I want to use ear buds in my Amazon profile to listen to movies on Prime Video.
What is the safest way, if any to allow Bluetooth in that profile so zi can use the wireless earbuds.

I am always in airplane mode with WiFi and Bluetooth deactivated. Can I use blue tooth safely in one profile w VPN and not be at risk of tracking?
State Government agency is my risk model but its a well. Funded sate with likely FBI access/recorces. Not sure how active they still are witb me bit its best to be safe....

    d9780

    "State Government agency is my risk model but its a well", good luck with that one

    Feel the need to say this, unless you did something, the FBI isn't looking for you. Not anymore than anyone else. Seeing you are posting here, im assuming you probably aren't realistically in an actual US state funded risk model. So I would probably just relax and maybe talk with someone about these fears.

    Anyways, bluetooth is not a internet based protocol, a VPN will change nothing. You can use it without WiFi if you wish. Regardless I think you need an internet connection to use Prime Video, unless you have the videos downloaded offline.

      11 days later

      I could explain further but that wouldn't be intelligent in an open forum. Thanks for your concern.

      d9780

      Please do confirm the following with a gos team member to be sure it is true as I am not 100% sure on its accuracy.

      If i recall correctly, the Bluetooth module has no randomization. Also its radio IDs stay the same between profiles. Therefore no matter which profile you use the same radio signature is picked up by other devices.

      Therefore when your Bluetooth is on, it can be identified as "the same device" and seen by any device that gathers Bluetooth data.

      Apparently all smartphones gather bluetooth data on each other and send to google/apple. (Verify this statement with other people please.)

      However so far the identity of the owner is not yet associated with that bluetooth signature. Once that signature is discovered to belong to "you" then you have a problem.

      How can the bluetooth signature get associated with your identity? Again I don't know the answer for sure but have a few guesses.

      1. If your bluetooth is on and your cellular radio is also on, then both their visual locations can be correlated and over time become associated. Your cellular Identity is always "known".

      2. If you connect this phone via bluetooth to other internet connected non-privacy devices they can become associated. Its likely the non-privacy device is associated with your or someone else's real identity.

      3. If you connect it to a car that has internet access.

      4. If you have the BT on at your home often then technically it " could" be associated with that location and people that live there.

      Lastly if any apps could get a hold of your BT signature then they could upload it.

      • can apps on your phone discover your own BT signatures?
      • can BT enabled apps on other devices see the actual BT signature of your device? Or is it the OS alone that can see it?

      I don't know the answer, but good questions to ask. I would want to know this if anyone knows.

          If my threat model was the same as yours, I don't think I would be listening to movies with Bluetooth. (or anything else)

          I guess it also depends on your physical surroundings.

            Blastoidea Best way of putting it, at a certain point we can't help you. If you truly are in a 7 eyes based threat model then you can't do anything in terms of tracking.

            There are mitigations, but I just don't think anyone can truly help you. But also if they go through the trouble of truly tracking you to the point they use bluetooth signals to try and fingerprint you...well, honestly, I doubt the threat model.

            They already know where you live...your state records, your ISP, VPN subscription, bank information, and amazon account all have that information. In terms of opsec, they already know enough about you to do a $5 wrench attack at any time.

            Which leads me to this, and I say this only to not worry you about your opsec to much: I would really reconsider your threat model. Unless you have actively done something to grab attention to yourself by the United States government (which doesn't mean criminal/immoral activity. Activism/Whistle blowing/etc.) you are most likely not being tracked by them in any capacity than anyone else.

            That being said: if you somehow are a target of a US-funded attack, which is unlikely, then apply for asylum in another country. Because the sparse information you have provided suggests a US-funded entity could easily and without struggle identify and collect whatever information they need on you.

              8 days later

              User2288 This is inaccurate information. Bluetooth LE has privacy features and they go beyond the Wi-Fi MAC randomization used for Wi-Fi, even beyond the per-connection MAC randomization on GrapheneOS. Bluetooth LE attempts to hinder tracking in a situation where a connection is established between 2 devices and you're carrying both around with you. Wi-Fi would not mitigate that due to the access point MAC and client MAC both remaining the same. GrapheneOS will rotate Wi-Fi client MAC for each connection but APs are meant to be carried around with you. Bluetooth attempts to solve this, Wi-Fi does not.