As a user, I'd love the option to decide whether I want to help in this system or not. Similar to how I can opt-in to sharing analytics with Apple.
I just might help out. But the idea that by owning an iPhone I'm automatically opted into this and I can't (temporarily) disable it is concerning. Especially since the feature to alert users of the possible privacy invasion outlined here, seems to not yet be working as advertised.
It's unclear to me if the "Participate in 'Find My Network'" option is what I'm talking about. But I also don't remember being asked about this at any point.
Yeah, the 'Settings > [Name] > Find My > Find My iPhone > Find My network' option will turn the collaborative tracking off. But yeah, it's buried, poorly explained, and an opt-out rather than an opt-in.
"Find My Network: Participating in the Find My network lets you locate this iPhone even if its offline"
So in fact there is no option (there at least) to opt out of finding other people's AirTags unless you also want to opt out of finding your own iPhone, at least as stated.
Which is entirely fair, don’t you think? If you want to make use of the ability to find your phone while it’s powered off, you should help others to do the same.
Or is it the airtag functionality specifically that’s bothering you?
You can still have traditional Find My- the one where your phone connects and tells Apple where its GPS is. This switch is specifically for the networking, which allows other devices to help out when your phone is dead or otherwise not connected to the internet/gps.
If you were known to be the only person who frequents an area, then an adversary's Airtag planted there getting updated would notify them that you were present.
That's a terrible analogy. I don't allow android devices to use my "ios roads" as it is. Why does it matter if i don't want airtags to mooch off my network? It's not like airtags are providing their share of network back to me.
It is a network effect. Because people buy and use AirTags, they turn on their FindMy, which in turn benefits you when you want someone to find your own iPhone.
Everyone interested in finding their lost or stolen iPhone already turned it on. AirTags will bring up another small percentage of people. The sum of everything available to you, means you have this small price to pay to be part of it: contributing to finding stuff for others.
> While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
Not something a regular dude off the street will be doing any time soon. =)
That's because it's using the same "network" to track both. It wouldn't make sense to turn one off an not the other. When your device is offline it's acting just like the AirTags and pulling info from other nearby iphones.
Wow, so you can actually find the settings through two routes, I didn't know that but it makes it even easier!
The only jump that is not immediately obvious is that the Find My settings are under your Apple ID settings. Everything else is blindingly obvious and is not confusing at all. You being confused does not mean the average person will also be confused. You could just be a confused person.
From there though, it is a root level option when setting up your phone and enabling "Find My iPhone".
I'm actually disappointed that the disabling of the network is even an option.
Bit of a tragedy of the commons situation if we have too many selfish people like you who want the benefits of being able to find their own phone when it's lost but not participate in helping find other people's.
> Bit of a tragedy of the commons situation if we have too many selfish people like you who want the benefits of being able to find their own phone when it's lost but not participate in helping find other people's.
What if you only want to turn off airtags? This false choice is caused by apple.
Because again, the network is a common good. Why should everyone else participate in finding your devices when you don't want to participate in finding theirs?
I do want to help them in finding theirs, but just their phones. Why can't i divide up my expense/risk and spend it how i want? I'm not mooching off anyone, because i don't have airtags to mooch of their network sharing.
Sure, I may just be a confused person but I also have used iOS devices for many years and I'm the go-to tech support for my friends/family as I'm sure most people on HN are. I use myself simply as a benchmark because I know that if something confuses me, it'll almost certainly confuse most of the non-CS people that I know.
Furthermore, when you disable the find my network it disables it for you as well. You can't just do it one way so it's not selfish.
It also comes up if you search for “location” or “privacy” in Settings. Not completely obvious but easily discoverable for anyone concerned about privacy.
> tragedy of the commons situation if we have too many selfish people
I can’t think of how helping the Find My network would compromise my privacy in any significant way. But I am still glad there’s an option to disable, there may be people for whom it is a concern.
Not privacy but battery life. I don't necessarily want to constantly scan for bluetooth devices around me and have some process sending that identifier and my location to Apple, even if it's done securely.
Eh, I find it a stretch to consider things that need to be typed "discoverable" unless there's a user manual provided telling you everything that can be typed. This same reasoning is why many would consider GUIs (or text mode menu-driven interfaces) to be more user-friendly than CLIs.
Voice assistants have a very similar issue, but nobody likes IVR systems either, so who knows.
1) Where would you put it, there are already TONS of options for wifi / bluetooth / audio etc. This is where I would expect it.
2) You can just disable this stuff when you first get your phone it walks you through these prompts there. If you don't enable it - it is not enabled.
3) Spam should be opt-in - most people don't want it. But a lot of Apple stuff should be opt-out, because people do want it. Ie, turn on GPS / location features - folks really want weather, maps with turn by turn etc. Apple already over prompts on setup for my tastes.
Also there is not really any logical reason to disable it. Apple claims it has essentially no noticeable effect on battery or data usage. Your iphone scans for tags once every 2 minutes while it is also checking for notifications so there isn't even an extra cpu wakeup.
Very few people practice consistent logic regarding opt in versus opt out. In nearly every case I’ve observed people are pro opt in for things they don’t like and pro opt out of things do like. Hence the push to make organ donation opt out and privacy invasion opt in. I don’t think there should be an expectation of being consistent, it’s just an observation.
Funny how in this case, we're talking about two tracking efforts, so it would be expected that both were opt-in to respect our privacy. The difference is that one kind of tracking helps Apple make money, and the other doesn't.
How does helping other people find their lost items (with neither Apple nor the "helper" knowing where the item is, now who lost it) infringe on anyone's privacy?
I don't really think either of those things apply here, although the implementation is pretty crucial.
AirTags have some protections against using them to track people, and the AirTag network doesn't appear to leak any private information. That last part could be completely wrong, for all we know: it relies on the software to be correct. The whole point of the gizmo is to "track", and I struggle to come up with an improvement to their solution to allowing users to track things but not stalk people.
This is being automatically enrolled in some kind of public good, where "public" is the Apple ecosystem. Is that bad? I mean, I don't mind, but offering an opt-out seems... polite, at least?
> The whole point of the gizmo is to "track", and I struggle to come up with an improvement to their solution to allowing users to track things but not stalk people.
Let the user block types of devices from using their "find network". And let them block individual devices from using the "find network" through their phone.
If everyone could see, every local device, there would be no private tracking.
I don't actually understand what you're proposing here?
Sibling comments point out that opting out of the AirTag network is a setting in a given iOS device, which I didn't know, but I don't think that's what you mean.
They even might? It's not unheard of for Apple to release software on other platforms, however uncommon it might be. It's certainly not the kind of thing they do right at the time of release.
I don't imagine you'd get much penetration relative to running it on every device at the OS level, though. Probably rough on the battery running in userspace?
It doesn't seem like it solves a problem most people are likely to have.
They didn't try at all. I wouldn't personally sell a device such as this as I believe it is very ethically grey unless you seriously consider mitigation measures that are available to everyone.
They do provide as much protection as they possibly can to those who do not. The device will beep, and it works as an NFC tag to get information about what it is on non-iOS phones.
People are not going to use AirTags to more effectively stalk people than the existing GPS trackers on the market. GPS tracker would be much better in fact.
AirTag: Very economical (no monthly fee), 1 year battery life, no line-of-sight required, easily purchased without attracting attention or providing an address, unguaranteed data freshness, size of a coin.
GPS tracker: Monthly fees, 1 month battery life, line-of-sight required, slightly unusual thing to purchase & may be difficult to obtain without supplying an address, usually better data freshness, at least as big as a box of tic tacs.
It's not that AirTags would always be ideal for stalking, but considering the ease of availability & use, it's definitely going to happen. The most interesting part is that Apple decided to release this product. It's only a matter of time until AirTags are linked to a case of stalking (whether the best device for it or not) and when that article gets written, it's simply not going to be aligned with the brand image they typically aim for.
You forgot to mention: rats the stalker out immediately if the stalkee has an iOS device, or the first time someone with an iPhone hops in the car if they use Android.
The latter isn't something under the stalker's control, it's just a really poor tool for that particular type of antisocial behavior.
Plus it's tied to your Apple account, so we're talking about getting a fresh iPhone and ginning up an account, or leaking exactly who is doing the stalking.
The number of people who will try it isn't zero, we don't live in that kind of world. I don't picture it going very well for them.
> Plus it's tied to your Apple account, so we're talking about getting a fresh iPhone and ginning up an account, or leaking exactly who is doing the stalking.
iPhones can be grabbed used for fairly low prices, same for Apple accounts.
I've updated my iPad but haven't yet updated my iPhone and just poked around in: Settings > Privacy > Location Services > Share My Location > Find My $iDevice
My iPad has the "Find My network" setting (toggled on) but I was a bit surprised to see my iPhone has what seems to be the same setting (also toggled on) but it's called "Enable Offline Finding".
Find My Network is described as "Participating in the Find My Network lets you locate this iPad even if it's offline."
Enable Offline Finding is described as "Offline finding enables this device to be found when not connected to Wi-Fi or cellular."
Which makes me wonder if "Find My Network" is just a repacking and rebranding of something Apple has been doing for a long time. Regardless, I'd prefer to have opted-in. I suppose it's possible at some point I opted in while setting up a new device with "Find My" but I'm not sure. I certainly had no idea there was a way to find my iPhone even when it wasn't connected to wi-fi or cellular signal.
E- It seems this feature was added ~2 years ago and it did indeed use bluetooth and "crowdsourced" Apple devices[1]:
> Offline Finding uses a background process called "Search Party" to broadcast and receive Bluetooth beacon signals at regular intervals, and it can even do its work when the device is in a sleep state. And it does this with limited battery impact for all devices involved, so you should see little to no difference in power consumption.
And whether it was turned on by default seems to depend:
> By default, if you had Find My iPhone, iPad, or Mac turned on before updating to iOS 13, iPadOS 13, or macOS 10.15 Catalina, Offline Finding should already be on. However, if only one of the device's had the Find My service enabled but not another device, it may not have turned on automatically. To make sure it's on, check the following.
I thought that was kind of implied by the ‘Enable Find my IPhone’ setting that is required for the tags to work..which isn’t a condition I’m upset about. IE—want to benefit from this feature? Thanks for pitching in! Don’t want to be part of the helpful network? Okay, disable Find my IPhone
You phrase it as if it was some community effort. Since it's opt-out and people don't change the defaults several levels deep, it's a shadow service. How many Apple users know their devices are tracking other's devices?
IIRC, when I set up my iPhone, I was asked whether I wanted to turn on location services (which would be used with the Find My network), and separately asked whether I wanted to "participate in the Find My network".
> Especially since the feature to alert users of the possible privacy invasion outlined here, seems to not yet be working as advertised.
The AirTag was not moving, hence the lack of notifications. Otherwise you'd get a ton of notification practically anywhere you approach an AirTag. It is working as intended.
What do you mean? It asks you at setup time "would you like to enable Find My iPhone?" If you click yes, then it is enabled. That sounds like opt-in to me.
Note that even opting out of sharing analytics with Apple results in your Mac, iPhone, or iPad sending lots of usage and activity data to Apple all of the time. That analytics opt in/out screen is more marketing than reality.
For example, your device hardware serial is sent to Apple every time you open the App Store, like a permanent supercookie. Analytics are sent whenever you stream a video or make a FaceTime call, even with analytics off. Location Services sends your location 24/7 to Apple over the network, et c.
Apple's approach to co-opting the Apple-branded hardware that you own to benefit Apple is a poor one.
Default is powerful. I think one of the most important reason that ATT freaked out ad vendors, is because its default setting is "disable tracking". I would imagine that if Apple prompt user with a pop up asking "do you want to participate?" many would choose no because why not. And then AirTag won't be as effective.
I did get a little pissed that the Find My Network isn't opt-out, even though I would likely choose yes.
You see this in organ donation. Opt-in is abysmal, but it's the reverse when they switch to opt-out. I get the utilitarian reason for the change but it's ethically and morally dubious.
Informed consent is the gold standard, except when it's not.
The economist Richard Thaler (who wrote the book Nudge & won Nobel for behavioral economics work) has, I believe, actually argued against opt out in this case because defaults are so powerful next of kin will also argue there was no informed consent.
Once we provide sufficient funding to coroners and the rules around how the human tissue procurement industry operate are fixed, I might be on board with it if it were accompanied by a big enough public awareness campaign.
> Informed consent is the gold standard, except when it's not.
You're thinking of medical research and experimentation.
In the practice of medicine the Hippocratic oath takes precedence over everything else so of course informed consent gets thrown out when there is concrete evidence that it interferes with medicine's purpose: healing people.
When's the last time someone gave informed consent while unconscious and bleeding out after a car crash or shooting? That's why we have DNRs.
I just might help out. But the idea that by owning an iPhone I'm automatically opted into this and I can't (temporarily) disable it is concerning. Especially since the feature to alert users of the possible privacy invasion outlined here, seems to not yet be working as advertised.
It's unclear to me if the "Participate in 'Find My Network'" option is what I'm talking about. But I also don't remember being asked about this at any point.