Global Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.
I’m not as well versed with WiFi, but phones are set up to be very friendly with Bluetooth. Every Bluetooth device your phone sees, it says hello to. Most phones these days don’t really disable Bluetooth (they just limit its active use), or they disable it for a limited time period.
This is ostensibly fine, since Bluetooth supposedly identifies itself with a MAC address that isn’t necessarily tied to your identity. Unless you connect to something with Bluetooth that knows your identity, like a smart speaker, or have given Bluetooth permissions to any apps you’re logged into.
BLE positioning with sensors utilizes BLE-enabled sensors that are deployed in fixed positions throughout an indoor space. These sensors passively detect and locate transmissions from BLE smartphones, asset tracking tags, beacons, personnel badges, wearables and other Bluetooth devices based on the received signal strength of the transmitting device. This location data is then sent to the central indoor positioning system (IPS) or real-time location system (RTLS). The location engine analyzes the data and uses multilateration algorithms to determine the location of the transmitting device. Those coordinates can be used to visualize the location of a device or asset on an indoor map of your space or leveraged for other uses depending on the specific location-aware application.
– Some random website - inpixon.com
That’s not to say that every place you go is deploying BLE beacons to know you spent 20 minutes looking at candy when you were supposed to be making a quick run to get milk, but it’s possible that is occurring. And if it is occurring, it’s likely they’re working with some sort of data broker to deanonymize your data. Or at the very least, making their own inferences - using that loyalty card and a BLE beacon to know that the loyalty info put into a register corresponds to your MAC address.
What’s not likely, however, is that this data is public. Your data has value, so they don’t want to let it go for free, plus if the general public knew they could be tracked almost anywhere, there might be enough outcry for lawmakers to adopt better consumer privacy laws.
Editing to add: Even if you aren’t being precisely tracked within a retail location, a single ping on a Bluetooth device is enough to establish that your phone was within 30-50 feet of the device, which is apparently all the police need to send you to jail for 20 years.
I hope you’ve enjoyed your tour of this info dump. Tin foil hats are on sale at the gift shop!
That’s where I know I don’t know enough to respond.
Well, crap. I just looked it up. Looks like phones will send out your MAC address when looking for WiFi networks to connect to, and they more or less always search for WiFi, unless currently connected to WiFi.
So - yeah. Same issues with Bluetooth.
And some newer consumer routers do all sorts of funky things under the hood in the name of security, which includes sending information about traffic back to their corporate home base. That could easily also include MAC addresses of passing devices. (Or telling the manufacturer every site you visit. Very fun now that the latest trend in routers is to require cloud connections and accounts, so your identity with them is ‘known’.)
Info dump incoming!
Basically, your phone is a big ol’ slut.
I’m not as well versed with WiFi, but phones are set up to be very friendly with Bluetooth. Every Bluetooth device your phone sees, it says hello to. Most phones these days don’t really disable Bluetooth (they just limit its active use), or they disable it for a limited time period.
This is ostensibly fine, since Bluetooth supposedly identifies itself with a MAC address that isn’t necessarily tied to your identity. Unless you connect to something with Bluetooth that knows your identity, like a smart speaker, or have given Bluetooth permissions to any apps you’re logged into.
That’s not to say that every place you go is deploying BLE beacons to know you spent 20 minutes looking at candy when you were supposed to be making a quick run to get milk, but it’s possible that is occurring. And if it is occurring, it’s likely they’re working with some sort of data broker to deanonymize your data. Or at the very least, making their own inferences - using that loyalty card and a BLE beacon to know that the loyalty info put into a register corresponds to your MAC address.
What’s not likely, however, is that this data is public. Your data has value, so they don’t want to let it go for free, plus if the general public knew they could be tracked almost anywhere, there might be enough outcry for lawmakers to adopt better consumer privacy laws.
Editing to add: Even if you aren’t being precisely tracked within a retail location, a single ping on a Bluetooth device is enough to establish that your phone was within 30-50 feet of the device, which is apparently all the police need to send you to jail for 20 years.
I hope you’ve enjoyed your tour of this info dump. Tin foil hats are on sale at the gift shop!
Thanks for the clarification, does this also work with wifi ?
That’s where I know I don’t know enough to respond.Well, crap. I just looked it up. Looks like phones will send out your MAC address when looking for WiFi networks to connect to, and they more or less always search for WiFi, unless currently connected to WiFi.
So - yeah. Same issues with Bluetooth.
And some newer consumer routers do all sorts of funky things under the hood in the name of security, which includes sending information about traffic back to their corporate home base. That could easily also include MAC addresses of passing devices. (Or telling the manufacturer every site you visit. Very fun now that the latest trend in routers is to require cloud connections and accounts, so your identity with them is ‘known’.)
Most phones these days use randomized MACs
https://www.guidingtech.com/what-is-mac-randomization-and-how-to-use-it-on-your-devices/
Not sure if that is for BT too, but looks like there is some support for it in the standards
https://novelbits.io/how-to-protect-the-privacy-of-your-bluetooth-low-energy-device/