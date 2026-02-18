A developer named Danny recently built a tool called Bluehood, available open-source at (https://github.com/dannymcc/bluehood), that passively scans for Bluetooth signals from nearby devices. He also published a great blog post about this topic (https://blog.dmcc.io/journal/2026-bluetooth-privacy-bluehood/).

With this code, he demonstrated that by passively listening to the Bluetooth broadcasting of different devices, he could detect:

When delivery vehicles arrived, and whether it was the same driver each time. The daily patterns of his neighbors based on their phones and wearables. Which devices consistently appeared together (like someone’s phone and smartwatch). The exact times certain people were home, at work, or elsewhere.

This is possible because most of our devices constantly broadcast Bluetooth identifiers. If you look at your phone right now, I suspect the vast majority of us have Bluetooth enabled.

As a side note, a few weeks ago, a serious vulnerability was reported that affected hundreds of millions of Bluetooth headphones and earbuds from Sony, Jabra, JBL, Marshall, Xiaomi, Logitech, Google, and others that allowed an attacker within Bluetooth range to hijack your headphones, listen through your microphone, and even track your location.

Why You Should Care

As Danny points out, we’ve all gotten used to Bluetooth being “always on.” It makes our lives easier by automatically connecting everything. Our smartwatch syncs with our phone. Our car connects when we get in. This convenience, however, means we are continuously broadcasting Bluetooth signals.

Bluetooth has two key identifiers: the UUID and the MAC Address. The MAC Address can be changed, so it’s not a static identifier (modern phones do this, it’s called MAC Address Randomization), but many devices (usually accessories) that use Bluetooth do not do randomization, which means it’s always the same. If the Bluetooth MAC Address doesn’t change, it can be tracked (if I know you have a device with Bluetooth MAC address XYZ, then wherever that device’s MAC Address shows up, I know you’re there).

The UUID identifies the service or device type. For example, there are UUIDs for heart rate services, temperature measurements, and related data. All of this is being transmitted. That means that if I’m listening, I can figure out what peripheral devices you have with you.

Also, merely the existence of a signal is a way to identify a person’s presence. If there is a Bluetooth UUID for a phone, then I know there’s a phone there, and probably a person. If there’s an Apple Watch in addition to the phone with the heart rate service UUID, then it’s even more likely there’s a person present.

I could also go to an apartment building and identify when people are coming and going. I can determine whether the apartments are occupied, when a person leaves, and with whom. This type of Bluetooth tracking enables pattern-of-life tracing, which raises privacy concerns.

Another use case: imagine I were a device thief targeting a specific device type. I could sit in a coffee shop, watch who walks in, and correlate the Bluetooth devices that appear. If I see an iPhone and an iPad, maybe that’s the person and the bag I steal.

Bluetooth range is typically around 10 meters, but it depends on the device’s transmit power, so it can be higher.

What you can do

Ideally, Turn Bluetooth Off When You Don’t Need It

The most private option is simple: turn Bluetooth off when you’re not actively using it.

When Bluetooth is off, your device isn’t broadcasting, and it can’t be discovered or tracked by anyone.

For many people, turning Bluetooth off completely might not be practical. In that case, consider turning it off in riskier situations.

When you’re at a sensitive location (like a protest, a meeting, or somewhere you don’t want to be tracked). The safest option is to leave your devices at home or get a “dumb device”. See my post on setting up an emergency, non-tracking phone for under $60! Ditch the GPS Tracking: My Guide to Setting Up a Dumb Phone for Privacy Tate Jarrow · October 22, 2025 A couple of weeks ago, I published an article titled “Foil the Trackers: Simple Steps to Protect Your Location Privacy” (https://onlinesafety.substack.com/p/foil-the-trackers-simple-steps-to-protect-location-privacy), which goes into the steps you can take to minimize getting tracked by your smartphone. As many folks who read that article pointed out, r… Read full story

When you’re in a crowded public place and aren’t using any Bluetooth devices, coffee shops, airports, and train stations are examples. Places where attackers can sit and find victims.

When you’re sleeping, you probably don’t need Bluetooth while you’re sleeping. Turning it off at night is a simple habit that reduces your exposure, especially when traveling.

When you’re traveling and don’t want your location patterns recorded by anyone scanning nearby.

How to turn Bluetooth off

iPhone: Swipe down from the top-right corner to open Control Center and tap the Bluetooth icon. Important : this only temporarily disconnects. To fully turn it off, go to Settings > Bluetooth and toggle it off.

Android: Swipe down from the top to open Quick Settings and tap the Bluetooth icon. To fully disable, go to Settings > Connected devices > Connection preferences > Bluetooth and toggle it off.

Some other good Bluetooth hygiene tips

Review which apps have Bluetooth access on your device.

Many apps request Bluetooth access that they don’t actually need. Bluetooth permissions can be used to track your location and identify nearby devices, as the App may record these identifiers and use or leak them.

iPhone: Go to Settings > Privacy & Security > Bluetooth and review which apps have access. Turn off any apps that don’t need it.

Android: Go to Settings > Apps, select an App, tap Permissions, and check Nearby devices. Remove access for apps that don’t need it.

The principle is the same as with location permissions: share the least access necessary to get the functionality you need.

Turn off Bluetooth scanning for location services.

Even when Bluetooth is “off” on some Android devices, the system may still use Bluetooth scanning to improve location accuracy. Turn this off.

Android: Go to Settings > Location > Location services (or Wi-Fi and Bluetooth scanning) and turn off Bluetooth scanning .

iPhone: Apple doesn’t have a separate Bluetooth scanning toggle, but you should review Settings > Privacy & Security > Location Services > System Services and turn off Networking & Wireless.

Regularly check your paired devices list and remove anything you don’t recognize.

This protects you in case you accidentally paired someone else’s device to your phone, or it was done maliciously. It will appear in your paired devices list.

iPhone: Go to Settings > Bluetooth and review the list. Tap the “i” next to any device you don’t recognize and select Forget This Device .

Android: Go to Settings > Connected devices and review. Remove any device you don’t recognize.

Don’t leave your Bluetooth accessories in pairing mode in public.

When your headphones or earbuds are in pairing mode, they’re actively looking for connections and are most vulnerable. Only put them in pairing mode when you’re ready to pair at home or in a private space.

Stay Safe!

Tate