Walking By Devices With Your Phone Exposes Who You Are

28 Sep 2019

Increeasingly, many locations are adding bluetooth-tracking devices (sometimes called beacons) to track where you go and what you do (such as which department in a store you spend time in). Legacy Bluetooth devices and devices that don’t implement privacy-protections broadcast a persistent identifier that is unique to the device, usually several times per minute. Bluetooth devices, like Wi-Fi devices, support a privacy-enhancing technique that periodically randomizes the broadcasted address, which makes it harder to track them as their owners move about in the world. How do you tell if your device is protecting your privacy or not?The only way to check that your Bluetooth enabled devices do a good job is to manually test one and verify that it preserves your privacy. You need to do this first to ensure your device pairing won’t interfere with the test by unmasking the real address of the devices you want to test. If you’re having trouble identifying your device then make sure it’s powered on and try walking away from other Bluetooth devices. Not all Bluetooth devices broadcast continuously so keep an eye on the list for at least a few minutes. If your device’s address changes over time, then it has implemented BLE Privacy protections. A unique combination of Bluetooth devices may be used to fingerprint your Bluetooth signature, which again exposes you to persistent tracking even when BLE Privacy protections are implemented.