Via boingboing and smartmobs comes this gem on bluejacking. In a nutshell, this is a perversion of Bluetooth, spamming people in your physical proximity with random unsolicited messages. Read it. It’s quite funny, in a juvenile way.
This shows a lack of forethought and insight by the developers of Bluetooth. As I wrote last week, identity collateral is an important part of any open communication system that is going to socially scale. You need to be at risk of losing something if you abuse the system. Bluetooth lacks that.
I can imagine an evil business opportunity. I set up my PC with a Bluetooth card in an office above the entrance to a heavily-trafficed Tube station in London, for example. Every passer-by with a Bluetooth phone gets a spam - thousands of them. Might just be a simple message, might have a URL of a website to visit. As Bluetooth becomes pervasive, so does my spam - and you can’t avoid it without turning your phone off.
How could you have built identity collateral into Bluetooth? Well, it’s tricky, because you have no guarantee that the device is attached to any sort of service contract or provider — so there’s nobody to complain to to de-provision the device if it is abused. Blacklisting the device after being spammed isn’t going to help you, particularly if there’s no trusted serial number to rely on (just a user-assigned device name) and no means of sharing your blocking preferences with the as-yet unspammed.
(I’ve skimmed the Bluetooth spec and there’s nothing I can see in the link layer spec that helps; the Universally Unique Identifiers don’t cut it either. If I’m committing a gross libel of the Bluetooth authors, please let me know.)
One approach would be the “end-to-end” distributed way: just like with email, put a Bayesian filter into every handset to guess whether to accept incoming messages. Not the obvious way of best using limited memory capacity on a handset. Some form of identity collateral by proxy is possible: the sender must send a digitally signed (by a service provider) phone number or handset ID in the message. If you get spam, then someone’s phone service gets cut off. (Without the certification, you could give anyone’s number.)
In fact, this highlights a non-obvious feature of telephone numbers. Unlike domain names, only registered service providers can ask for one. The artificial scarcity means that they are only rented out as part of a commercial relationship. The minimum cost of getting such an identifier is buying a pre-paid handset. (Post-paid handsets require a credit check and thus verified personal identity, limiting abuse to one per person per service provider.) Abuse isn’t economically worth it.
The telco business model lesson? There is potentially money in making communications systems socially scale. Handset vendors don’t even think about the operational abuses that their technology can be put to, whereas for telcos dealing with these customer care issues is (or ought to be) second nature. As with the Liberty Alliance spec, the operational issues of trust and identity have turned out to be much more complex than the technology issues. There’s a danger of throwing the baby out with the bath water if we try to build naive replacements for the PSTN on open networks - be they the Internet or the Sidewalknet.
Appeal to readership: I know the concept of identity collateral is not an original Martin thought — but I can’t remember whose blog I found the idea on, and can’t discover it in Google. Post me the reference, I’ll update the entry.
Posted by Martin Geddes at 04:51 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/42.
Having a content filter on *all* our personal communication mediums -- email, VoIP calls, GSM/CDMA/3G etc. -- is going to become a necessity sooner rather than later since the trend is toward ubiquitous coverage and heading toward zero cost (sponsored by advertising expenditure of course). The filter is going to evolve from a whitelist (common across mediums -- good thing that SIP usernames@domain addresses look so much like email addresses) to public-key encrypted to Bayesian filtered, and we're going to need something even more sophisticated, but that will have to wait till we have a distributed, federated authentication system (maybe like Liberty, but more likely something else).
Posted by: at November 3, 2003 12:30 AMPerhaps my Nokia is an exception, but I can (and do) turn off Bluetooth functionality when it's not necessary (and that would certainly seem the case if you're just walking around town, not using any BT devices).
Posted by: at November 5, 2003 10:24 PMInteresting comments -- here is a solution that is not spam oriented ... kinda interesting:
www.jellingspot.com
Posted by: at April 2, 2004 04:45 AMAlterwave (www.alterwave.com) provide an opt-in functionality, by requiring the users to approach close enough from the hotspot. At least it is not spamming everybody, which is in the interest of nobody, because it is so easy to switch Bluetooth off that it would kill those companies! The Bluetooth marketing is not interested in shooting in its own foot !
Posted by: at July 29, 2006 10:52 PM