Much like an Tile or AirTag is implemented. No comment on what this is capable in the future.. but for now this shows power usage / signal strength / proximity of other “actually on” devices are a limitations of this feature.
What’s impressive is the mesh network effect of all these iPhones / iDevices to locate a “lost” device. I’ll be thankful if I manage to use this to retrieve a lost phone. I’ll be pretty shocked if I’m “spied on” with this style of device.
Imagine you witness a murder in a restaurant, cold blooded and it's dirty cops working for a three letter institution that did it. You want to give evidence like a law abiding, upstanding citizen with nothing to hide. Suddenly you have something to hide despite having done nothing wrong.
"Nothing to hide" means nothing to hide from all current and future humans who control some small aspect spying on you. Even just control access for 30 seconds. It's nuts. Even if you think every single last one of the current guys are honest and completely competent despite the head of them criminally lying, while under oath, in answer to a question with notice in legitimate oversight. Who is going to infiltrate that power in 10 years? Radical anti-fa is impossible? White supremacists impossible? Religious cultists? Organised crime? People flipped to work for hostile foreign nations?
"I have nothing to hide" is is gradeschool silliness to be treated with contempt every time it comes up. It needs to be ridiculed as anyone suggesting it is an idiot or just totally and knowingly dishonest. There are just so many ways it is completely wrong, the only debate is which of the ways it is false and a con is more important than the other.
Police regularly bust young Chinese for marijuana possession by reading their chat messages. And we are just as human and no more special than the Chinese.
A friend of mine was taken into an unmarked van and questioned after some tweets he made while at an Occupy Wall Street protest. The motives absolutely exist in the US.
Next time someone says that ask if they use blinds in their house/apt, if you could setup a webcam in their living room, or if you could just read some texts between them and a significant other.
Or ask for their passwords, date of birth, SSN, credit card numbers, pets' names, and parents' names.
Simple things like this are why I talk to people via Signal and why I'll never get a Ring/Nest doorbell, or any other 3rd party owned internet connected camera.
So arguing "what if I spy on YOU?" wont convince anyone. They see that as a completely different thing.
Of course this only helps as long as your device isn't backdoored but that is true for any app.
(I say this as someone who regularly defend Telegram here, because in my opinion I don't have to pick one or another.)
I wonder what the next Crypto AG (CIA front) will be
NSA: VPN and "secure" webmail providers
CIA: They don't need fronts anymore, they have CISCO, Juniper, Netgear, etc.
so yeah if SV firms were not extensions of the US govt. (hardware firms too, not just software), they would have already been broken up years ago.
the senate hearings are just a charade used to stroke the ego's of the 'visionary' SV tech bro CEOs. they also show us how tech illiterate the working class has been made. 
 https://www.youtube.com/watch?v=6pVfYmttcag, https://www.youtube.com/watch?v=q9oMYL2M_tE
The only semi-popular better option I can think of is Matrix, but getting people on Signal is already hard enough and using Matrix on a mobile device is (last I checked) far from ideal.
Security is a gradient, not an all-or-nothing. Signal is vastly better than almost every other electronic communication method.
- side-load a peer reviewed apk so you can check the sigs and make sure all crypto is being done locally (and to make sure that the implementation is solid)
- manage your own keys like you would with traditional pgp emails. Give your public to your friend. Force them to send anything sensitive using it. Maybe change to symmetric keys from asym but rotate occasionally. But you still have to trust the app you use to do this unless you want to do it manually each time.
*These don't necessarily solve the Metadata issue
Signal has open sourced clients with reproducible builds (on Android) and their encryption library has been reviewed by multiple 3rd parties to great acclaim.
PGP lacks forward secrecy, meaning if a key does get compromised all of your past correspondence is now also compromised.
As someone that has heard of forward secrecy but not how it relates to pgp, these were helpful reads:
I think this is the closest analogy I've heard yet, but not in windows on suburban, tree-lined street. People walk down those streets and the windows are at eye level. Someone could accidentally see into those windows. No, I think if we consider windows in hi-rise buildings in a major city, the analogy is getting much closer. Seeing into one of those windows requires a bare minimum of intent and possibly an inexpensive tool, say binoculars or a telescope. However I would be willing to bet that a large portion of hi-rise dwellers do NOT close their blinds on the theory of "No one is looking in MY window."
That might be an aspirational sentiment, but given most competent adults are in the "I have nothing to hide" category, I don't think it's true at all. I don't think these people are idiots, or dishonest, just ignorant. And it's not even their fault.
Now I say most adults are in that category, but I don't have data on that. I'm going by observed behaviour. We don't see a massive push against tracking / spying and even when it's thrown in our faces (eg: Snowden, Manning) we respond with a collective shoulder shrug.
I have nothing to hide is different than "I literally need to hide".
"I literally need to hide and I'm also aware of that change" might be true or might be false. You might "literally need to hide" and not know it while the so-called "nothing" you had to hide is used against you when you have done nothing morally or legally wrong.
Also consider that tech will exonerate as much as otherwise: for such and such murder, the 'background use' of the tech would be to provide you with an alibi.
Forensics have generally improved Justice I think, not the other way around.
In the end I think Apple's issue should be one of transparency and privacy and we need to push them towards that.
The power is asymmetric. The NSA, CIA, FBI, Apple, Google, Police have a lot of power so they need to be very, very transparent in its use and oversight. You do not have that power, privacy is the only thing you can have to protect yourself from abuse.
The other point about about not having to worry about it as an individual is equally wrong. The equivalent argument is that you aren't a doctor so you don't need to worry about a purge of all doctors if one were proposed. Whereas obviously you do need to worry if anyone you care about ever gets sick. So it goes with standing up to corruption. Even if _you_ never stand up to it, your life is greatly adversely affected the harder that is for genuine heroes who make the sacrifice to do it because its the right thing.
"If you have nothing to hide you have been conned."
You are nothing. You are navel lint. But all the navel lint gets sucked up into the filter, too.
Welcome to the quiet all-seeing eye. Tremble and kneel to those who will wield it! Don't deviate from social norms. Don't be different. Don't stick out. Just pretend you don't know.
As far as I can tell, in this scenario, the journalist has powered off their phone, ignored the message about "findable when power off," and then is somehow tracked through the BT beacon and Find My network.
Were their phone to be on, all the same tracking would work.
Were they to read the message and go change the settings, this tracking would presumably not work.
That assumes you trust that the "always on processor" only does what it says it does, of course. But in that case, any proprietary device is just as bad as any other. (Many supposedly less-proprietary devices could be sneakily subverted, too, no?)
Specifically, I believe the real risk seems to be that you have very few ways to know if your device is doing anything when it's on or off unless the manufacturer tells you.
If you don't believe that everyone, including your government is corrupt, the only solution is through government regulation. Clearly the private companies are otherwise going to do what they will.
I highly recommend anyone interested in security or privacy to read this from start to finish:
The contract tracing docs _should_ be almost the same technology, and knowing how that works _should_ be a good start. At least, from my eyeing the OP's article as a lay person.
Edit: I read the TFA, which says 11 and up.
Sure you document such stuff before releasing it?
Uuuhh so, bad news. Basically nobody ever does that. Since agile, everyone seems to just iterate like mad, release, then document after release if you have time.
I'm as guilty of this as everyone else.
These are all likely documented internally - the process of cleaning it up is probably something they only care to do once a year. Very little of this affects most developers, and the stuff that does is available in the dev docs.
A few days ago I was trying to figure out what an AirTag is, so I read the Apple website. They claim that ordinary people don't need to worry about being tracked, because users who are travelling with an AirTag that is not theirs will have an alert sent their iPhone.
This raises three questions which were conveniently elided on Apple's website:
1. What prevents people from using AirTags to track Android users?
2. How does the notification balance false positives, true positives, and notification fatigue in the situations where "someone next to me on the bus leaves an AirTag behind." How is it distinguishable from "someone snuck one into my pocket on the bus"?
3. Under what circumstances will Apple be willing to suppress the notification that one is being tracked by an AirTag?
2. The iPhone can detect the distance to the AirTag quite precisely. I think this type of false positive is going to be rare enough for notification fatigue not being a problem. In your bus example, reporting the false positive would be fine imo. (It would also allow you to return the air tag to the owner).
3. The notifications don't go through Apple's servers, so Apple would need a backdoor in the OS to disable the feature. They might have added something like this, but it might not matter much - if someone plants a tracking device on you, they'll use one without silly privacy features.
AirTags are BLE beacons, that Android phones will simply not pick up and not send their signal to the mothership. A background noise.
If an Android user is travelling with an AirTag other people (e.g. a colleague) with iPhones will "send the signal to the motherships" but they won't get the alert as they most likely won't be in proximity of the AirTag long enough to trigger it.
Why? There's plenty of devices in the wild constantly looking for wifi connection attempts, BLE Scans. Even cellular provider track locations in real-time by logging what cell towers you're using and associated signal strength.
Just search for a place in google maps, and note the "Popular Times". How do you think they got that data :D
They also sell that data, and until about 3 years ago, anyone could access it FOR FREE! :D
Sure, they might do some other stuff to expand the data but there's much more relevant data right in their first-party domain.
The same way traffic readings are done, not by cars, but by people in cars with phones.
Which, presumably, mere mortal developers have no access to?
I sure hope not, since "mortal developers" include countless bad actors. Apple has an imperfect record, but at least has a vested interest in avoiding abuse.
You are being spied on at this moment. So what are you going to do?
So now tech companies normalized that:
- the mic is always on.
- the phone is always on, even when it's off. (thanks to AOP)
- devices are always online even when they are offline.(thanks to company-operated p2p networks like Find My or Sidewalk)
What could possibly go wrong?
State actors could do this selectively regardless even before these features. There have been attacks on Motorola razrs, etc for spying. Long before the smartphone, they just implanted microphones, shine lasers on windows, etc.
No, but it means that I’m losing agency in whether or not those things can happen. That’s not ok and not benign.
Sort of like a "here is the locations you've been to, because we've been tracking you at every step", but instead "here is the music you've listened to, because we've been eavesdropping at all times"?
I’m not sure how this will change in the future, but currently at least it’s probably not possible to transcribe and communicate speech this way (the power and bandwidth requirements would be too high).
But we’re damn close.
Edit: It seems like throughput isn’t even an issue in the case of Amazon’s Sidewalk. Now it’s just transcription in low power modes. Heck, you might even be able to send raw audio.
This is feasible.
The part about the Bluetooth chipset staying on is correct. Think about it, why would they need the AOP when the Bluetooth chipset can run that applet autonomously and send the beacons?
Nothing is listening to your mics while the phone is off. The stuff that runs while the phone is off is rather limited. Mostly things related to the NFC chipset, to support payment and transport applications while the battery is dead (which is a requirement of some of those systems) and, as we just saw, Bluetooth LE features.
I own a Bose BT Speaker and a FiiO BTR5 - both can be "off" (using their power-off buttons) but will still suddenly turn on when I explicitly connect to them through my laptop or phone. They are in this BT LE listening state 24/7. All Apple did, is basically enable this mode now on the existing chips which are BT-LE capable for several iPhone generations. Once woken up using BT-LE, the AOP takes over to reply to FindMy-like beacons (and enable other iPhones to trigger the wake-up beacons when locating other phones).
A quick google search showed a relevant apple patent  and a similar qualcomm processor product for wearables  which suggests to me this (always on processors on consumer electronics) "is out there ..."
“The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008.
The Intel Management Engine always runs as long as the motherboard is receiving power, even when the computer is turned off.”
It's not just big application processors that have them, either; some microcontrollers like the ESP32 have them as well.
They've long had this. It's how they turn on when picked up (by tracking the motion sensor) or when touching the screen (tracking capacitive sensor)
There is no off.
From the Matrix, or something.
I find that argument strange: I've never needed my phone while showering or swimming. Some rain has never broken any of my devices. But I've had pain from non-standard audio cables (Sony Ericsson from the early 2000s and their expensive proprietary cables) and non-removable batteries (Huawei batteries losing like half the capacity after a little more than a year).
Nio currently swaps out their car batteries in about 3 minutes, much like you'd get an oil change at Jiffy Lube or something. It's completely automated except someone pulls the car in/out of the bay for you. I imagine that human step will be relatively short lived.
> they have to be heavily shielded in case of an accident.
Yes, it's just a simple matter of purposefully designing it to be removed easily.
This is cued up to where he gets to the battery swap station: https://youtu.be/hTsrDpsYHrw?t=358
It sounds like it isn't even possible except in the trivial sense that if one has a fully charged battery of exactly the right type on hand, then it can be swapped in five minutes. Sounds like each station would either have to have a large store of batteries or it would have to only serve one model of car. The first is a large capital cost, the second generates very little revenue.
To compete with, say Tesla, Nio would have to build hundreds of battery swap stations in Europe. Tesla has 601 sites in 27 countries. When I drive from Norway to the UK I am rarely more than 50 km from a supercharger.
All else equal I'd expect a laptop battery to be easier than a phone battery, and it's definitely possible to design a car battery to swap in minutes even with shielding.
But a multilayered tin foil iPhone case would probably do the job.
There’s a huge amount of patents around the idea that you don’t really need to have the power-hungry main AP on all the time. Instead, people get really creative around delegating behavior to cheaper chips to save power and sometimes reduce total BoM cost. For example, one that I worked on was around the idea that you could use a minimally featured yet cheap ble chip to detect when one of your paired devices was near the phone. It would then wake up the beefier chip with the full stack implemented, which saves a suprising amount of power.
Some of the things you can do when you break out of the software-only box are incredible!
An iPhone has at least 10 000 mWh battery capacity (depends on model), so in 1 month something like this consumes around 0.6 percentage points of battery.
But if you used up the battery and not charge for a long time (1 months or so). This can happen because batteries discharge themselves slightly even not being used.
Shut down on the last 5% of battery and make that last for 24h or something in that range.
Use only dim white on one part of the OLED, show me the time, sound alarms, show important notes, give Wallet/Apple Pay access, allow one last battery draining SOS call and add a compass for good measure.
Maybe they could even afford to wake up the radio every 30 minutes and fetch some important info.
In a few years they could even open it up to third party developers.
If I put my phone in airplane+low power mode, max dim the screen and carefully wake it, 2% already goes for quite a few hours. Maybe they could do way better than 5%/24h even.
On a BlackBerry, it would shut down the radio and give you a "Battery too low for radio use" message, but you could trick it into turning the radios back on by dialing 911 and then hanging up really quickly.
Various Android manufacturers do their own version of this, Sony had Ultra STAMINA mode and Samsung have an option to do a whole bunch of power optimizations as well as limit apps to those explicitly specified.
For me, the main critical purpose of my phone is to communicate with others in realtime which happens using things like WhatsApp, Slack or Email (maybe the odd call). If I can't use those, then it might as well be dead!
UWB and Cell tower tracking are much more accurate for the majority of real-world applications
Now consider the vast number of “smart nodes” out there (eg street lights) that have multi-protocol connectivity built into them. Whoever controls these nodes can simply scan and log every BLE advertisement that is nearby.
I’m not saying that this is the only way that a person can tracked or that this kind of tracking is definitely happening right now, but it’s a very real possibility.
The government did not force Apple to use non-user-replacable* batteries. Which is good, unless you're a fan of government-designed hardware and software.
(*Well, not easily user replaceable: https://www.ifixit.com/Guide/iPhone+12+Battery+Replacement/1...)
Now that would be useful. I guess this use case is valid when someone naughty finds your phone and turns it off to try and hide it?
In fact, it is likely that they already have one, and are using for counterinsurgency work.
So my approach is to use the device with this in mind. Some form of data will be transmitted and sold by operators or third party backdoor from manufacturers.
The goal is to minimize data exhaust so I bought this
As I sad before, the problem is not only in devices and dark patterns designs towards data gathering. The problem is that we have learned to adapt to the "new tech" and are excited to try "new things" without any form of critical thinking and with automatic trust.
I was a part of this "tech fetishism" crowd, I wanted "the best" and "most advanced" not only to socially validate myself but to be "on the verge of tech".
This was in 2015. Now I have a different mindset.
I know what tech companies and governments want. I know the people who live comfortably knowing that they create a spyware and UX dead traps, and when I ask the answer is : Shrug and take the money.
So I decided to move radically forward.
Imagine that we are living in 2030. There is no privacy, cars are scanning everything with Lidar, IR and thousand cameras, listening and collecting, the street-lamps are with integrated CCTVs, you get the picture.
So what will give some form of real advantage for the individual in this panopticon?
Low data exhaust. The little you give to surveillance system, the more power you will have when making deals with businesses and government organizations.
Working with Internet now, requires VPN, Firewall, Pihole, browser extensions for privacy, decentralized services, etc. Imagine in 2030. There will be no way to use it anonymously and legally.
Nobody will stop this. This is the new WEF approved business future.
For the children, for the environment, for safety and "peace of mind".
There is one exception and you can use your power now.
The power of consumer choice.
My is to invest in my idea of tech future by one factor: Consumer control. If I have to abandon the Internet so be it. If the only connections to Data Towers are the mandatory ones, I will be satisfied. Listening to my own collection of music (CD rips and Vinyl), reading physical books, browsing my vast data collection offline.
And I find this logical and absolutely normal. There is no tin-foil hat reaction. There is data and everyone is free to analyze and create his own version of "reality".
What do they see? Do they see your device name eg. "Craig's iPhone", or do they just see random alphanumeric characters?
Aside from Apple products and Android phones, most other Bluetooth Products do not use private resolvable addresses, and many have the issue that you describe. The name isn’t always so obvious, but sometimes there is identifiable data that can be read.
android has similar functionality, as does any modern computer really (wake on lan, power management, remote management features, etc)
Again, why would $3T company damage its brand like that? It's not "for children" and certainly not to "find your phone". There's something going on there.
What is controversial about this?
People will just see that:
1. You can never disconnect your iPhone from the grid and stop it from being tracked. Even if you turn it off.
2. Governments, companies, and other (from the conspiracy theorist's standpoint) will be able find you whenever they want.
I am sure there are some legitimate security concerns here, but Apple seems to have taken reasonable steps to provide a pretty awesome feature which has solved a lot of risky edge cases.
Ok, I'll bite and play the conspiracy theorist. What reasonable steps prevent some three letter agency (or Apple itself for commercial reasons) from abusing the Find My network to do exactly that?
Regular people, not so much.
I'll predict that almost no one opted out of this for the simple reason that they didn't know this feature even existed. This is the "Hitchhiker's guide to the galaxy" method of faking consent.
I agree, this UI is a lot better.
Everything is based on the trust of the OS and hardware so it's not a useful point to make.
In reality a software update was all that was required to enable this tracking.
Don't you think there should be a law so a device has to at least indicate it has an "always on" component?
If the bag is not opaque, there is still an optical channel.
Plus there are still accelerometers and magnetometers which can do rough inertial and geo location estimation.
The bag may help with some exfiltration routes, but it can store locations and other info and upload it when it gets a signal back.
Keep that in mind.
> Now, Find My combines Find My iPhone with Find My Friends... And it has a new twist because it can now even locate Apple devices that are offline... Let's say you have misplaced your MacBook. So, even when it's offline and sleeping, it sends out a secure Bluetooth beacon that can be detected by other people's Apple devices nearby. Now, they can relay your MacBook's location to the network and ultimately back to you so you can find it. Now, what's amazing is that this whole interaction is end to end encrypted and anonymous.
About two full minutes of Craig explaining it.
There's research that's talked about in the book, "Data and Goliath" that explains how the behavior of people specifically trying to avoid being tracked is sufficiently different from most other people that, even if you turn off your phone (sometimes ESPECIALLY if you turn off your phone) that act can be a behavioral marker used to correlate your activities with other people who do similarly, and your location can be largely deduced by process of elimination anyway.
It's a fascinating read.
When it comes to cryptography he knows enough to have opinions. It's hard to opine about black box systems, which is why open-source is so important. It's hard to trust what you can't verify.
In addition, if this person is a well-regarded professional, then indignant tweeting is even more concerning because the general public has no way of knowing that they’re just misinformed.
I'm not sure how concerned he is that it's closed source, I think in this case he was just surprised that the implementation details and security considerations weren't documented anywhere: https://twitter.com/matthew_d_green/status/14433822078386217...
Note that he was relatively positive about this feature when it came out two years ago: https://blog.cryptographyengineering.com/2019/06/05/how-does.... It seems like the motivation for this tweet was "wow I do a lot of iPhone security research and I didn't know this worked when the phone is off, I'm surprised Apple doesn't document the details of this anywhere." Remember that it's hard to interpret tone through the internet, and as someone that doesn't get a ton of engagement on Twitter, he probably doesn't feel like he's writing for a mass audience.
Nobody's family members use something other than iOS/Android. Maybe some of your friends do, but that's a small market.
With that established, just because one uses iOS/Android does not mean they are not about openess or security or privacy or whatever. It probably just means they are a human being that has only so much time in their life and they need a mobile device that works and operates with their friends and families. Just like why people continue to use FB/Twit/blah; that's where the people are.
I just think the attack "smart guy" for using iOS/Android meme is lame.
You seem a little judgemental and obviously unaware.
This site, and this community, is great in my opinion. But it's not without valid criticism, especially considering the impact it can and has made in the industry and tech society.
"naively uninformed tantrum"
I'm unable to find the posts you're talking about.
I did and I'm not sure what I'm looking for. Could you do it and post here so that I can verify what you're talking about?