Tracked by Bluetooth/WiFi: How to Find Out

TL;DR

Public spaces often use Bluetooth and WiFi for tracking people’s movements. This guide shows you how to discover if this is happening around you, what data might be collected, and steps you can take to protect your privacy.

Discovering Tracking

1. Understand the Technologies:
• Bluetooth Beacons: Small devices that broadcast signals. Your phone detects these signals and can estimate proximity (how close you are). Often used for location-based services in shops or museums.
• WiFi Tracking: Your phone constantly scans for WiFi networks, even if you don’t connect. This scan data (MAC addresses of access points) can be used to track your approximate location.
2. Use a Bluetooth Scanner App:

These apps detect nearby Bluetooth devices and show their signals.

• Android: Apps like ‘Bluetooth Tracker’ or ‘nRF Connect for Mobile’.
• iOS: iOS is more restrictive. Look for apps that specifically mention beacon scanning, but functionality may be limited due to Apple’s privacy restrictions. ‘Airport Beacon Scanner’ can sometimes detect beacons.

Look for devices with names like ‘RetailBeacon’, ‘Estimote Beacons’, or generic-sounding IDs. Repeatedly seeing the same beacon ID in different locations is a strong indicator of tracking.

3. Use a WiFi Scanner App:

These apps show you nearby WiFi networks and their MAC addresses.

• Android: ‘WiFi Analyzer’ or built-in network scanning tools (often found in developer options).
• iOS: ‘Airport Utility’ (Apple’s official app – enable WiFi Scanning in settings) or third-party apps like ‘NetSpot’.

Record the MAC addresses of access points you encounter frequently. You can then use online databases to try and identify who owns those networks.

4. Check for Location Services Permissions:

Review which apps have permission to access your location (Bluetooth and WiFi are often used for this).

• Android: Settings > Location > App permissions.
• iOS: Settings > Privacy > Location Services.
5. Use a Packet Sniffer (Advanced):

Tools like Wireshark can capture network traffic, including Bluetooth and WiFi data. This requires technical knowledge.

sudo apt-get install wireshark

Filter for Bluetooth or 802.11 (WiFi) packets to analyze the data being transmitted.

6. Look for Privacy Notices:

Many businesses are legally required to display notices if they’re collecting location data. Check for signs near entrances or on their websites.

What Data Might Be Collected?

• Proximity Data: How close you were to beacons, indicating time spent in specific areas.
• Movement Patterns: Tracking your route through a space.
• MAC Address of Your Phone: A unique identifier for your device (can be used even if WiFi is off).
• Demographic Information: Sometimes linked to other data sources (e.g., loyalty programs) to build profiles.

Protecting Your Privacy

1. Disable Bluetooth When Not in Use: This prevents your phone from detecting beacons.
2. Limit Location Services Permissions: Only grant location access to apps that absolutely need it, and choose ‘While Using the App’ whenever possible.
3. Randomize Your MAC Address (Android): Some Android phones allow you to randomize your WiFi MAC address for each network connection. Settings > Connections > WiFi > Advanced > Private MAC address.
4. Use a VPN: A Virtual Private Network encrypts your internet traffic and hides your IP address, making it harder to track your online activity (doesn’t directly affect Bluetooth tracking).
5. Be Aware of App Permissions: Regularly review the permissions granted to apps on your phone.
6. Consider a Faraday Bag: A bag that blocks radio signals, preventing both Bluetooth and WiFi communication (extreme measure for sensitive situations).