The future of bluetooth: Auracast abuse and spam?

Does anyone see the Auracast feature abused heavily ? I mean it is not limited to hearing loss devices anymore because people will abuse it now because it attacks normal folks as well

I see all kinds of things happening in the name of advertising.

as in the flick The Minority Report (where the AI read eyeballs to deliver “personalized” ads)!

As a person has to voluntarily request to listen to an Auracast broadcast, I don’t see any potential for spam - the latter is uninvited information that a person gets sent.

no, What i meant was the devices will actually be overloaded like a wifi network selection, you will have a hard time sorting through the list

I imagine it depends on the broadcast system as well. As an Amazon Echo device user (I have 5 scattered around the house), I paid Amazon to use those devices for my own purposes. Yet Amazon cannot resist sneaking in an ad or a “public announcement (enticement?)” wherever it can. “Would you like me to tell you about …?” or “Have you tried our …?” ans: “NO, Alexa!”

So, I can imagine on any free PA system type Auracast there will be the temptation to include self-serving announcements. Yes, you might sign up because you want the utility offered by a service, but you may get in the background various “suggestions” of how the broadcaster can better serve if you would only do thus and so. Presumably the MAC address (or whatever the equivalent BT id is of your phone or HA’s) is available to the host so that would give the broadcaster a clue as to who you are and what the cloud knows about you, even if it’s anonymized data (user #1234 likes … and doesn’t like …).

I’m not big on conspiracy theories but Auracast might offer a personal tracking/information sharing opportunity to broadcasters. It’s nothing better or worse than what’s already being done with the Internet. I’d say the average user probably prefers to see/hear ads about things that they might actually be interested in rather than stuff that’s of no interest. Ads aren’t going away anytime soon, and people are always interested in better ways of selling something, even if it’s a very worthy charitable or political cause…

Well, you’ve got a smaller catchment area than you do with wi-fi. You’re probably not going to see a signal from someone’s phone on the other side of the road. That will help. I don’t know what information is includable in the advertising packets. I think it comes down to developers finding clever ways to manage it. So if a transmitting device can include information about the transmitter type (public broadcasting, peer-to-peer audio sharing, unicast transmitting device, controlling device…) you’ll be able to narrow down your choices. Perhaps rule-based systems based on location and other things. Can they include things like a person’s phone number? So a device appears on your list that includes a phone number that matches one in your contacts list gets a higher priority than others- maybe gets notified to you when others don’t.

I do wonder how much time the Bluetooth SIG developers have spent thinking about all this stuff. It’s all blue sky from here anyway. Will be interesting to see.

Interestingly, you have to apply to the Bluetooth SIG to set up a broadcast system, or at least it has to be installed by a certified installer. I wonder if there are rules in place to protect the consumer eg if the stream contains advertising does that need to be made known to the consumer before connection?

Public Auracasts are generally connectionless although it is possible to require a connection when appropriate. With no connection there’s nothing to track.

Thanks for the info. I’m pretty ignorant about BT connectivity but I see using the BLE Scanner 4.0 app by Blue Pixel Technologies from the Apple App Store that one can pick up the UUID of HA’s just by scanning. Same for Apple Watch and iPhone. So, I imagine everywhere we go the identity of our devices can be revealed by a Wi-Fi or BT scan whether we’re connected to a host or not.

That reminds me that I recently read a warning published by ReSound that in the first few minutes of booting their HA’s, the HA’s are susceptible to hacking. The advisory warned that if one heard a pairing sound that one wasn’t expecting to reject the connection, etc. IIRC, the advisory also suggested that one not boot one’s HA’s in public places. I wonder if other HA brands have the same “security” risk? I would think that the worst a hacker could do is just to maliciously screw up a user’s fitting.

Big brother is everywhere and getting more so every day

I’m not sure what you are referring to when you say “abuse”. This new standard will provide better audio with lower power consumption. It will also have a broadcast feature, which will allow multiple people to lock on to the stream. I use MFI a lot in my current HAs but am aggravated by the fact that it prevents my wife from hearing the audio at the same time.

I meant broadcast abuse, like people will abuse it to make money off of it by showing you direct ads to your ears

I think it’s a serious possibility. I posted in another topic on similar lines. Hate speech, conspiracy theories, religion…

My understanding is that while it is connectionless, it’s not going to automatically pull in any signal found. You pick the channel, so to speak and that’s the extent of making a connection.

Think of a sports bar that has multiple games and matches on different TVs all auracast enabled. You’ll pick the auracast stream for the game you want to hear. A similar possibilty exists for different language audio tracks in a movie theatre. You don’t get bombarded with every language at once.

The sports bar scenario was one of the demos at Mobile World Congress Barcelona in February according to one article I ran across.

No, it’s not. I don’t see anything stopping so meone from dishonestly describing the content they’re offering. You might idly select a stream advertised as Bill’s Favourite Music but it’s really something quite nasty. Or my kids might which is more of a worry.

I don’t see this as much of a risk because I think it would require a certain amount of technical knowledge with limited payoff. This isn’t spoofing a WiFi signal to steal passwords, just to broadcast a message. I suppose the risk does exist, and will be important to many including parents like yourself. I hadn’t considered that, so thanks for pointing it out.

Without knowing exactly how this is going to work in practice selecting auracast streams to listen to, I can’t speak to the security implementations if any. I am going to have to go read some white papers now. Though as most people should notice by now, security usually comes as a bolt-on to technology. Hoping it’s part of the development this time around though.

Yup, pretty much that, you guys are thinking too much into this…