• General
  • Privacy implication of always on Bluetooth

  • [deleted]

User2288 this is also a public forum and can be accessed by minors. It should be only appropriate that age walks hand in hand with wisdom and politeness.

    [deleted] so should we go around and sensoring the whole internet (since its public) because minors exist?

    How about the books in the library? They are public and have all kinds of things not appropriate minors and even offensive to adults. Yeah? Should we take all those books down? ....How about television?

    Oh you know... How about we turn north america to Islamic Iran, or North Korea. There are no child inappropriate conversations in those countries. No conversations at all.

    You don't know the hell you are talking about. I do. I recommend you study jordan peterson on the subject of free speech and implications of rules to regulate language.

    Thread getting derailed, this was my last post on the subject.

      • [deleted]

      User2288 I only looked at the first paragraph and didn't look at the rest. Are you looking to be the next?

      I have made some mistakes in the past, but I have learned from them and now know that if I am not mentally fit for something, I would and should keep it to myself and stay away. Perhaps some do not acknowledge their mental state. I rest my case.

      akc3n See, it's not just about [your] device, it's about what other people may or may not read on here, interrupt it wrongly, and could brick their device based on you're comments.

      User2288 This notion of me being responsible for someone else's "false interpretation" of my words is outrageous and a very dangerous precedence in a free thinking society.

      At the end of the day (or maybe the beginning), discuss.grapheneos.org is not Hyde Park or "the public square". It's a virtual server somewhere, rented by the GrapheneOS project, dedicated to helping people improve and better use GrapheneOS, staffed by volunteers, with content, generally of high quality, also provided by volunteers (thanks, everybody!). Both the technical detail and the tone reflect on the project.

      Because the technical detail and the tone reflect on the project, the project can publish a community-standards guide, and the volunteer moderators can enforce it (sometimes making mistakes -- it happens!). Users who, in the (fallible human) judgment of the volunteer moderators, suggest things that might cause other users to suffer may well be requested to do things differently. This web site isn't a free society in the sense of being governed by one or another government's constitution; it's a free association in the sense of being a place where people who are more or less ok with the site's policies (as interpreted by fallible human volunteer moderators) choose to hang out to help each other.

      Just my two cents! Please note that I do not speak for the GrapheneOS project.

        re: With regards to the recent discussion in this thread and others, particularly about the behavior of certain individuals.

        In line with our community guidelines and the principles upheld at GrapheneOS, I wish to directly address the concerns raised here.

        Our Code of Conduct emphasizes maintaining a respectful, welcoming, and constructive environment. Discussions should focus on GrapheneOS, its features, and code, rather than on individuals. Every member deserves to participate without harassment, discrimination, or condescension.

        While valuing free speech, essential in any thriving community, our platform specifically facilitates discussions about GrapheneOS. Differing opinions are welcome but must stay relevant, respectful, and constructive. This is about ensuring discussions are beneficial and safe for all, not just about expressing opinions.

        Recently, certain comments/posts have deviated from these standards. Aggressive tones, confrontational styles, and resistance to community norms conflict with our commitment to a respectful discussion environment. Knowledge and experiences are valuable but should be shared considerately, in line with our guidelines.

        Our moderation approach is not about censorship but maintaining discussion integrity. It's about aligning the community with our values and standards. Actions taken against specific posts or behaviors aim to uphold these agreed-upon standards, not to suppress individual voices.

        Given these points, I encourage everyone to consider how their communication impacts the community. I am open to discussions within our guidelines, but persistent disruptive behaviors will prompt actions as outlined in our code of conduct to preserve our discussion quality.

        Thank you for your understanding and cooperation. The strength of our community lies in our collective commitment to maintaining a respectful, informative, and supportive environment.


        Footnotes:

        Understanding Censorship, Free Speech, and Moderation

        Our moderation is about ensuring that discussions remain on-topic, respectful, and constructive, based on our rules and code of conduct. This includes preventing harassment, misinformation, and off-topic discussions, fostering a positive environment for discussing GrapheneOS.

        AccessDeniedBitch Threads of this type have been locked.

        Censorship involves suppressing opinions or information based on their unpopularity or variance from a certain viewpoint. What might seem like censorship in our community is actually moderation aligned with our guidelines. We don't suppress free speech; we strive to maintain a space for focused, constructive discussions about GrapheneOS.

        User2288 why should he be sensored and silenced?

        Respecting free speech, we prioritize keeping our community a productive and respectful space for GrapheneOS discussions. Moderator actions are not censorship but efforts to uphold our community standards.

        User2288 so should we go around and sensoring the whole internet (since its public) because minors exist?

          akc3n
          Well, i have to admit this was a very good answer, and I have no comeback.

          Thanks for the response.

          I hope it is understood why I make stand on such issues and interpreted correctly.

          Back with the original topic… what implications does having Bluetooth on with a smartwatch or wireless earbuds have?

          I guess it increases attack surface and reduces privacy as @de0u said, because os the two MAC addresses of the two BT radios talking to each other constantly? Is that any different than having BT on? There’s only one MAC, but whoever wants to track BT devices, can still track that person, right? (That’s the reason why I like the auto off feature for BT and wifi).

          What would be the mitigations if someone was still inclined in wearing a smartwatch? Using an LTE smartwatch and not use BT?

          On topic, I read the the Garmin link. It goes to can you trust what they say about not sharing your PII and other info with 3rd parties? The watch does look nice. A link was posted in another thread to an open source watch. Watch looked clunky IMO and screen was lame, but I'm used to sacrificing for security/privacy.

          As for Bluetooth itself, I don't see it as being secure as WiFi with a VPN at all. If you have Bluetooth scanning (along with WiFi scanning) off that eliminates a lot of location and ad tracking. While the Bluetooth connection to a watch or a car infotainment may not be very secure from a hacking standpoint, it also has a very short range. I'm not very concerned about a hack as someone would need to be really targeting me personally and can't hack me by other "easier" (easier in a long distance remote attack without having to follow me) means that is not in my threat model. I'm not particularly concerned about a Bluetooth hack, unless I am missing something in that it can be done long range. The concern for me is the device you are connected to slurping up what it can and sending it off. For my car, it is an older model where the infotainment does not connect to the internet so I am not concerned with data loss using Organic Maps or Magic Earth with Bluetooth turn-by-turn. I am still grappling with a watch along those lines. The key would be only being able to transmit to my GOS phone.

            Garmin is not as invasive regarding privacy concerns compared to others as far as I can tell. I'm experimenting with GOS and paired a Fenix to the Connect app on the main profile, with Gapps disabled. The notification push to watch is useful at home, while airplane mode is switched on when out to prevent the constant watch broadcasting. The offline map and GarminPay features are handy even in airplane mode. I'm unsure about the app's Bluetooth chattiness and have disabled app's BT scanning permissions via adb. The app's third party internet connection is limited to Google Firebase - DNS blocked.
            Most of Garmin's newer watches can upload exercise activities via Wi-Fi and be viewed on the Connect website without phone involvement at all, perhaps that is the way to go.

            8 days later

            MoonshineMidnight

            As for Bluetooth itself, I don't see it as being secure as WiFi with a VPN at all. If you have Bluetooth scanning (along with WiFi scanning) off that eliminates a lot of location and ad tracking.

            Having Wi-Fi/Bluetooth scanning enabled only allows apps with the Location / Nearby Devices permissions to do scans while Wi-Fi or Bluetooth are otherwise disabled. If you don't give out those permissions, it makes no difference. The scanning toggles are off by default on GrapheneOS, and standard permissions like these are never granted to user installed apps by default.

            am missing something in that it can be done long range

            Bluetooth can be quite long range. It depends on the radios at both ends. Most Bluetooth accessories have very weak radios, but the radio in the phone can work quite far away. If there was a strong radio on the other end, it should work from quite far away.

            The concern for me is the device you are connected to slurping up what it can and sending it off.

            It can't do any of that unless you explicitly give it access to data.

            de0u No, there are different Bluetooth standards with different versions of privacy features. It depends on the Bluetooth version used by the accessory. Modern Bluetooth LE attempts to provide much more privacy than Wi-Fi with MAC randomization, since it rotates the MAC addresses while in use and randomizes them on both ends. It's far from perfect but it's a lot more private than carrying a Wi-Fi AP with you where the AP has a fixed MAC address. GrapheneOS uses per-connection MAC randomization but it remains the same while connected, which isn't as good as what the Bluetooth LE privacy features provide.

            AccessDeniedBitch AccessDeniedBitch Simply disabling Bluetooth and leaving Bluetooth scanning disabled works fine. You should also remove the quick tile so you can't accidentally enable it. Bluetooth and Bluetooth scanning are disabled by default on GrapheneOS but it's very easy to enable by accident via the quick tile.

            AccessDeniedBitch Those threads were locked due to getting derailed into arguments. Threads full of inaccurate information like this one get removed so that people can hopefully find higher quality threads. Those threads were not removed because they quickly got decent answers, unlike this one which has been a mess of inaccurate information and inappropriate arguments.