[Arm-netbook] Geotooth

Gordan Bobic gordan at bobich.net
Thu Jul 12 07:54:49 BST 2012 

 On Wed, 11 Jul 2012 23:18:58 -0400, Derek LaHousse <dlahouss at mtu.edu> 
 wrote:
> I followed the link.  I believe people would be interested in 
> Geotooth,
> and how it might be used to track an individual.
>
> According to links posted by freebirds,
> http://geotooth.com/Home/HowItWorks , the database of location is
> maintained by a number of participants.  Many individuals would 
> create a
> driftnet, pointing out the devices they see, along with when and 
> where.
> This is not a targeted technique, but relies on a large number of
> people/devices intent on violating privacy (in a legal but immoral
> manner).
>
> This strikes me as similar to other geo-ip projects, like Google's
> database of wifi networks.  The hazard is that, rather than a 
> stationary
> Access Point (infrastructure), Geotooth seems to track clients.  I
> personally find this detestable.  I believe others have said, "If 
> you're
> targeted, you have other concerns".  If the network of participants 
> is
> large enough, tracking someone only requires knowing their device MAC
> and browsing a website, not being directly outside a home or active
> pursuit.
>
> I believe bluetooth doesn't turn on and transmit until after 
> commanded
> by the OS/drivers.  Desoldering unnecessary.  Can anyone speak to the
> ease of modifying the bluetooth MAC?  Also, slave devices (headsets,
> cars, etc) which make bluetooth on a laptop useful are much more
> trackable.

 This is all totally academic and doesn't work in the real world.

 1) It requires the entity wanting to track you to have a _huge_
 network of BT devices under their control to saturate the coverage
 area anywhere where you might plausibly be. Given the range of BT,
 that means a BT "listening post" ever few metres. There may be
 that many BT devices around, but if your perp has compromised all
 of them just to track you, they must also have easier ways to
 track you, e.g. by executing a rainbow table attack on the GSM
 crypto keys and tracking your phone's GSM transciever
 instead - much longer range, and much fewer locations that need
 to be covered.

 2) BT on your phone isn't actually connected unless you explicitly
 switch it on, at leat on any phone made in the recent years - mainly
 because this would reduce battery life. And since most phones have
 WiFi nowdays (which you probably also switch off when you are not
 using it if you care about battery life), this has much better
 range for tracking, so geolocation by bluetooth seems like a
 waste of time.

 It's also quite widely off-topic.

 Gordan

More information about the arm-netbook mailing list