• tal@lemmy.today
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      edit-2
      7 months ago

      Google was already building a huge database with the locations of all the WiFi and Bluetooth devices at given times that they could. That’s how the high-resolution location services they use work.

      Bluetooth and WiFi radios broadcast unique IDs. Google has any Android phones in the area tell them signal strengths and location, which is sufficient not just to locate the phone sending them the data, but also all those devices. And due to how those IDs are allocated, they can identify device types, data-mine that.

      Google already knows what Bluetooth devices you have and can follow them as they move and knows where and when they were powered on. Bluetooth-enabled smart TVs, Bluetooth-enabled earbuds, Bluetooth-enabled smart lightbulbs, Bluetooth-enabled keyboards, Bluetooth-enabled mice, Bluetooth-enabled game controllers, Bluetooth-enabled (or WiFi-enabled) cars. If you flipped on a Bluetooth-enabled vibrating buttplug in a hotel room that also happened to contain two Bluetooth-enabled smartphones anywhere in range of an Android device using Google Location Services – including potentially either of the two phones themselves – Google knows about the location and time of that incident and has logged it in their database.

      They’ve already got that data. This is just exposing some of that data that they already have to the device owners.

        • sbv@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          7 months ago

          Your phone is being tracked by cell towers. It doesn’t matter what features you disable for yourself, as long as your phone is connected to the cell network, it is a corpo tracking device.

          • BreakDecks@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            7 months ago

            Oh well in that case I’ll just make no effort to disable any privacy compromising feature ever since it doesn’t matter anyway. /s

            Stop telling me stuff I already know like it has anything to do with my intent to turn this feature off.

        • tal@lemmy.today
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          7 months ago

          Well, as things stand, yeah, probably.

          So, in theory, you could have a Bluetooth device randomize its unique ID. The problem is that I believe that devices use that to identify devices that they’ve paired with, so you’d need to re-pair, as things stand.

          I don’t know if there’s a way to do Bluetooth without exposing a unique ID today. But I’d imagine that it’s possible to modify the protocol such that it’s possible.

          I think that there are two problems here (and this is without going and digging through the protocol specs, to see if anything else is exposed).

          The first is that a device type is exposed pre-authentication. That’s useful, since it lets people choose a device for initial pairing from a list of inscrutable IDs. Coupled with location, that’s likely to do a pretty good job of uniquely-identifying a number of devices. I don’t know whether that’s just done via a database based on OUI (MAC addresses get allocated across the world in “blocks” to manufacturers, so you can use this to identify devices; Ethernet devices can be identified in this way, as they also use MAC addresses) or whether the device additionally broadcasts information about what it is. But either way, that does a limited amount to expose identity on its own.

          The second is that the MAC, the unique identifier on each Bluetooth device, gets broadcast. That’s a problem.

          Laptops started randomizing the MAC on WiFi transmitters precisely because of this concern about privacy. But there are a hell of a lot more Bluetooth mobile devices out there than WiFi devices, making it even more of a privacy issue for Bluetooth. For WiFi, this isn’t an issue, because you don’t randomize the MAC on the wireless access point – which generally, aside from some cases like cars that are now an issue – but on the phone/laptop/etc side.

          One thing I suspect that might work is to randomize the MAC on Bluetooth devices – say, a pair of Bluetooth earbuds. At pairing time, have some kind of shared secret that is allocated on a device, shared with devices that pair. Then whenever the Bluetooth device broadcasts its presence, it sends out a number based on a hash of that secret and the current time, same sort of thing that time-based one-time-passwords do. A phone or laptop that has previously paired with a pair of earphones knows that secret, and can identify a device based on what the current TOTP for the device is. That’d prevent an arbitrary receiver just listening to broadcasts from uniquely-identifying the broadcasting device. It does mean that you’d need to deal with the issue of having an accurate clock on the device, and maybe re-synchronizing it periodically in some way.

          There are a couple of caveats there. One big one is that if you can pair to the device, you can get its secret, and from then on, you can uniquely identify to it…and if someone just runs around pairing with devices, they can harvest those. That’s harder, since typically Bluetooth devices don’t permit pairing with multiple things at once, but there are a lot of things that aren’t going to be paired at any point in time. Originally, I believe that Bluetooth devices tended to require authorization to pair on each end, would have some sort of shared secret that needed to travel via some other channel. For example, I have a Bluetooth keyboard. When I pair it with my phone, it requires me to type out a code provided on the phone screen on the keyboard. That avoids stuff like man-in-the-middle attacks, is really the ideal thing to do…but isn’t quite as user-friendly, and requires the device to have some form of input/output capabilities.

          Other devices devices required one to throw them into a “pairing” mode. I have some game controllers like that – they’ll only let a computer pair with them if I’ve held down the “Bluetooth pairing” button for a while. That’s not quite as good, as someone could theoretically attack them in that window, but for almost all of their life, they’re not in “pairing” mode. You can’t just travel around and pair with them.

          But a lot of devices don’t seem to do that now. Like, I have a couple pairs of Bluetooth earbuds. It’s not the case that either the phone or the earbuds give a number or anything like that and have you punch it in on the other end. They just permit anything that wants to to pair with them as long as they haven’t actually paired with the phone. That’s not great, and my guess is that for those devices, you could pair and harvest secrets and then track them the way you do existing Bluetooth devices.

          It’s actually kind of unfortunate, because it’s legitimately-useful to have things like Google Location Services. It permits obtaining a location fix rapidly, and permits doing so when GPS reception isn’t functioning, like indoors. And it helps improve location accuracy. Like, I’d be very happy if there were little, low-power radios that did broadcast unique IDs. The thing is, though, you don’t want to have them moving around with someone, because that introduces tracking problems. You want to have them only at fixed locations. In fact, one of the problems that the Google Location Services people had to solve would have been filtering out Bluetooth radios that did move around, because those mess with a phone’s location; if you’re trying to detect a smartphone’s location on the smartphone, you only want to know the strength of static, unmoving radios.

          It might be kind of nice if there were a radio protocol specifically for that, for doing nothing other than detecting location. I’d want a given device to permit regenerating its unique ID, so that you could move it. Maybe have the protocol permit broadcasting a location, so that you can bootstrap the database by initially trusting where devices say that they are. And maybe have the device also broadcast at different signal strengths periodically, less-frequently at high power, and indicating its broadcast power to receivers. Finally, it might be useful for ones with multiple receivers to do beamformed transmission and indicate to receivers the direction in which it is broadcasting. Hmm. If you mandated GPS, you could maybe just regenerate the ID automatically if the device thought that its position had dramatically changed, which would also defeat tracking attempts, even if someone moved a theoretically-static radio station. All that would be useful information to beat the existing WiFi/Bluetooth mechanisms for getting a better position fix. I mean, I’d put a small radio device like that at my place if it’d speed up location fixes for myself and other people.

          But that isn’t the situation in which we find ourselves.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            Bluetooth could probably use public key crypto, like the new passkey authentication websites are moving toward. Basically, you’d pair once (which gets you the public key), and then the broadcast “id” would change every time it turns on based on that internal private key.

            And yeah, I’m not a fan of devices broadcasting their type. That could make me a target for theft if someone scans for what devices I have. I haven’t read through the spec, but hopefully that info is only broadcast when pairing (and I’m fine with that since it’s opt-in).

            One big one is that if you can pair to the device, you can get its secret, and from then on, you can uniquely identify to it

            Not necessarily, they don’t need to be able to generate ids, just verify them.

            Even if it’s required for some reason, it could generate a new keypair every time you pair it, and Bluetooth devices could store some number of keys (say 3) for paired devices.

            It permits obtaining a location fix rapidly, and permits doing so when GPS reception isn’t functioning, like indoors.

            How often do you need that though? The only times I feel like I really need location are:

            • using a mapping service - need accuracy within a few meters - GPS is fine
            • looking for a lost item - I probably know where it is within a few meters (in my house, car, or workplace) - could use RFID and triangulate
            • looking for someone - a few meters or an address is fine - I can just call them, or they can go outside for better GPS signal
            • stolen item - I’m not going to go pick it up, and I doubt the police would either; insurance is a better option here

            So I really don’t see a reason why I’d need hyper-accurate location info.

            I generally disable location access in apps I use, I keep Bluetooth off unless I’m actively using a Bluetooth device, and I never get those tracking tags because I don’t want to be tracked. I haven’t had a problem where I wished I did things differently, so I’m honestly unsure what actual problem it’s solving, and the potential for abuse is way too high (e.g. more private data slurped up for advertising, like ads for a shop you recently visited).

            • tal@lemmy.today
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              but hopefully that info is only broadcast when pairing (and I’m fine with that since it’s opt-in).

              Even if it’s not, it’s gonna be at least roughly derivable from the OUI, given that it broadcasts the MAC address.

              That could make me a target for theft if someone scans for what devices I have.

              Yeah, that’s actually an insightful point that I hadn’t thought of.

              Especially if you throw a directional antenna on, can basically drive down a street mapping where all the valuable Bluetooth-enabled electronic devices are.

              How often do you need that though?

              I mean, I have benefited from it, though for most of what I do, the ability to reliably get a fix anywhere is the biggest draw, with rapid acquisition a second and the accuracy probably a third in terms of benefit. That doesn’t mean that I want the privacy tradeoffs that exist today, just that I’d like to be able to have something better than un-augmented GPS.

              • A GPS fix takes a while (like, can be tens of seconds) to acquire. If I’m driving and suddenly wonder whether I’ve missed my destination, sometimes I’ll want to check; I’d rather not wait 30 seconds for the mapping application to know where I am so that it can start routing.

              • Some places – cities with tall buildings are a particularly common and unfortunate example – can make it hard to get a GPS fix, and when that fix is acquired, the accuracy can be degraded by reflections.

              • I generally haven’t had a lot of luck with GPS fixes internal to offices last I tried. I mean, a lot of people do spend time in an office or a store, and the ability to just readily pull a smartphone out and access location is pretty handy. Another handy example is routing someone around an airport, even though they’re inside the terminal.

              • You just aren’t going to get a GPS fix at all some places, like underground. That’s less of an issue for me in particular, but I’d imagine that it’d be nice for someone who works in a basement level of an office or store to be able to use location data. Not common enough for me to worry, but when I’m driving through a tunnel, it’d be nice to still have navigation working.

              • Some applications, like augmented reality – and yeah, I know, we haven’t really had it take off, but I’d expect it to do so – really do legitimately-need fairly-accurate location data.

              • The more-accurate a fix – and the more software can rely on a fix being accurate – the better routing is. I’d like my navigation software to quickly know that I took the wrong offramp or the like.

              I keep Bluetooth off unless I’m actively using a Bluetooth device,

              That does require one to manually fiddle with it, but even aside from that, Bluetooth devices are really proliferating. Right now, within two feet of me, I’ve got a smart phone, tablet, laptop, and pair of earbuds that use Bluetooth. I mean, in a public area, if I pull out my phone and do a query for nearby devices, I see a lot of Bluetooth devices these days. I mean, it’s hard to even get a smartphone any more with a 1/8" TRS audio interface (though I guess one could plug in a USB-C adapter); it’s just kind of assumed that all users will use Bluetooth.

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                7 months ago

                can be tens of seconds

                Sure, if it’s off. But most phones already have a fix most of the time, so unless you’re coming out of a tunnel or something, it really shouldn’t be noticeable. At least, I haven’t noticed it.

                And you can still get a pretty good fix from a cell tower. I’d rather that connection be more private, but at least it’s between me and the service provider (and the cops I guess) and not some random person on the street. An attack on that would be far more sophisticated than a Bluetooth attack.

                cities with tall buildings

                Ah, I’m rarely downtown, so that’s probably why I haven’t run into it. But wouldn’t 5G triangulation largely solve this?

                As for indoors, what exactly do you need the fix for? Surely you know where you are, so you can enter that into your maps provider if the fix isn’t accurate. Seems like a big trade-off for a small inconvenience.

                And for airports, I just look at the map. They’re usually at every junction, so it only takes a few seconds to find where I need to go. Those maps are in the backs of airplane seats, so I just look it over while waiting to get off.

                augmented reality

                This seems pretty legitimate, but surely we can solve it with local AI (e.g. Google Pixel 8) instead of calling home. If I walk into a store and want a price for something, it should recognize the store I’m in and be able to recognize the product or whatever.

                I’d like my navigation software to quickly know that I took the wrong offramp or the like.

                Doesn’t it already? I get that even without Bluetooth enabled, so it’s only working off GPS and cell towers. And this is with a super crappy phone (2020 base Moto phone). I’ve never had a problem with a bad fix for driving directions.

                it’s hard to even get a smartphone any more with a 1/8" TRS audio interface

                Yeah, that annoys me to no end. I don’t care about losing the SD card slot, but I really like wearing corded headphones around the house since they sound so much better.

                I’m not some tech Luddite or anything, and I have my fair share of Bluetooth stuff (shokz headphones, keyboard, mouse, phone, 2 laptops, desktop, etc). I just don’t want my Bluetooth stuff tracked by anyone, especially not Google or Apple. In fact, the only reason I have an Android phone is because there’s no viable third option, and Android helps me feel more in-control (I have a firewall and have disabled most of the default apps). I’m getting a Pixel next to (ironically) get rid of most Google crap with a custom ROM (they’re really compatible with ROMs).

                All I want is my things to securely connect with my other things when in range, and that’s it.

                • tal@lemmy.today
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  7 months ago

                  But most phones already have a fix most of the time

                  I can’t speak as to what everyone does, but normally on my phone, with Location Services off, normally that’s not the case. The GPS circuitry only gets powered up when I open an app that uses the location.

                  And you can still get a pretty good fix from a cell tower.

                  Ehh…I don’t know.

                  I haven’t tried experimenting, but the range is pretty hefty on those. If you can see a given Bluetooth device at all, you have a pretty small area that you can be in. If you get a cell tower, maybe the signal is weak because you’re a long way away, or maybe it’s because there’s a reflection, and only part of the energy is coming back.

                  A cell signal will put you in the right part of the world, but…

                  Ah, I’m rarely downtown, so that’s probably why I haven’t run into it. But wouldn’t 5G triangulation largely solve this?

                  As far as I know, cell phones have no information about the direction of cell towers that they can talk to. 5G towers might use beamforming, but as far as I know, any location information that they may derive about the phone from that are not available to the phone. The phone provider might log it themselves.

                  I do recall watching a video of someone using a GNU Radio-based system, tracking down a radio station in a “fox hunt” using an antenna array on the top of their car. Basically, same thing in reverse. And based on the (limited) accuracy they got, I’m a little suspicious that the cell tower, even with beamforming data, isn’t gonna have anything like the kind of accuracy that GPS does, even outside.

                  googles

                  This might have been it.

                  https://www.youtube.com/watch?v=OY16y1Rl86g

                  indoors

                  I personally generally deny access, but a number of websites now request one’s location to do things like provide nearby stores (e.g. look up an item, walmart.com will provide a list of nearby stores and the stock status of a given item). Being able to provide at least a general location is useful, which you can’t do without a GPS fix; the accuracy doesn’t have to be great for that, but you do have to be able to get it, and that’s not necessarily the case indoors.

                  This seems pretty legitimate, but surely we can solve it with local AI (e.g. Google Pixel 8) instead of calling home. If I walk into a store and want a price for something, it should recognize the store I’m in and be able to recognize the product or whatever.

                  Like, use the camera to identify the location? I mean, maybe. That’s a lot more passive processing that one is gonna have to do, if so. We aren’t there today. And the reduction in data would have to be pretty dramatic. If you want to do something like that locally, for just walking down a street, you’re talking about the Google Street View dataset. Are users gonna be expected to walk around with the camera recording and seed this thing?

                  Doesn’t it already? I get that even without Bluetooth enabled, so it’s only working off GPS and cell towers. And this is with a super crappy phone (2020 base Moto phone). I’ve never had a problem with a bad fix for driving directions.

                  I use OsmAnd, and it certainly tends to be sticky (I assume operating on the assumption that there may be error, and assumes that one is on the road that one previously was).

                  All I want is my things to securely connect with my other things when in range, and that’s it.

                  Yeah. I mean, I’m with you on that.

  • poopkins@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    6
    ·
    7 months ago

    There is a much more sinister issue that Google is trying to resolve with this: it’s currently possible to stalk somebody by placing a tracker fob in their bag or on their car, so long as you know the victim’s device doesn’t support it.

    Suppose some creeper with an iPhone is stalking a victim with an Android phone. So long as they use an Apple AirTag, the victim will never know they have a tracker trailing them wherever they go. And in reverse, the issue is the same.

    Apple isn’t concerned about this, because they hold a monopoly in the market they care most about and can leverage this as an iPhone-only feature. After all, so long as you have an iPhone, you’ll be warned about an AirTag you don’t own following you. Apple wants to leverage this as an exclusive safety feature and have no intention of allowing other devices to do the same.

    Apologies for providing this background as I know that this goes against the circle jerk of accusing Google of infringing our privacy. Feel free to disregard this context of it being beneficial to our collective privacy.

    • pastabatman@lemmy.world
      link
      fedilink
      English
      arrow-up
      20
      arrow-down
      1
      ·
      7 months ago

      This is not correct. Android devices can detect apple’s air tags and alert users when an unauthorized tag is nearby. Google delayed the launch of their network to wait for Apple to implement the same feature for Android compatible tags, which is finally coming in the next iOS update.

      • poopkins@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        4
        ·
        edit-2
        7 months ago

        Android has no way of knowing if a tag is “unauthorized” because Apple does not provision access to their tag network. You could, in principle, ignore tags that you know about, but you’d have to do it by identifying it by some arbitrary hexadecimal GATT ID.

        As always, Apple wants to keep it that way, because it gives a poor experience on Android.

        Theoretically (and I might be wrong about this), without attempting to reverse engineer how Apple assigns these codes, there would be no to differentiate AirTags, AirPods, iPhones, etc.

          • lud
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            Yeah probably one of the only things Apple and Google could decide on together.

          • poopkins@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            4
            ·
            7 months ago

            Yes, users have begun to be alerted of trackers—this is the recent change by Google as it relates to this post. An ongoing issue is, to my knowledge, that there’s no way to identify what kind of device it is. Goggle’s instructions literally suggest taking a screenshot of the serial number for later reference.

            • signalsayge
              link
              fedilink
              English
              arrow-up
              2
              ·
              7 months ago

              I get alerts on my Android for an Airtag I keep in my backpack all the time. My phone gives me the option to make the Airtag play a sound.

              • poopkins@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                7 months ago

                Allow me to clarify:

                • Limited support for AirTags has been added to Android, that is the context of the posted article and the experience you are describing.
                • Apple neither supports account access on Android devices or provisions access to their tag network on behalf of linked accounts, so unless you have an Apple device, you cannot stipulate that a tag that belongs to you.

                Consequently, the solution offered by Google appears to have been effectively built without Apple’s support. Goggle’s added support for AirTags despite Apple’s cooperation—and support for other tracking devices—is a net positive for privacy.

    • WoahWoah@lemmy.world
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      7 months ago

      Am I misunderstanding, is this not that? My understanding is the this will allow you to find devices other than your phone–tablets, earbuds, etc–by triangulating the location using not just your own phone but all Android phones local enough to detect the device being sought.

      • Derin@lemmy.beru.co
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        Yep, but as Google’s network (which would be the most comprehensive) is not yet ready, I’m using the next best thing: both Samsung and Apple’s - combined.

        Note: I don’t live in a country where Tiled is sold or used too often, so they’re a no-go.

        • Kanzar@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          ·
          7 months ago

          Tile sucks in any country compared to the Apple and Samsung networks so you’re not missing out on much.

          • eluvatar@programming.dev
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            IMO Tile is fine because usually you forget where something is because you left it there, and so your phone will tell you where you left it, you really only need a network if the thing moves after you left it somewhere.