Android users are still vulnerable, and these announcements do nothing to reduce that. All a stalker needs to do, is remove the speaker. To detect a rogue AirTag, an Android owner needs to:
1) know AirTags exist (many obviously don't)
2) go out of their way to install Apple's Android AirTag scanner app (only 100k-500k worldwide have done so according to Google Play stats)
3) manually open the scanner app and scan, since it doesn't scan passively in the background; and even then, it won't help you find the speaker-less AirTag, since it doesn't tell you proximity & direction.
I continue to think Apple should have never released AirTags to the public, and should discontinue it. It's a very limited income stream, with limited use cases, and significantly increases the average person's risk of stalking.
Practically all positive social media coverage of AirTags involves someone tracking a stolen stolen items (car, bike). Those use cases are dead, since thieves with iPhones will get alerts, and most thieves with Android will know to scan for AirTags. And since most lost items turn into stolen items after a few hours, that removes most use cases involving losing objects in public.
That leaves "finding your keys within your home" as the only truly "officially supported" use case. Is that worth all the problems, and brand damage?
People will argue that stalkers could always buy trackers, but Apple increased their availability, ease-of-acquisition and ease-of-use by orders of magnitude. AirTags are cheaper than competing GPS trackers, most of which require subscriptions.
I remember seeing a chills-down-your-spine Apple Watch Series 7 TV ad, that featured beautiful remote nature landscapes, with the audio of 911 calls made from people's Apple Watches whose lives were saved by their Watch. Probably one of Apple's best and most impactful ad in the past decade. Compare that to AirTag's impact on Apple's brand. Why did Apple even bother?
Like sibling post mentioned, you don't seem to be the target audience. I know a lot of people, friends and family, who constantly leave stuff behind, in restaurants, other people's places, on the train, in shops, you name it. 99% of the time, no one's gonna steal it, but trying to figure out where the hell you left something, if you do leave stuff behind often, becomes increasingly difficult. With something like an Airtag, it's no longer an issue. You get altered before you get too far, and even if you do, you can figure out later where your stuff is.
I once left my umbrella in a hire car. It took me 2 weeks to realize it was missing. Turns out no one touched it and I could see it on the map, in the parking lot of the hire car company. So I showed up, and within minutes, we pinned down which car it was in. Without Airtag, I would not even remember where I could have possibly left it, after two weeks! Learnt my lesson to turn on separation alert after that.
Now I need a smaller Airtag for my sunglasses — expensive and easy to leave behind.
Needing an Airtag is like needing a case for your phone. A lot of people keep dropping their phone so they put a case on it. In 13 years of owning a smart phone, I've never dropped mine. But I don't claim that phone cases are only useful if you throw your partner's phone off the balcony after a fight.
$50-ish — but that's not the point. I value my belongings because I spend great deal of time researching and finding products that I love using day in day out (unlike most people who constantly curse at stuff they have). I also modify things I buy to fine tune it to my needs. So even a $50 umbrella is more like $1000 in terms of time I've spent on it and I have no intention of doing it again. This particular umbrella was purchased 20 years ago in Spain.
The notion of an umbrella lasting 20 years boggles my mind. I've never had one last more than 2–3 years and I don't use them much. I've looked for premium umbrellas before but every time I find one that isn't ridiculously priced, there's always a contingent of reviewers who insist that it fell apart in heavy wind or frequent use.
Normally I buy $10 umbrellas from Australia's big hardware store chain. They aren't great but they're easily robust enough to last for a year or two. (Cheap umbrellas from anywhere else tend to break if you look at them funny, and they rust if you get them wet.)
I'd be willing to pay $120 AUD (or $80 USD) for an umbrella that was seriously good quality, recognising that the economics imply that it would need to last for at least a decade to be cost competitive.
Like for many products there is an entire segment of the market that most people never even know exists. E.g. premium umbrellas that are made to last against wind and wear. I have this one, has so far lasted close to 10 years.
I would guess a lot of people would bet such market segment exists, but are unable to find a manufacturer/seller. Since higher price often doesnt mean higher quality, its hard to distinguish expensive tools that will last decades from similarly priced tools that wont last as much.
It's certainly possible to build and even buy a very robust umbrella. I suspect the reason most people don't is that they know they're going to be lost or stolen.*
*Especially in Tokyo. If you drop a wallet full of cash on the street in Tokyo, someone will chase you down to return it. But if you turn your back on your umbrella in Tokyo, kiss it goodbye. Then you have to steal another one.
I have a confession. A first time visitor from a small European town to a Japanese city last millennium, it was raining and a department store had buckets with mostly white or transparent umbrellas by the door.
How civilized, I thought, that a company would provide free umbrellas to shoppers when it rains, and so I took one.
Turns out that's where you out your umbrella when entering the store...
That's what everybody there does. I don't think the story is "everybody in Japan is honest except about umbrellas" but rather that the Japanese simply consider umbrellas to be community property.
I’ve been using a small folding umbrella from MUJI that I bought 8 years ago. Not particularly expensive.
My partner has probably been through about ten umbrellas in the same time-span, because she was reluctant to spend the modest extra amount for something she doubted would last so long. I recently bought her the same model of umbrella from MUJI, although it’s too early to say whether the company has maintained the build quality.
I have a bike, with a lock more expensive than the bike itself. Since I value the time that would be necessary to replace the stolen item, not to mention the disturbance caused upon loss.
With how easy it is to lose an umbrella, and how difficult it is to retrieve most of the time, I prefer to think of umbrella as disposable items. Depending on where you live, your need for umbrellas might be different, but a significant amount of time, say ~20%, i need an umbrella and don't have one, so I end up buying some disposable version anyway.
Well, the $50 umbrella to last decades and the "tag things with sentimental/shopping research value" thing is not exactly the big motivator for AirTags, or a representative anecdotal case.
I suppose if nobody but you ever handles your phone, that might not be an issue. I rarely drop my phones but in a household with kids, that's no guarantee. I put cases on every phone I have.
> That leaves "finding your keys within your home" as the only truly "officially supported" use case.
That is hardly true. Case in point - my wife put down her keys at a store and managed to leave without noticing (this was early after AirTags hit the market). I was driving and we left without recognizing that a few hundred dollars of keys had been lost.
Later that day, we noticed. She called a few stores all said there were no keys found. We then tracked the AirTag - and in fact, it was at the store. We returned and were able to locate it, at one of the registers in a lost and found. We never would have found that it not for the AirTag.
Since then, we’ve used them to not leave things behind, to find things lost at home and elsewhere. There are indeed many legitimate uses despite your want to claim otherwise.
>I was driving and we left without recognizing that a few hundred dollars of keys had been lost.
What do you mean by "a few hundred dollars of keys?" Do hardware stores charge more than a few dollars per key in your area? Were these private keys to a crypto wallet?
> if you live in an apartment with nfc entry, they might charge an arm and a leg to replace it, even if the actual device is only a few dollars
That's just theft — plain and simple. The only half valid argument I've heard is to discourage carelessness leading to loss of the key and weakening of the building security. But that's moot in places where the garage gate is broken and left open half the year (my current place) or where people can casually wait for someone to walk in and tail gate them without anyone complaining.
By the way, I purchased a proxmark a long time ago to play with and to date, it has paid for itself many times over, by allowing me to carry my building keys the way I like to (cards vs bulky key fobs) by duplicating them where otherwise it would cost $100 or impossible.
Can't wait for keys on Apple Wallet to become mainstream.
Unfortunately, it's accurate. Theft is what I'd call the racket that is management companies in London.
In my case, with a London apartment, it's an "Administrative Fee", £150 to replace your lost fob.
Then for my costs as an individual, it was not only that fee, but also new locks for external door(s) and mail box, another administrative fee for the communal meter cabinet/room key, new Kensington lock and a car key/fob when my wife's keys were "lost in a known location yet never again found".
That is to say, "losing" those keys is a £300-500 affair.
At first I thought you bought the proxmark with the purpose of dating. Also, how does the proxmark work? Does it store the signal of a card key or something like that?
Proximity key fobs at $100+ each and programming which can run $80-100 each, a few house keys (I change the locks of keys have been out of my control in a way that can plausibly be tied to my identity, lest someone make a copy and turn up uninvited - that’s another $100+), and $30 for an air tag.
Yeah - I learned the hard way a while back when someone in our household misplaced another key… and found it right after we’d replaced it/paid all that.
Do hardware stores charge more than a few dollars per key in your area?
A replacement key for my wife's car costs $1,200. And it's not even a newer, or expensive car.
It's been a long time since you could get many car keys done at a hardware store.
And it's not even the electronics anymore. One locksmith I called said it's about the fancy engraving. They can't afford the tools to do that kind of work, and they just refer people to the dealer and to suck up the $1,200.
Now that I think about it, I wonder if that might have been covered under insurance.
> Android users are still vulnerable, and these announcements do nothing to reduce that.
I feel like this is ignoring the fact that if any company other than Apple made these trackers, it wouldn't do this with anyone's phones. The fact that these work out of the box with iPhones is a bonus, not an entitlement that any phone of any brand should have full support for them without installing any apps and without the user even knowing that the product exists.
> All a stalker needs to do, is remove the speaker.
I guess they could make the packaging more tamper resistant somehow, but again this is kind of shifting the goals a bit. I don't think it's reasonable to expect that every device will be physically resistant to modifications that would enhance illegal use. An iPhone with the speaker removed and screen cable cut to look dead would make a pretty good tracker too.
> AirTags are cheaper than competing GPS trackers, most of which require subscriptions.
If you are risking prison time to commit premeditated violence, I think you can spare a few extra bucks for the best technology available. I'm pretty sure professional hitman services run well into the trunk loaded with bags of cash territory.
The fact that these work out of the box with iPhones is a bonus, not an entitlement that any phone of any brand should have full support for them without installing any apps and without the user even knowing that the product exists.
Isn't this the whole clue, rather than just a bonus? When someone slips an AirTag on to you every single iPhone in the world forms a sort of ad-hoc spying network against you. Without you or the iPhone's owners knowing.
You can opt out of participating in this spy network, and probably should Settings -> (tap your apple id card at the top) -> Find My -> Find my iPhone -> turn off “Find My Network”
I wasn’t saying that it’s not a problem because you can opt out, I was saying if this stuff concerns you there is a small but tangible step you can take right now
> I feel like this is ignoring the fact that if any company other than Apple made these trackers, it wouldn't do this with anyone's phones.
Right, and Apple have provided everything that AOSP would need to implement this, someone even made their own version of the entire Find My client long ago (https://github.com/seemoo-lab/openhaystack), so technically AOSP could even integrate using Find My, although I imagine Apples lawyers would have a field day with this if they did.
> I guess they could make the packaging more tamper resistant somehow, but again this is kind of shifting the goals a bit. I don't think it's reasonable to expect that every device will be physically resistant to modifications that would enhance illegal use. An iPhone with the speaker removed and screen cable cut to look dead would make a pretty good tracker too.
This. Plus, the noise AirTags make isn't the only way of finding them, you get the notifications, and soon (when the changes mentioned in the article are implemented) it'll be easier to find them using precision finding.
I wonder if Apple one day decides to put AirTags into iPhones and other iDevices - or if other vendors follow suit. Basically, that would eliminate phone theft since even shutting the phone off or, for those phones that still have replaceable batteries, removing said battery would still be discoverable.
Yes, but they will now leave a breadcrumb location trail that can be followed up by the authorities, unless thieves become smart enough to disable the embedded AirTag while still on the road - and if that becomes hard enough to be infeasible, theft will become too risky.
iPhones can already be tracked after power off via the Find Me network. But as far as I know removing the internal battery would still stop it. More importantly, so would a Farady cage.
Stolen iPhones should already be parts only because of activation lock.
Maybe you don't lose stuff as much as other people? My brother was always complaining about losing his wallet, his keys, anything you can think of. I got him a tile, but their product wasn't very accurate. Got him airtags and the problem is solved. Not only are air tags useful, but I'm sure that there are people who would be willing to switch to iOS solely to get access to airtags. That seems pretty valuable to apple.
They’re a lifesaver for me with unmedicated adult ADHD. I’ve been substantially more on-time to events, appointments, etc. since I put an air tag on my keys and wallet. Several of my friends have commented on it. Tile trackers were horribly inaccurate and either had non-replacable batteries or would eat a battery a month. Airtags have been lightyears better.
Perhaps removing them from the Find My network and only operating locally would be a better option, but I just can’t see them going back on it at this point.
The later Tiles did have replaceable batteries. But they did still suck at being located when lost. Once I tried marking my tile as lost and carried it with me in Barcelona including on busy subways and it took 1 month to get a ping :)
They just didn't have the reach that Apple has, by far.
> Maybe you don't lose stuff as much as other people?
I relate to it and respect it, but it's doubtful anyone would switch to iPhone because of AirTags. Samsung and others also make trackers, and you don't need the Find My network if you lost your keys inside your house, any tracker will do.
> Not only are air tags useful, but I'm sure that there are people who would be willing to switch to iOS surely to get access to airtags.
After a Google search, I can't find a single anecdote of this from reddit or elsewhere. I doubt it's even a blip on Apple's balance sheet.
I don't know how common this is, but I bought AirTags as a way to keep track of checked bags when traveling. That is a use-case that specifically benefits from being able to keep track of something outside of my phone's range where full GPS/cell connectivity would be overkill.
From the sound of things the airtags have been legitimately life changing for him. I know that sounds hard to believe, I certainly didn't at first but never losing stuff really seems like a weight off his mind. You're right, there's probably no evidence of people switching to apple for airtags, but that might be because they're such a new and relatively unknown product.
My mom likes her iPhone for other reasons but she loves her air tags. She can find her keys in her house, her purse at a party, and her car in a parking lot. She's never leaving the apple ecosystem now.
Before I left my house this afternoon, I had misplaced my keys. Unfortunately I tend to be a little absent minded. I used my AirTags to find them in 30 seconds. I commented to my friend as I was walking out how these AirTags have save me hours during the week, because I would often 20+ dozens minutes searching for my wallet, keys, or e reader.
Trackers have been around for years. Tile came out in 2014, and Samsung has their own Galaxy tracker line for a while now. Neither have anti-stalking features of any kind to this day. If one was stuck on your car, you wouldn't get an alert or any info on who placed it there, be you an iPhone user or an Android user. And before that, there were GPS trackers which have bigger batteries and were more accurate (if a bit larger and clumsier). But Apple apparently has done it with anti-stalking features but is too high-profile.
We can have nice things even if they can get abused, stalkers are going to stalk and have superior alternatives without Apple. These new features are solely intended to scare them off into using their old methods. So if stalkers are going to do what they do anyway, I might as well find my items, thanks.
Edit: Also, in your own point, you say "AirTags are cheaper than competing GPS trackers, most of which require subscriptions."
Has a tracker costing too much ever stopped a stalker? For a creep, the difference between $25 one time and $10-20 a month for a more-accurate GPS tracker is unimportant. They'll pay the price of Netflix to continue their creepiness.
> But Apple apparently has done it with anti-stalking features but is too high-profile.
Remember that stalking isn't a profession; it's often a crime of opportunity, with plenty of reported cases of e.g. people slipping GPS trackers into spouses' cars/bags before or during divorces.
Those people aren't sophisticated, and might go on Amazon and see Tiles that won't work (sparse detection network), or GPS trackers that cost the same as AirTags and have a monthly subscription. Or they could just pick a spare AirTag they have, and use that, because they know their spouse has an Android and wouldn't detect it.
Again, the problem isn't that AirTags have been nerfed into uselessness because of anti-stalking protection. The problem is that AirTags still, to this day, present a major Android stalking risk (no AirTags notifications on Android with Apple's app, you have to manually scan), and Apple seems uninterested in doing anything about it (or even promising to do anything about it, since this announcement doesn't mention Android).
It is foolish to underestimate stalkers and stereotype it as just a crime of opportunity.
> "problem is that AirTags still, to this day, present a major Android stalking risk"
Ironically, so did Tile for the last 8 years, and Samsung's own Galaxy trackers for Android, but there is no outcry about them. Also, considering how long Tile has been on the market, this doesn't seem like a new issue. Also, Apple has built-in "Find My Friends" in iPhone. A stalker could just flip that on without telling the person being stalked (assuming he/she is close to him/her), and the phone would be tracking them, no tag necessary. Yet nobody ever hears about this being abused much.
> "AirTags have been nerfed into uselessness because of anti-stalking protection"
Hey, if I lose my wallet in my own home, it's great. If I can't find my wallet at the gas station, I can figure out where in the car it fell. There are plenty of ways it is still plenty useful. Also, if you are complaining about uselessness, maybe Apple should roll-back some anti-stalking protections but you'd be against that too.
This leaves you in the impossible position of wanting Apple to restrict it more (reduce stalking) and simultaneously unlock it more (to improve utility), all while competitors don't bother with stalking prevention at all.
It’s so frustrating to see this kind of thoughtless Apple criticism based on brand only when they so many things that are actually bad.
AirTags are better in nearly every way to the competition. They have considered design factors, like privacy, that no one else has. Yet, they are the bad guys that should never have released this product.
Apple should be releasing products like this. They offer significant improvements over their competitors because they consider more than pure profit seeking. AirTags without privacy protection is the same as everything else available, is cheaper to make and easier to design.
I like Apple pushing the bar here. Because their products are perfect, and balance different trade offs, they encourage other manufacturers to fill those gaps. This is a win that wasn’t happening when Tile was the dominant player.
I know it's unlikely to be you, but if you know anyone concerned about someone who had access to their phone tracking them (or other malfeasence), Apple published a "Personal Safety User Guide":
I never said Apple should unlock it more, I said they should discontinue it, and their executives displayed poor judgment in approving the product.
I never argued that AirTags were nerfed into uselessness, I responded to your argument that they were nerfed into becoming useless for stalking, which I don't think is true.
> Ironically, so did Tile for the last 8 years, and Samsung's own Galaxy trackers for Android, but there is no outcry about them
Plenty of people have iPads catching dust in drawers, who would never have bought Android tablets (or any tablet) if the iPad had never existed. It's the power of Apple's marketing. Anytime I argue against AirTags, I argue that availability is a game-changer, and nobody actually tried to address this argument convincingly.
- Someone at a club or rave might impulsively or drunkenly decide to remove the AirTag they use for their keyring, and slip it into someone's pocket. They might never have bought a tracker if Apple didn't have one.
- Again, the iPad-catching-dust-in-a-drawer argument. Plenty of people buy Apple products on a whim who would never have considered that product category if the Apple product didn't exist. iPads popularized tablets, Apple Watches popularized smartwatches (at least among US teens), AirPods popularized bluetooth earphones). Apple's marketing doesn't just increase sales for their products, it promotes the entire product category. People hear about iPad, are interested, and might buy an iPad or a cheaper competitor; when they would never have bought a tablet if the iPad hadn't created a "halo effect". You can argue the effect is less for AirTags, but don't tell me it's nonexistent!
- The copycat effect is strong among criminals. Ransomware attacks were almost nonexistent, and became common very rapidly, as awareness spread among criminals, as they rushed to take advantage of the opportunity before the crypto, legal, or antivirus ecosystems catch up and make it less rewarding. In 2009 around 1 in 13 stalkers used trackers of any kind; that number's surely gone up between 2009 and 2021 (AirTag release), but you really think that number won't go over the next few years, partly because of increased popular awareness of trackers?
> It is foolish to underestimate stalkers and stereotype it as just a crime of opportunity.
I said often a crime of opportunity, not always (or even mostly), and that those for whom it was a crime of opportunity, weren't sophisticated. The average bank robber might have done a good deal of research on bank security systems and circumvention. The average stalker might not think of using GPS tracking unless he's reminded of their existence, since there are so many other methods (likely, most stalking is online nowadays). Hence my "availability" argument.
I think it's a horrible world we now live in where we HAVE to install software to solve a problem other people have created for my safety in the real world.
I bet you Google has had conversations about integrating some kind of airtag tracking feature into their software.
The OP is right. Airtags are not the greatest idea and the abuse of them is disastrous for people who are not on the apple ecosystem.
The attitude of apple so far has been horrible... Their app sucks.. only works when you open it.... They can do better but refuse to, because they don't care for our safety unless we buy an Apple product.
>Has a tracker costing too much ever stopped a stalker?
Can you pay for that subscription of a tracker with an anonymous payment? If someone was to find a tracker, and even having to go through court orders of whatever type, the subscriber could be found out. I think that would be the bigger deterrent for a thinking stalker than the price as that's the cost of doing business. (shivers from making stalking out to be a sane thing) Lot's of plausible deniability, "oops, i lost that sometime ago, and totally forgot to play dark pattern UI games to end my auto-pay subscription. totally wasn't me, we swears it."
The barrier of entrance has not only been lowered on the cost side but also on the opportunity side. If people already own AirTags and know how to use them for legitimate purposes they just have to hide them somewhere to track somebody opposed to deciding to get a proper GPS tracker „just to find out where X is going to“.
The risk of getting caught has also been raised considerably, however. An anonymous GPS tracker won't easily lead back to you personally, but an AirTag used for stalking will lead police to your door.
> Neither have anti-stalking features of any kind to this day.
Very true, the only real difference is that Airtags are simply a better product, but that means their use as stalking devices (along with their legitimate uses) is now much more practical and casual.
I think the real long-term solution is for Apple to open up the U1 chip/protocol so at the very least Google/Tile/Samsung are able to implement the same countermeasures Apple has, if not use it in their own tracker devices. It would probably cost them revenue, but I imagine it would be worth it compared to the negative press they're getting from this, particularly since they're also making huge strategic missteps wrt App Store 3rd party payments.
I think a major part of the announcement you're skipping over is the clear statement that individual AirTags are linked to specific AppleIDs and Apple will cooperate with law enforcement to help identify the owners of AirTags used for criminal activity. If you're a wannabe stalker, the fact that Apple has made it clear they're just itching to point the cops in your direction if you misuse their technology seems like a fairly big disincentive when there are other tracking capabilities available. Even if you think your target isn't too likely to find the AirTag, it means you're taking an obvious risk if they do happen to find it.
If a stalker is willing to buy a burner iOS device (since that's the means of viewing Airtag data), associate it with an untraceable email/iCloud, and only leave the device's location services on in locations that aren't tied to their identity (since Apple also knows where the tracking phone is), then 'having access to Airtags' probably isn't the 'make or break' factor in whether or not they will stalk someone.
If a user has that level of tech savvy, there are plenty of other cellular GPS devices they could use.
I suspect they could get several cellular GPS devices for the cost of an iPhone + some AirTags - meaning they could easily offer up one or two sacrificial ones for easy finding in order to hide a smaller one "in plain sight" (as it were.)
Or they could just hire a private detective to do some stalking for them.
Or someone even less scrupulous for even less money, I'd assume?
> Do you have to reveal who you are to Apple to use an airtag though?
People are subjecting themselves to voluntary surveillance and it's amazing to watch, Apple's promise to cooperate with "Law Enforcement" in most of the world was chilling. J Edgar Hoover would have creamed his pants - "Did you say MLK Jr. has several airtags? I want daily updates on where he's going."
Most criminals are not clever. I had a girlfriend whose house was broken into; the thieves stole an xbox, an air conditioner, various electronics, etc. After she reported them stolen, sure enough, the serial numbers showed up at a pawn shop, the pawn shop had taken the ID of the sellers down, and warrants were issued. She got her stuff back and the thieves went to jail.
Most criminals wouldn't be doing what they're doing anyway if they were clever or did a modicum of research on what they can actually get away with.
>I continue to think Apple should have never released AirTags to the public
It is the usual Apple strategy for decades. AirTags product play was the technological groundwork for UWB and possibly AR/VR. They always need a product, hobby or something adjacent to iron out all the problems. Chip Packaging, Next Gen OLED, Low Power Profiling all landed on Apple Watch first before they moved to iPhone. The Sound work on AirPod before they moved to HomePod and later MacBook and iPad.
This way they could spread their R&D and gain synergy across product range.
On the subject of tracking, I am not entirely sure AirTag, or the idea of Tagging ( so to speak ) is as useless as you claim it to be, but I am also extremely uneasy with the concept of AirTag. Like many if not all things in life, the road to hell is paved with good intentions.
Exactly... They created this public privacy problem for every human
Then offered a solution only to it's own customers.
That's some dystopian Apple shit right there.
Without that network it wouldn't work, you can't do this over the public internet without a swarm of physical devices you control on the other side. Companies like Apple remotely controlling devices used to mainly be a personal issue and thus a personal choice, you can just opt out of Apple to avoid it.
There is no opt out of Apple airtags.
Now every Apple user is an Apple snoop, your choice to use Apple affects _everyone_ around you... quite literally.
> I remember seeing a chills-down-your-spine Apple Watch Series 7 TV ad, that featured beautiful remote nature landscapes, with the audio of 911 calls made from people's Apple Watches whose lives were saved by their Watch. Probably one of Apple's best and most impactful ad in the past decade.
One could argue it's pretty distasteful to try to cash in on people's fears.
It's a fine line, but I feel Apple avoided being exploitative here. The vibe wasn't "you deserve to have this terrible thing happen if you don't buy our product." The watch clearly provided real utility to real customers and it's worth highlighting.
I was personally eager to pay for the cellular-equipped Watch as long as I was getting one, because even without an explicit data plan, if you fall off a bike, it will call 911 for you automatically unless you tell it not to.
That's insurance of a kind I couldn't purchase prior to that, in a form I would actually use and have on me if this actually happened. Fine by me.
The older you get, the more ways to fall down and need 911 start to exist. I'm okay with Apple "cashing in" on that.
And that was the almost-universal response on reddit and YouTube comments, but are those people more, or less likely to buy an Apple Watch? Maybe not for themselves, maybe for their grandparents? Besides, it's the absolute bedrock of modern marketing, from weight loss pills to perfumes to clothing: when ads depict supposed customers smiling with their families, or going on a date, or being the center of attention at a party, it's the exact same psychological trick, twisting the knife of your insecurities, fears and FOMO, just done more subtly.
Solar panels is pretty much targeted as a way to avoid high utility bills, trying to go green, etc. If you're in a circle of consipiracy types, then maybe the off-grid aspect is preached more. Mainly though, it's just about avoiding the bills, and maybe avoiding power interruptions. That requires batteries though. That might qualify as fear advertising.
Apple's "Tracker Detect" Android app wants full network access and precise foreground location permissions.
They expect me to consent to having my physical location tracked by Apple in order to avoid having my physical location tracked by someone other than Apple. Unbelievable.
Obviously, the app will need that access privilege to perform its task. Now, you’re in the bind: Do you trust apple to use these privileges on the device only - and not track you - or do you care about being tracked by others. Depends on your risk profile, I’d say.
Android requires Location permissions to scan for Bluetooth devices because if you can scan for Bluetooth you can sometimes get the user's location from various online databases, so the permissions would be functionally identical if they were sperate anyway.
As an adult with ADHD AirTags have been an absolute godsend. I have them on my keys, wallet and backpack and I’ve pinged them all separately just this week.
If I were a guessing person: because future products will be the same size and price as AirTags … what would it look like if an Apple Watch cost $50? It could be used like an AirTag for stalking.
So: sort out the privacy implications with a low-priority product like AirTag first.
For me, 95% of the functionality of Airtags would still be there if it only worked with your own apple devices. I have found airtags for finding things when I lose my keys/wallet around the house. I do leave them at a restaurant tying it to my iPhone would still show the last place I had it.
I felt the same way about Tile back in the day when I used it.
I didn’t want my tile part of their “network”, I didn’t want other tile users to relay the location, I didn’t want my phone relaying other tile users’ locations. I didn’t want my tiles location going to any server at any point. I just wanted a to be able to make my wallet beep if I’m near enough to it for it to be in range of my phone. But the rest of the “features” couldn’t be disabled, so I threw my tiles out.
Years ago, I had a tile on my keys. I left them on top of my car in a parking garage. When I went back, they were gone. Someone took them, probably meaning well but didn’t leave a note saying where they took them to. So that sucked. To this day, despite the tile being in “lost mode”, I’ve never gotten a ping. There’s real value in these trackers, because people pick up things that aren’t theirs.
They are far more noticeable and less suited for covert tracking than AirTags: they need far more power, reducing the time of autonomous work, they are significantly bigger, they need to be in the coverage area of mobile network.
Also, AirTags look far more innocent, giving a plausible deniability excuse to a potential stalker. Oh, that's where I lost that key, it's on the floor of your car! With specialised tracker that excuse won't work.
> I mean, increase from 0.00001% to 0.0001% is still significant and yet I still wouldn't worry about it in the slightest.
I think there's probably a little gender bias at play in your risk estimation. I too am not particularly worried about someone stalking my 6ft ass - but I'd say a majority of my female friends have experiences with stalking at some point in their life.
Yes, you are right of course. But I suspect even when taking gender into account, the risk of being stalked AND tracked by an AirTag is absolutely miniscule and not worth worrying about. But I'm talking completely out of my ass, would love to see some data behind it.
The people getting stalked have a 100% risk. You don't care because for you it's all just statistics.
With statistical arguments, why do we spend so many resources on prevention of anything, e.g. cancer, when it only impacts a small number of people?
This kind of argument always comes down to choice. You care or you don't. Hard to argue. If you don't care about the fate of those "few", mostly women, well... there is no law of physics that I could throw at you, my negative judgement of your argument is not based on anything hard. Which is the case for a huge amount of such choices. You can have a society based on and steered by pure statistics and benefits, but what you will miss is that the very nature of such a society changes because you cannot put that into numbers.
The core of the argument is qualitative, which does not lend itself well to number-based reasoning.
>>The people getting stalked have a 100% risk. You don't care because for you it's all just statistics.
I don't know why would you say such a thing.
Let me give you another example - the chance of getting stabbed on the streets of London is probably comparably miniscule to being stalked.
And now if we extend that argument - almost 100% of people getting stabbed are men.
Does that mean that as a man I should start wearing a knife-proof vest? Is me refusing to do so "not caring" or that "it's only statistics for me"?
After all, people getting stabbed have a 100% risk of getting stabbed - that's a pointless statement if I have ever seen one.
I just don't understand the aggression of that statement - just because my gender is statistically unlikely to be stalked doesn't mean that somehow I suddenly don't care, or that women shouldn't care - just that in your daily life you should really consider how big of a risk something really is.
>>With statistical arguments, why do we spend so many resources on prevention of anything, e.g. cancer, when it only impacts a small number of people?
That isn't the argument though. We aren't arguing spending or not spending money to prevent a small number of cases(in which case I'd say absolutely this money should be spent). I replied to someone who said AirTags should be completely and entirely banned over a very small number of cases where they were used maliciously.
To use the cancer comparison - it's like someone saying that we should ban bacon worldwide because it's a known factor in certain cancers. I'd also argue against it, because the risk to any one individual from eating bacon is absolutely miniscule.
You personally may not have to worry about it, but a handful of well publicized cases of misuse (say someone getting stalked/murdered) will probably be a bigger monetary hit to Apple than their profit from this entire line.
You don't recognize the huge value of AirTags for Apple - the AirTags give Apple a valid excuse to create an ad-hoc network (Find My Network) of Apple devices that can better spy on each user, thus giving them better access to the users personal data regardless of their privacy settings. For example, if you haven't opted out of the Find My Network (turned it off), but turned locations off due to privacy concern, Apple can now get that data from others iDevice users near you. They can use it to upgrade your social graphs (who you hang out with), where you shop and eat outside. With Find My Network enabled, Apple devices are no longer fully powered off but go into a low power mode so that they can still talk to another iDevice through Bluetooth.
> I continue to think Apple should have never released AirTags to the public, and should discontinue it. It's a very limited income stream, with limited use cases, and significantly increases the average person's risk of stalking.
You sure have a lot of strong opinions on what apple "should" do.
Don't like it? It's a free market. Don't buy it and if you're afraid of being stalked, check out the app they released.
I wonder how come all you people come out of the woodwork now that Apple released this thing, yet when Tile did there was no such forced concerned anywhere.
For Android there is also the free alternative to Apples Android AirTag called "AirGuard"[0]. It was out way sooner than Apples application and seems to be far more advanced than it (i.e. has the features you claimed the apple android air tag application was lacking).
> Display alert with sound: When AirTag automatically emits a sound to alert anyone nearby of its presence and is detected moving with your iPhone, iPad, or iPod touch, we will also display an alert on your device that you can then take action on, like playing a sound or using Precision Finding, if available. This will help in cases where the AirTag may be in a location where it is hard to hear, or if the AirTag speaker has been tampered with.
What am I missing here-- it seems like it would have been trivial for Apple to add a microphone and have the AirTag stop sending location if the speaker isn't working. And have the firmware check the speaker is actually emitting sound, so no amount of physical rewiring can defeat it.
Technology can be used for good and bad. If Apple AirTags disappeared tomorrow Tile and GPS trackers would still exist, but Apple have highlighted legitimate use cases to hundreds of thousands of people like me for theses devices (I use mine for my luggage and my dog).
I agree completely. I love the idea of Air Tags, but we all saw this coming a mile away and Apple should never have been allowed to release these.
The fact that this post from Apple even EXISTS is direct acknowledgement of this being a horrible, dangerous mistake.
I know what they were trying to achieve, but it isn't worth the misuse by a long shot.
People will think it's not a problem until someone is tracked with one and killed.
The only thing I can think of (besides not selling them) is to open them up so they can be used with Android, and work with Google to add support for them to Android's OS.
Police in the UK does not follow up on requests to retrieve iPhones from FindMyPhone because the GPS tracking isn't exact enough to find the correct appartment.
This is partially correct but depends on presentation - I tracked a phone to a house, they said they couldn't help because it wasn't accurate enough, I said I was going to knock on the door and demand it back, they turned up in ~3 minutes and recovered it for me, arresting the person who had it at the same time. Because I presented it as "I am going to put myself in danger to recover this item" they were duty bound to act. Still didn't help much as it was held as evidence for literally months.
It's not. I've recovered my phone after it was stolen by simply showing up to the house it wandered off to the next morning.
I've done this a number of times for friends (perhaps not really the brightest idea in retrospect) and you'd be surprised at how many folks simply apologize and hand it over when confronted. If they refuse, at least you tried.
Plenty of folks will take matters into their own hands for a $1,000 device that may be a source of their livelihood. Not everyone can simply walk away from that and absorb the loss.
I wonder what the %s are of people that lose a device and do not immediately lock it? Is there a large enough market for buying stolen phones that are locked to make them useable again?
Do these people expect to extort a finder's fee? I just don't think "criminal" enough to understand the value of a stolen phone.
> Plenty of folks will take matters into their own hands for a $1,000 device
I was once mugged at gun point and the 2 guys took my wallet/cash/phone. For some stupid reason, I thought it a good idea to kindly ask for my wallet and phone back by convincing them the phone was several generations older, it would be locked as soon as I returned home, as well as any cards in my wallet being canceled. Also, just to avoid the pain in the ass of dealing with the banks and not going to the DMV for a new ID. The 2 guys laughed, and gave me everything back except the cash. To this day, I don't know what made me think that was going to happen. However, as soon as I turned the corner, I was on the phone with 911.
> I thought it a good idea to kindly ask for my wallet and phone back by convincing them the phone was several generations older, it would be locked as soon as I returned home.
About a decade ago when El Salvador was more dangerous, cell phone theft at gun point or knife point was more common. And well SIM cards used to be easier to remove from phones.
So the "good thieves" would allow you to remove the sim card from the phone before stealing it from you.
There were also times where the thief would be "pickier" than you, so if you had a very old or a damaged phone they would just give you your phone back after mugging you.
Two tricks were faking an ugly phone while carrying without a battery cover and cover it with duct tape. Or carrying a hidden good phone and a visible old phone.
I would guess that since it's getting pinged by any/every iPhone that gets within ~10 meters, the AirTags are often more accurate, since "more samples". That probably doesn't help in all situations, but helps in a lot of them.
You can post anonymously on a forum against them. I sent them an email thanking them for making them. In the end, I buy their stuff and you guys don’t. They know that.
Airtags leverage the popularity of iPhone devices and use that, not a single phone. Given there's a high probability of someone in the surrounding with an iPhone, you don't have to have an iPhone so that an Airtag will track your movements accurately enough.
That's not how Airtags work. From Apple's website:
> Your AirTag sends out a secure Bluetooth signal that can be detected by nearby devices in the Find My network. These devices send the location of your AirTag to iCloud — then you can go to the Find My app and see it on a map.
Airtags broadcast their ID via bluetooth and then any nearby iPhone with "Find My" enabled will be looking for these signals. If something is found, it sends the information to Apple and Apple then makes it available to the Airtag user.
The person or object doesn't need a phone (be it Android or iPhone) to be tracked. All Airtag needs is to be detected by someone else's iPhone.
Why are Android users vulnerable? Because iPhones will automatically warn you if a tag that isn't yours stays near you for a long time while Android users have no idea. Apple released an app for Android, but it requires users to perform manual scans...
You as Android user live in a an apartment block.
Your neighbor below has iPhone. Your neighbor keep getting warnings on his phone that unrecognized AirTag is nearby. He can’t find any and doesn’t speak with you about it.
When moving across the city it would be even worse as there is no neighbor that would get the tracking warnings.
This is a great response - very happy to hear Apple's involvement with various groups to make things better.
Some noteworthy bits:
> we innovated with the first-ever proactive system to alert you of unwanted tracking
If that's true, then Apple just raised the privacy bar and now Tile and other small players need to up their game to stay relevant.
There is also lesson to learn here: whoever makes a tech/product popular is the one who gets the heat for all its shortcomings/problems. It doesn't matter how many existing small players were doing a horrible job for years.
> As an iPhone user moves, Precision Finding fuses input from the camera, ARKit, accelerometer, and gyroscope to guide them to the AirTag
This is something that's not appreciated. The UWB chip on the Airtag can only help iPhone know how far away it is from the tag. It's 3D modelling of the world through camera vision that helps triangulate and guide the user via live on-screen direction.
Next time you think why we need tech X, just remember that you can't foresee what it'll enable in the future - (and before you comment "all AR stuff to find my keys faster?", re-read the previous sentence again).
> If that's true, then Apple just raised the privacy bar and now Tile and other small players need to up their game to stay relevant.
No they didn’t. This “feature” is garbage for the people who actually buy it. It makes putting air tags on things shared by a bunch of people a huge pain in the ass.
“Freaking people out who are on the bus with you because you forgot your phone but have your keys” is not a selling feature.
> This “feature” is garbage for the people who actually buy it.
I'm one of those people who has 10 Airtag, who lives with others and haven't had this problem. As far as I (and many others) am concerned, "Apple just raised the privacy bar and now Tile and other small players need to up their game to stay relevant."
>I was away with work for a week and left all my keys (with AirTags) at home
The parent comment said "You can chose to stop getting an alert if a particular device is following you". I don't see how what they said applies to your scenario, given your scenario is literally the opposite.
Since you weren't near the airtags, you couldn't have stopped them from beeping/following you. But whoever was at your home near the airtags (presumably the person who put them in the fridge) had the ability to disable them from beeping/following them.
I mean Android only has a market share 70%, practically nobody uses it anyways /s
The fact that there were open source unwanted AirTag finder Apps on the PlayStore way before Apples official app arrived perfectly demonstrates how much Apple really cares about privacy. They only „care“ about the privacy of the people who pay them to care.
They do seem to have dropped the ball on their Android app. Majority of reviews on that app is people complaining that it doesn't do background scans!
Not sure if there is a technical limitation in doing so on Android, but if not, I hope they make, what seems to be a small effort to make things better for Android users.
> The UWB chip on the Airtag can only help iPhone know how far away it is from the tag.
I thought the MMIO antenna array would have indicated a rough direction of the signal.
But perhaps that isn't accurate enough to be useful? Since the distance is accurate to a few cm and the iphone is moving, it can use it's own calculated position from the computer vision data to apply multilateration to multiple UWB distance samples over time.
But tech wise, I think UWB combined with AR is the tipping point for the application you mention. Bluetooth is unfortunately too coarse to be very useful in locating items. It's still useful in locating stores in a shopping mall though, and that we haven't seen yet.
> It's 3D modelling of the world through camera vision that helps triangulate and guide the user via live on-screen direction.
Aaahh, that is why Apple’s app refuses to help me find my cat in dark apartment at night!
It just says “It is too dark” and provides a button to turn on flashlight.
I like the functionality of the AirTags so I don't want them nerfed, but I can think of no way to fix their fundamental problem of being such easy to use stalking devices.
Chefs knives are great for cooking and are inexpensive and easy to purchase; they can be very dangerous weapons in the wrong hands so we make it against the law to use them in that manner. Maybe that's the best we can do with AirTags.
> Precision Finding: This capability allows recipients of an unwanted tracking alert to locate an unknown AirTag with precision. iPhone 11, iPhone 12, and iPhone 13 users will be able to use Precision Finding to see the distance and direction to an unknown AirTag when it is in range. As an iPhone user moves, Precision Finding fuses input from the camera, ARKit, accelerometer, and gyroscope to guide them to the AirTag through a combination of sound, haptics, and visual feedback.
I guess this probably only works for people who have iPhones, but it still at least makes tracking somebody using an AirTag a somewhat risky proposition (for example, if a person is stalking somebody using this technology and knows their target has a non-iPhone, they never know if that person might have a friend with an iPhone).
What's different from a thief stealing my bag and carrying it around in their car versus me putting an airtag in the exact same location without them knowing?
If a thief has my bag I definitely don't want them knowing they're being tracked. Maybe I don't quite understand something about this announcement.
It’s honestly pretty silly to expect to track down thieves because they stole something with a tracking device in it. Are you really going to chase a thief and confront them? Do you really think the police are going to do it for you?
When my father’s Android was stolen we called the cops and they told us to the park a block away from the thief’s house (last ping from Find My Device) and wait for them. They took a report from us, confronted the thief at his house, and got the phone back. The thief claimed that he found it at the post office and intended to return it, but the phone was in airplane mode (accessible from the lock screen) so that was clearly never gonna happen. This was in San Jose.
It is entirely reasonable to expect the police to recover stolen high value items whose location is known. Particuarly if the items were obtained with violence or weapons.
> Chefs knives are great for cooking and are inexpensive and easy to purchase; they can be very dangerous weapons in the wrong hands so we make it against the law to use them in that manner.
What? I've lived in several western countries and I've never had a knife purchase that was tracked or controlled in some way.
There's only one place I know of that controls ownership of chef's knives: the Xinjiang region of China.[1]
Current stalking laws already cover such abuses of airtags. I see quite a few comments in this thread proposing a total ban of airtags, which makes about as much sense to me as wanting to restrict chef knives.
Knife purchases are controlled in the U.K.[1] Persons under 18 are not allowed to buy knives, but in practice this means most people are showing an ID to purchase a knife.
In addition, carrying a knife on you without a good reason is a crime in itself - and yes going home with a knife you just purchased is a perfectly valid reason. But having a knife on you "just in case" is not, unless you live in the middle of nowhere or are a farmer or something. Get stopped in the middle of London with a knife and that's a serious crime.
I must say, as an adult in the habit of carrying a lockback folding knife whenever I leave the house, a practice I ultimately owe to Lord Baden-Powell, I found it.. discomfiting that this benign practice is illegal in London. Lovely city in general, one of my very favourites, but there's something grim about that.
"Be Prepared" was considered a perfectly valid reason at one time. Still is in hmm. Many places.
Not disagreeing with you per se, but what is benign in some contexts might not be so benign in others. Knife crime is a big problem in London - the tight regulation is in response to these circumstances. For instance, of the 126 homicides committed in London in 2020, 71 were committed with knives.[1]
It seems plausible to me that the crime we want to deter (shoving a sharpened piece of steel into someone) isn't easily or effectively prevented by adding carrying such a piece of steel to the list of crimes.
They're in every kitchen, how are we to prevent them from being carried out of the nearest one? Ask yourself!
The list of good reasons to carry a pocketknife which are aren't shanking someone is unenumerable and lengthy. It's an absurdity and I despair when I have to see Brits pretend to the logic of it out of some misplaced solidarity. Kudos for the NHS but the knife loisense fills me with pity for what a once mighty nation has become.
The target of these laws is not kitchen knives. Pocketknives (manual blade, less than 3") of most kinds are legal.[1, see exceptions] Bans of this kind are fairly common (for instance, in California, there is a ban on concealed carry of fixed-blade knives; in Los Angeles, the ban extends to openly carrying a "knife or dagger" defined as "any knife having a blade of three inches or more in length".[2] These laws strike me as very reasonable.
It’s a bit funny to imagine but the NYC knife murder rate is actually higher than London. Against the background of substantially greater crime, though, it fades away.
It’s just a difference in culture. Despite the stabbings, Americans will not tolerate knife control to the same degree.
My father-in-law (from the US) always carries a small utility/hunting knife, which he packed in his checked luggage when taking a leisure trip to England.
I believe it was at a museum or another public attraction that a police officer saw the knife in its holder on his belt, stopped him, demanded he surrender the knife, and told him he'd be arrested if he didn't.
He was very upset - he'd had that knife for decades.
I agree with you, but note that NYC (a frequent point of comparison with London, despite stats incompatibilities) has more knife murders than London, ie their second biggest category is bigger than our first category of murders by weapon. https://www.euronews.com/2019/06/18/deadly-knife-crime-how-d...
I wasn't trying to compare the rates in which we murder each other.
New York is a shithole and terribly ran, of course the murder rate is higher, especially these days.
There's a lot of gang violence and pickpocketing, knives are the goto choice, especially since it's so hard to get a hand gun legally in that city. Better to carry a knife otherwise you're a default felon.
It would attract too much attention carrying an axe around for no reason and Dilbert Grady's family massacre might be the largest ever where only an axe was used and using the axe was mostly for theatrical effect. with a gun, an 8-year-old can probably easily murder a dozen adults. I am not for gun banning anywhere but I don't like likening guns to knives or sticks or stones. It seems no different from likening riding an aircrafts to walking on one's legs.
I grew up in Houston, Texas, where it was a felony to carry basically any knife bigger or more threatening than a Swiss army knife, but open-carrying a handgun was legal.
I don't think knife bans have anything to do with the the 2A or the lack thereof. Knives can be seriously dangerous weapons, and in an urban environment, the stealth afforded by a knife over a gun presents further menace.
It's not, I'm sorry you can't follow the simple logic that people pick up a knife because they don't have a readily available gun, so there are more knife attacks than anything else, so they ban knives more aggressively.
> Texas has numerous bans on knives,
Texas does have bans on specific types of knives, but not a blanket ban or anything w/ length.
It's like saying because full autos are banned Texas has a gun ban.
> It's not, I'm sorry you can't follow the simple logic that people pick up a knife because they don't have a readily available gun, so there are more knife attacks than anything else, so they ban knives more aggressively.
I get that this statement sounds intuitive to you, but I would challenge you to substantiate a correlation between gun restrictions and increased violence with bladed weapons with some data before talking about causality. I personally think the majority of such violence is opportunistic, so I would be surprised if such a correlation were truly borne out by any data.
> Texas does have bans on specific types of knives, but not a blanket ban or anything w/ length.
When I was growing up in Houston, it was a felony to carry anything with a blade over 5.5" on your person. (I distinctly remember my scoutmaster warning us about locking or fixed blades >3.5", but that may have been a Houston or Harris County ordinance.) It looks like this was effectively repealed in 2017 per https://www.houston-criminalattorney.com/texas-switchblade-l...
Interestingly enough, Brits used to also have right to own and bear arms, but they lost it in early 20th century. That’s what happens with freedom, if you don’t watch it.
British people absolutely have freedom to own guns, just perhaps not in the way Americans do, but yes they are in no way forbidden nor is anyone's freedom in danger - I know lots of British people with guns, way more so than where I'm originally from(Poland). You apply for a permit, then a local officer comes over to your house to just make sure you have somewhere safe to store it and that's basically it, go and buy yourself a gun, no problem at all. If you know anyone who lives on a farm they will most likely own at least one shotgun, for shooting rabbits if nothing else.
No. In Britain, to even own a gun, you must argue that you have a “good reason” to do so. If you don’t have a good reason, you won’t get the license. In US, guns ownership is considered a right, and you do not have to justify why you want to exercise this right.
Second, the ownership license does not entail right to actually carry the firearms. Brits used to have this right, but it’s now gone forever, especially as handgun ownership is effectively banned altogether anyway.
UK only has twice as many guns per capita as Poland, by the way, and I think a lot of it is actually a remnant of era when Brits had more freedom.
But we also know some laws an unenforceable in practice so are at best a deterrent if that law is made known to everyone, however in practices, laws not even a TLDR are rarely made known and people also forget what with everything else going on in the world.
> Every AirTag has a unique serial number, and paired AirTags are associated with an Apple ID. Apple can provide the paired account details in response to a subpoena or valid request from law enforcement. We have successfully partnered with them on cases where information we provided has been used to trace an AirTag back to the perpetrator, who was then apprehended and charged.
This makes me wonder, could Apple go further?
What if Apple put up a web page where anyone could type in the serial number of any AirTag they found, and instantly see the name and phone number of its owner? Apple could even print the website URL on the back of every future AirTag (albeit presumably in tiny print).
I bet that would make stalkers think twice! And, I don't think there's any technical reason Apple couldn't do it, right?
What I'm not sure about is whether this would be an invasion of the owner's privacy. But, if you're using AirTags to only track your own belongings, when would this ever come up? The owner's privacy seems less important than that of an unwitting victim, since the owner can choose to not buy an AirTag.
Consider theft. Now the thieves have the victims phone number to attempt to further steal from them. Or if there is an audible sound, they know the police is coming after them and can drop the airtag and avoid apprehension.
This is a two edge blade. Personally, if I was going to use an airtag I would use it to protect myself in case of theft. Now, the thieves can locate the airtag due to a notification and move it to an unsuspecting other victim, which will then move on to press charges against me, and I will have to defend myself in court. I don't see the appeal.
Right, or even consider the original case where you have an AirTag on your keys for if you lose them - given a name and a phone number, someone who finds your keys can quite possibly figure out where you live and use the keys.
Most things you lose are both less dangerous lost and worth less to a criminal (and hence less likely to induce someone to become a criminal) if they can't be tied back to you. Don't put "If found, return to 123 Main Street" on your keys, don't put "Apple Confidential" on your USB keys, don't engrave "Property of North West" on her Switch, etc.
Hm, how easy is it to get an address from a cell phone number these days? Maybe Apple could only include the Apple ID?
My goal would be to provide enough information so that, if the AirTag's owner is someone the victim knows, they'll be able to determine who it is. Apple needn't provide enough information to identify random strangers, because most stalkers aren't random strangers. (And, the AirTag is appealing due to its ease of use; it would be easier and cheaper to buy a GPS tracker than set up a burner iPhone.)
It may not be possible to do this in a completely harmless way to the AirTag owner, but I do think potential victims should get more priority here. Telling everyone to file a police report isn't great IMO, because potential victims may have all sorts of reasons for not wanting the police involved.
But Apple is already saying you shouldn't use AirTags for cases of theft. The AirTags already attempt to alert people to their presence, including with sound.
If I understood correctly, this still doesn't protect you against custom Airtags using embedded boards[1]. You could just use any serial number you want and maybe even incriminate other people by using the serial number of their authentic Airtag?
If they can link serial numbers to appleids it would imply that they could block non-apple devices? Unless the Apple serial numbers are also randomly generated or something? (Might check the apple docs later)
I wonder how this would work. Even if you do find the Apple ID the AirTag is associated with, how do you find the person associated with the Apple ID? You can use any name you wish there as far as I know.
If you have an iPhone, it would be hard to fake your phone number.
It could be a burner phone, but if you're going to put in that much effort you might as well get a GPS tracker. And, chances are the stalker is probably someone you know.
I'm quite familiar with gdpr, btw -- and I don't see how being able to look up a uuid or some other nonsequential identifier via a site to find the owner obviously violates it. There's a strong legitimate interest case for anyone in possession of a global tracking tag being able to find out the owner, I would think.
You dont know the circumstances for why an airtag is where it is, what if a parent sewed one into their kids clothes or bag or shoe, but got ripped out or something?
Apple should know who possesses the airtags at the very least, and if an airtag is reported lost/stolen, that info could be conveyed back to the person who found it, but nothing more until Apple has then liased with the "owner" to find out what to do next. Obviously this can be automated to some degree.
Both can be true. The actual pairing of tag to owner is encrypted in the communication of its whereabouts. Some stranger detecting an AirTag that you own is not able to determine that you own it.
But also Apple can pair the serial number of the physical tag with the account that registered it. I think this requires the actual tag to be retrieved. The serial number isn't transmitted in the clear; it's gotta be read off the tag case.
probably the same loophole as the "end-to-end encryption" in iMessage. it's end-to-end, but the client is their close-source proprietary software, so if they need access to the data they can just remotely access the client software that you've authenticated and access whatever they need to.
That’s not the iMessage loophole. The loophole is when you have iClouds backup enabled. They have access to it. Disable the backup, you disable the loophole.
Maybe something has changed or i'm missing something, but my understanding is that even without iCloud backup enabled, if you went through the "i forgot my password" process they could remotely generate a new key and create new copies of all your iMessages encrypted with the new key. Which is effectively replicating exactly the attack that e2e is supposed to protect against.
That's not the only iMessage loophole. They also obscure key distribution and have the ability to add and remove keys that are ostensibly for your devices at will. Technically you can check in keychain but virtually no one even does that between their own devices, let alone share and verify out of band with every other party they communicate with.
"E2E encrypted, we can't even read it, unless you use iCloud, or we get a NSL, or if we feel like being a MITM today".
AirGuard is great. They optimized the app to the point that it doesn't even show up in my Android device's battery usage statistics anymore. It's a set and forget app that scans for AirTags in the background automatically, but also when you trigger a manual scan. It's free and open source.
Apple's Tracker Detect app for Android (https://play.google.com/store/apps/details?id=com.apple.trac...) doesn't have automatic scanning, and requires the user to open the app and tap the button to manually scan for AirTags. It also forces the user to wait 10 minutes before they can make the AirTag emit a sound. I'm glad that the Technical University of Darmstadt made a better solution and released the source code, too.
There would be the hazard that you can no longer say it was an accidental stalking if you use a professionally tampered with device. Given that there are a lot of iPhones out there even if your device doesn’t detect it your friend may ask what is up. Then law enforcement can use the AirTag serial number to track back to the account it is linked to.
99% of the tracking notifications are given to my family members. It’s hilarious that you can’t “join” a family members tag so it can be shared within the family.
i.e. completely stop or just reduce? Because I was going to say it would make sense for the "threat model" to go beyond "traditional" stalking to domestic abuse etc.
agreed - my wife and I still get alerts about each others keys being with us. I wish there was a way to actually see the location of other family member's AirTags, so that I can find my wife's keys with my device. It's annoying that we can see eachother's phones and Macs in the Find My app but can't see eachother's AirTags.
Interesting. Just one data point, but my wife and I both have airtags on our keys. When I drive her car (and she's not in it), I get a notification about her keys traveling with me. We're on the same iCloud "family" account. I wonder if there’s something else that needs to happen?
“Okay, so what we’re going to try and do here, is reset and erase, and not restore from iCloud backup, so we can rule out this being something in your profile.”
When you say "iCloud family account", do you mean you both log into the same account using the same credentials, or that you use "family sharing" to, e.g., share iCloud data, purchases, etc.?
I don't think that the timing of this has much to do with the following, but I find it an amusing coincidence:
Just a month ago the German activist Lilith Wittmann used an airtag to corroborate the suspicion that a branch of the German government she (or anyone else who should) never heard about before called "Bundesservice Telekommunikation" (Federal service of telecommunication) is just a front for the Bundesamt für Verfassungsschutz (Federal Office for the Protection of the Constitution, the federal domestic intelligence agency). Unfortunately I only found this [0] article in english quickly, a longer piece by herself in German can be found at [1].
Notably they hint at one of the problems but don’t discuss fixing it at all: it’s bizarre that AirTags can’t be shared with a family account. It’s irritating that if I grab my wife’s copy of the car key I get alerts about being tracked, and, conversely, it’s frustrating that she can’t locate my copy of the key when that’s the one that’s closest.
Probably deliberate since unconsented spouse tracking is probably the most common type of tracking. Maybe an icon and periodic notifications, similar to how the location service works could be a way to allow.
Sibling comments have effectively pointed this out, but obviously it could be optimal per tag, and also given we already have Find My Friends access to each other it’s a completely meaningless objection.
Point is it should be at minimum opt-in possible because without it it clearly misses the obvious connection to a selling point of Apple (family sharing).
If somebody steals your car/purse/whatever with an airtag on it, and that person has an iPhone, will they get notification that somebody is tracking them?
Oh so this is really only useful for tracking stolen items if whoever steals it doesn't have an iPhone or an Android with their app on it, I never realized that.
Yes, though I'm not sure how long it takes for that warning to pop up.
In my experience, it's generally more than the few minutes someone that grabs a purse will keep the purse before looking for cash/whatever.
A car is, of course different. I had the brilliant idea to put an airtag in my car so I could find it if I forgot where I parked. Then I got a call from a very worried SO that borrowed my car that thought they were being stalked (there's a history there of issues, so yeah, fun times).
If it's a car why not get a cheap 2nd hand iPhone SE, and either a massive battery pack or wire in a 5V inside the dashboard and hide it there. Then you can just track that phone. It will have GPS too.
Being able to share AirTags via a family iCloud account seems to be a pretty commonly requested feature. It does seem a little silly that I can track every device attached to the account but not AirTags.
Even outside of family. I would buy an airtag for my dog for when my friend watches them. It'd be nice to drop off my dog and "share airtag with this user" so they can have a resource in case my dog got lost.
I suspect they are working on it, but the crypto is privacy-preserving enough to make centralized authorization management hard.
Specifically, you get a cryptographic secret when you pair the key, it broadcasts as a bluetooth beacon with encrypted messages based on that secret and current time, that get reported up to an Apple service.
When you want to see your accessories, your device will compute the encrypted messages at appropriate times and have apple search for them.
However, there's no network push to an AirTag available to tell it to rotate keys. You could grant more people to see a tag by sharing the secret - but you then could not remove that permission without physically resetting the tag.
I suspect the solution will eventually be having derived keys from the secret and date, and date-based "leases" for permissions - I share the current key to allowed peers. That would mean revocation might be represented in the UX immediately, and take a day (or some other time period) to actually start to fail cryptographically.
sorry I didn't mean the MAC address but rather an HMAC-based key derivation. I suspect they rotate MAC addresses every half hour or so, but the broadcast itself is encrypted such that you can't tell two belong to the same AirTag without knowing the secret.
I might have a secret key for the AirTag, and the encrypted messages derive a new key each day based on the current date, then encrypt a check-in message based on the current time.
If I share the secret key, its permanent access until a hardware reset of the AirTag. If I want to share "for a while", I just share a bag of those derived keys for the date range. The UX might represent it as not having a date range, and my devices which know the secret just periodically share out the derived keys when online to give out keys, and effectively make it so that any revocation of permission takes a week.
The other option is for me to be able to share enough information with Apple's servers that (on permission change) it blocks the AirTag web service query itself. That won't help you with any shared secrets allowing someone to detect its the same tag even after MAC rotation.
I do think it should be possible to share encryption keys (ignore this MAC alas doesn’t work because the MACs and randomized and rotate fairly frequently when in the vicinity of an owner’s devices)
I'd like to be able to mark my own tags as okay. My phone will NFC with the tag in my pocket, and just about every time I pull it out I have a "go to lost.apple.com?" prompt.
I'm not always a fan of Apple's decisions, but short of pulling AirTags off the shelves and scrapping the product entirely, they've gone far beyond any of their competition (Tile) with this stuff.
Ultimately, maybe we're better off just losing things sometimes.
To be honest, I'd be fine if I just got notified at the instant that my AirTag became separated from my phone, and see the location when that separation occurred. They already have this feature, and it's the only thing I really need. I'm not going to go chasing after a thief myself, and I highly doubt the police will care that I have a tracker on my stolen keys. Even if I leave them on a bus, it's not like I'm going to chase down the bus. I'll just call the lost and found and let them know which bus I left them on.
Wouldn't this make unwanted tracking essentially impossible?
Let’s see how hard it is to neuter the sound generation within the AirTag itself. If it’s silent itself, an Android or no-device trackee is vulnerable.
There is not much tech that lacks unpreventable malicious use. Needs to be expected for pretty much anything.
You don't have to actually do that. The devices aren't directly authorized by Apple. So long as you broadcast the right beacons over BT you can make any device findable by the Find My network.
Would it be possible to design the device to detect if the speaker has been tampered with? Perhaps having some sort of microphone on board to detect whether the speaker is functional would work.
This could be put into the speaker driver, to do something like an impedance measurement, to verify that something that looks like a speaker coil is still present. If you wanted to make something hard to defeat, you could measure the capacitance between the coil and case, as a deflection measumerent, to verify that coil was actually moving in a way that it should be. Both would probably add a relatively large amount of power consumption, completely change the design, and add a bunch of cost, where nobody would be interested anymore.
I don't think you can simultaneously limit unwanted tracking and still track thieves surreptitiously. Basically both are "unwanted tracking" by the "victim".
Destroy the speaker and hide the device inside a tire, steerer tube, or other such place?
I mean the thief will get notified, but what are they going to do? Dismount tires, disassemble steering assembly, remove the grips, undo the saddle, bottle mount, Garmin mount, bash guard, lights, etc? This all takes time and skill, it can’t be done on the spot and if they dragged the bike home or to a fence they have already disclosed the location.
Now you've increased the motivation for thieves to carry EMP guns with them... they already do that to deactivate merchandise loss prevention tags (RFID).
There are details not exposed outside of NDA, but my suspicion is that there is a requirement that MAC rotation happen more slowly, like every 15 minutes, and it is a bluetooth MAC and the actual GPS/cell based 'movement' which together trigger an alert.
If a bike's Find My support randomized its MAC on every broadcast, it may very well not be possible to tell that it is not a new device each time. That might not be allowed per the licensing agreement, and that might be something that Apple has heuristics to detect and alert on.
I believe an AirTag stops randomizing some broadcast identifier when it’s separated from its owner. The AirTag by itself has no location awareness. But when an iDevice sees the same separated AirTag at multiple locations it fires the alert.
That may be the case, but not in this case. AirTags had anti stalking built in from the start and were specifically marketed for lost items over stolen items.
It is poor design only if we are calling this misuse. For the record I don't think Apple is doing anything of the sort. They knew exactly how these AirTags would be used, so they wouldn't blame the user as misusing the tags.
You can use a fork as a spoon but you don't get to complain about how bad it performs. Nowhere in Apple's marketing is the airtag advertised as a device to track stolen things
I've heard of multiple people using airtags to prevent and successfully recover stolen vehicles and property after armed carjackings, and as dystopian as that feels, it seems to me far less invasive to society to narrowly target violent criminals than hiring more beat cops to randomly pull over (disproportionately innocent and disenfranchised) people over miniscule driving infractions to hunt for the actual criminals.
I'm happy to see some actual numbers but it seems the devices have been used far more often to deter actual, serious crime than to cause it. Perhaps they should focus on improving the product for what it's actually good for and not nerf it's core functionality because of the extreme edge case of a few bad actors.
Samsung has a similar product called SmartTag and it's also quite good from what I've seen, and on cursory glance seems to not be hyper focused on "fixing" this "problem".
Yeah; I’d prefer it if the police could nerf it (by enabling notifications) to help out stalking victims, but thieves could not.
Alternatively, if (with an actual warrant, and involvement of the airtag owner) the police could link location trajectories of any phones that travelled with the stolen airtag, that’d be nice. Not sure how to avoid abuse with that scheme.
At what point do you go “you know, the low severity problem we’re solving (finding my keys) is probably not worth creating high severity problems like stalking and sexual assault?”
I'm sure they're frustrated that people keep using AirTags as tracking devices rather than local thing-finders, but I think there are good reasons for that.
Local trackers have been around for a long time. I had a "TV remote finder" years ago that you'd stick to a TV remote (or keys), and it would beep when activated by a second device. More recently, Tiles work pretty well, assuming you don't need direction finding. Personally I don't regularly lose anything large enough to benefit from an AirTag. I need it for things like individual AirPods.
But a small device with a worldwide range and no subscription fee that I can attach to a car or suitcase? That's a novel capability. I have one in both cars and my electric skateboard.
I want to see AirTags built into all mobile Apple devices. iPhone, iPad, remotes. With it's own rechargeable battery, it would be really useful when my silly kid forgets where he left his iPad.
The find my network is supposed to be that already - Apple devices even ping when turned off. Try opening “find my” and clicking devices. If you all share a family account, their iPad should display its location.
It only lasts as long as the battery does, plus 24 hours (as in, the location will be visible for 24 hours but won't update after the battery is dead; after 24 hours Apple hides the last known location).
Even then, it is unreliable. The last time my son misplaced his iPad (a week ago), after I put it back on the charger it didn't start beeping (I had told it to make a sound via Find My) until about 12 hours after it was turned back on. Simultaneously I got the notification that it had been found. Not too impressive, IMO.
An AirTag, though, would have its own rechargeable battery and would be able to locate the iPad for a year after it got lost. In my ideal implementation it would work just like a regular AirTag, the only difference being a circuit to keep the battery charged, and being embedded inside the case of the iPad.
That's a creative use I hadn't thought of before. I guess it probably wouldn't help me since I use CarPlay, which causes the phone to save the parking location automatically, but I can definitely see a use case there.
"We're working closely with the police on our pervasive, no-permission geo-tracking system" is a *terrible* fucking message to hear.
It won't be long before they have tiny mics, too. And the little speakers they have, of course, can be disabled.
We on HN should really band together to do something about this. There is already https://github.com/seemoo-lab/AirGuard which is cool. What else could be done? I can think of some general directions:
1) Fill their network with noise somehow. If there are lots of tags, or tags pretending to be other tags, then information on which tag is where will be less valuable
2) Make something that forces existing tags to out themselves (should they have working speakers)
3) Jam their radio signals. Probably illegal in the U.S. under FCC rules, but perhaps there's a way to do it where you're not actually jamming, you're merely doing something else that causes them to not work.
4) Find some reliable way of identifying them via a wand, your phone, etc.
5) Apply political pressure to make this sort of thing illegal (especially for the authorities)
6) Make laws that say if you're using spectrum to build a mesh network, it has to be open to everyone
I recently had a car stolen and was able to recover it and police made an arrest because I had a Tile hidden in it. This wouldn’t be possible with AirTag notifications.
On an unrelated note if you have any FCA vehicle thieves have a programmer that plugs into OBD2 that will delete yours keys from the car and pair theirs in under 2 minutes so they can crank the car and drive off. It’s not even the relay amplifier attack that affects a lot of other cars.
"Every AirTag has a unique serial number, and paired AirTags are associated with an Apple ID. Apple can provide the paired account details in response to a subpoena or valid request from law enforcement."
For a company that 'values privacy', how do they think it's acceptable to only advertise this information now?
> ...and we condemn in the strongest possible terms any malicious use of our products.
Then subject them to malicious users before releasing them to see what sort of ideas they can come up with in a few days, and mitigate those before general release.
Go schedule a room at Defcon, give people AirTags, and see what they do. If they neutralized your mitigations in an hour, well... other people can figure that out too. That the speakers are so easy to disable... well, yeah, you should have figured that out before release.
I'm a bit concerned about Apple's internal ability to reason about malicious actors. This is the second time in recent history they've released a shiny something, only to discover it torn to shreds in very short order by people. The whole CSAM hashing algorithm being as weak as it was to manipulation should not have been a surprise to them - but it sure seems like the system was designed without considering that the first hashing algorithm was trivial to intentionally collide.
"Buy an iPhone to prevent people from tracking you, and if you want to see where the tracker is, buy a really new one!" is some sort of sales pitch, certainly, though this new set of things sounds so prone to false positives and annoyance that I'm not sure how long it will be until people just turn the whole thing off (if that's an option).
It's a neat concept, but doesn't seem to have survived contact with reality and humans very well.
I've said this in other threads, but I'm probably done buying AirTags, because the anti-stalking features, that I assume you're aware of, are so annoying, that I don't want to add any more to my life.
When I get in my car with my wife, we both get a notification that an AirTag is following us, because my wife is potentially stalking me with her purse and keys. I can silence this notification for only one day. I can't disable it, because that's what a stalkers or abusive boyfriend would do. They randomly beep and boop to notify me that they exist, and I'm being stalked, and to put my phone near the offending AirTag so I can see the serial and last four digits of the owners phone number.
If someone were actually stalking me, I probably wouldn't notice.
I think the whole concept is almost doomed, if you're to be satisfied. The purpose of an AirTag is to track a thing. The desire of a stalker is to track a thing. I don't think these two identical problem spaces can exist together, in some harmonious way, that would satisfy people with your concerns, without constant annoyance. Just imagine if these were more popular and you did something crazy like, got on a bus, or went on a plane, walked any reasonable distance down a street with someone in your proximity.
I would love to hear a solutions that doesn't result in constant notifications. I also think it's completely silly to say "We'll we just have to restrict location track of anything, because there are bad people out there. Period." If the metric is to stop all the bad, then technology needs a huge lobotomy!
Apple just needs to add shared AirTags to iClould family sharing. I think that’d solve your issue and ~90% of other unwanted stalking alerts. They already allow shared “Find My iDevice” and just need to add AirTags to the mix.
I agree, but from previous HN threads, people have said that this would enable people in abusive relationships to be stalked. Also, it appears that some distance is required to trigger the notification, so I imagine stalkers could use the AirTags within this distance. For example, to find which apartment someone lives in, within a building.
I think there will always be headlines about stalking and abuse, and people claiming Apple didn't do enough (even though it's so annoying as is), regardless.
> would enable people in abusive relationships to be stalked
I can see that concern, but family sharing ALREADY lets you share iDevice locations at all time. That's a superior form of stalking compared to AirTags... So I just don't get this concern. It might just be perception though. From a PR perspective this is a bad time to release any feature that could be perceived as reducing AirTag stalking alerts.
Yes, it does. It really, really does. The absolutely human-toxic nature of most modern consumer tech ("You buy me, I feed you ads, and collect absolutely as much data as I can to improve the ads other people pay me to deliver to you!" model being the core complaint here) has done a huge amount of damage to humanity.
There are upsides, but we culturally seem horrible at actually evaluating things fairly. Always-on devices, constantly sending notifications, are just horrible to every aspect of humans - and the more we learn about just how horrible the are, the better the companies involved refine their ability to "drive their users nuts" for more eyeball-time to view ads, desired or not.
So, yes, if what you get out of my writings are that we should radically pull back on what consumer tech is and can do, you're evaluating my position quite accurately.
> If the metric is to stop all the bad, then technology needs a huge lobotomy!
I think we need to change the metric. Every tool humans have ever invented can be used maliciously. So we have fallback options, like punishment, to mitigate that. Apple needs to make you read and acknowledge a notice when you get an AirTag that says quite clearly that they know the serial number and will happily provide your contact info to authorities on request. And then police need to actually arrest people for misusing tags to stalk.
I think you’re completely misunderstanding the threat model here.
First the reality: Malicious actors interested in, e.g., tracking other people or other people’s things without their knowledge or consent, have many other options. To defeat them, an Apple product just needs to be somewhat less convenient/useful/cost-effective than some of the many other options.
Second, the perception: Apple needs to convince their customers and potential customers that they care and they’ll do something when there’s an issue.
As released, they pretty much had number one covered, though improvements are always good. So they are mostly working on number two… it’s good when there are actual improvements, but that’s not the main point.
Exactly– the SmartThings tracker didn't ship with any of these features. Tile didn't either. The only reason this is such a conversation is because Apple built these anti-stalking features and marketed them.
Not to mention I could probably make a crappy GPS tracker with none of these alerts and stick it to people's stuff. It may be clunky, but there are plenty of good hiding places. Or I could just get this[0]. Or this[1]. Or any of the dozens of trackers I can find on Amazon that would be perfectly good for stalking.
AirTags shipped with anti-abuse features on day one, no other product provides any anti-abuse features whatsoever.
The speaker could be defeated, but the anti tracking stuff cannot be stopped without breaking the basic functionality.
If you’re demanding that companies must go to great length to avoid abuse of their products why aren’t you demanding the same from tile? Why not the myriad gps trackers on Amazon? It’s not unreasonable to demand that Amazon ensures every such tracker they sell has speakers and anti abuse features.
> It’s not unreasonable to demand that Amazon ensures every such tracker they sell has speakers and anti abuse features.
I agree, however, this thread is about Apple's AirTag devices, and complaining about Amazon's incredibly vile sales practices seems at least somewhat off topic for it.
And Apple's device have vastly superior anti-abuse features than every other product, and clearly apple has not stopped fighting said abused.
What's happening now though is people are attacking apple because AirTags anti-abuse features work, and people have identified when they're being stalked.
We haven't heard stories like this about tile, not because it doesn't happen, but because the complete lack of any anti-abuse features mean that victims are unaware they're being tracked.
To what extent is any hardware manufacturer responsible for malicious usage of their product in your opinion? Surely you don't believe that all bases can be covered no matter how simple the product prior to launch. I credit Apple for making a best effort at launch and continuing security and support for much longer than the industry standard in their products. But realistically there is no way to launch something flawless as you seem to be suggesting.
I don't think all bases can be covered, certainly. But neither do I think Apple has been doing a good job of even trying to do a good job of it, at least recently.
Apple clearly put some thought into how the product would be misused, and added some features for that - but then appears to have not bothered having actual (simulated malicious) users test those features to see how they'd bypass them. Things like "removing the speaker" seem oddly trivial, yet there's no indication Apple even thought through that situation. It wouldn't be too difficult to design something in which the deliberate disabling of the speaker rendered the device useless after a few days, yet would be unlikely to trip in normal use. They're pretty well sealed.
"Red teaming" something like this in the early design phases is often useful to be able to figure out how to mitigate these sorts of attacks, and Apple, far too often lately, seems to be in a "...they did what? No, they can't have... we didn't think they'd... ugh, OK, let's add something to support that..." mode.
And if they don't have family sharing support, as seems to be the case from the other comments here, it clearly means they weren't tested with any sort of realistic use case, because "Oh, yeah, my wife's keys in her purse keep making my phone go off when we're driving together" seems a common use case to discover in testing.
I don't think a company should be responsible for all malicious uses, but when those uses seem utterly trivial to manage (remove speaker, your tracking target uses Android and like almost all Android users hasn't downloaded Apple's app to check for AirTags following them), I think they've missed something really important in the design phase.
Making AirTags safe is fundamentally impossible, a bit like trying to make a knife impossible to hurt yourself with.
For example:
> deliberate disabling of the speaker rendered the device useless after a few days
That only kicks the can. Now people will silence the speaker from outside, for example by covering the whole AirTags in superglue and foam to muffle all vibrations.
> for example by covering the whole AirTags in superglue and foam to muffle all vibrations.
Which makes it larger, harder to hide, and easier to find. Go try - see how much foam it takes to reasonably muffle the beeper. It'll take a lot more than you think.
I think that a key issue in this case isn't just that Apple made a device that could be used for tracking - after all, you could engineer or buy a different tracking device from a number of vendors - but that its feasibility was massively increased due to a unique Apple asset - its network of iDevices. That is, Apple released a product that was uniquely good at tracking people due to an Apple-specific asset.
Slightly less, but still very importantly, there's the fact that by design you can't see if someone is tracking you unless you buy another Apple product, which wasn't an intrinsic engineering limitation, but just a choice that Apple made for their own profit.
As was the risk of getting jail time if you use it to stalk someone. Something you don't really worry about with a generic GPS tracker. That handy, convenient AirTag will give the police your address.
I'd really want to ask weird and possibly insensitive, but nonetheless (I believe) a legit question - shouldn't be it a society that needs to somehow change (I've no idea how, though), rather than technologies killed because it threats existing societal stuff? I hate to say this but it really feels that our assumptions of privacy are becoming outdated and there's no going back.
Unlike e.g. facial recognition, AirTags are not even some new breakthrough, just some well-known existing technologies made a bit more mainstream/commonly available (can't even say "more affordable", the price point hadn't changed). Yet, it causes an uproar.
Technological genie just cannot be put back in the bottle and it's only gonna get worse in the future, as tech will become smaller, smarter and more magical.
> ...shouldn't be it a society that needs to somehow change (I've no idea how, though), rather than technologies killed because it threats existing societal stuff?
We've allowed, collectively, anything that falls in the "tech" realm to deploy first, ask questions later, and more or less force society to conform. I think it's been absurd, we see more and more backlash against it, and rightly so. A company shouldn't be able to just ignore the law and do whatever they want because they use computer chips, but we've seen more or less exactly that in a number of cases.
- Uber/AirBnB can be seen as venture-capital funded, money losing ways around existing taxi/hotel/rental laws, and their tendency to expand into a market without permission and then demand the right to stay there against the laws that prohibit exactly such things, is an example of this model.
- The various "Dump tons of scooters in a city without asking, profit, and make cleanup the city's problem" is another example here. It's littering, really, but somehow tech companies involved get a pass because it's neat.
- Literally every "We collect all the behavioral data you don't realize we're collecting to improve our models of you so we can sell better advertisements to our actual customers" business model does the same thing - take first, ask permission never (or, at least, try very hard to never have the topic come up).
I'm not OK with this, and I hope more and more people aren't OK with it either.
> I hate to say this but it really feels that our assumptions of privacy are becoming outdated and there's no going back.
Privacy shouldn't be something subject to the current state of technological surveillance. We should, as a society, decide what privacy ought to be, and then limit tech companies accordingly.
Europe seems to be making decent headway on this front, with "No, you can't just keep doing that..." rulings against tech companies. I hope that spreads.
> I'm not OK with this, and I hope more and more people aren't OK with it either.
Cool, that's a societal change - awareness.
I can't argue against your ridesharing datamining examples. I can't say the data they've hoarded is actually valuable - just based on the fact almost all their ads are complete misses. I've yet to see any personal data hoarder company to be able to actually pull off anything sensible, not that some ML model realizing nonsense in lines of "meatbag bought a sofa, meatbag must love sofas, let me show him all the sofa recommendations" (lol). Anyway, that's not the point. I don't fancy this data collection and sure agree it's not a bad thing to stop it. Just as I'm fed up with small prints, shrinkwrap licenses and other things we pretend people read and understand that they don't.
When I wrote my comment I thought about somewhat different things. Tracker devices or face recognition is different because it can be done in what marketing calls a "privacy-respecting" way, on device. Yet, it's a fact if someone can point a camera on you, they can match you with their previous data, and if someone can plant a device on you (and devices get smaller and smaller every few years) they can know your location. And it's not about companies producing something, it's about the technologies itself, when the technology can be used for both good and bad things. Like a knife or a laser pointer.
It doesn't make sense to me to tell companies to not produce such technologies. It's impossible to make technologies be usable for good things and not usable for bad things. A knife is always a weapon (or it's not a knife and you can't use it to make yourself a sandwich), a key tracker can always be used to stalk (or it won't be ever useful to find stolen things). But some people are so desperate for "safety" they do want to nerf anything that can be even theoretically abused to absolute uselessness.
And if you want it to report out, it has to have an active cell plan, and the power consumption is rather radically higher than "years on a button cell," so the device is bigger, it needs a clear enough view of the sky to get a GPS signal, etc. They're an awful lot less useful and less discreet. Again, not impossible by any means, but certainly quite a bit less convenient than an AirTag with a removed speaker.
I don't think the typical issue is that someone can maliciously track some other person specifically for years. Longevity of the tracker is an added benefit, not what makes it different.
Honestly, in my personal opinion I feel that only thing that's really different is the company's notoriety. It's no fun to bash Tile (people just don't have any beef with them), but kinda fun when it's Apple. And that they've actually sent out a viral idea ahead of product release focusing attention on this aspect (so, naturally, it echoes back).
That was kind of my point. People can buy these GPS trackers for the same price and have a stealthy surreptitious tracker. What’s new is Apple made so omg, better freak out and write eleventy-one angsty articles about them. In this case I can’t even muster an eyeroll at how silly it is.
If I were actually interested in tracking someone for nefarious reasons, I absolutely would not use an AirTag. I mean, it has a serial number that will lead the police right back to me. I'd use something that doesn't have my name on it.
I just checked and all the reports of misuse so far don’t seem to be “for months at a time”. I can also get a prepaid sim with very little identification and there’s no direct link from an arbitrary gps device to the person who used it.
I think there was a brief surge in people abusing them because they thought AirTags were untraceable, which they very explicitly are not. As apple says in the article they can directly go from an AirTag to the account that owns it.
You're both right; it's an interesting question. Something that can't be used maliciously is probably not useful for much of anything at all. OTOH, when the potential for harm is far greater than the potential for good, as it arguably is here, that calls for extra discretion on the part of the developers.
That may be understating it a bit. I honestly can't decide which is greater.
Airtags as-is are nerfed for non-technical reasons as to make them more or less useless to me, despite their ability to be incredibly useful.
For example:
Due to the nag/anti-stalking alerts I can't put them on dog collars due to day-care visits. No way for others to whitelist a tag on their phone, or any way to silence it.
Same goes now for the car. It's annoying to just toss one in each trunk in case of theft or whatnot, since the cars are shared.
The privacy concerns have more or less turned this product into something of a very narrow usage band - aside from a personal bookbag or whatnot I don't see many other realistic uses at this time. Not useful for hiding in my power tools, etc. etc.
I had pretty high hopes for these for some peace of mind (dogs), and I live in a high crime area so being able to track my expensive items has proven useful in the past. I was excited about expanding on this use until they started crippling them.
There are lots of tracking solutions out there, most of which do not even attempt to protect against abuse. So, Apple seems one step ahead of the competition here.
Regarding CSAM, I have not seen any credible threat model with those hash collisions.
> "Buy an iPhone to prevent people from tracking you, and if you want to see where the tracker is, buy a really new one!"
The tracker beeps, and displays information to Android phones, also. They did what they could to make it easily findable.
Have any of the AirTag stalking mitigations actually been defeated by hackers? Besides physically removing the speaker.
The “an AirTag is traveling with you” alerts haven’t been defeated as far as I can tell. Apple tweaked some of the time periods after launch but the core technical mitigations are the same.
I agree the current situation is non-ideal, but it’s not clear to me this is from a lack of sufficient pre-release pentesting.
GPS trackers are a lot pricier and often bulkier though, somewhat limiting the probability of it to be used by the average stalker. Barrier to entry is significantly higher.
> GPS trackers are a lot pricier and often bulkier though
A quick look on Amazon UK suggests that there are plenty of cheaper options and, whilst not many, there are options of a similar size to the AirTags.
Now, admittedly, none of them have the same feature set as an AirTag but if you're at the point of buying GPS trackers to stalk someone, I doubt you're thinking about the technical distinctions.
"We have successfully partnered with them (police) on cases where information we provided has been used to trace an AirTag back to the perpetrator, who was then apprehended and charged."
Obviously each air tag is associated with an iCloud account, so this could be quite an effective move on Apples part.
Why would that be less charitable? Many things can be abused criminally. Arrest and charges are how our society deals with it if someone does. Deterrence prevents crimes in many cases. Not all, but many.
It's not common for many companies to admit that their product was used for crime, and here is one, in a PR piece about "We care sooo much about our users' safety!"
Some things should just be mandated to be cross-platform, and this seems like a good start. Phones scan for wifi and other BT devices, and this is just another BT device. There's an option for turning on a notification for open networks and authenticating to them, just give me a similar option for BT/UWB/whatever lost trackers.
AirTags last only one year and you can't replace the battery or recharge it? Is that right what I'm reading? I gave up on Tile for that reason about 3 years ago, although they may have added a replaceable / rechargable one.
The Tiles were useful while they kept charge. Apple has a lot larger participant network as well than the tile network.
> We hope this starts an industry trend for others to also provide these sorts of proactive warnings in their products.
I guess they're hoping Tile (or whoever else) will feel obligated to create similar nerfs or annoyances on their trackers? I thought this was interesting because this is one time vertical integration (having a huge network of iPhones) is putting an Apple product at a competitive disadvantage
This kind of scares me. Privacy first tech groups seem to be getting more vocal about trying to change the whole industry.
I hope someday we have a fully open global tracking network, not affected by Apple an Mozilla and all the rest who seem to want to destroy any technology that can be used to invade privacy, regardless of how many legitimate uses it has.
I really thought that Tile would release some sort of fixed LoRa type antennae in popular areas (SF, LA, NYC) managed by them that would act as supplements to their app tracking which they knew was mediocre. I've never been able to successfully use Tile's tracking, and AirTags work great.
I think the Amazon Sidewalk has a lot of potential in this space as a viable alternative to the iDevice network apple has. Google should def release competition that can leverage their device network too, considering their comparable hardware penetration.
Battery Status API, Ambient Light are the two big Mozilla examples I know, but I suspect the list may be fairly long. I believe they are also against web bluetooth and serial.
Apple has some permission stuff that apparently degrades Tile on their platforms IIRC.
There is no reason for any of those to be exposed to the web.
For web specs you can't just think "I could do this cool thing", you have to say "what can a random popup ad do with this". Our experience with WebGL shows permission dialogs are a bad experience, and people will also click "yes" to make them go away. Most users report "would you like notifications" from websites as being spam/annoying.
When the only consequence is being tracked, it's mostly fine if people just click yes.
It's generally common knowledge that all sites are tracking you in all ways that they can and any time they ask for a permission it's to spy on you. Users who actually are more concerned with privacy probably will not click every random button.
Which is in itself one bit of trackable information, but that's about it.
Battery status is very useful for kiosk applications. Web Bluetooth is obviously great for all kinds of IoT things.
The more dangerous ones like Bluetooth can require you to explicitly select a target, and most people will notice something is wrong if they see MyBonerBest.io wants to connect to a list that includes their watch and light bulbs.
EU Cookie consent is somewhat changing that all, by training people to click yes on prompts faster than their eyes could even focus on them.
If there is a risk, it's probably more that people click out of reflex than out of not understanding, which can be partly mitigated with improved UI.
It was a bit strange that they ever sent "unknown accessory detected" messages. They should say it's airpods.
It was also strange that they told people by notification that an airtag was with them, but didn't let them search for it using precision finding. Why would they do that?
It addresses none of the key past concerns. Specifically the ability for the devices to operate with their speakers disabled and no effective means for non-iPhone users to detect they are being tracked. The Android app Apple released is basically useless since it requires manual scanning.
> The Android app Apple released is basically useless since it requires manual scanning.
It is better than nothing. The limitation on background scanning is likely due to Android + diverse hardware not providing a low-power way to do such a thing.
The more effort Apple takes to bind an Apple ID to a real world identity, the more consequence comes from abuse of a tag. The alerting serves to make that consequence more likely.
I have an AirTag that I dropped by mistake inside a taxi in another country over 6 months ago. It is still active, and still reporting up to the minute location to this day... Apple is really minimizing the real issue.
"We plan to update our unwanted tracking alert system to notify users earlier that an unknown AirTag or Find My network accessory may be traveling with them."
Yea, but philosophically, you shouldn't have to opt in (to opt out) - if I don't want to any part of apple's ecosystem, this forces me to actively opt out.
There's really nothing they can do short of not doing the airtags at all. The spectrum does not belong to them, it's leased to them and they are a user. We can ask for oversight.
Because then it becomes useless for it's intended use.
Say someone put a tag inside their backpack, their backpack gets stolen. The person stealing it can then just open their App, see there's an airtag in the bag, report it and kill its signal.
Just keep nerfing it Apple. They made the beeps louder with this new update too. So every time my wife borrows keys, my car, etc it's gonna go nuts. I guess I'm going to have to rip the speaker coils out of all of them at this point.
TBH sharing keys is a nightmare even without airTags. Honestly recommend each spouse gets their own key to each vehicle. Once my wife had her keys stolen and we made do for a year sharing my car key and it was hell (because both of us prefer the EV to the minivan).
I don't track keys but I track my wallet and my wife does not need or ever ask for that.
Proximity unlocking does not rely on LTE, and still works. Remote unlocking using the app would not work, because it relies on LTE. So the car can still be unlocked and used as normal in areas where there is no cellular reception. This is not some egregious oversight.
I may be incorrect, but I believe once you are near the car that it can connect via Bluetooth and operate over that local network, rather than going through the public internet and routing commands through Tesla's servers, but again, I could be misunderstanding how those features operate.
I'm really not exactly sure what happened here in this "update", other than "FYI, we'll give out information after being subpoenad" and "we'll also include a dialog to say "don't track people with these"."
The "alerting people that a tracking device may be moving with them" is a good thing, though they definitely buried the lede on that, I feel.
A louder tone? I thought a lot of the issue was that people using them nefariously were disabling the speaker entirely, or buying AirTags that others have helpfully pre-disabled for them.
Is there really no family sharing features? I see this complaint all the time, but I've never once had a warning despite my wife and I both having AirTags on our car keys ever since they were released. We've had our car complain when one pair of keys are left in it, but never a peep from the AirTags.
The issue is that it thinks you’re being tracked when someone else’s AirTag is near you for a period of time, but the owner isn’t. So if you’re with your wife and her keys, no problem. If you borrow her keys and leave the house without her, then it’s triggered.
What is super annoying is getting the AirPods traveling with you notice when you’re around family that live in the same house or when you’re traveling on a plane or anywhere else crowded. It’s completely useless.
and as the article indicates, they are combating this exact issue by adding additional alerts on your device when an AirTag is traveling with you, as well as giving you the ability to use precision finding to locate the nearby AirTag in case you can't hear it.
The anti-stalker virtue signaling from Apple basically kills any chances of finding stolen belongings. AirTags only work for finding misplaced stuff, not stolen stuff because they will alert the thieves before you get a chance of recovery. This was never an issue with Tile.
Tile never gained enough market traction for it to be an issue. No use using a system to track your stolen goods that can't provide you with a location because there's no phone running the Tile app within hailing distance.
Hilarious. In one statement they claim to prioritise privacy and then also explain why their product is not at all private and can practically be used against the owner by law enforcement.
Apple don't care a jot about privacy. This became clear with the CSAM debacle. That's why I left their ecosystem, and I'm very happy with my new phone running GrapheneOS.
Hot take: There is no conceivable way to make Airtags safe, and they should be banned entirely.
The problem is that by leveraging Apple devices to get worldwide geolocation and data service effectively for free, they make tracking trivially easy in a way that no other entity could.
Should all GPS trackers be banned then? The problem with AirTags is they're accessible; these problems have always existed with any kind of GPS tracking.
Serious question – which commercially available GPS tracker can be used for this purpose? I have been looking for one for years (not for stalking, I promise) and absolutely nothing fits the bill. They are all large (impossible to slip into, say, a purse), expensive, have minimum $20/mo subscriptions (with credit card registration), require you to register a SIM card, and have a battery life measured in days.
Now you just have to walk into an Apple Store with $20 cash and set up a fake Apple ID.
It is non trivial to setup an apple id without tying it to your identifiable information. Using an airtag to track someone will notify them if they have any apple products or check with a non apple phone.
Vodafone curve is a commercially available gps tracker that is about the same size and cost of an airtag. A vodafone sim is £3 a month, and you can sign up for a pre paid sim card without a credit card or providing identifiable info. There is a bike version that ties into a bike tail light for charging. The battery life can be much longer this way.
There are non cell based ones like the See.Sense AIR, the battery life is generally much longer
I think one (more expensive) answer is to use the best tracking service that currently exists: Google Android OS. Buy a small android phone [1]. Put it in power save mode, to reduce power draw, and drop it in.
This would be much less alarming than some tracking device or an AirTag, especially if you put some innocent looking picture on the Home Screen, so it looks like some kid dropped their phone in their purse, on accident.
Reading this comment thread, I assume many here would agree that we should ban all small smartphones.
They tend to be larger and more expensive, because they generally need to contain a GPS receiver to know their location and a cell phone transmitter and data plan to transmit that location.
GPS trackers require that you sign up for cell service, which is a non-trivial obstacle to overcome, and opens the user up to tracking by law enforcement.
Thanks to Apple's usage of their own proprietary network, both difficulties are automatically negated.
You need to link your telephone number to use an AirTag indirectly - i.e. You need an AppleID to link the AirTag to, and you are required to provide a telephone number in order to create an AppleID (which is validated via SMS).
In principle, Apple has the ability to match the AirTag to a phone number (if they do this or not, I don't know).
Regardless of how convincing you can be that banning them would be a good idea, under what legal framework could they conceivably be banned (at least in the United States)? You can literally buy guns just as easily in many places in the United States (granted, guns are more expensive). Maybe the FCC could make try to argue that they have the authority?
The key difference is in Apple's market penetration -- Tile tried to build something like Apple's Find My Network™ but it was largely useless because it only worked if random people near the tag were running the Tile app in the background.
I understand why people are concerned about AirTags and not Tile. What I'm saying is, it seems difficult to ban a given implementation of a technology based solely on the number of users. I don't think a framework even exists for us to say "Tile cannot allow their app to be installed on more than X number of smartphones".
You might as well say the same for any product that can be misused by criminals. I use crowbars to lift heavy objects, but they can also be easily used for leveraging open doors that I have no legal access to...
maybe they should make airtag operators accumulate freely tradeable data credits and iPhones reject relaying location data without a balance of credits
helium network works this way
for airtags it would make bad behavior more expensive and maybe another way to track bad actors or disable their ability to be a bad actor.
First apple creates a cheap spying tool that makes it simple to break the law and then "condems" its illegal usage. How is this any different from groups that sell hacking tools?
If they were really concerned about privacy, they'd make set a higher bar to track things across their network - eg. Require Filing an official police complaint of the loss and submit the paperwork to get access to the tracking - win/win. You could still allow local Bluetooth tracking within range of the phone like Tile as that can conceivably be used only for personal items.
Instead, they're pushing the responsibility of safeguarding from their spying tools back to people
I'm sure they're going to be very soon be hit by a lawsuit from someone rich who doesn't really care about how much it costs to take them on. Their legal seems to have been asleep at the wheels.
> In an upcoming software update, every user setting up their AirTag for the first time will see a message that clearly states that AirTag is meant to track their own belongings, that using AirTag to track people without consent is a crime in many regions around the world
That really should do it. I mean, in the unlikely event that a message to first time users doesn't solve the problem of people being stalked using AirTags, go ahead and keep working on the other updates. Belt and suspenders. But my guess is, it won't be necessary.
They should consider adding a message for iPhone users to tell their friends with Android phones that they "should be really careful not to get tracked by AirTags, because there's no way they'd know about it".
> New privacy warnings during AirTag setup: In an upcoming software update, every user setting up their AirTag for the first time will see a message that clearly states that AirTag is meant to track their own belongings, that using AirTag to track people without consent is a crime in many regions around the world, that AirTag is designed to be detected by victims,
I expect that this will be about as effective as the antipiracy warning at the beginning of every movie is.
> and that law enforcement can request identifying information about the owner of the AirTag.
Haven't there been a lot of stories of victims going to police with an AirTag, but this not happening?
> iPhone 11, iPhone 12, and iPhone 13 users will be able to use Precision Finding
How convenient. Now you need a modern, expensive Apple product to protect yourself from stalkers.
I had someone in the law enforcement community reach out this week to ask if I knew of a way to determine an owner of an AirTag. I mentioned that they should be able to reach out to Apple to identify the owner, but, the serial number had been removed and wanted to know if there was a way to pull it from memory in a forensically safe way, as Apple required the serial number for these requests.
Honestly they should be required to offer an Android app that even though don't let you pair your own airtag, could notify you if someone is stalking you.
1) know AirTags exist (many obviously don't)
2) go out of their way to install Apple's Android AirTag scanner app (only 100k-500k worldwide have done so according to Google Play stats)
3) manually open the scanner app and scan, since it doesn't scan passively in the background; and even then, it won't help you find the speaker-less AirTag, since it doesn't tell you proximity & direction.
I continue to think Apple should have never released AirTags to the public, and should discontinue it. It's a very limited income stream, with limited use cases, and significantly increases the average person's risk of stalking.
Practically all positive social media coverage of AirTags involves someone tracking a stolen stolen items (car, bike). Those use cases are dead, since thieves with iPhones will get alerts, and most thieves with Android will know to scan for AirTags. And since most lost items turn into stolen items after a few hours, that removes most use cases involving losing objects in public.
That leaves "finding your keys within your home" as the only truly "officially supported" use case. Is that worth all the problems, and brand damage?
People will argue that stalkers could always buy trackers, but Apple increased their availability, ease-of-acquisition and ease-of-use by orders of magnitude. AirTags are cheaper than competing GPS trackers, most of which require subscriptions.
I remember seeing a chills-down-your-spine Apple Watch Series 7 TV ad, that featured beautiful remote nature landscapes, with the audio of 911 calls made from people's Apple Watches whose lives were saved by their Watch. Probably one of Apple's best and most impactful ad in the past decade. Compare that to AirTag's impact on Apple's brand. Why did Apple even bother?