Sorry if my English has errors. I’m at medium to high risk of imprisonment for joining an anti-corruption activist group. I must be able to continue to use the internet and understand there is risk with it, but I want a security plan that gives us the best chance at safety. I did a lot of research and decided that I will buy a phone to run GrapheneOS without a mobile plan.
We have many uses for Bluetooth like Briar. Also we make long trips for our work and some members need to listen to news or music to last the trip, but since we are mostly in loud areas we’re stuck with noise canceling headphones which always use Bluetooth. My concern is if our phones or headphones could be tracked with Bluetooth and what we can do about it. I looked at some other posts on this forum but didn’t find details on how the tracking works and what solutions there are. GrapheneOS forum doesn’t give an answer: Bluetooth address tracking and randomization - GrapheneOS Discussion Forum
Absolutely. There are even scanning systems that tie in with surveillance cameras, so the scanners find nearby Bluetooth devices and the cameras tie that data to facial recognition. So pretty quickly they can not only determine where a device is, but who was using it.
The only thing that saves Bluetooth from being a total nightmare is its very short range, but if you are at risk of being physically tracked or if you frequent public places that are likely to have systems like the one I mentioned, then Bluetooth is very dangerous to use.
Bluetooth is very confusing because it can refer to Bluetooth or Bluetooth Low Energy, which despite the name is almost entirely different than Bluetooth technically. BLE is slightly better and more secure than Bluetooth, but there are still real-world methods of tracking BLE:
Additionally, it is very hard to tell whether you are using BLE or Bluetooth with a particular device, I don’t think it says anywhere in the OS.
In any case though, the use of either is very discouraged.
I wasn’t aware of facial recognition, but to give you an idea of how advanced and seemingly prevalent this is, here is a link. I see similar articles from almost 10 years ago, so its almost certainly more popular now. Seems to have a low barrier of entry as a benefit to the retailer.
Doesn’t MAC address randomization solves this ? Since the identifier always changes for each device connected ?
I naively hoped that it was that simple
Or the name of the device is also shared ?
That is a Wi-Fi feature, not Bluetooth. Bluetooth LE (only) has some device address randomization, but like I said above there are other methods of tracking BLE devices using non-device-address information that still makes it dangerous.
If you don’t mind using IEMs, you could look at wired earbuds with a battery running a local noise cancelling system. I have an old pair Audio Technica ones that just take a AAA battery in the mic/volume rocker part and you can turn noise cancelling on and off on them. This way you won’t have any Bluetooth signals going, just straight hard wired audio.
Edit:
These are a newer version of what I mentioned above.
