BlueTooth devices have been proliferating to the point where you can make a safe bet that most vehicles have one. That’s why some clever folks are starting to monitor the highways for bluetooth in project BlueTOAD.
Rather than depend on every car carrying a toll tag in plain view, the sensors along highways can read the unique address of a BlueTooth device and then predict traffic flow times. The collection of BlueTooth information then also can be tapped by law enforcement, or at least requested by a court, to prove movement of the devices. I vaguely remember a divorce case where a husband was proved to be cheating on his wife because of his toll tag movements.
The identity of a BlueTooth device, it’s MAC address, is in no way permanently connected to an individual. This makes BlueTooth potentially less sensitive than license plates and toll tags. Likewise, a bluetooth device could in theory cycle its address or duplicate others to make tracking difficult. There are plenty of lessons from the P2P market in how to keep service alive while modifying the MAC. A big difference from P2P, however, is that the portable BlueTooth device market is highly proprietary and unfriendly to user configuration (ever try to setup a BlueTooth PIN other than 0000?)
I leave all my BlueTooth disabled these days; not because I am very worried about being tracked or even because of eavesdropping, but because battery life is so poor. I find it much less hassle and more efficient to use the cord. The extra security and privacy is a secondary benefit.
Frankly I’m more concerned about the MyLocation project and the privacy settings for APIs to Google maps. In a test to compare with BlueTOAD we’ve been able to use a simple query to the Google map traffic data API to monitor the movement of a person’s phone.
I’m not sure Google meant it to be setup this way; it’s a security flaw from a privacy perspective but then again I know departments of transportation and law enforcement investigators already interested in accessing the data.