would know which shelf you spent time in front of etc. In the 15 years since then, I expect the technology is much scarier and intrusive.
Ever been in an Apple store? Look up. In the dark voids between the edge-to-edge backlit ceiling. There are secrets there. Watching you.
"products visitors pick up" [1]
[1] https://itechcraft.com/blog/ibeacon-for-retail-store/
You could also read the numberplate directly with OpenALPR. It can be finicky to set up a camera to do this reliably in all conditions (particularly at night and high speed) but once done you could detect any car passing, not just ones with wifi access points.
When the law requires us to have numberplates, I think this just has to be considered public information for anyone who is nearby or can leave a camera nearby. It's not ideal to leak it in additional forms that might be easier for people to grab (say, with an ESP32), but it's a matter of degree rather than of kind.
But yeah, I'm with you on some of these others, particularly the medical devices. That's not great.
I definitely don't approve of mass collection across many cameras, accessible to who-knows-who with minimal if any privacy controls (Flock). But it wouldn't surprise or bother me if my next-door neighbor had ALPR enabled, as long as it's not part of that cloud. YMMV.
Full disclosure: I develop an open source home/hobbyist-oriented NVR, although it doesn't have an ALPR feature or any other analytics today.
i like that a lot, brother, thank you!
Edit: iOS
Definitely not the most obvious location. I would have expected to find this under the bluetooth settings.
I don't recall that being there when I first installed GrapheneOS. I need to go through the settings more often I guess.
It might be a cool feature if settings were highlighted or had a red dot or something until it was viewed (like an unread notification).
Apple reconnects to known devices and networks at 5am:
https://support.apple.com/en-us/102412
Bluetooth and Wi-Fi Aren't Fully Disabled When Off in iOS 11 Control Center
https://news.ycombinator.com/item?id=15297387 (2017, 143 comments)
I have a "store mode" button that just kills wifi/bt that I hit before I go into any store.
They do but most phones rotate the mac adress these days. So while they can still track you through the store (sadly) they don't have the ability to track your recurring visits.
I wish phones had the option to constantly spam broadcasts with random MAC ids. That would make the practice useless.
hmm, I wonder if there is anything about using this to combat shoplifting... short google later, seems there is, but mostly everything I'm finding is just brochures and breathless corporate announcements.
found this uni project https://capstone.cse.msu.edu/2020-01/projects/meijer/
There is also a Bluetooth shutoff app on F-Droid.
https://f-droid.org/en/packages/com.mystro256.autooffbluetoo...
I have also put an Airtag clone in my car (Loshall in iOS mode). That is probably leaking my arrival times. My water meter is also now bluetooth.
I worked for a company about 18 years ago where we did just this. We also sold the technology to car dealerships who were very interested in our silent salesman stuff where you could tie interactions with your web campaign directly to the person walking past the dealership and preload the salesman with all their details.
Grubby stuff nearly two decades ago.
Many places do this. The department stores in the mall, target, even grocery stores do it.
I mean yes, said medical devices are a whole lot less useful to me if they are not transmitting data. For some of this stuff you can't have your cake and eat it too.
Please don’t conflate these two. I have lots of BLE wearables and other sensors. They only send data to my own computer which I control, unlike IoT devices which by definition send to a third party on the Internet. To me it is far more important to protect against strangers on the Internet versus someone wardriving the neighborhood.
On a related note, did you know that EU has a Radio Equipment Directive (RED 2014/53/EU) that came into effect in 2025. It all but guarantees that such Bluetooth communication will be encrypted.
That's perhaps technically correct, but a naive interpretation of the risk. I don't need to see the data your BLE devices are sending you, all I need is traffic analysis and meta data from the signals they are broadcasting - and they broadcast that to anyone within detection range which includes attackers with much higher gain antennas than you who can likely pick up those broadcasts at ten times the distance any of your devices will communicate at.
"Flying helicopters low and slow over the Tucson desert in Arizona, the FBI has been using "signal sniffers" to try to locate Nancy Guthrie's pacemaker.
As the search for the 84-year-old mother of US Today show anchor Savannah Guthrie entered its third week, investigators took to the sky with advanced bluetooth technology.
They were hoping to pick up signals emitted from the device implanted in Ms Guthrie's chest to help trace her whereabouts, US media outlets NewsNation and Fox News reported."
https://www.abc.net.au/news/2026-02-16/nancy-guthrie-pacemak...
What bothers me more is that my sex toys broadcast on Bluetooth even when I'm using them through WiFi. It even says the brand in the device name.
Not that I give a fuck what the neighbours think but it's just none of their business. And some toys are for discreet outdoor use too. Though that's not my thing.
In the past I renamed one of my phones to "Lovense Hush" to troll, though I've never seen anyone looking suspiciously. I guess most people aren't creeps like me who check stuff like that :)
Example: my mother had a cardic resynchronization device, and it had some kind of NFC type thing to enable the full wireless comms mode: wave a wand over her shoulder and the device's radio wakes up for a set time to send data or receive adjustments. So it wasn't always transmitting, but it did require the doctor's office or hospital to have that NFC wand to initiate any kind of data aquisition or reconfiguration. If it has an always-on BLE radio, the provider would just needs the phone/tablet/laptop with appropriate software that is already required.
Since any device like is already going to have a radio equivalent to a BLE radio, then removing the NFC parts from the device (and especially from the provider side) is some amount of cost savings. I think most patients would disagree that this privacy trade-off is NOT worth it, but you have remember that the patients aren't usually the actual customers in the US health care system. (And most manufacturers are going to have the US market as a target at least somewhat.) The most common actual customer is actually the insurance companies, and they'll take every single fraction of a penny, along with "an arm and a leg".
Let's suppose we have a pacemaker, and it has data that is beneficial to read -- maybe even in real-time on their pocket computer, or opportunistically as the patient walks by their reader-device, or however that is done.
So we want this data, and we want it over RF. It probably seems obvious that it should only transmit when it is told to do so, right?
So how do we tell the pacemaker to transmit? On its face, that problem seems solved by integrating a receiver that sits and waits for a valid instruction.
Except: That receiver takes power to run. And since changing batteries inside of a person is problematic, we want them to last as long as they can while still performing the desired task.
Now we get to the not-obvious part: In terms of power, it's often less costly to intermittently transmit a string of data than to continuously operate a radio receiver. And maybe it's a bad idea to have an implanted pacemaker that has an open receiver for anything nearby to try to fuck with, anyway.
But a transmit-only radio? Good luck hacking that.
So... we do intermittent transmission, and this works for pacemakers. It also works for the cheap Zigbee thermometer I have (wherein I don't normally request the temperature; it just delivers it periodically, and it runs for years and years on a coin cell).
(Now: Should that pacemaker data be encrypted? Yes, of course. And so should the ID. In fact, the whole transmission should be indistinguishable from background noise by unrelated devices. In this way, authorized devices can then use pre-shared keys to receive and decode these messages and others receive nothing. That kind of cuts BLE and thus also the pocket computer out of the monitoring mix, but tradeoffs are tradeoffs.)
The fair comparison would be intermittently transmitting a string of data versus intermittently operating a radio receiver, wouldn't it?
Maybe it's still less costly to transmit, that I don't know. But I am interested about it :-).
> And maybe it's a bad idea to have an implanted pacemaker that has an open receiver for anything nearby to try to fuck with, anyway.
This part resonates more with me.
Good point. I don't know that this would actually work with BLE, as implemented on our pocket supercomputers (which I presume to be a useful part of the support system of a modern pacemaker).
But if we change the requirements to "Some kind of maybe not-even-invented-yet RF thing, maybe with a rechargeable translator device that a person keeps in their pocket to convert to BLE when that's useful" then: Sure. Intermittent receive could be used instead.
Whether that's more efficient or not is an interesting problem.
Transmitters tend to use more instantaneous power (ie, Watts) than receivers do, but a transmission can be very, very short. It doesn't care whether anything is listening or not. Transmitter wakes up, blurts out what it has to say, and goes back to sleep.
If a chunk of BLE data of this size takes 1ms of transmit time (it might), and it happens every 60 seconds (it might), then that's transmitting for 1.44 seconds per day.
So total consumed power over time (ie, Joules per day, or whatever) can be very low. That's part of how we got here -- BLE is built around this concept, and it all converges to make this easy to accomplish.
Meanwhile: An intermittent receiver tends to use less instantaneous power, but it usually needs to operate for a longer period. It wakes up and actively listens for instructions for a period of time. If none are received, then it goes back to sleep. Synchronizing free-running clocks is hard (and disciplining them is expensive, power-wise, compared to a sleep state), so maybe that receive window is 50ms every minute. Worst-case: The receiver operates for 72 seconds per day.
Even if receiving uses just 1/10th the instantaneous power as transmitting does (this is probably in the right ballpark), then the intermittent receiver still uses a ton more power over time -- especially if there are no transmissions to receive. (The receive window obviously closes if/when a transmission is received, so having something to hear can improve this some.)
But the end goal isn't just to wake the pacemaker up by pinging it. The end goal is for it to transmit data. So we still get to wake up the transmitter and have it do that.
Now, these are all made up numbers -- I think they're somewhere near reality, but maybe not. But it seems like kind of a double-whammy, to me, compared to intermittent transmit. :)
What's more insidious than just tracking people through the store is that the beacons can collect the bluetooth IDs of the devices they've seen and send it off to advertisers, who can use the UUID to connect a person's offline shopping with the online advertising profile they've built up for the person.
> "But here’s the thing: even if you have nothing to hide, you’re still giving away information you probably don’t intend to."
Whenever I see talk like this, I always like to post this quote that not only still rings true, but rings even louder today.
> "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
~ Cardinal Richelieu (Cardinal and former Secretary of State for Foreign Affairs of France)
That was before everyone had their "John's IPhone" or "Samsung A55" boring names everywhere and some of us cared to personalise our device's name.
Anyone else played this game?
2006, sat in a job interview. Interviewer says he'll Bluetooth over a file to me - what's by phone's name?
2006, the year that Tool's 10,000 Days had been released, which I was enjoying and, being a bit of an Edge Lord, I'd named my device after a lyric from Vicarious - which, IIRC fit perfectly into the name space and made me very happy:
> ILikeToWatchThingsDie
Excellent. Still got the job though!
"[Agency-acronym] Surveillance Van #43/44/etc.."
https://en.wikipedia.org/wiki/Bluejacking
This is my main concern over installing apps in general but specifically store apps. I've noticed that grocery stores are moving past existing loyalty cards and want you to use their apps for exclusively available digital coupons. The prices I'm seeing are very compelling and are on top of existing loyalty card discounts, and I could see lots of people using the app because of it. The assumed amount of abuse keeps me from lemminging my way through the store.
It was usually an image, movie, or audio file.
I've never seen a prompt like that on my phone and would not have guessed this.
It was interesting to see what people named stuff as even back then I figured you could use that metadata for tracking devices...but even more interesting was looking at the Mac address to see the manufacturer and try and find some rare or cool device.
Features automatic notifications if no movement detected for more than two days.
(I actually do plan to install this at my front door, but aimed mainly to detect when a deliver/parcel in on my doorstep, and I don't (yet?) plan on sniffing bluetooth/wifi with it)
Bluetooth already has a well developed MAC randomization scheme.
Lookup "resolvable private address". The short of it is, your phone can find your headphones or vice-versa, despite one or both having random addresses. The addresses can be regenerated or rotate at an interval (say 15 minutes). The first part of the address is a nonce (pRand), and the rest of the address is a 24-bit hash of pRand with an identity resolving key (IRK). So the other party just listens passively for addresses, and sees if any of them happen to have the right hash.
I don't think this is as airtight as people think it is. Certainly, if you are following somebody and one address disappears right as another appears (rotation), it's quite easy to infer the new/old addresses belong to one device. I tried briefly to convince the Android developers to synchronize that rotation globally.
You can also probably infer that if you see a pair of random MACs arrive, and they have a certain pattern of timing and payload size, you can say with some certainty that they are particular devices, say an iPhone and an Apple Watch. But that requires sophisticated equipment since most Bluetooth LE communication is over a non-cryptographic frequency hopping arrangement.
Lastly, radio fingerprinting is widely known in academia, but requires special equipment.
Is that just for the connection phase? Or does it then start publicly broadcasting a persistent MAC onced it's connected, so if you earbuds or watch are connected and communicating with your phoine, would a sniffer see a persisten MAC address or the session randomised one?
That's a problam (one of many problems) with WiFi MAC address randomisation - you can sniff the network names a phone is trying to connect to, then stand up a wifi access point with one of those names and the phone will reveal its real MAC address when it connects. I experimented a long time back with having a raspi that broadcast itself as a McDonalds free wifi access point, a huge number of phones would try to connect while I was out in public with it.
That's not how mac address randomization works now for both android and ios. Both connects with a randomized mac as well, which might be persistent per-network, but it still heavily hampers data collection. For ios specifically, it also seems to have some sort of heuristic to detect which network names are common/guessable, and use a rotating mac for those. Moreover "you can sniff the network names a phone is trying to connect to" isn't really a thing unless the network is using hidden ssid, which isn't the default for almost all routers.
I do know for sure that my iOS devices connect with persistent MAC addresses on both my home and work wifi networks - I'd _assumed_ it was the same MAC address on both networks, but I'll be curious to see if that's correct next time I'm in the office.
For me, it's worth the extra trouble because I noticed a significant reduction in battery life on my mobile devices. The reduction coincided with the rollout of Apple's "Find My" service, which was followed by Google's "Find Hub" service. (I have devices in both ecosystems.)
I wish there was a separate way to opt out of the "Find" services, but AFAIK, even if you opt out, your device may still relay traffic from other nearby devices. So it seems that the only way to preserve device battery life is to just shut off the BT.
i've been doing that since the inception of BT being available on my devices. I'm just surprised at so many people's cavalier attitude to security and privacy. And then later, it is too late to reverse course.
Anyway, the default dashboard also automatically generated a view when my neighbours "Katie's iPhone' was at home and when not, until I actively deleted it and the data it stored.
https://www.reddit.com/r/homeassistant/comments/1306pcw/home...
head explodes
do these people writing these blog posts not recognize just how super bad their blog posts look with this slop?
What a world to be alive..
he was getting 100mbit class speeds routinely. Also patches of nothing, but it was interesting. That was over 5 years ago.
Even wilder would be to buy data on you in real time and display that.
Has anyone done this or can give me ideas where to start?
[0] https://actu.epfl.ch/news/using-bluetooth-to-track-crowds-at...
> Bluetooth mesh networks—no internet required, no servers, no phone numbers
LLM slop. Both the article and the Python script
Part of the testing involves using the 'nRF Connect' app, which lists all nearby Bluetooth devices, plots signal strengths, and allows for some rudimentary communication. It doesn't seem to be Nordic-specific.
I'd frequently leave the app open scanning during development late in the evening, and rarely, an unidentified Bluetooth LE device would pop up for a few minutes then disappear.
Turns out it was my dad's pacemaker, which sends telemetry via Bluetooth to a 4G gateway they gave him (this only happens after he lies down with little movement apparently).
This prompted me to look into pacemakers and deactivation after death of course. I wish I hadn't, it turns out they leave it in the corpse unless it's scheduled for cremation.
Because of the aforementioned research, and the open field tests I was performing, it somehow devolved into me having a nightmare where I was RF testing at a graveyard, and the app suddenly displaying a bunch of pacemakers underground.
...I really hope this isn't possible - The signal through 6ft of dirt and concrete would be marginal but still detectable.
Also super random question but would you happen to have any idea/advice on how to get a Raytac MDBT50Q-CX Nordic nRF52840 Dongle (https://www.amazon.com/gp/product/B0DP6MVDZQ) flashed with ButteRFly (https://github.com/whad-team/butterfly)?
I got it flashed through nrfutil with sniffer and sweyntooth, but butterfly has not been working no matter what I try and do…
Thanks for even taking the time to read this :)
Is there a simple CLI interface that can be redirected or pipelined into other tools ?
If Bluetooth is used, it may be a way to get a count of passengers or if the passengers change. I know based on newspaper accounts that they are particularly interested in cars that stop in Philly or Baltimore.
This stuff is frequently used against cops too so they may use the tech in similar ways. If you’re someone worried about getting raided, spotting a large number of new signals at the front door is an early warning potentially.
Each person would get a unique fingerprint of named network locations
Like a marathon mass-start with 10,000 sometimes 20,000 or more people
How does bluetooth handle that? Or it doesn't?
The amount of data needed to send audio to your ear-buds is quite small compared to the spectrum available, so only needs tiny slices of spectrum and for relatively tiny slices of time. And also relatively tiny amounts of power since it's only going max 100 feet, hence a pretty small chunk of space.
If all those 10K-30K devices are constantly jumping around the frequency band to transmit tiny payloads a tiny distance, then a whole metric fuck-ton of them can interoperate in what seems to us to be very tight quarters. But to those specialzied radios it probably seems like a fairly wide open field.
> Bluehood isn’t a hacking tool. It’s an educational demonstration of what’s possible with commodity hardware and a bit of patience.
> This isn’t about paranoia. It’s about understanding the trade-offs we make when we leave wireless radios enabled on our devices.
This LLM spam needs to end. Tons of people on HN got tired of this, and it often shows in the comments. Let's maybe start adding [LLM] to the titles of AI generated submissions?