• @Monument
    link
    English
    9
    edit-2
    1 month ago

    Info dump incoming!

    Basically, your phone is a big ol’ slut.

    I’m not as well versed with WiFi, but phones are set up to be very friendly with Bluetooth. Every Bluetooth device your phone sees, it says hello to. Most phones these days don’t really disable Bluetooth (they just limit its active use), or they disable it for a limited time period.

    This is ostensibly fine, since Bluetooth supposedly identifies itself with a MAC address that isn’t necessarily tied to your identity. Unless you connect to something with Bluetooth that knows your identity, like a smart speaker, or have given Bluetooth permissions to any apps you’re logged into.

    BLE positioning with sensors utilizes BLE-enabled sensors that are deployed in fixed positions throughout an indoor space. These sensors passively detect and locate transmissions from BLE smartphones, asset tracking tags, beacons, personnel badges, wearables and other Bluetooth devices based on the received signal strength of the transmitting device. This location data is then sent to the central indoor positioning system (IPS) or real-time location system (RTLS). The location engine analyzes the data and uses multilateration algorithms to determine the location of the transmitting device. Those coordinates can be used to visualize the location of a device or asset on an indoor map of your space or leveraged for other uses depending on the specific location-aware application.
    Some random website - inpixon.com

    That’s not to say that every place you go is deploying BLE beacons to know you spent 20 minutes looking at candy when you were supposed to be making a quick run to get milk, but it’s possible that is occurring. And if it is occurring, it’s likely they’re working with some sort of data broker to deanonymize your data. Or at the very least, making their own inferences - using that loyalty card and a BLE beacon to know that the loyalty info put into a register corresponds to your MAC address.
    What’s not likely, however, is that this data is public. Your data has value, so they don’t want to let it go for free, plus if the general public knew they could be tracked almost anywhere, there might be enough outcry for lawmakers to adopt better consumer privacy laws.

    Editing to add: Even if you aren’t being precisely tracked within a retail location, a single ping on a Bluetooth device is enough to establish that your phone was within 30-50 feet of the device, which is apparently all the police need to send you to jail for 20 years.

    I hope you’ve enjoyed your tour of this info dump. Tin foil hats are on sale at the gift shop!