COVID19 tracking via bleutooth already sharing device info

[samspaces]

Hoping there's some tech savy bitcoiners (or shitcoiners) here.

I noticed COVID19 google android tracking has been installed on my phone. I also read iOs 13.5 did the same.

Now, on my phone when I turn on bleutooth, nothing out of the ordinary, just a few devices in the neighborhood.

But when I turn on bleutooth on my linux laptop, it floods with unknown devices. Via bt-device -l in the terminal, I can see their MAC addresses like so (this is just a sample)

69-53-E0-40-BC-4F (69:53:E0:40:BC:4F)
6C-2F-A3-A5-F7-E9 (6C:2F:A3:A5:F7:E9)
6A-F3-AB-4E-11-DF (6A:F3:AB:4E:11:DF)
75-F8-66-65-C3-CD (75:F8:66:65:C3:CD)
5D-DE-F4-B2-98-07 (5D:DE:F4:B2:98:07)
55-5E-51-B4-72-12 (55:5E:51:B4:72:12)
71-17-83-1B-2C-BC (71:17:83:1B:2C:BC)
4F-A4-03-44-79-10 (4F:A4:03:44:79:10)
76-82-73-A0-12-5C (76:82:73:A0:12:5C)
60-BD-FB-EE-10-3B (60:BD:FB:EE:10:3B)
F8-77-B8-12-3D-07 (F8:77:B8:12:3D:07)
51-CD-C9-CC-B5-7B (51:CD:C9:CC:B5:7B)
68-35-35-C7-95-B5 (68:35:35:C7:95:B5)
66-3B-53-87-F1-2C (66:3B:53:87:F1:2C)
88-C6-26-79-1C-9C (88:C6:26:79:1C:9C)
7C-D7-CB-A9-22-1C (7C:D7:CB:A9:22:1C)

My assumption is these are phones in the vicinity sharing bleutooth info on another level than the user level.

Your thoughts on this?

[1714924926]

1714924926

[1714924926]

1714924926

[1714924926]

1714924926

[squatz1]

Hm. Question in regards to your phone -- did you willingly download the app that was sent out by your health authorities? Because to the best of my knowledge (https://support.google.com/android/answer/9888358?hl=en-GB) I don't think that Google/Android has released their own unified app. Pretty sure that's under the direction of health officials within your area.

I think answering that would help to see exactly what is going on here. But if you're not willingly to share that's understandable -- kinda would tell us where you live ( at least on the country level)

[samspaces]

Hm. Question in regards to your phone -- did you willingly download the app that was sent out by your health authorities? Because to the best of my knowledge (https://support.google.com/android/answer/9888358?hl=en-GB) I don't think that Google/Android has released their own unified app. Pretty sure that's under the direction of health officials within your area.

I think answering that would help to see exactly what is going on here. But if you're not willingly to share that's understandable -- kinda would tell us where you live ( at least on the country level)

No, I'd never install that app.

From the link you provided "When you turn on exposure notifications within an app from your region's government public health authority, your phone shares random IDs with other nearby phones that also have turned on the exposure notifications system. Throughout the day, your phone and the phones around you exchange random IDs. When your phone detects a random ID from another device, it records and stores the ID."

Given the flood of MAC addresses, I'm assuming regardless of anything people install from the government (which I'd never do) this app is already
working on some protocol level via bleutooth connections. I was hoping someone with some more knowledge of bleutooth protocols could verify this.

[squatz1]

Hm. Question in regards to your phone -- did you willingly download the app that was sent out by your health authorities? Because to the best of my knowledge (https://support.google.com/android/answer/9888358?hl=en-GB) I don't think that Google/Android has released their own unified app. Pretty sure that's under the direction of health officials within your area.

I think answering that would help to see exactly what is going on here. But if you're not willingly to share that's understandable -- kinda would tell us where you live ( at least on the country level)

No, I'd never install that app.

From the link you provided "When you turn on exposure notifications within an app from your region's government public health authority, your phone shares random IDs with other nearby phones that also have turned on the exposure notifications system. Throughout the day, your phone and the phones around you exchange random IDs. When your phone detects a random ID from another device, it records and stores the ID."

Given the flood of MAC addresses, I'm assuming regardless of anything people install from the government (which I'd never do) this app is already
working on some protocol level via bleutooth connections. I was hoping someone with some more knowledge of bleutooth protocols could verify this.

Yeah I wouldn't think you would be installing an application like that. Not too bitcoin of ya (lol)

I'm not the person who advanced knowledge of bluetooth though, just thought I would try to troubleshoot with you on the basic level that I could. Though you're probably right on this working on some protocol level when OTHERS install the app and you're just around them.

Stay safe and goodluck, +merited.

[samspaces]

Yeah I wouldn't think you would be installing an application like that. Not too bitcoin of ya (lol)

Yea, I was kind of surprised you asked

I'm not the person who advanced knowledge of bluetooth though, just thought I would try to troubleshoot with you on the basic level that I could. Though you're probably right on this working on some protocol level when OTHERS install the app and you're just around them.

Stay safe and goodluck, +merited.

The problem I see with this (and tracking apps in general) is that one can be targetted by exclusion, so even if I opt-out, I'm still tracked and could in extreme scenarios be confined if some idiot I pass on the street or walks past my house did install it.

Anyway, feel free to check in here again if you hear or know something.

[MysteryMiner]

Disabling Bluetooth might solve this issue once and for all. Unless the app or Google service ignores the setting and uses Bluetooth hardware directly.

What is the name of the app? I do not see anything pushed by Google.

[samspaces]

Disabling Bluetooth might solve this issue once and for all. Unless the app or Google service ignores the setting and uses Bluetooth hardware directly.

What is the name of the app? I do not see anything pushed by Google.

You'll find it if you look at the settings under google in android. It's at the top. And yes, I'm assuming it just ignores the user level bleutooth setting.
https://support.google.com/android/answer/9888358?hl=en-GB

[xxjumperxx]

I can confirm that iOS has the Covid19 Functionality installed in 13.5.

Just search through your settings for covid and it will appear.

It is disabled by default and can only be actviated if you install an authorised app that can send the messages to other phones.

TO my knowledge there isnt an authorised app available, at least I couldnt find one.

[Gyfts]

I noticed COVID19 google android tracking has been installed on my phone. I also read iOs 13.5 did the same.

Those bluetooth connections could be from anywhere, where are you getting this information from? Are you saying by just the MAC addresses appearing on bluetooth devices, that its COVID-19 related?

[xxjumperxx]

I noticed COVID19 google android tracking has been installed on my phone. I also read iOs 13.5 did the same.

Those bluetooth connections could be from anywhere, where are you getting this information from? Are you saying by just the MAC addresses appearing on bluetooth devices, that its COVID-19 related?

True!

Google and Apple said this data would be sent anonymous.
Sending out MAC Adresses would not be anonymous...

As Gyfts said this is probably nearby Bluetooth Devices that are available.

Apple has a seperate section for this and lists the data it sents and to whom...

As said, seriously doubt this has anything to do with the covid function.

[samspaces]

I noticed COVID19 google android tracking has been installed on my phone. I also read iOs 13.5 did the same.

Those bluetooth connections could be from anywhere, where are you getting this information from? Are you saying by just the MAC addresses appearing on bluetooth devices, that its COVID-19 related?

True!

Google and Apple said this data would be sent anonymous.
Sending out MAC Adresses would not be anonymous...

As Gyfts said this is probably nearby Bluetooth Devices that are available.

Apple has a seperate section for this and lists the data it sents and to whom...

As said, seriously doubt this has anything to do with the covid function.

No, it's not the regular bleutooth devices in the vicinity. When I check bleutooth connections on my imac/android, I see only 2 or three, just as it was before.

When I enable bleutooth on linux, it floods with 'unknown devices', not shown on android/imac. The MAC addresses as identifiers probably rotate, so this could classify as 'anonymous'.

[Gyfts]

I noticed COVID19 google android tracking has been installed on my phone. I also read iOs 13.5 did the same.

Those bluetooth connections could be from anywhere, where are you getting this information from? Are you saying by just the MAC addresses appearing on bluetooth devices, that its COVID-19 related?

True!

Google and Apple said this data would be sent anonymous.
Sending out MAC Adresses would not be anonymous...

As Gyfts said this is probably nearby Bluetooth Devices that are available.

Apple has a seperate section for this and lists the data it sents and to whom...

As said, seriously doubt this has anything to do with the covid function.

No, it's not the regular bleutooth devices in the vicinity. When I check bleutooth connections on my imac/android, I see only 2 or three, just as it was before.

When I enable bleutooth on linux, it floods with 'unknown devices', not shown on android/imac. The MAC addresses as identifiers probably rotate, so this could classify as 'anonymous'.

Again, this doesn't necessarily mean it's COVID-19 related. Your device could be picking up anything nearby that's letting off a signal which won't necessarily show up on your devices list. Cellphone companies already give up their tracking data to government entities. They wouldn't need to use bluetooth devices.

[samspaces]

The only explanation I have for the difference between apple/android not detecting new connections and linux now detecting a ton (it didn't use to do that), is the api implementation of COVID19 tracking protocol by apple/google.

If you know a plausible other explanation, I'd like to know.

[madnessteat]

~snip~

It is my understanding that mobile operators collect all information about smartphone users in a database to provide this information to intelligence agencies when necessary. Most likely, it collects information about Wi-Fi and Bluetooth device connections as well.

I may be wrong, but I think that all of this data is collected to track the movements of infected people and to identify those who have contact with the patient more quickly.

[samspaces]

I may be wrong, but I think that all of this data is collected to track the movements of infected people and to identify those who have contact with the patient more quickly.

That's the excuse. If this isn't a hard technical opt-in, it can escalate to all kinds of grotesk behavior from government based on vicinity tracking, like crowd control, suspect until proven innocent, i.e. with a small adaption to 'oh, this is to protect you', you can be rounded up for all kinds of shit for just having contacted some phones via bleutooth.

[madnessteat]

That's the excuse. If this isn't a hard technical opt-in, it can escalate to all kinds of grotesk behavior from government based on vicinity tracking, like crowd control, suspect until proven innocent, i.e. with a small adaption to 'oh, this is to protect you', you can be rounded up for all kinds of shit for just having contacted some phones via bleutooth.

I don't think so. In my opinion, this is how information about the movement of a person is collected.

Imagine you're moving around in a city with a smartphone that has geolocation, Wi-Fi and Bluetooth enabled. If the police request information about the time your device was connected to base stations, Wi-Fi hotspots and Bluetooth devices, they can easily construct your approximate route and identify the people you've communicated with.

[samspaces]

I don't think so. In my opinion, this is how information about the movement of a person is collected.

Imagine you're moving around in a city with a smartphone that has geolocation, Wi-Fi and Bluetooth enabled. If the police request information about the time your device was connected to base stations, Wi-Fi hotspots and Bluetooth devices, they can easily construct your approximate route and identify the people you've communicated with.

Geolocation triangulation is based your phone number and on provider info being handed to inquiring agencies, which requires a court order. Besides that, they'd have to go through this procedure for all suspect persons. The bleutooth protocol utilized by apple/google connects no matter what, and to your social media identity. Under the guise of 'covid-info' any situation can be analysed, so I'd say there's a huge difference.

But that's a bit deep into the possible consequences. Fairly sure the initial assumption of this api already collecting data is true, but would like to hear more corroboration on this.

[squatz1]

I may be wrong, but I think that all of this data is collected to track the movements of infected people and to identify those who have contact with the patient more quickly.

That's the excuse. If this isn't a hard technical opt-in, it can escalate to all kinds of grotesk behavior from government based on vicinity tracking, like crowd control, suspect until proven innocent, i.e. with a small adaption to 'oh, this is to protect you', you can be rounded up for all kinds of shit for just having contacted some phones via bleutooth.

+1 to that.

The last thing we want is to set a precedent for the government being allowed to take away more of your rights to privacy just because they deem there's an emergency going on. That's not me saying that I don't think we're in a crisis, we are right now -- but next time the government may just declare a crisis in order to take more and more of your data and privacy away instead of just 'protecting you'

Hard technical opt in is what needs to happen here and for every future attempt to grab your data. If you accept that opt in then so be it, that's on you. But I should at least make the decision.

[samspaces]

If you accept that opt in then so be it, that's on you. But I should at least make the decision.

Yes, exactly my point with putting this thread out here, as I think we're already past the stage of hard technical opt-in, given the many connections on linux I'm seeing. I think it's relevant we find out if that's the case or not. Also notice that the info provided by google states you can "opt in for notifications". This also points to the protocol working in the background whether you like it or not, which is a big deal.

[squatz1]

If you accept that opt in then so be it, that's on you. But I should at least make the decision.

Yes, exactly my point with putting this thread out here, as I think we're already past the stage of hard technical opt-in, given the many connections on linux I'm seeing. I think it's relevant we find out if that's the case or not. Also notice that the info provided by google states you can "opt in for notifications". This also points to the protocol working in the background whether you like it or not, which is a big deal.

I mean there could be OTHER bluetooth connections going on in your home, apartment, etc or from your neighbors (I consider this the most likely option) I feel like this story would've already broken by EFF or some digital privacy watchdog as to this happening without any info -- if this is the case though, and they're just opting everyone in, we're in for a story whenever someone figures out what you did.

Just another story to toss on here - https://www.theverge.com/interface/2020/5/21/21265079/apple-google-covid-19-exposure-notification-bluetooth-limitations-contact-tracing-isolation - some states are complaining (in the US) that they're paying a lot for these apps to be made, which allow for someone to opt in, and no one is opting in themselves. So I can see them officially taking the approach in the future that this is going to be a hard opt-out system.

Cause ya know, no one wants to willingly giving up info -- especially when they have to go through the trouble of downloading an app. To be honest with you, downloading the app is probably what is stopping most people. Just sheer laziness, rather then the privacy aspect.