Bluetooth Spam In Public Spaces

mrwireless writes with a bellwether from The Netherlands of a problem that is bound to spread. Judging by the CAN SPAM Act, the US would be even less likely than the EU to classify Bluetooth-borne commercial spam as spam. "The Dutch OPTA, a national telecommunications watchdog, has decided not to label commercial Bluetooth messages as spam (in Dutch, but Babelfish works). These messages seem to fall through a loophole in European laws against spam since they do not travel through an 'intermediary network.' The issue was raised last week when a Dutch broadcasting agency outfitted a number of bus stops so they would send a promotional video of an upcoming show to passersby. Although the messages first asked if people wanted to watch the video, the article quotes a lawyer who believes that this does not qualify as 'opt-in' advertising. As more and more people leave Bluetooth turned on to make use of their Bluetooth headsets, Bluetooth close-range messaging, such as through bluejacking, is increasingly being exploited for commercial purposes."

whoa there

[macadamia_harold]

As more and more people leave Bluetooth turned on to make use of their Bluetooth headsets, Bluetooth close-range messaging, such as through bluejacking, is increasingly being exploited for commercial purposes.

I only engage in bluejacking if I get pr0n spam. and certainly not in public.

Re:

[hotdiggitydawg]

Surely that would make them "blue movies" then?

Not all bad, google for 'toothing'

[Gothmolly]

Basically you can bluetooth chat with someone in a public place (like a train), then arrange for sex when you reach your destination, or in the train en route. And maybe they're even hot...

Re:Not all bad, google for 'toothing'

[topham]

Except the original article on 'toothing' was a hoax.

Re:

[PHPfanboy]

Still, despite it being a hoax I got bluetooth pinged on the train, I hoped by young hotties, but alas it was the Cabir Symbian bluetooth worm which just got onto my phone and tried to propagate itself (it did to my Mac where I dismantled it).

There is a piece of software to help you against this, but now to avoid getting infected in the first place I wrapped my phone in a condom. If I do get infected again, at least it can't reproduce. It also means that if I do get lucky with young hotties I have a (slight

That phenomenon was a fraud, a hoax, a lie, etc

[patio11]

Search for "toothing".

http://www.siliconvalley.com/mld/siliconvalley/bus iness/columnists/gmsv/11316894.htm [siliconvalley.com]

CAN SPAM?

[E IS mC(Square)]

Yeah, we all know how effective CAN SPAM has been. My mailbox receives only 1000+ more spam emails a week now then before.

Re:CAN SPAM?

[Rosco P. Coltrane]

Yeah, we all know how effective CAN SPAM has been. My mailbox receives only 1000+ more spam emails a week now then before.

There's a reason it's not called CAN'T SPAM...

Re:

[apostrophesemicolon]

are you a mexiCAN or a mexiCAN'T?

Re:

[Bjarke Roune]

Legislation around bluetooth spam might be more effective, as the people who are doing it have to physically present in the country in order to carry out bluetooth spam, so it is actually possible to catch them. An email spammer, on the other hand, can move to any country that will allow him to carry out his activities.

Re:

[sarathmenon]

I haven't seen spam on the rise, but virus are aplenty on public places. Now, I am not even sure whether they are viruses, all I know is that at the railway station or bus stop, I get on an average 1 symbian installer per 5 minutes. I don't know what they are - they may just be some cute programs, but the random names suggest a not-so-good intention. (what would you say about 10sFEW24n.sys ?)

I think now that most windows exploits have been discovered, and used to the full extent possible, the hackers are mo

Re:

[cheater512]

Only 1000 spam a week? Lucky. :(

No intermediary

[debrain]

These messages seem to fall through a loophole in European laws against spam since they do not travel through an 'intermediary network.'

Well, the reason for anti-SPAM legislation being written that way is that SPAM passes over an anonymous intermediary network. If you know who sent it, and can identify the sender, you can thus take legal action against them directly, so it probably should be handled in a different way. If it becomes a big enough problem, something will be done about it.

My 2 cents. :)

Re:

[QuantumG]

Meh, legal action... for communicating.. right. Sounds like a great world you're advocating there.

Re:

[Anonymous Coward]

Meh, legal action... for communicating.. right. Sounds like a great world you're advocating there.

http://en.wikipedia.org/wiki/Defamation [wikipedia.org]
http://library.findlaw.com/1999/Jan/1/241460.html [findlaw.com]
http://en.wikipedia.org/wiki/Copyright [wikipedia.org]
http://en.wikipedia.org/wiki/Patent [wikipedia.org]
http://en.wikipedia.org/wiki/Trademark [wikipedia.org]
http://europa.eu.int/information_society/policy/ec omm/index_en.htm [eu.int]

Have you been living in a barn for the past 160 years?

A spammer you can see? Instant Death Assured.

[twitter]

If you know who sent it, and can identify the sender, you can thus take legal action against them directly, so it probably should be handled in a different way. If it becomes a big enough problem, something will be done about it.

Great logic - because you know who did it and can do something about it, the existing laws should not be enforced and you can't do anything about it. Legally, that is.

Spam kiosks will be vandalized. Some kind of EMP device would be nice but the kiosks won't last long enou

Re:

[ArsenneLupin]

Spam kiosks will be vandalized. Some kind of EMP device would be nice but the kiosks won't last long enough. If the pure psychic energy of spam hatred does not destroy the kiosk instantly, it will be kicked over, smashed by a vehicle or burnt within seconds of being turned on.

Hehe, like those pesky automatic police speed radar boxes. It's amazing how many of these have been on the receiving end of a shotgun lately...

Re:

[rew]

you can thus take legal action against them directly,

Ok Great idea. I'll use that then...

One little problem. If it's not illegal, what do I sue them for? The 30 seconds it takes me to get my phone out of my pocket, to hit "no"? That's about EUR 1.- , provided I can convince the judge that I should be earning EUR 120.- an hour....

There is no problem if I get bothered by a bluetooth ad once every year. Then I'll cover the costs myself. But as spamming is so very cheap per "delivered message", the same is lik

I don't understand advertisers

[Rosco P. Coltrane]

This is bound to be counterproductive: how do you think people will react when they get one, two, three, dozens of unwanted messages? just look at how they react when they get unwanted phone calls...

I for one never buy anything from any company that practices obnoxious in-your-face advertisement, unless I have absolutely have no choice. Advertisement is bad enough, but I just can't stand when they try to shove it down my throat. I'm sure I'm not alone.

Re:

[f_raze13]

Can you say "Head on! Apply directly to the forehead!"

Re:

[QuantumG]

Yep, cause people handing out leaflets in the streets, that's *never* been effective.

Re:I don't understand advertisers

[Mike89]

Yep, cause people handing out leaflets in the streets, that's *never* been effective.

I don't know about in the past, but at least now (in Melbourne, Australia), it's extremely ineffective. People handing out pamphlets are completely shunned, all they do is block up the sidewalks.

For further proof, you should watch this video [youtube.com] from 'The Chaser's War On Everything' (comedy show over here) - they go to busy areas with $20 notes, calling "Free money? Free money?" waving it in people's faces - everyone ignores them, says no, or tries extremely hard to avoid them.

Also, here's another video [youtube.com] related to advertising from them which may give you all a laugh ;-).

Re:

[QuantumG]

Yeah, Chaser rocks.

Re:

[UbuntuDupe]

Is there a "nice", polite, socially-acceptable way to leaflet? What if I simply circled a block with my arm outstretched, holding a leaflet?

Re:

[Anonymous Coward]

twitter [slashdot.org], please read this carefully. Following this advice will make Slashdot a better place for everyone, including yourself.

• As a representative of the Linux community, participate in mailing list and newsgroup discussions in a professional manner. Refrain from name-calling and use of vulgar language. Consider yourself a member of a virtual corporation with Mr. Torvalds as your Chief Executive Officer. Your words will either enhance or degrade the image the reader has of the Linux community.
• Avoid hyper

Re:

[ArsenneLupin]

That describes the majority of Windoze users

Not only offtopic, but also stupid.

... and also phunny. Please grow a sense of humor! Not everything you read on Slashdot is to be taken dead-seriously.

Re:

[jb.hl.com]

Unfortunately, twitter meant it seriously.

Re:

[fm6]

I for one never buy anything from any company that practices obnoxious in-your-face advertisement...

And yet somehow, all those big companies manage to stay in business without your support.

Why do Slashdotters find it so hard to get past the assumption that everybody thinks they way they do?

True story...

[Tore S B]

...a jam-packed train in Öresund, Sweden. A middle-aged man in a suit is sitting down, reading business documents. But occasionally, beeps come from his cellphone. He is visibly more annoyed for each time, and looks around him.

Finally, he's had enough, and gets up and yells...
"WHO THE HELL KEEPS BLUETOOTHING ME GAY PORN ALL THE TIME?!"

Re:True story...

[Rosco P. Coltrane]

And what did you say to him?

Re:

[LarsWestergren]

He probably got that from the site tjuvlyssnat [tjuvlyssnat.se] (eavesdropped). Some pretty hilarious and/or tragic stuff there. For instance:

Bus, Västerås

Two guys ~17 talking. Girl ~14 sits down next to them.
Guy 1: Ey, what the hell is 56 minus 34?
Girl starts giggling.
Guy 2: What the hell, that's impossible! Hang on I'll check on my cellphone...
Girl (laughing): You don't have to do that. It's 16!
Elderly man (shakes head angrily): Your math teachers should be burned at the stake!
Everyone is suddenly silent on the

Re:

[Tore S B]

Yes, I am indeed talking about Tjuvlyssnad. I should have attributed it, sorry. It's a great site, and your quote is one of my favorites.

Please start doing it.

[LiquidCoooled]

It would be beneficial if people started getting random spammings.
Hopefully it will reach the mainstream press and people would get taught how to disable the promiscuous phone settings.

I just recently picked up a bluetooth adapter for this computer and I am getting quite good at recognising people who arrive at the house (before they even knock on the door!).

Your Bluetooth personal area network should not operate like RFID, at the moment, businesses can see who comes and goes.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Original Replica]

"taught how to disable the promiscuous phone settings."

My Treo 650 requires me to whitelist any bluetooth devices I want to use. Is this not standard with other phones? Or should I hold on to this phone, because it protects me from BlueSpam?

Re:

[RMH101]

it doesn't really. it'll require you to *pair* with another device to allow you to send/receive without explicit authorisation, but there's nothign to stop bored kids finding your device (if you have it set to "discoverable") and sending you vcards with abusive text, as an example. some phones notably were sold that automatically accepted transfers to/from non-paired devices without any interaction, however - e.g. early bluetooth nokias.
this is why programs like BTCrawler for Windows Mobile devices are p

Re:Please start doing it.

[quasinfinity]

I find the discussion for this article a little out of touch with reality... except the post before this which made mention to disabling settings.

All devices (cell phones, PDAs, computers, etc) with bluetooth have two sets of options when you turn the bluetooth in them on. You can choose to make your device discoverable or not, and connectable or not. For any two devices to continually connect to each other they both have to have connectivity enabled (well duh), and they both have to be paired [wikipedia.org](one exception to the pairing rule, below). To pair devices, at least one must be discoverable, then the other searches for "discoverable devices." When the discovering device finds the discoverable one you exchange a passkey (so you know it's not Joe Blow's phone across the room), and they're paired. Paired devices will always connect to each other so long as connectivity is enabled on both devices. Discoverability never needs to be turned on unless a new device is being paired or you want to receive a business card or something else that uses the object push profile (which is the exception to the pairing rule).

So the way bluetooth transmits information is different depending on the information being sent. Music for instance needs to be continually streamed, while connecting to the net over bluetooth is more sporadic transmission. To acknowledge this, the bluetooth standard has several different profiles [wikipedia.org] that transmit the data in different ways depending on what is being sent. Devices will only have access to the profiles that the manufacturer decides that device needs. As earlier stated, the object push profile is special, it can transmit data to any discoverable (or already paired) device. This is because the object push profile is only used to send short text-based messages, such as that business card I mentioned.

Thus, I'm going to make the safe assumption that these ads are being sent using bluetooth's object push profile as well.

So let's say you want your bluetooth phone to always be connected to its headset but you don't ever want to receive these ads, the solution is simple. Leave your bluetooth turned on, just don't make it discoverable. It's that easy.

Re:

[Aero]

Can't speak for other models, but "discoverability" on my Motorola v551 needs to be activated manually, and then it only lasts for 60 seconds. Plenty of time to pair up with something, but it otherwise minimizes your exposure as you don't have to remember to turn it back off after you're done registering with the other device.

Creepy guy at the mall

[Chabo]

My freshman CS professor is from the Czech Republic, and he said back home there was this guy sitting by a mall entrance spamming people's phones with what amounted to a really sketchy personal ad. He said it was about the creepiest thing he's ever seen.

Not for long!

[OpenGLFan]

This sounds like a wonderful idea. Either it's automated, or there's a person doing it, and in both cases, bluetooth is short-range. If it's a little automated box, take a hammer to it.

And if it's a person doing it, dude, I've still got the hammer.

I expect this to be a short-lived phenomenon.

Re:

[Watson Ladd]

I don't think juries take kindly to the LART defense.

Re:

[DavidRawling]

Meh, I figure if I accidentally take out some SOB who actually has a life, I'll get off with good behaviour anyway (apologies to the BOFH of course).

You have to figure ONE of the jurors has a BT-enabled phone. Just arrange to have someone send that person 2386523897 copies of goatse, tubgirl et al during the trial using dozens of different BT device names and lots of enticing filenames.

He/she will hang the jury guaranteed (at worst).

Re:

[DavidRawling]

Ooh, I just realised, the absolute best fake Bluetooth device name has to be "XXX_Cust_Svc" where XXX is one of the mobile providers in the country.

Re:

[Obfiscator]

With people's love of porn, 'XXX_Cust_Svc' would probably work pretty well too....

Re:

[twitter]

I don't think juries take kindly to the LART defense.

You don't have to hurt anyone, you just need to destroy the spam device. Given the level of hatred most people have for spam, you will never be arrested much less convicted by a jury. The local police will probably help you hold the loser down as you happily hammer the device into bent pieces.

Re:

[mattyrocks86]

blue-jacking is a worse threat than spam is.. i saw a british video on you-tube latly that shows a guy with a PDA automatically dialing peoples blue-tooth phones to pay-per-minute #'s.. costing them apparently almost $100 each, depending on how long it takes them to notice their phone is connected.

Re:

[Talchas]

Well then the phones have serious security flaws and need to be fixed - there should be no way that anyone can send commands to your phone without your permission.

Re:

[macdaddy]

That's exactly my take on it. Find the little transmitter and beat the living shit out of it. Honestly I don't think any other passersby would mind in the least. You could probably make a few bucks by letting the other people take a crack at the bluetooth transmitter for $1.

Any reliable wireless technology?

[DogDude]

I've got to wonder... is there ANY wireless technology that's worth a damn? Cell phones are finally, after several decades, starting to work well, but even those have massive security holes. (My parents had their personal info stolen on a trip to NYC a year ago via their cell phone, and the cell phone company told them that it's very common, and that there's nothing my parents could have done to prevent it).

I'm not so sure, due to the very nature of data floating around where anybody can grab it, that

reliable

[v1]

if you really want to push the reliable button, amateur radio is about the only form of communication you can rely on when the chips are down. (hurricanes are a great example) Cell reception is spotty in many places and the loss of a single tower could easily disable several square miles of service.

Re:

[Beryllium Sphere(tm)]

And with mandatory station identification, a blanket ban on commercial traffic, and a subset of people who make a sport out of locating rogue transmitters, spam can be suppressed.

Re: sporting

[v1]

http://vftp.net/catandmouse/ [vftp.net]

enjoy

Re:

[rjstanford]

My parents had their personal info stolen on a trip to NYC a year ago via their cell phone, and the cell phone company told them that it's very common, and that there's nothing my parents could have done to prevent it

Er, I'm gonna have to call BullShit on this one. My celphone, for example, doesn't know any of my personal info (other than that related to making phone calls). That's by far the easiest way to prevent it from being stolen. Why are you putting banking/SS#/whatever into your phone in the fir

Re:

[DogDude]

The cell phone info was used to bill calls to. Many calls, in fact. Don't ask me how. I'm not a cell phone security expert.

Fun with bluetooth

[stud9920]

0a) rename your BT identity to something not recognizeable
0b) download grossout.jpg, rename to "ctu.mp3"
1) detect someone who might have a BT phone, in a crowded place.
2) send "ctu.mp3". Many people will accept this unconditionally, even if manually
3) enjoy the recipent's face.

Thank you Verizon

[weave]

Thank God Verizon cares so much about their customers that they have so crippled bluetooth on their phones that the only thing possible with them is headsets and dial-up networking -- maybe.

/sarcasm

Re:

[tyme]

weave [slashdot.org] wrote:

Thank God Verizon cares so much about their customers that they have so crippled bluetooth on their phones

I know that you meant this in jest, but this is the first thing I thought of when reading the article. I just got a new RAZR V3m from Verizon and was pretty pissed to find out that I couldn't transfer files to and from the phone via my laptop's Bluetooth connections. It never even occurred to me that other people might be able to access my phone via Bluetooth (why the hell did I enter

Re:

[weave]

They may not actually, depending on the brand. Some phones come set with bluetooth discoverable mode turned off, others default to on. And when on, it will prompt before letting someone send stuff to it. That mode is supposed to be for just the one-off transfer between people of a contact card or file. The RAZR you have defaults to off and you can't even pair unless you set it to discoverable, and then it times out like after 30 seconds and goes back to being invisible. Anyway, Verizon's motive is greed

Not EU - NL...

[Animaether]

the second-to-last paragraph in that article notes something important.. the EU directive does not mention anything about needing to be a subscriber - the Dutch version, however, does.

Also, the Opta have already mentioned to NU.nl in a later article that it will be up to the financial department of the government to fix this or not.. a great hint that although Opta would love to label this spam and put a stop to it, their hands are tied, and are asking for them to be untied.

fun public transport?

[symes]

The issue was raised last week when a Dutch broadcasting agency outfitted a number of bus stops so they would send a promotional video of an upcoming show to passersby

travelling by bus might actually become fun!

going past those shops each with something interesting to sell... hardware, groceries, books, porn...

Bluejacking?

[illuminatedwax]

So you're saying that with Bluetooth, any girl can just walk up to me and start bluejacking me? I could even bluejack with a friend on a crowded bus without anyone even noticing?? Truly this is a spectacular technology; no wonder it's being exploited for commercial purposes! The bluejacking market must really be booming!

gonna make some adv $$$

[kirils]

great idea. hope it's not patented yet.

d^$_$^b

Let there be 3 options...

[Anonymous Coward]

If this is going to become common, I can see a need for phone makers to provide three easy to access options:

- Bluetooth off
- Bluetooth on for paired devices
- Bluetooth on

If its not paired, its ignored.

Maybe there is even room for a fourth 'whitelist' option, where friends devices prompt rather than being ignored or just allowed.

Re:

[solaraddict]

Technically, these options exist - as "Off," "On but hidden," and "On and visible to all."
The Bluetooth devices I've seen come with BT on and visible, but the access to the setting is somewhat complicated (my cellphone has at least "BT on/off" in the quick menu).

Note that the "On but hidden" state is far from foolproof - it just stops the device from broadcasting its presence (which has (so far) been enough for me in most cases - security by obscurity?).

Hmm

[metamatic]

Given the short range of Bluetooth, I would think it would be fairly easy to locate the piece of equipment responsible and give it a quick kicking.

Re:

[Vengeance_au]

Bluetooth might be designed as a short range communications protocol, but that doesn't mean it can't be used over longer distances [schneier.com]..... Very similar to the pringles directional antenna boost people use to hook into 802.11 networks from afar.

A bluetooth ad I received

[Ace905]

I was 1.walking down Yonge Street in Toronto, Ontario, Canada and my 2.RIM started vibrating. I was really surprised to find I had received an advertisement. An advertisement that I did not request, and definitely did not want to see. It was just a link to a web [douginadress.com] page but even still, it was very upsetting.

3.I think we need to get on top of this problem before it gets out of hand. Bluetooth marketing is going to go viral in very short time. 4.Once someone realizes that they can offer this type of adve

Solution

[blackwing0013]

There is a solution to the problem that will owrk most of the time. If you already have your phone and headset paired, then just turn off your phone's and headset's Bluetooth visibility setting. When this is turned on, basically, the device is broadcasting its ID so that you can pair or send stuff to that device. You only need this turned on when you are pairing devices or trying to send data to/from devices that don't know each other (for example, sending contact information or pictures).

bluetooth spamming?

[xploraiswakco]

And yet people forget bluetooth was designed for spamming

Never rely on Babelfish

[Wieland]

"The Dutch OPTA, a national telecommunications watchdog, has decided not to label commercial Bluetooth messages as spam"

The OPTA hasn't formally decided anything. In TFA an OPTA spokesperson (when asked by a reporter) claims that bluetooth spam is probably not covered by current Dutch legislation, but it DOES "go against the spirit of the law". The OPTA so far hasn't investigated matters further, because it (apparentely) needs a formal complaint to be able to do so, and no one has filed one yet.

Complaints....

[rew]

They claimed last week that they hadn't gotten any complaints. So I complained.

I also offered to forward my spam to them. Not immediately the commercial messages themselves, only just the subject and a question wether they want to recieve the full message. They only have to hit "NO" or "Delete" not recieve the full message.

Funny how they didn't seem to be interested in my offer.... ;-)

Re:

[account_deleted]

Comment removed based on user account deletion

How about...

[The Cisco Kid]

I dont hav any bluetooth devices, nor have I ever used or even seen one up close.

However, the post seems to suggest that you can either have it on, and your device promiscuously communicates with everything, or off, and it talks to nothing.

It seems odd to me that there wouldnt be some soft of 'device whitelist', where you could first start with it promiscous, have it negotiate and identify communication with specific devices (such as a headset), and then switch it to 'on, but only for already-identified dev

why are you leaving bluetooth open?

[norpan]

Why are you leaving bluetooth open? Close it to only allow connections with trusted devices, like your headset and your computer. Common sense.