
How to Track Your Kids (and Other People's Kids) with the TicTocTrack Watch - Digit-Al
https://www.troyhunt.com/how-to-track-your-kids-and-other-peoples-kids-with-the-tictoctrack-watch/
======
markovbot
What frustrates me is that the people built, marketed and sold this thing will
likely face zero consequences, or at best maybe some minor monetary loss.
There's literally no reason not to keep doing this.

~~~
tcd
Yup. These days the law doesn't really factor in the consequences of
code/programming as it's almost impossible to legislate that.

For example, you could run NPM update that installs a malicious package that
is somehow able to connect to your MySQLD and access all the tables (that
contain geolocation information on children) and execute a cronjob to perform
a query to backup the .sql data and upload it to a remote server.

There would be 0 consequences legally for such an action (or development would
cease to function entirely).

Besides, how is knowingly storing GPS information on children acceptable? They
can't consent, so maybe it's time to apply that to things like geolocation as
well.

Code has no consequences, because law makers likely don't "get" what that
means. You may think it's just $GPSOfALLChildrenInTheDatabase but that
variable can cause _actual, real harm_ to humans.

There's totally a disconnect.

~~~
dcbadacd
Why can't we legislate that getting owned by npm is your own fault?

Driving a car that hasn't passed minimal safety and status checks in many
European countries is forbidden, why not forbid the use of stupid package
managers?

~~~
dwild
You realize that a car is much more dangerous than a GPS location right?

A package manager is just that, a package manager.

Legislate as much as you want over software where live are in dangers, sure. I
would be happy to see legislation over software like the one for the
Therac-25, but legislation over package manager? Yeah no...

You also want to add minimal safety laws over shoes too?

~~~
dcbadacd
You realize it depends where and why the GPS location was collected? For
example the GPS location leaked by a gay dating app in certain countries means
certain death for the person.

~~~
dwild
Wow you were quick to read and comment. I updated it before seeing your
answer.

Sure it depends, which is exactly the point that I meant. A package manager is
a use case pretty large.

You wouldn't have the same safety requirement over both shoes and cars, thus
the same apply to software.

~~~
dcbadacd
Indeed, a piece of software needs to be looked at in proper context, but that
doesn't mean we should continue with the current wild west - if you sell a
piece of software why shouldn't there be authorities that monitor the software
not to be malicious? We have alcohol licenses for example, why not have the
same with software?

------
raehik
"UK agent for Gator said that they didn’t have the money for security, as
otherwise they couldn’t afford a staff Xmas party"

I love this.

~~~
bspammer
It'd be pretty difficult to hand-craft a worse PR statement than that.

------
k2enemy
_Never mind that far less kids go missing today than 20 years ago and there 's
much less chance of them being hit by a car, circumstances are such today that
parents are more paranoid than ever._

One could easily take those statistics as evidence that parents' paranoia is
effective, not that the dangers have decreased.

~~~
djsumdog
Hadith wrote a book called The Coddling of the American Mind that shows this
is really not the case. Crime and abductions were going down long before the
Internet era and the era of modern helicopter parents. Most of the fear around
these very uncommon events have made parents tether their children today and
restrict their free play. This in turn can affect how they form bonds, make
friends and view the world.

He makes the argument this is why college campuses today are a bit mad, with
students unable to deal with speech and ideas they don't like, labeling it as
hate speak and calling on condemnation and suppression of free though.

~~~
k2enemy
Thanks for the pointer to the book. For others interested, the authors are
Greg Lukianoff and Jonathan Haidt.

For what its worth, I agree that parents are overprotective to the point that
it hurts children's development. I let my kids roam more than most (from what
I can gather) but I do live in a fairly safe area.

------
wobbly99
There is an application for these devices if they are implemented securely:

Adults with dementia or significant cognitive decline who wander and get lost.

~~~
aoro
By that logic pets and livestock as well, but I'm sure this exists already.

~~~
ceejayoz
Pets frequently have implanted microchips, but for identification purposes,
not live tracking. I suspect folks offer GPS trackers for pets already.

Lifestock you can typically afford to lose a couple of.

~~~
samatman
"afford" is relative. If a tracker is cheaper than the expected loss value
(replacement value X percent chance of losing an animal), it makes sense to
track.

------
pseudolus
Technology sure has changed. I remember when I was a kid, if my parents wanted
to keep track of me they would just tie me to a radiator. Happiest day of my
life was when they bought a 50 foot extension cord - opened up entirely new
vistas. Good times.

~~~
sagebird
If this is sarcasm it’s a bit dark and that is fine, otherwise I want to give
you a hug because this makes me very sad.

------
ngngngng
I've got to be missing something. How difficult is it to implement secure
authentication to the server that has access to the database? Am I just doing
it wrong? Because it doesn't seem overly difficult to me to secure my web
services.

~~~
Jach
There are many so-called software engineers who respond with some variant of
"no one knows about it but us, so it's fine". It's not even security-through-
obscurity, as no particular efforts are made to obscure the resource, just
that no particular efforts are made to publicize or document it and thus
"that's good enough security for MVP".

~~~
welcome_dragon
I once worked with a solutions architect who said things like "so? There are
laws against people accessing this illegally. We don't need SSL"

------
esilver
We’re living in a moment in which the Shenzhen industrial complex can give us
technical wonders at very low material cost. The total social cost, however,
is still being measured.

------
mcintyre1994
Seriously, read this article - it's way way worse than tracking. You can forge
where the kid is on their parent's view, you can take over the SOS button
(that it sounds like should call their parent's phone), you can send a text or
voice call with zero interaction that claims to be from their parent.

------
angel_j
This is a perfect example of how our implementation of the basic web is
incomplete.

Any informed person, given the choice, would absolutely want that data going
directly from child to parent, with no web service, accounts, analytics,
cloud, nothing. And when such a thing finally does hit the market, it's going
to be through a vendor/device lock-in, or a supposedly secure silo'd
infrastructure, instead of a simple protocol that let's us develop actual P2P
applications.

It's really a simple fix, it would kill off a ton of bad companies, or change
their economics, and would open up web development to a whole new paradigm.
Somebody please...!

[https://medium.com/@blancax/fix-the-internet-with-this-
one-w...](https://medium.com/@blancax/fix-the-internet-with-this-one-weird-
trick-b982f76761a0)

------
jordanpg
There's an entire episode of Black Mirror devoted to exploring a dark
potential future of this sort of thing:

[https://www.vox.com/culture/2017/12/29/16791518/black-
mirror...](https://www.vox.com/culture/2017/12/29/16791518/black-mirror-
arkangel-recap-season-4-review)

------
jwr
I looked at these devices a while back, and decided that they are a security
risk that I can't accept. In a way, I am glad to have been proven right, but
that doesn't make me happy.

I plan to build my own device of this kind for my child, using components I
control to a reasonable extent and software that I write and understand. No
external services.

I find it somewhat sad that entire categories of devices are off-limits
because I don't trust the companies (for good reasons): I have similar plans
for home lighting and other home automation, because every commercial device I
see is a disaster in terms of security, trust, longevity and reliability.

------
djsumdog
I'm half way through The Coddling of the American Mind and just got through
the chapters on children and free play.

When I was a kid I had to take the school bus, but there were many kids who
were close enough to our elementary school that they could just walk. One year
my homeroom class was next to the back gate and a teacher forgot to unlock it,
so we got to laugh at like the 15~20 standing there who couldn't get in (an
announcement was made to let the walkers in without a later slip).

I wonder if that would even be allowed today. There was an article on here a
few months back where a Canadian got into trouble for letting his kids ride
the city bus alone (there were three of them; they always rode together and
they were carefully taught the routes and how to backtrack if they missed
their stop).

Although I disagree with some of the stuff in his book (he likes to blame iGen
and play the fake generational gap game), the free-play time stuff is
alarming. There is value to handing out with your friends, without parental
supervision, without a phone or tracking device, and building that trust that
you will come home by x pm.

This tracking of kids and not letting them out; is it mostly an
American/Canadian thing? The article mentioned Germans and these tracking
watches, but I remember even as late as 2013, I'd often see heaps of school
kids waiting for a tram or a city bus in Melbourne on their own. In New
Zealand I'd often see primary school kids walking home or taking a city bus if
they missed a school bus (which were just city buses with a "school" sign
attached to them).

It'd be interesting to see freeplay by country. I kinda do agree with people
like Hadith and Sam Harris who suggest kids should only have flip phones until
they start high school.

~~~
rootusrootus
Are you wondering if kids are allowed to walk today? Yes of course, though the
school won't generally release Kindergarteners to walk home by themselves.
Can't stop parents from deciding to send them to school by themselves though.

Source: I live a few blocks from the elementary school and have two kids going
there. Lots and lots of elementary kids walk to & from school without parents.

------
SamuelAdams
We need a new board for certifying IoT things. Something like the NTSB but for
non-phone / laptop / desktop (non-standard?) technical gadgets.

Otherwise these incredibly insecure devices will continue to be manufactured
and sold.

~~~
snaky
They will continue to be manufactured and sold uncertified then.

~~~
WrtCdEvrydy
Nah, make it required like FCC certification, and make the uncertified mark be
a poison sign.

~~~
snaky
How many cheap electronic devices at Amazon have a non-fake FCC certification,
what do you think?

------
mattrp
$209 for junk....when a perfectly good series 3 aw can be had for $199

~~~
Someone1234
*$379. The $279 Series 3 doesn't have cellular which is core functionality for this use-case.

~~~
rootusrootus
And even if you have the LTE version you still have to pair it with an iPhone.

Tried to explain this to my 8-year-old last night as she was fuming about not
being allowed to have my old AW. So many reasons, none of them at all valid to
a child that age :)

------
ChrisCinelli
Reverse Engineer them, create a secure software for them could be a fun
project for a hacksaw :-)

------
Sir_Cmpwn
It really saddens me to see a culture where parents feel like they have
_ownership_ over their children. Children are _people_. They ought to be given
autonomy over themselves, their proprerty, and their privacy. Helicopter
parenting is profoundly psychologically damaging and should be illegal. It's
child abuse.

~~~
leokennis
I totally get your point. However, losing track of young (1-4 years) kids in
IKEA or an amusement park is a very real thing. Not using “new technology” to
mitigate this issue seems like a waste.

~~~
mgfist
I'd go even further in the opposite direction than other responders and say
this can be a good thing. Your child getting lost in ikea is a safe way for
them to learn the dangers of getting lost and also a safe challenge to
overcome. Similar to how falling and hurting yourself in a playground is a
safe way to test boundaries and experience challenge.

Imagine you're 5 and you get lost in ikea and get scared to death. Nothing bad
will happen because it's ikea, but you'll learn that getting lost is
terrifying and you will be a lot less likely to do it again.

Kids need to be safely challenged, or else they won't know how to respond to
it when it happens for real. Not having challenges makes kids narcissistic and
lowers their empathy. Helicopter parenting is turning our kids into the worse
kinds of people.

~~~
wccrawford
IMO, the problem isn't "the kid got lost in IKEA". The problem is "the kid was
abducted in IKEA".

We've got pretty good systems in place for dealing with kids who are merely
lost. Dealing with kids who are abducted is another story, and a tracker
definitely helps there. It's a sad reality that we have to worry about that
situation still.

~~~
Sir_Cmpwn
No, we don't have to worry about this situation, and using them to justify
this technology is wrong.

Child abduction by a non-parent is exceptionally rare. Each year there are
around 200 of them, of which 90% make it home safely. That means that your
child's risk of being abducted is about 0.00027%. That's absolutely no basis
to justify this awful technology on, and no reason for you to worry as a
parent. Not to mention: the abductor could just take your spyware watch off of
the kid.

source: [https://www.fbi.gov/file-repository/2016-ncic-missing-
person...](https://www.fbi.gov/file-repository/2016-ncic-missing-person-and-
unidentified-person-statistics.pdf/view)

~~~
zestyping
I'm trying to understand how you got 200 from this report. On page 2, I see
this paragraph about the Missing Person Circumstances (MPC) field in their
database:

"Of the 647,435 records entered in 2016, the MPC field was utilized in 315,995
(48.8%). When the MPC field was utilized in 2016 entries, 303,237 (96%) were
coded as Runaway, 2,107 (.7%) as Abducted by Non-custodial Parent, 303 (.1%)
as Abducted by Stranger, and 10,348 (3.3%) as Adult - Federally required
entry."

So it looks like one should take the number 303 for "Abducted by Stranger" and
perhaps, since only 48.8% of records had this field populated, extrapolate to
about 620 cases. Does that sound right, or should it be 200 based on a
different reasoning?

Of course, 620 cases is still a pretty small number. I just wanted to
understand where your numbers came from. How did you get the figure of 90%
making it home safely, and how did you calculate the probability of 0.00027%?

~~~
Sir_Cmpwn
Actually I have to admit that I originally wrote my numbers based on a random
article I found which summarizes this source:

[https://www.creditdonkey.com/kidnapping-
statistics.html](https://www.creditdonkey.com/kidnapping-statistics.html)

Then I went to the source to verify that the information was there, but didn't
re-run my numbers. I apologise, that was lazy and misleading.

~~~
zestyping
Oh, okay, cool. Thanks for clearing that up! I just happened to dive in
because I also believe the panic about abductions by strangers is overblown,
and wanted to be able to quote numbers with confidence.

------
janpot
Good, teach children they're being tracked as early as possible. Turn them
into good citizens of the surveillance state. Maybe we can share the data to
some advertising companies, to improve their ads experience throughout the
day. Turn them into good citizens of the consumerism state.

Edit: I'm sorry for the sarcasm, these kinds of products make me very sad.

~~~
jak92
Surveillance cameras everywhere are bad enough, now we want to bug our
children? This madness needs to end.

Watched people are not free people.

~~~
gregcrv
Surveillance cameras are already in most infant's rooms and even sometimes
cribs.

~~~
huehehue
That's a bit of a special case. Infants don't understand the concept of
privacy, and you're not ruining a baby's future childhood by keeping an eye on
their breathing via private video feed. You can't really educate an infant
into not spontaneously dying so they sort of need constant surveillance until
they can think and speak on their own.

~~~
noarchy
>Infants don't understand the concept of privacy

I'm not sure this is limited to infants, though I realize it isn't an apples-
to-apples comparison. People don't realize how they're being tracked by the
devices they carry around, or the kinds of data they're willingly giving up.
And even if it is explained, it doesn't seem to sink in that there is a wide-
open window into their lives through which certain entities can easily peer.

------
Someone1234
This is a political article. If you're interested in the technicals read this
linked one instead (far shorter, and actually talks about the technical
problems in detail):

[https://www.pentestpartners.com/security-blog/tic-toc-
pwned/](https://www.pentestpartners.com/security-blog/tic-toc-pwned/)

I think the mods should leave it pointed to the Hunt article since seems
people want to discuss the politics more anyway.

