Hacker News new | past | comments | ask | show | jobs | submit login
Apple’s Find My network now offers new third-party finding experiences (apple.com)
147 points by anaclet0 13 days ago | hide | past | favorite | 81 comments





Seems unlikely but I’m very hopeful about Apple sneakily creating the world's largest mesh network. Slowly, but surely adding functionality to the mesh.

First, tiny packets piggy- backed through wifi/wireless carriers. Seamlessly sharing wifi passwords with friends.

Next, peer-peer downloads without any network. Specifically for sharing public, location sensitive, and cacheable data through UWB without any network involved. e.g. Apple Maps, Weather, News, Offline Translations, Stocks.

It seems even less likely Apple would expand the capability further, but maybe.

I hope they don’t open up the API though, or do a crazy good job to bake in privacy. It’ll be too easy to track people near each other. I’d be ok with an app permissions model of Wifi/Data XOR Mesh Data Transfer.


> Seems unlikely but I’m very hopeful about Apple sneakily creating the world's largest mesh network. Slowly, but surely adding functionality to the mesh.

In your hypothetical, I'm curious how you'd see this comparing to Amazon Sidewalk in size?


Disclaimer: I work at Amazon, but not at all related to Sidewalk, or devices.

Amazon seems to be roughly in the ballpark of 1 BB devices sold based on [0] and [1]. Meanwhile, Apple seems to be in the ballpark of 3 BB devices sold (iOS + watchOS + macOS).

> I'm curious how you'd see this comparing to Amazon Sidewalk in size?

Their future growth curves (regarding devices "in the wild") are not very clear to me. Although, it seems to me devices stuck in homes (i.e. Amazon's), will be less effective at finding lost items, transferring data, etc; compared with devices that locomote with their humans (i.e. Apple's).

Ideally, I hope they create a standard and create a single giant network. After all, Ring data eventually needs to hit an iOS device.

Note: These are all legacy articles, so I did a reasonable projection. I'm probably overestimating for Amazon, and underestimating for Apple, but I have no idea.

[0] https://www.vox.com/recode/2020/1/21/21070402/amazon-ring-sa... [1] https://www.businessinsider.com/amazon-reveals-alexa-sales-2... [3] https://appleinsider.com/articles/18/09/13/how-apple-has-hit...


Am I missing something or is this potentially causing me to get charged for nearby people's traffic on my connection in your described future end state?

You've typically already cached the data.

e.g. Driving around a city. Many people have Apple Maps open, to navigate, and the maps data is already downloaded on Phone A. When Phone B starts Apple Maps (or auto-load it without opening the app) transfer the data from Phone A to Phone B (instead of using A or B's network). Continue the propagation for all phones C through Z. Eventually refresh Phone B's data through the network, transfer the data to Phone A. Its a symbiotic relationship for all the neighboring phones.

e.g. Traveling to a foreign country. Staying at a hostel/hotel. You need to download Offline Translations for "English to X". Someone else at the hotel, Phone A, has already downloaded it. When Phone B requests to download it (or auto-refresh it), Phone B gets the data from Phone A (without any online network access). Again symbiotic, because Phone A could have gotten it from some Phone Z, or downloaded the same data it would normally have.

The same types of scenarios work for Yelp style reviews and menus, Weather data, App downloads, etc. Any data that is public, location sensitive, and highly cacheable.

You could think of it as turning every iOS device into a Torrent seeder for certain data sets.

At most each phone is paying some extra battery life. Likely negligible given its just data transfer over UWB/BlueTooth, and made up for by using less battery life because of less network access at other times.


I would hope Apple would work something out with carriers to be able to mark this data not originating from your phone to be free somehow... but I haven’t heard anything about it.

They have total control over their OS they can do whatever they want until they cross the line and someone sues them.

I forget, does Apple and SpaceX get along? Seems obvious.

I feel like the lack of CarPlay on Tesla says no. But I have no actual idea.

They also don’t support Android Auto.

This platform expansion looks like it’s laying the groundwork for the launch of Apple’s own long rumoured Tile competitor

This ^. Apple is not doing this out of benevolence. They don't to butt up against EU regulators and US courts. These are what I call "lawyer features"

No, this is literally about about locking people even further into a closed ecosystem by increasing its utility. (And I say this as an Apple fan.)

From the business perspective, Apple probably doesn’t care about selling the tags, the real value is in making the iPhone experience better. So if a user buys a tile tracker and it works better on iOS because of the iPhone network, that’s a win for them.

They don’t have to wipe out tile.


Yeah, Apple doesn't seem to have much interest in selling little plastic tiles to people.

They've avoided selling their own HomeKit gear, they're licensing AirPlay to be put in TVs so people don't have to buy AppleTVs, and they stopped selling routers long ago. Even when it comes to dongles which everyone thinks Apple loves selling, they have a meager selection and have outsourced many of them (e.g. they don't have a first-party USB-C Ethernet dongle)

With the MFi Program, they still make lots of money on third-party products, without all of that costly R&D and support on their own end.


I have to say that the dongles situation for iPads is so much better on USB c. The apple adapters cost a fortune compared to the USB c versions.

I was blown away when I plugged a full laptop USB C hub in to my iPad Air 4 and was able to use a USB keyboard, mouse and hdmi out.


But it will wipe out Tile, unless I am missing something. Apple's solution would instantly make all iPhones into tag detectors, which is a vast improvement over the current Tile situation where only Tile customers' phones are tag detectors. Seems like the only answer for Tile is to get integrated with Apple's solution.

> Seems like the only answer for Tile is to get integrated with Apple's solution.

Tile is planning to use Amazon Sidewalk: https://www.thetileapp.com/en-us/blog/announcing-tile-joins-...


Tiles main business model is selling the hardware. They can sell an apple compatible version which will work incredibly and light years ahead of their current product, and then keep selling the base version for android users.

[dead]


This comment is so confused that I'm really not sure what point you're trying to make beyond trying and failing to insult people. But just in case this wasn't just the cat walking across your keyboard: yes, it's possible to be a fan of something that provides infinitely more value than the alternative while simultaneously not being perfect. I can't think of anything that _is_ perfect and has fans.

The rational thinking part of my brain says Apple provides more values for money than competing options, in the real world I live in.

The ability to build on this seems to be limited to those in the MFi certification program. Likely means you can't roll your own, at least until third party chips/components that are certified become available for integrating into small-scale hardware projects.

Still, quite excited for new consumer accessories to support this.


Apple’s guidelines for whether or not you need to join MFi: https://mfi.apple.com/en/faqs.html

To build on this for other than personal use, you would either need to purchase Find My microchips from someone who is in the MFi program, or you would need to join the program yourself if you intend to produce your own microchip implementation of Find My.

For personal use, Apple truly doesn’t care.


I haven't tried this, but I did bookmark it in case I want to some weekend:

https://github.com/seemoo-lab/openhaystack

"OpenHaystack is a framework for tracking personal Bluetooth devices via Apple's massive Find My network. Use it to create your own tracking tags that you can append to physical objects (keyrings, backpacks, ...) or integrate it into other Bluetooth-capable devices such as notebooks."



Yeah - probably where I bookmarked it form...

Thanks for clarifying. That's good.

Btw, your link didn't work for me, but I was able to find the page here: https://mfi.apple.com/en/faqs.html


Fixed

Why hasn't Google or a large Android manufacturer been doing this for years?

BLE is not that young and and the contract tracing thing was executed extremely quickly and on the same technology (afaik, please correct).


Why didn’t they release their version of airdrop for almost a decade after iPhones had it? Google just doesn’t seem to care about these conveniences.

Aren’t most android phones still able to share files via Bluetooth? I thought that was the whole shtick of android back when people actually compared the two platforms.

Comparing Bluetooth file share to airdrop might sound right on paper but the real world experience is very different. BT file share never worked consistently, was super slow, requires pairing the 2 devices together and a whole bunch of other annoyances. Android beam attempted to make the initial setup more convenient but I found it hard to get the phones lined up to initiate the transfer. Android now apparently has a direct airdrop clone which should work well

Yes they are.

I’m not completely certain if some of the large android OEMs would get the same level of buy in with third parties.

Google would be best placed to present an open standard for android, at the risk of fragmentation or segmentation by the OEMs

Samsung seems the logical candidate to have the capability, on account of their broad broad product lineup.

That said, I’m not certain if Samsung has intentions to foster the association between their products and smaller companies in the eyes of consumers, like Apple does with its MFI program. Additionally Apple is quite happy to present products from companies it likes in their stores, something from my understanding which Samsung doesn’t do.

I see this feature becoming quite a common sight on higher value 3rd party products targeted towards the iOS market, at least initially.

If the “Find My” network, becomes popular among 3rd parties and customers, I suspect that any similar system that an android OEM or Google comes up with will have to be broadly similar in implementation to ease integration. Simply because they may not have the clout to get third parties to keep a special SKU just for your equipment.


It's not even that complex, just keep a hash of position fixes and MAC addresses and overwrite it occasionally. I could probably hack something "good enough" on my pinephone in under an hour.

There's the global network where everyone is sharing fixes though... oof I don't really even want to be part of that.


It's not complex to code a proof of concept good enough to check assumptions with a possible implementation. Now, for the implementation and roll out as a product you would be probably months to years away.

Why we developers like to be so optimistic about our own creations? I can definitely hack a lot of PoCs in short time if I don't have to care about security, other users and so on, the moment you start to introduce the real world into your little PoC is usually when a hack that took 1 day explodes into a months-long project. And for good reasons.


Last time I looked into this, Apple actually used quite a bit of clever crypto engineering to protect user privacy. It's not just a big database of locations that Apple keeps.

The "find my" program is interesting to me because, for the first time (as far as I'm aware) it uses your devices to provide utility to Apple (to resell).

They remain serious about privacy, but there's still something invasive about it I think they've never done before and always seemed implicitly positioned against.


Does it matter if they now know where my bike is parked, given that they already know where my phone is (i.e. I am) at all times?

Meanwhile, I agree with you. It would be nice if Apple (or anyone) didn’t have this type of location information about me. However, it seems that ship has sailed and 5G + mesh networks will make it even more precise.


They don't have that information about you. From the bottom of that page:

"The Find My network extends these capabilities by locating missing devices even if they can’t or don’t connect to the internet. The Find My network is a crowdsourced network of hundreds of millions of Apple devices that use Bluetooth wireless technology to detect missing devices or items nearby, and report their approximate location back to the owner. The entire process is end-to-end encrypted and anonymous, so no one else, not even Apple or the third-party manufacturer, can view a device’s location or information."


End to end encryption only stops Apple from seeing the location while it's moving "End to end" on each end, the Find My app itself or other device features almost certainly leack this information to Apple or it can be gotten through trivial effort if Apple wanted it.

Do you have any supporting evidence for these claims?

Well for example, it is well documented that although their messages in cloud feature is "end to end encrypted", as soon as you enable icloud phone backups, apple has access to all your messages. A similar issue likely arises with this.

Are you asking me if "End to End encryption" protects the data while at rest on each end?

If yes, please do your research on what that term means.


No no! I'm very aware of what E2E means, etc., I'm asking if you have supporting evidence for this statement:

> the Find My app itself or other device features almost certainly leack this information to Apple

I asked if there was any evidence pointing to this leakage, I'd like to know if it's happened before and I'm unaware of it.


I can't seem to find traces of the original statements that went into much greater detail, but there is one case that sticks out, that of an Australian teen who accessed an internal system at Apple through unauthorized means and was on a Mac while doing so: https://www.theage.com.au/national/victoria/melbourne-teen-h...

The statements i recall strongly indicated that Apple was aware of many machine identifiers which would have been impossible to log otherwise such as the serial number of the system itself and other such revealing information.

If that is not convincing enough, there are plenty of tales of proprietary, unexposed APIs within the Apple stack itself that "ping home" with sensitive device information, the most recent example being one where any executable on a mac was deliberately blocked (a bug) until validated on Apples end.

If you are looking for a smoking gun, i'm afraid, i cannot provide that, and i apologize if that's what you took away from my comment.

On the other hand, as someone who understands software and the systems here, you may draw your own conclusions, given the two examples above on how hard it would be for someone at Apple, with a bit of motivation and access to do precisely this, ie, derive the information (inferred or direct) about device location through the find my app or other deeper layers of the stack where its stored, or, use the find my network to find devices such as MacBooks that they suspect were involved in activity their security teams dislike.


Apple controls the app, the network, and the devices that gather the location information.

It seems like in order to show me where my missing item is, they have to be able to determine my device’s information. They might claim to choose not to do that correlation until I open the app and go looking, but once I do, it seems obvious that Apple can tell where my device is (in order that they can tell me where it is in their Find My app).


The "device information" is likely an opaque ID, and the "location" will likely be encrypted using an asymmetric key-pair set up during the pairing process, so the only thing capable of decrypting the location will be your phone.

The part you're correct about is that as they control the device, there's nothing saying they can't build a backdoor into it that reports the information (ie. location) back to them once it hits your phone. And we're also taking it on trust that it works the way they say it works, as it's not open-source.

But as someone else commented, eventually you have to trust something.


The realistic threat likely isn’t a designed backdoor, but some late-stage bug (especially if server-side) that caused part of the E2E encryption or privacy story to get punted. Who would really block ship on that, esp. with hardware impact?

The way it works is that the location is encrypted with a key that is only on your device, same as iMessage. So they can't directly decrypt that info.

It's possible in theory they could add hooks into the OS to then do that next time you use the key (e.g. effectively a baked in backdoor) or maybe in some cases the key can be extracted from an iCloud backup or similar (I'm not 100% sure how those keys are stored, but it's likely detailed in their security documentation) but in general the service itself cannot see the encrypted device location.


This is of course true but at some point you have to pick your battles. There is no FOSS product which does this and there probably never will be. And it’s not in Apple’s business model to try to collect this data.

I don’t think that’s what the parent comment is referring to (Apple knowing, and they might not have that capability anyway).

Find My-tracked devices emit a Bluetooth chirp. If any Internet-enabled iOS devices hears it, it forwards to iCloud/Apple backend.

I can lose a WiFi-only iPad, and it can be fully off any WiFi connection, and still get a ping on its location if its Bluetooth chirps get relayed by a stranger’s iPhone.

This exists now, for i.e. the offline iPad example. This larger launch extends the Find My network to a new class of Internet-less, long battery life tag devices.


i’m hopeful that UWB means that this can be shifted off bluetooth/wi-fi/cellular for security and privacy reasons eventually. then you could have those other wireless networking technologies toggleable independent of the find my functionality.

They've been doing this with WiFi since forever (that's how ipod touches had such accurate geolocation despite IP geolocation being accurate to a municipality level at best.)

It provides value to Apple by providing value to users. As a user I want to find my lost stuff, Apple now lets me find my stuff without any real cost to me to do some passive scanning.

And it does so using devices it does not own. In a hypothetical case I might be receiving value that is created using your device. I think that's okay, but fairly new ground for Apple (besides perhaps Wifi mapping?).

What I'm unclear about - does find my find and relay info about other people's stuff with your phone?

Yes, and your stuff through their devices, privately. https://www.wired.com/story/apple-find-my-cryptography-bluet...

The part here is:

"A nearby stranger's iPhone, with no interaction from its owner, will pick up the signal, check its own location, and encrypt that location data using the public key it picked up from the laptop."

This dialog makes it unclear whether the stranger has agency to turn this on or off.

My definition of privacy includes the ability to have NO traffic, while apple has a different definition.


> This dialog makes it unclear whether the stranger has agency to turn this on or off.

I believe they do.

Looking at my iOS 14.5 settings, I can (1) turn off Find My completely, (2) turn off "Find My network" to opt out of the Find My network, and (3) turn off "Item Safety Alerts" that tell you when an unexpected item is travelling with you (and possibly being used to track you).


This sounds cool, but does it make sense?

“It uses just tiny bits of data that piggyback on existing network traffic so there’s no need to worry about your battery life, your data usage, or your privacy.”

How do you piggyback on existing traffic without increasing it?


For example, by having a queue that only gets sent when you were going to send something anyway. When you have tiny bits of information, you're getting into the space where setting up the connection, starting the radios or getting them to an active power level is more taxing on the system than the actual sending of the payload.

"No need to worry" doesn't equal 'zero bits transferred', but more like 'so little the impact is immeasurable to you'.


It does increase traffic but probably not extra sockets/processes which is why they say battery life isn't an issue.

There could be segments of the packet that are sending null data that can be leveraged.

You can queue and hold the data until your phone was already going to wake up to transfer something which reduces the wake ups. And it’s such a tiny amount of data being sent it probably wouldn’t total 1mb used in a year.

I'd love to chip a bunch of my belongings (camera, keys, ...) with this right away, but it seems there is no way to do that so far. I hope someone will release a product to do this; I doubt it'll get adopted all that widely otherwise. Not that many people are into Van Moof bikes.

The linked Apple press release mentions (and links to) the Chipolo One Spot tag https://chipolo.net/en

I was super excited to buy it, but alas, it is not available yet.

Reminded me of this recent HN submission - https://news.ycombinator.com/item?id=26342504

I always wondered why it is possible to simply switch off a stolen phone. If it would require the PIN to switch it off you have the remaining battery time to find your phone.

It would be better if iPhones embedded the airtag tech so on a flat battery, you would still have about a year of tracking time via airtags. Also the power button hold overrides the OS so you can shut down a frozen OS

Would love this on AirPods too

Even if there were a PIN code to power off regularly, you could always force cut the power (like pressing power for 10s on a computer). I think this has to be possible by law for emergencies.

Requiring a pin to switch it off might just cause someone to invent a device that can be inserted into the Lightning port to cause a shutdown without affecting the for-parts resale value of the phone. (For example, the device could cause a short circuit or apply an unexpected voltage, causing the power controller to shut off power to the device.) If the attacker has physical access, there's not much you can do.

Here's an easier way - dump the phone in a freezer or ice pack.

Wow, just learned this has an anti-stalking feature, which notifies you if a tag has been found in your vicinity and appears to be following you around. [1]

However, you only get a notification if you have an Apple device...so it's still possible to stalk someone using this technology if they're on Android.

1: https://youtu.be/kEhtM7YGSQc?t=656


I just don’t trust this type of thing. I know that supposedly there’s privacy and such. But I don’t trust big tech any more.

Once these tracking devices become small and cheap enough, secretly putting them on people is the next logical use case. This will be a stalker's dream come true.

One of the advantages of these being in Apple's ecosystem is that Apple will warn you if a tracking device that doesn't belong to you appears to be on your person.

Looks like Tile is toast... Google/Nest acquisition perhaps

I wonder if they’ll integrate with things like Milwaukee’s OneKey



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: