That is the "Continuity Protocol". For a paper with a write-up on reverse engineering/tracking here is some stuff from last year. [1]
tldr, yes, it can be used to track individual users, but doing it at scale (like just about everything else) would be significantly more difficult. MACs randomize every 15 minutes, so that is not effective for long term tracking. Continuity Protocol allows a fairly effective way of tracking a device in a limited ecosystem, but with the expectation of large numbers of people spread over large areas, it would likely wind up being significantly less effective.
That is nice if it's doing that. I setup a shortcut so that I can fully turn off bluetooth when I leave the house, but it's a bit flaky: sometimes it works, sometimes it fails for unknown reasons and I end up having to go into settings. If this mitigation is sufficient I'll switch back to the control center toggle.
Author here- A few years ago I began writing an intro to security curriculum for my college Capture the Flag team. Since then it has grown into 4 courses, designed to be accessible to anyone. The courses assume no knowledge and build off fundamental principles so that students have the best starting point possible for a career in the field. Let me know if you have any questions!
My approach to teaching Linux and programming leans heavily on using existing resources and ensuring students get a wide base of knowledge before beginning the "exploratory" stage of learning.
Start with installing a distro of your choice in a virtualization tool, I always recommend Ubuntu on VMWarePlayer because it was what I started with. Distro/Virtualization Software doesn't matter, what matters is that you use it.
Then I have students work through Linux Journey [1] one module at a time, while being available to answer questions as they go.
Once a student has finished the LJ modules I have them play the Bandit Over the Wire [2] game up to challenge 15.
After that I usually teach Hardware and Operating Systems, but if you are just looking for general ability to do things, skip to the CyberAces Linux modules. [3]
Once you have finished those, do the CyberAces Bash Scripting module and the CodeAcademy Python [4] course and you'll have enough scripting ability to be dangerous.
From there, just keep using Linux as your daily driver and you will continue to improve, especially if you take on programming projects.
All of this can be done by yourself, but I teach a free online course on Computing Fundamentals and Security if you are interested in it being more of a guided experience. [5]
Looks like the course got a huge rewrite this year, especially the addition of Ghidra. Very interesting to see that, usually I just recommend RPISEC's course[0] but the Ghidra inclusion is huge. Great stuff.
Great job getting this in front of people as soon as possible, this is a very polished product for a beta. Nothing worse than sitting on something waiting for it to be perfect or "complete". Excited to see where you go with this!
Hey creator here, this didn't get any traction so it's pretty buried right now, but for anyone who finds this in the future, our course is a free, self-paced curriculum that focuses on foundational knowledge and preparing learners to teach themselves anything that comes after. It has about 400+ hours of work in it and while designed for beginners with no assumed knowledge, has a lot to offer anybody no matter how long they've been around computers.
tldr, yes, it can be used to track individual users, but doing it at scale (like just about everything else) would be significantly more difficult. MACs randomize every 15 minutes, so that is not effective for long term tracking. Continuity Protocol allows a fairly effective way of tracking a device in a limited ecosystem, but with the expectation of large numbers of people spread over large areas, it would likely wind up being significantly less effective.
1. https://www.cmand.org/furiousmac/popets-2019-0057.pdf