During [Matt]’s first year of college, he found in a roundabout way that he could avoid crowds in the dining hall by accessing publicly available occupancy data that the dining hall collected. Presumably this was data for the dining hall to use internally, but with the right API calls anyone could use the information to figure out the best times to eat. But when the dining hall switched providers, this information feed disappeared. Instead of resigning himself to live in a world without real-time data on the state of the dining hall, he recreated the way the original provider counted occupancy: by using Bluetooth as a proxy for occupancy.
Bluetooth devices like smartphones, fitness sensors, and other peripherals often send out advertising packets into the aether, to alert other devices to their presence and help initiate connections between devices. By sniffing these advertising packets, it’s possible to get a rough estimate of the number of people in one particular place, assuming most people in the area will be carrying a smartphone or something of that nature. [Matt]’s Bluetooth-sniffing device is based on the ESP32 set up to simply count the number of unique devices it finds. He had some trouble with large crowds, though, as the first ESP32 device he chose didn’t have enough RAM to store more than a few hundred IDs and would crash once the memory filled. Switching to a more robust module seems to have solved that issue, and with a few rounds of testing he has a workable prototype that can run for long periods and log at least as many Bluetooth devices passing by as there are within its range.
While [Matt] hasn’t deployed this to the dining hall yet, with this framework in place most of the work has been done that, at least in theory, one of these modules could be easily placed anywhere someone was interested in collecting occupancy data. He has plans to submit his project to the university, to research the topic further, and potentially sell these to businesses interested in that kind of data. This isn’t an idea limited to the ESP32, either. We’ve seen similar projects built using the Raspberry Pi’s wireless capabilities that perform similar tasks as this one.
Thanks to [Adrian] for the tip!
In most US jurisdictions, the maximum capacity for places of gathering such as dining halls are subject to the local Fire Marshal’s certification for the facility, and the venue can be fined if they exceed this capacity.
And?
and.. the most common doorframe width in the USA is 36 inches. Your point?
There is incentive to know how many people are present. It’s pretty obvious and not the purported mystery the author implies.
Mystery…? Feels like we might have read different articles….
Um. Just to clarify:
Your first comment implies the most significant datapoint is whether a room is ≥ it’s approved maximum occupancy?
The article as I interpret it, is the original device was used to determine when occupancy is at it’s lowest
I’m not sure what point you’re trying to make here. Data is data, having another viable way of acquiring it is not necessarily bound to a specific use case. How the data is used and what scenarios it substantiates is not the focus here so much as what data can be acquired and how.
Sure, I guess it can be used to enforce penalities on fire code occupancy breaches. It can be used to identify quiet times to avoid lunchtime crowds. Who cares?
IBM didn’t when it computerised census data including religion in 1940s Germany – or maybe they did – but this article doesn’t appear to be written to hypothesize use cases for occupancy data
What’s your point exactly?
This might explain why the dining hall collected occupancy data in the first place and it is a reason why occupancy sensors can be very useful, especially when there are legal limits on occupancy.
Maybe the venue has a heat sensor one can tap into.
Yea, but that does not tell you how many people are someplace at any given time it just tells you the maximum number legally allowed.
Disappointingly, he doesn’t seem to have made his code available.
Check out esp32-paxcounter on GitHub.
I made similar code for a hacking camp badge in Luxembourg (Haxogreen), where each badge was displaying the number of other bluetooth beacon badges a nearby distance, the code is here:
https://github.com/zoobab/fri3dcamp-simpleble/blob/master/display-number-neighboors.ino
Where was he expecting to stash a box full of wires (according to whoever finds it) that won’t get a bomb squad called?
this stuff is super easy to hide actually, my personal favorite is on top of ceiling mounted projectors, as there is an outlet in the ceiling available for power, and if it looks generic enough, it gets left alone! also the backside of a removable ceiling tile is great !
just stick it in a garden light with a solar panel and place it behind a bush.
doesn’t have to be inside the building. that said i’ve found extremely dusty ledges, edges and corners at many a place. it makes me always wonder how there aren’t more crappy little sbcs doing all sorts of semi-nefarious nonsense just hanging around with how thick the dust often is.
How do you know there aren’t more but hidden in dusty little corners you’ve not spotted yet?
Design and print a case, to make the thing a wallwart. Find some out of the way, seldom used wall outlet and plug it in.
For bonus points make it a wallwart with one of those little tabs that the screw in the middle of the plate goes through to lock it in place. Even most curious people will just assume it is supposed to be there and leave it be when they see it doesn’t just pull out.
For even more bonus points gather some dust, bring that along and give it a good dusting once it’s in place so it looks like it’s been there forever.
Don’t think you can get away with all this?
Maybe things have changed. When I was in college (~25 years ago) the rule was act like you belong where you are doing what you are doing and nobody will question it.
Do show up dressed like you are at work if you do this. Jeans and a t-shirt or button-up depending on the time of year are probably fine in a college maintenance environment. Show up to do this dressed like an on-campus freshman in jammies, shorts, tank tops, etc.. would be a bad idea, asking to be brought to the campus police for questioning regarding your device’s explosive potential.
I feel like this should be obvious but then… people do strange things!
I’m not giving anyone bad ideas am I?
If you actually do want to leave an explosive or other harmful device the procedure is much different.
First, find an out of the way contained location with no one else present.
Go there, bring your device along.
Now this is very important… activate it here!
Don’t worry about the rest of the steps, they will take care of themselves.
If there is some permanent equipment nearby such as refrigerators, soft serve ice cream machines, whatever… observe who the manufacturer is. Design their logo into your wallwart. Your bluetooth experiment can go for 30 years now and no one is going to notice, care or remove that thing!
You can buy a hollow wall wart like this for cheap with the power prongs in it so that you can get power from the wall. I’ve used them on projects before.
As far as installation goes, carry a clip board with some paperwork on it. It’s surprising how official people think you look when you have one.
Clipboard, high-vis, and a hardhat. Instant access to anywhere not tightly secured. For extra access, wear a button up shirt under the high-vis.
3D print a duplex outlet cover to house the board and steal power directly from the screw terminals on the outlet.
The Texas dot has a site that tells real-time speeds on the highways (at least around Houaton). In addition to the toll tags rfid, they use Bluetooth signals from passing cars, and calculating speed by tracking their number. (They assert that they don’t link those collected IDs with individual cars…. honest, cross their hearts.)
I’m surprised they aren’t using TPMS for that.
TPMS broadcast interval is too long for (very) useful tracking of vehicles. Bluetooth SSID on the other hand, spams what, every 100ms?
I suspect you could get around the memory limitations with code changes.
Forget about the hash set; the O(1) lookup time doesn’t matter much if your max size is only ~500 elements. You have a 1.60 ghz cpu on the ESP-c3 which makes it even less important. Just keep a list.
And don’t store the entire Bluetooth ID of each client you see. Just keep the last few characters. It’s statistically possible that you’ll have a collision and therefore undercount; but in a list of ~500 it’s not super common. If you really really cared, you could calculate the probability of collisions by hand and then adjust all your readings accordingly.
This. This is a classic example of overcomplicating / overthinking what is really not a very complicated application. An ESP32 should have no trouble keeping a list of thousands of clients, even with the full ID. It’s not like you have to do a scan and list traverse every millisecond. Just make a simple C array. Odds are if you define it for 1000 elements and you run out of room, you don’t want to eat at the cafeteria.
It might be possible to avoid a list completely. If the goal is to just get a rough idea of occupancy, maybe just keep track of the number of advertising packets over time. I don’t know if there is any convention for how frequently they are sent by different systems, but if there are then it should be possible to get a reasonable estimate from the accumulated count. If there isn’t, you would still probably be able to build up a good guess after tracking the counts over the course of a few days.
I wish the source code was made public.
The BT “concept” would be similar to the WiFi stuff I published years ago for ESP8266:
Ref: https://www.esp8266.com/viewtopic.php?p=56525
Please note my code was based on code published by:
// based on RandDruid/esp8266-deauth (MIT) https://github.com/RandDruid/esp8266-deauth
// inspired by kripthor/WiFiBeaconJam (no license) https://github.com/kripthor/WiFiBeaconJam
// https://git.schneefux.xyz/schneefux/jimmiejammer/src/master/jimmiejammer.ino
Sniffing Bluetooth for meta data. Who remembers the social experiment ‘familiar strangers’?
Couldn’t he just remember that it’s usually quiet at x:00?
It’s supposed to be a college campus; they’re not the sort of place where everyone has the same schedule every single day. There’s always groups meeting up on random days and at unpredictable times.
Now terrorists can determine a venue has a large enough number of people for detonation.
Yeah… but this approach to detecting occupancy has been known about and built many times by everyone. It’s not like publishing this adds any new risks.
How about just using a webcam?
A webcam has substantially greater privacy concerns than a device ID.
that would be a tad invasive…
Right? If they can do it to see if there’s coffee in the breakroom pot, we should be able to see if there are people.
Listen for heartbeats.
Over the background noise?
Classic Star Trek (TOS) (S1 E20: Court Martial) reference, for those who don’t know. Episode with a main plot point being the unreliability of electronic records, ironically enough.
looks like the PAX Counter project https://github.com/cyberman54/ESP32-Paxcounter.
Depending on what it’s logging you may run afoul of laws against keeping data the phone companies (And Google/appleSamsung/LG) legally twisted your arm to acquire.
I know that with WIFI the MAC is randomized every minute or so. in the past it was used to track customers in stores and so on, so they did it to increase privacy. I had a project to try to get occupancy with wifi and it failed completely. isn’t bluetooth the same?
When I built a system with it, BT addresses seemed to stay static for at least as long as my test sessions lasted. Worked fine for an art project I built.
A quick look at all the major OS, they each create a new MAC for each new network. So once a device connects to, and remembers the network, it won’t generate a new MAC address.
Changing it every few times units would get to be a hassle. Each change would require a new local IP address, then fixing the switching and routing tables. If Wi-Fi allowed a switch, how do you prove that you are you, and not just someone else who knows the same shared secret for 802.11b/g/n?
I understand MAC randomization on each new network. No sense advertising “my network card was made by this company in this time frame; check for vulnerabilities please!” on every packet. But I’ve never needed to turn off MAC whitelisting just to allow a new phone on my network. Add one new entry, sure; but not disable.
MACs are randomized only for scanning not for a permanent connection. If you connect to a WiFi the phone uses its actual MAC.
Not necessarily. There’s literally an option in Android per wifi network whether to randomise or not
In the EU it is considered illegal to track BT without prior and informed consent and/or without a publicly announced bylaw or official regulation. The bt- info is considered as identifying data.
There have been several lawsuits about this, about shops tracking customers, but also about crowdcontrol by local government. Both have been deemed illegal.
Would doing a one-way hash on the MACs before storing them on the device sidestep that?
It’s still PII … the bluetooth MAC address itself is essentially random, but can be tied to YOU. A hash of same is still identifiable.
Why store it at all? You’re only interested if it exists. I’m not sure what the implementation would look like, but something that requires counting of the signals without receiving data. perhaps with knowledge of a standard BT protocol, about some standard signaling. for example, you could then pulse or provide a measure for intensity of signals over some interval. In other words, more Bluetooth devices would translate to some discernable signal. It’s a physics problem but in its simplest use case it should be trivial.
In Australia, supermarkets are using BT tracking (in combination with loyalty cards at checkout, device data from online purchases/”click and collect”, in store cameras and one at each self-service checkout not only to determine user patterns for product and spending, but to target advertisements both in their apps and emails but also the more common banner ads and social media product placement ads. Printed disclaimers were added relatively recently but with the now most populated city effectively having 2 years of sustained lockdown, the damage is done. The 2 supermarket chains own the overwhelming majority of retail in the country including petrol stations, hardware stores, conventional retail – not just grocery stores.
The ship seems to have been built, furnished, boarded, and sailed off into the sunset before the EU passed their legislation.
With any radio based system (Bluetooth) you can accidentally register devices that are outside the monitored space. Building occupancy is a tough challenge to accurately quantify while keeping the anonymity of the occupants. Perhaps a solution would be top down cameras (above entrances and exits) that detect the motion of people entering and leaving the space, (which to a large degree keeps the anonymity intact) but, even this would have a problem where lines of people form, making it difficult to separate individuals. Of course the simplest solution is turnstiles that count in and out (one at a time).
I made an art project “Blatano” to show a glimpse of what people might look like to the Bluetooth world: https://github.com/leighklotz/blatano
Using Bluetooth for occupancy is not a very accurate method. Some students may just have a smartphone, others may have phones, smart watches, laptops, Bluetooth headphones, maybe even a tablet or games console too. So each student could have between 0 or 6+ Bluetooth devices on them, although it is likely to be in the 2-4 range.
There aren’t that many good ways to do it though, ideally you need to track something that will correspond one to one with a person. The most accurate method is probably using a camera but that brings about its own concerns. Peoples privacy could still be maintained if the photos from the camera were never stored anywhere, just not in RAM and then deleted when not needed, as long as the device only counts people and nothing else about them it should maintain privacy. Another potential method is to monitor the entrances and exits, if you can measure how many people are entering and leaving you should be able to get an accurate people count, again this would be best done with cameras as even line break sensors can be unreliable when multiple people walk side by side.
Google maps has been doing this with almost every public area in the nation for like a decade
Dining hall crowd tracking is an old problem. There was always a sweet spot where the crowd had died down but the desert options were still good. We used to use a combination of looking out of the window at the dining hall and polling the early eaters when they would return.
Google already tracks this for locations but fuzzes the data to 1 hour or 30 minute blocks.