Hacker News new | past | comments | ask | show | jobs | submit login
An update on AirTag and unwanted tracking (apple.com)
358 points by todsacerdoti on Feb 10, 2022 | hide | past | favorite | 497 comments



Android users are still vulnerable, and these announcements do nothing to reduce that. All a stalker needs to do, is remove the speaker. To detect a rogue AirTag, an Android owner needs to:

1) know AirTags exist (many obviously don't)

2) go out of their way to install Apple's Android AirTag scanner app (only 100k-500k worldwide have done so according to Google Play stats)

3) manually open the scanner app and scan, since it doesn't scan passively in the background; and even then, it won't help you find the speaker-less AirTag, since it doesn't tell you proximity & direction.

I continue to think Apple should have never released AirTags to the public, and should discontinue it. It's a very limited income stream, with limited use cases, and significantly increases the average person's risk of stalking.

Practically all positive social media coverage of AirTags involves someone tracking a stolen stolen items (car, bike). Those use cases are dead, since thieves with iPhones will get alerts, and most thieves with Android will know to scan for AirTags. And since most lost items turn into stolen items after a few hours, that removes most use cases involving losing objects in public.

That leaves "finding your keys within your home" as the only truly "officially supported" use case. Is that worth all the problems, and brand damage?

People will argue that stalkers could always buy trackers, but Apple increased their availability, ease-of-acquisition and ease-of-use by orders of magnitude. AirTags are cheaper than competing GPS trackers, most of which require subscriptions.

I remember seeing a chills-down-your-spine Apple Watch Series 7 TV ad, that featured beautiful remote nature landscapes, with the audio of 911 calls made from people's Apple Watches whose lives were saved by their Watch. Probably one of Apple's best and most impactful ad in the past decade. Compare that to AirTag's impact on Apple's brand. Why did Apple even bother?


Like sibling post mentioned, you don't seem to be the target audience. I know a lot of people, friends and family, who constantly leave stuff behind, in restaurants, other people's places, on the train, in shops, you name it. 99% of the time, no one's gonna steal it, but trying to figure out where the hell you left something, if you do leave stuff behind often, becomes increasingly difficult. With something like an Airtag, it's no longer an issue. You get altered before you get too far, and even if you do, you can figure out later where your stuff is.

I once left my umbrella in a hire car. It took me 2 weeks to realize it was missing. Turns out no one touched it and I could see it on the map, in the parking lot of the hire car company. So I showed up, and within minutes, we pinned down which car it was in. Without Airtag, I would not even remember where I could have possibly left it, after two weeks! Learnt my lesson to turn on separation alert after that.

Now I need a smaller Airtag for my sunglasses — expensive and easy to leave behind.

Needing an Airtag is like needing a case for your phone. A lot of people keep dropping their phone so they put a case on it. In 13 years of owning a smart phone, I've never dropped mine. But I don't claim that phone cases are only useful if you throw your partner's phone off the balcony after a fight.


> you don't seem to be the target audience

You are missing the point.

They are not the target audience, but they are affected negatively by it regardless. It's for Apple users at the expense of everyone else.

The criticism is not about the individual utility of airtags, it's about how it creates a privacy issue for everyone who is not an Apple user.


> You are missing the point.

And you should read past the first line.

> The criticism is not about the individual utility of airtags, it's about how it creates a privacy issue for everyone who is not an Apple user.

In the same manner, it’s not about utility of individual phone cases, it’s about all the plastic waste it creates for the whole planet.


How expensive is your umbrella? Just curious.


$50-ish — but that's not the point. I value my belongings because I spend great deal of time researching and finding products that I love using day in day out (unlike most people who constantly curse at stuff they have). I also modify things I buy to fine tune it to my needs. So even a $50 umbrella is more like $1000 in terms of time I've spent on it and I have no intention of doing it again. This particular umbrella was purchased 20 years ago in Spain.


The notion of an umbrella lasting 20 years boggles my mind. I've never had one last more than 2–3 years and I don't use them much. I've looked for premium umbrellas before but every time I find one that isn't ridiculously priced, there's always a contingent of reviewers who insist that it fell apart in heavy wind or frequent use.

Normally I buy $10 umbrellas from Australia's big hardware store chain. They aren't great but they're easily robust enough to last for a year or two. (Cheap umbrellas from anywhere else tend to break if you look at them funny, and they rust if you get them wet.)

I'd be willing to pay $120 AUD (or $80 USD) for an umbrella that was seriously good quality, recognising that the economics imply that it would need to last for at least a decade to be cost competitive.


Like for many products there is an entire segment of the market that most people never even know exists. E.g. premium umbrellas that are made to last against wind and wear. I have this one, has so far lasted close to 10 years.

https://www.senz.com/


I would guess a lot of people would bet such market segment exists, but are unable to find a manufacturer/seller. Since higher price often doesnt mean higher quality, its hard to distinguish expensive tools that will last decades from similarly priced tools that wont last as much.


My wife had a small one around the time you bought yours. Started to rust after a few uses... I guess that sort of demonstrates GPs point.


It's certainly possible to build and even buy a very robust umbrella. I suspect the reason most people don't is that they know they're going to be lost or stolen.*

It's why Amsterdam bicyclists don't ride $5000 bikes.

*Especially in Tokyo. If you drop a wallet full of cash on the street in Tokyo, someone will chase you down to return it. But if you turn your back on your umbrella in Tokyo, kiss it goodbye. Then you have to steal another one.


I have a confession. A first time visitor from a small European town to a Japanese city last millennium, it was raining and a department store had buckets with mostly white or transparent umbrellas by the door.

How civilized, I thought, that a company would provide free umbrellas to shoppers when it rains, and so I took one.

Turns out that's where you out your umbrella when entering the store...


That's what everybody there does. I don't think the story is "everybody in Japan is honest except about umbrellas" but rather that the Japanese simply consider umbrellas to be community property.


> I'd be willing to pay $120 AUD (or $80 USD) for an umbrella that was seriously good quality

https://au.davekny.com/ has good stuff although I haven't had one long enough (only 5 years) to attest its durability.

They also have some promising guarantee terms: https://au.davekny.com/pages/lifetime-guarantee


I’ve been using a small folding umbrella from MUJI that I bought 8 years ago. Not particularly expensive.

My partner has probably been through about ten umbrellas in the same time-span, because she was reluctant to spend the modest extra amount for something she doubted would last so long. I recently bought her the same model of umbrella from MUJI, although it’s too early to say whether the company has maintained the build quality.

I think it’s this one (but hard to tell on their awful website) https://www.muji.eu/pages/online.asp?PID=14951&qclr=45503441...


Approximately twice what I was hoping to pay, but damn those are some wild guarantees.


Yeah same. Seems worth it though. I’ve spent more than $200 over the last 5-10 years on umbrellas easily.


You should get Sam Vimes to tell you about his boots.


My last Fulton umbrella lasted me nearly a decade of London drizzle and Sydney torrential rain until I left it on a plane a couple of months ago.

Sports direct (of all places) ships them to Australia and they are around half of your budget (https://au.sportsdirect.com/fulton).


I have a Bunnings umbrella that has lasted 10yrs, but to be fair, I do live in the sunshine state.


Parapluies de Cherbourg are definively worth the deal.

https://parapluiedecherbourg.com/en/


I have a bike, with a lock more expensive than the bike itself. Since I value the time that would be necessary to replace the stolen item, not to mention the disturbance caused upon loss.

Totally agree with your point.


Please create or point me to your product review site!


With how easy it is to lose an umbrella, and how difficult it is to retrieve most of the time, I prefer to think of umbrella as disposable items. Depending on where you live, your need for umbrellas might be different, but a significant amount of time, say ~20%, i need an umbrella and don't have one, so I end up buying some disposable version anyway.


Well, the $50 umbrella to last decades and the "tag things with sentimental/shopping research value" thing is not exactly the big motivator for AirTags, or a representative anecdotal case.


Some things have value beyond what you pay at the till.


I suppose if nobody but you ever handles your phone, that might not be an issue. I rarely drop my phones but in a household with kids, that's no guarantee. I put cases on every phone I have.


> That leaves "finding your keys within your home" as the only truly "officially supported" use case.

That is hardly true. Case in point - my wife put down her keys at a store and managed to leave without noticing (this was early after AirTags hit the market). I was driving and we left without recognizing that a few hundred dollars of keys had been lost.

Later that day, we noticed. She called a few stores all said there were no keys found. We then tracked the AirTag - and in fact, it was at the store. We returned and were able to locate it, at one of the registers in a lost and found. We never would have found that it not for the AirTag.

Since then, we’ve used them to not leave things behind, to find things lost at home and elsewhere. There are indeed many legitimate uses despite your want to claim otherwise.


>I was driving and we left without recognizing that a few hundred dollars of keys had been lost.

What do you mean by "a few hundred dollars of keys?" Do hardware stores charge more than a few dollars per key in your area? Were these private keys to a crypto wallet?


If your car has a smart key, it can be over $100 to replace and another $100 to have a dealer or locksmith re-program it.

Edit, more things that are expensive:

- if you live in an apartment with nfc entry, they might charge an arm and a leg to replace it, even if the actual device is only a few dollars

- IDK how much it costs to replace an apartment mailbox key, but I've been warned that if you lose one they need to re-key the whole mailbox

- maybe you don't feel safe with a house key in the wild and need to re-key your house (same for your car/s)

- if you have work keys, they might over-charge to replace lost keys


> if you live in an apartment with nfc entry, they might charge an arm and a leg to replace it, even if the actual device is only a few dollars

That's just theft — plain and simple. The only half valid argument I've heard is to discourage carelessness leading to loss of the key and weakening of the building security. But that's moot in places where the garage gate is broken and left open half the year (my current place) or where people can casually wait for someone to walk in and tail gate them without anyone complaining.

By the way, I purchased a proxmark a long time ago to play with and to date, it has paid for itself many times over, by allowing me to carry my building keys the way I like to (cards vs bulky key fobs) by duplicating them where otherwise it would cost $100 or impossible.

Can't wait for keys on Apple Wallet to become mainstream.


Unfortunately, it's accurate. Theft is what I'd call the racket that is management companies in London.

In my case, with a London apartment, it's an "Administrative Fee", £150 to replace your lost fob.

Then for my costs as an individual, it was not only that fee, but also new locks for external door(s) and mail box, another administrative fee for the communal meter cabinet/room key, new Kensington lock and a car key/fob when my wife's keys were "lost in a known location yet never again found".

That is to say, "losing" those keys is a £300-500 affair.


At first I thought you bought the proxmark with the purpose of dating. Also, how does the proxmark work? Does it store the signal of a card key or something like that?


It reads content of RFID tags. Once you have the content, you can write it onto another tag and essentially duplicate the key.

Some tags are easier to read than others. But so far, with a bit of digging around the net, I've been able to read various key cards and copy them.


- USB drives

- U2F authentication keys

- really expensive AirTag holders (https://www.apple.com/shop/product/MMN73AM/A/airtag-herm%C3%...)


And the AirTag is another $30!


Don't forget the $349 Hermès AirTag holder

https://www.apple.com/shop/product/MMN73AM/A/airtag-herm%C3%...


To be fair, that includes an AirTag :)


Proximity key fobs at $100+ each and programming which can run $80-100 each, a few house keys (I change the locks of keys have been out of my control in a way that can plausibly be tied to my identity, lest someone make a copy and turn up uninvited - that’s another $100+), and $30 for an air tag.

I didn’t make up those numbers.


Oh wow, I thought maybe it was a typo. Thanks for the details!


Yeah - I learned the hard way a while back when someone in our household misplaced another key… and found it right after we’d replaced it/paid all that.


fyi, If you ever have to get your locks rekeyed again, ask for a kwikset smartkey cylinder.

Its a clever little device that will let you rekey a lock yourself with a new key as long as you still have at least one of the original keys.


Uh, no. See The Lockpicking Lawyers videos on Kwikset Smartkey cylinders, including: https://youtu.be/XqsAFdFsQmQ


> What do you mean by "a few hundred dollars of keys?" Do hardware stores charge more than a few dollars per key in your area?

If you're living in an apartment complex or skyscraper, re-keying can get extremely expensive.


Do hardware stores charge more than a few dollars per key in your area?

A replacement key for my wife's car costs $1,200. And it's not even a newer, or expensive car.

It's been a long time since you could get many car keys done at a hardware store.

And it's not even the electronics anymore. One locksmith I called said it's about the fancy engraving. They can't afford the tools to do that kind of work, and they just refer people to the dealer and to suck up the $1,200.

Now that I think about it, I wonder if that might have been covered under insurance.


Curious which manufacturer... Porsche or Audi?


Neither. As I said, it's not an expensive car. It's actually quite ordinary.


VW are also in that price range. I think I paid $850…


> Android users are still vulnerable, and these announcements do nothing to reduce that.

I feel like this is ignoring the fact that if any company other than Apple made these trackers, it wouldn't do this with anyone's phones. The fact that these work out of the box with iPhones is a bonus, not an entitlement that any phone of any brand should have full support for them without installing any apps and without the user even knowing that the product exists.

> All a stalker needs to do, is remove the speaker.

I guess they could make the packaging more tamper resistant somehow, but again this is kind of shifting the goals a bit. I don't think it's reasonable to expect that every device will be physically resistant to modifications that would enhance illegal use. An iPhone with the speaker removed and screen cable cut to look dead would make a pretty good tracker too.

> AirTags are cheaper than competing GPS trackers, most of which require subscriptions.

If you are risking prison time to commit premeditated violence, I think you can spare a few extra bucks for the best technology available. I'm pretty sure professional hitman services run well into the trunk loaded with bags of cash territory.


The fact that these work out of the box with iPhones is a bonus, not an entitlement that any phone of any brand should have full support for them without installing any apps and without the user even knowing that the product exists.

Isn't this the whole clue, rather than just a bonus? When someone slips an AirTag on to you every single iPhone in the world forms a sort of ad-hoc spying network against you. Without you or the iPhone's owners knowing.


You can opt out of participating in this spy network, and probably should Settings -> (tap your apple id card at the top) -> Find My -> Find my iPhone -> turn off “Find My Network”


That doesn't change a thing. 99,99% of iPhone users won't do this.


I wasn’t saying that it’s not a problem because you can opt out, I was saying if this stuff concerns you there is a small but tangible step you can take right now


> I feel like this is ignoring the fact that if any company other than Apple made these trackers, it wouldn't do this with anyone's phones.

Right, and Apple have provided everything that AOSP would need to implement this, someone even made their own version of the entire Find My client long ago (https://github.com/seemoo-lab/openhaystack), so technically AOSP could even integrate using Find My, although I imagine Apples lawyers would have a field day with this if they did.

Identifying the AirTags has also been implemented as a background service by the same organisation as above (https://github.com/seemoo-lab/AirGuard).

> I guess they could make the packaging more tamper resistant somehow, but again this is kind of shifting the goals a bit. I don't think it's reasonable to expect that every device will be physically resistant to modifications that would enhance illegal use. An iPhone with the speaker removed and screen cable cut to look dead would make a pretty good tracker too.

This. Plus, the noise AirTags make isn't the only way of finding them, you get the notifications, and soon (when the changes mentioned in the article are implemented) it'll be easier to find them using precision finding.


I wonder if Apple one day decides to put AirTags into iPhones and other iDevices - or if other vendors follow suit. Basically, that would eliminate phone theft since even shutting the phone off or, for those phones that still have replaceable batteries, removing said battery would still be discoverable.


Phones will still be stolen for spare parts. I don't see how that ever stops being a thing.


Yes, but they will now leave a breadcrumb location trail that can be followed up by the authorities, unless thieves become smart enough to disable the embedded AirTag while still on the road - and if that becomes hard enough to be infeasible, theft will become too risky.


iPhones can already be tracked after power off via the Find Me network. But as far as I know removing the internal battery would still stop it. More importantly, so would a Farady cage.

Stolen iPhones should already be parts only because of activation lock.


Maybe you don't lose stuff as much as other people? My brother was always complaining about losing his wallet, his keys, anything you can think of. I got him a tile, but their product wasn't very accurate. Got him airtags and the problem is solved. Not only are air tags useful, but I'm sure that there are people who would be willing to switch to iOS solely to get access to airtags. That seems pretty valuable to apple.


They’re a lifesaver for me with unmedicated adult ADHD. I’ve been substantially more on-time to events, appointments, etc. since I put an air tag on my keys and wallet. Several of my friends have commented on it. Tile trackers were horribly inaccurate and either had non-replacable batteries or would eat a battery a month. Airtags have been lightyears better.

Perhaps removing them from the Find My network and only operating locally would be a better option, but I just can’t see them going back on it at this point.


The later Tiles did have replaceable batteries. But they did still suck at being located when lost. Once I tried marking my tile as lost and carried it with me in Barcelona including on busy subways and it took 1 month to get a ping :)

They just didn't have the reach that Apple has, by far.


> Maybe you don't lose stuff as much as other people?

I relate to it and respect it, but it's doubtful anyone would switch to iPhone because of AirTags. Samsung and others also make trackers, and you don't need the Find My network if you lost your keys inside your house, any tracker will do.

> Not only are air tags useful, but I'm sure that there are people who would be willing to switch to iOS surely to get access to airtags.

After a Google search, I can't find a single anecdote of this from reddit or elsewhere. I doubt it's even a blip on Apple's balance sheet.


I don't know how common this is, but I bought AirTags as a way to keep track of checked bags when traveling. That is a use-case that specifically benefits from being able to keep track of something outside of my phone's range where full GPS/cell connectivity would be overkill.


From the sound of things the airtags have been legitimately life changing for him. I know that sounds hard to believe, I certainly didn't at first but never losing stuff really seems like a weight off his mind. You're right, there's probably no evidence of people switching to apple for airtags, but that might be because they're such a new and relatively unknown product.


My mom likes her iPhone for other reasons but she loves her air tags. She can find her keys in her house, her purse at a party, and her car in a parking lot. She's never leaving the apple ecosystem now.


How much and how hard does your mom party?


Before I left my house this afternoon, I had misplaced my keys. Unfortunately I tend to be a little absent minded. I used my AirTags to find them in 30 seconds. I commented to my friend as I was walking out how these AirTags have save me hours during the week, because I would often 20+ dozens minutes searching for my wallet, keys, or e reader.

I am so happy that these exist.


Trackers have been around for years. Tile came out in 2014, and Samsung has their own Galaxy tracker line for a while now. Neither have anti-stalking features of any kind to this day. If one was stuck on your car, you wouldn't get an alert or any info on who placed it there, be you an iPhone user or an Android user. And before that, there were GPS trackers which have bigger batteries and were more accurate (if a bit larger and clumsier). But Apple apparently has done it with anti-stalking features but is too high-profile.

We can have nice things even if they can get abused, stalkers are going to stalk and have superior alternatives without Apple. These new features are solely intended to scare them off into using their old methods. So if stalkers are going to do what they do anyway, I might as well find my items, thanks.

Edit: Also, in your own point, you say "AirTags are cheaper than competing GPS trackers, most of which require subscriptions."

Has a tracker costing too much ever stopped a stalker? For a creep, the difference between $25 one time and $10-20 a month for a more-accurate GPS tracker is unimportant. They'll pay the price of Netflix to continue their creepiness.


> But Apple apparently has done it with anti-stalking features but is too high-profile.

Remember that stalking isn't a profession; it's often a crime of opportunity, with plenty of reported cases of e.g. people slipping GPS trackers into spouses' cars/bags before or during divorces.

Those people aren't sophisticated, and might go on Amazon and see Tiles that won't work (sparse detection network), or GPS trackers that cost the same as AirTags and have a monthly subscription. Or they could just pick a spare AirTag they have, and use that, because they know their spouse has an Android and wouldn't detect it.

Again, the problem isn't that AirTags have been nerfed into uselessness because of anti-stalking protection. The problem is that AirTags still, to this day, present a major Android stalking risk (no AirTags notifications on Android with Apple's app, you have to manually scan), and Apple seems uninterested in doing anything about it (or even promising to do anything about it, since this announcement doesn't mention Android).


> Those people aren't sophisticated

It is foolish to underestimate stalkers and stereotype it as just a crime of opportunity.

> "problem is that AirTags still, to this day, present a major Android stalking risk"

Ironically, so did Tile for the last 8 years, and Samsung's own Galaxy trackers for Android, but there is no outcry about them. Also, considering how long Tile has been on the market, this doesn't seem like a new issue. Also, Apple has built-in "Find My Friends" in iPhone. A stalker could just flip that on without telling the person being stalked (assuming he/she is close to him/her), and the phone would be tracking them, no tag necessary. Yet nobody ever hears about this being abused much.

> "AirTags have been nerfed into uselessness because of anti-stalking protection"

Hey, if I lose my wallet in my own home, it's great. If I can't find my wallet at the gas station, I can figure out where in the car it fell. There are plenty of ways it is still plenty useful. Also, if you are complaining about uselessness, maybe Apple should roll-back some anti-stalking protections but you'd be against that too.

This leaves you in the impossible position of wanting Apple to restrict it more (reduce stalking) and simultaneously unlock it more (to improve utility), all while competitors don't bother with stalking prevention at all.


You’re right.

It’s so frustrating to see this kind of thoughtless Apple criticism based on brand only when they so many things that are actually bad.

AirTags are better in nearly every way to the competition. They have considered design factors, like privacy, that no one else has. Yet, they are the bad guys that should never have released this product.

Apple should be releasing products like this. They offer significant improvements over their competitors because they consider more than pure profit seeking. AirTags without privacy protection is the same as everything else available, is cheaper to make and easier to design.

I like Apple pushing the bar here. Because their products are perfect, and balance different trade offs, they encourage other manufacturers to fill those gaps. This is a win that wasn’t happening when Tile was the dominant player.


I know it's unlikely to be you, but if you know anyone concerned about someone who had access to their phone tracking them (or other malfeasence), Apple published a "Personal Safety User Guide":

https://help.apple.com/pdf/personal-safety/en_US/personal-sa...

(also a web version: https://support.apple.com/guide/personal-safety/welcome/web )

(and yes, it covers AirTags).


It feels like you're twisting my words.

I never said Apple should unlock it more, I said they should discontinue it, and their executives displayed poor judgment in approving the product.

I never argued that AirTags were nerfed into uselessness, I responded to your argument that they were nerfed into becoming useless for stalking, which I don't think is true.

> Ironically, so did Tile for the last 8 years, and Samsung's own Galaxy trackers for Android, but there is no outcry about them

Plenty of people have iPads catching dust in drawers, who would never have bought Android tablets (or any tablet) if the iPad had never existed. It's the power of Apple's marketing. Anytime I argue against AirTags, I argue that availability is a game-changer, and nobody actually tried to address this argument convincingly.

- Someone at a club or rave might impulsively or drunkenly decide to remove the AirTag they use for their keyring, and slip it into someone's pocket. They might never have bought a tracker if Apple didn't have one.

- Again, the iPad-catching-dust-in-a-drawer argument. Plenty of people buy Apple products on a whim who would never have considered that product category if the Apple product didn't exist. iPads popularized tablets, Apple Watches popularized smartwatches (at least among US teens), AirPods popularized bluetooth earphones). Apple's marketing doesn't just increase sales for their products, it promotes the entire product category. People hear about iPad, are interested, and might buy an iPad or a cheaper competitor; when they would never have bought a tablet if the iPad hadn't created a "halo effect". You can argue the effect is less for AirTags, but don't tell me it's nonexistent!

- The copycat effect is strong among criminals. Ransomware attacks were almost nonexistent, and became common very rapidly, as awareness spread among criminals, as they rushed to take advantage of the opportunity before the crypto, legal, or antivirus ecosystems catch up and make it less rewarding. In 2009 around 1 in 13 stalkers used trackers of any kind; that number's surely gone up between 2009 and 2021 (AirTag release), but you really think that number won't go over the next few years, partly because of increased popular awareness of trackers?

> It is foolish to underestimate stalkers and stereotype it as just a crime of opportunity.

I said often a crime of opportunity, not always (or even mostly), and that those for whom it was a crime of opportunity, weren't sophisticated. The average bank robber might have done a good deal of research on bank security systems and circumvention. The average stalker might not think of using GPS tracking unless he's reminded of their existence, since there are so many other methods (likely, most stalking is online nowadays). Hence my "availability" argument.


It's all adding up to a pretty good guerilla marketing campaign. Get an iPhone, or else.

Every Android user needs Airguard, which will scan constantly for airtags. It's open source


I think it's a horrible world we now live in where we HAVE to install software to solve a problem other people have created for my safety in the real world.

I bet you Google has had conversations about integrating some kind of airtag tracking feature into their software.

The OP is right. Airtags are not the greatest idea and the abuse of them is disastrous for people who are not on the apple ecosystem.

The attitude of apple so far has been horrible... Their app sucks.. only works when you open it.... They can do better but refuse to, because they don't care for our safety unless we buy an Apple product.

Sorry but that's unacceptable


>Has a tracker costing too much ever stopped a stalker?

Can you pay for that subscription of a tracker with an anonymous payment? If someone was to find a tracker, and even having to go through court orders of whatever type, the subscriber could be found out. I think that would be the bigger deterrent for a thinking stalker than the price as that's the cost of doing business. (shivers from making stalking out to be a sane thing) Lot's of plausible deniability, "oops, i lost that sometime ago, and totally forgot to play dark pattern UI games to end my auto-pay subscription. totally wasn't me, we swears it."


The barrier of entrance has not only been lowered on the cost side but also on the opportunity side. If people already own AirTags and know how to use them for legitimate purposes they just have to hide them somewhere to track somebody opposed to deciding to get a proper GPS tracker „just to find out where X is going to“.


The risk of getting caught has also been raised considerably, however. An anonymous GPS tracker won't easily lead back to you personally, but an AirTag used for stalking will lead police to your door.


> Neither have anti-stalking features of any kind to this day.

Very true, the only real difference is that Airtags are simply a better product, but that means their use as stalking devices (along with their legitimate uses) is now much more practical and casual.

I think the real long-term solution is for Apple to open up the U1 chip/protocol so at the very least Google/Tile/Samsung are able to implement the same countermeasures Apple has, if not use it in their own tracker devices. It would probably cost them revenue, but I imagine it would be worth it compared to the negative press they're getting from this, particularly since they're also making huge strategic missteps wrt App Store 3rd party payments.


That Apple trackers work well makes them worse, so yes, the high profile is a real factor.


I think a major part of the announcement you're skipping over is the clear statement that individual AirTags are linked to specific AppleIDs and Apple will cooperate with law enforcement to help identify the owners of AirTags used for criminal activity. If you're a wannabe stalker, the fact that Apple has made it clear they're just itching to point the cops in your direction if you misuse their technology seems like a fairly big disincentive when there are other tracking capabilities available. Even if you think your target isn't too likely to find the AirTag, it means you're taking an obvious risk if they do happen to find it.


Do you have to reveal who you are to Apple to use an airtag though?

Or with decent operational security can you purchase and activate airtags in an untraceable way?

If you can that undermines your point, however if you can't then your making a very good point.


If a stalker is willing to buy a burner iOS device (since that's the means of viewing Airtag data), associate it with an untraceable email/iCloud, and only leave the device's location services on in locations that aren't tied to their identity (since Apple also knows where the tracking phone is), then 'having access to Airtags' probably isn't the 'make or break' factor in whether or not they will stalk someone.

If a user has that level of tech savvy, there are plenty of other cellular GPS devices they could use.


> If a user has that level of [spare cash],

I suspect they could get several cellular GPS devices for the cost of an iPhone + some AirTags - meaning they could easily offer up one or two sacrificial ones for easy finding in order to hide a smaller one "in plain sight" (as it were.)

Or they could just hire a private detective to do some stalking for them.

Or someone even less scrupulous for even less money, I'd assume?


> Do you have to reveal who you are to Apple to use an airtag though?

People are subjecting themselves to voluntary surveillance and it's amazing to watch, Apple's promise to cooperate with "Law Enforcement" in most of the world was chilling. J Edgar Hoover would have creamed his pants - "Did you say MLK Jr. has several airtags? I want daily updates on where he's going."


Most criminals are not clever. I had a girlfriend whose house was broken into; the thieves stole an xbox, an air conditioner, various electronics, etc. After she reported them stolen, sure enough, the serial numbers showed up at a pawn shop, the pawn shop had taken the ID of the sellers down, and warrants were issued. She got her stuff back and the thieves went to jail.

Most criminals wouldn't be doing what they're doing anyway if they were clever or did a modicum of research on what they can actually get away with.


>I continue to think Apple should have never released AirTags to the public

It is the usual Apple strategy for decades. AirTags product play was the technological groundwork for UWB and possibly AR/VR. They always need a product, hobby or something adjacent to iron out all the problems. Chip Packaging, Next Gen OLED, Low Power Profiling all landed on Apple Watch first before they moved to iPhone. The Sound work on AirPod before they moved to HomePod and later MacBook and iPad.

This way they could spread their R&D and gain synergy across product range.

On the subject of tracking, I am not entirely sure AirTag, or the idea of Tagging ( so to speak ) is as useless as you claim it to be, but I am also extremely uneasy with the concept of AirTag. Like many if not all things in life, the road to hell is paved with good intentions.


Oooh, I didn't think of that. The AirTag UWB finding is eerily accurate.

If you have an Apple AR/VR headset, you could just stick tiny AirTag-like trackers in your environment and the headset could use those for location.


Exactly... They created this public privacy problem for every human

Then offered a solution only to it's own customers.

That's some dystopian Apple shit right there.

Without that network it wouldn't work, you can't do this over the public internet without a swarm of physical devices you control on the other side. Companies like Apple remotely controlling devices used to mainly be a personal issue and thus a personal choice, you can just opt out of Apple to avoid it.

There is no opt out of Apple airtags.

Now every Apple user is an Apple snoop, your choice to use Apple affects _everyone_ around you... quite literally.


> I remember seeing a chills-down-your-spine Apple Watch Series 7 TV ad, that featured beautiful remote nature landscapes, with the audio of 911 calls made from people's Apple Watches whose lives were saved by their Watch. Probably one of Apple's best and most impactful ad in the past decade.

One could argue it's pretty distasteful to try to cash in on people's fears.


It's a fine line, but I feel Apple avoided being exploitative here. The vibe wasn't "you deserve to have this terrible thing happen if you don't buy our product." The watch clearly provided real utility to real customers and it's worth highlighting.


One could indeed argue!

I was personally eager to pay for the cellular-equipped Watch as long as I was getting one, because even without an explicit data plan, if you fall off a bike, it will call 911 for you automatically unless you tell it not to.

That's insurance of a kind I couldn't purchase prior to that, in a form I would actually use and have on me if this actually happened. Fine by me.

The older you get, the more ways to fall down and need 911 start to exist. I'm okay with Apple "cashing in" on that.


And that was the almost-universal response on reddit and YouTube comments, but are those people more, or less likely to buy an Apple Watch? Maybe not for themselves, maybe for their grandparents? Besides, it's the absolute bedrock of modern marketing, from weight loss pills to perfumes to clothing: when ads depict supposed customers smiling with their families, or going on a date, or being the center of attention at a party, it's the exact same psychological trick, twisting the knife of your insecurities, fears and FOMO, just done more subtly.


Well, that is one of the pillars of advertising these days.

Survival food? Fear.

Antivirus software? Fear.

Expensive Organic Cat Food? Fear (of the inorganic cheap food).

LifeLock? Fear.

Insurance of any kind? Fear.

Solar panels for off-grid? Fear (of the grid going down).

Your cousin's extensive gun collection? Fear (if things get bad).

And so on...


Some of those might be a stretch to go with fear.

Solar panels is pretty much targeted as a way to avoid high utility bills, trying to go green, etc. If you're in a circle of consipiracy types, then maybe the off-grid aspect is preached more. Mainly though, it's just about avoiding the bills, and maybe avoiding power interruptions. That requires batteries though. That might qualify as fear advertising.


Insurance is mere pragmatism. Knowing that bad things happen that require large amounts of money to fix doesn't constitute fear.


Apple's "Tracker Detect" Android app wants full network access and precise foreground location permissions.

They expect me to consent to having my physical location tracked by Apple in order to avoid having my physical location tracked by someone other than Apple. Unbelievable.


Obviously, the app will need that access privilege to perform its task. Now, you’re in the bind: Do you trust apple to use these privileges on the device only - and not track you - or do you care about being tracked by others. Depends on your risk profile, I’d say.


I'm more concerned about Apple at the moment, I guess we'll see how common AirTag stalking becomes.


Android requires Location permissions to scan for Bluetooth devices because if you can scan for Bluetooth you can sometimes get the user's location from various online databases, so the permissions would be functionally identical if they were sperate anyway.


As an adult with ADHD AirTags have been an absolute godsend. I have them on my keys, wallet and backpack and I’ve pinged them all separately just this week.


I have pinged my keys within the last three hours!


If I were a guessing person: because future products will be the same size and price as AirTags … what would it look like if an Apple Watch cost $50? It could be used like an AirTag for stalking.

So: sort out the privacy implications with a low-priority product like AirTag first.

But I am not a guessing person. ;)


For me, 95% of the functionality of Airtags would still be there if it only worked with your own apple devices. I have found airtags for finding things when I lose my keys/wallet around the house. I do leave them at a restaurant tying it to my iPhone would still show the last place I had it.


I felt the same way about Tile back in the day when I used it.

I didn’t want my tile part of their “network”, I didn’t want other tile users to relay the location, I didn’t want my phone relaying other tile users’ locations. I didn’t want my tiles location going to any server at any point. I just wanted a to be able to make my wallet beep if I’m near enough to it for it to be in range of my phone. But the rest of the “features” couldn’t be disabled, so I threw my tiles out.


Years ago, I had a tile on my keys. I left them on top of my car in a parking garage. When I went back, they were gone. Someone took them, probably meaning well but didn’t leave a note saying where they took them to. So that sucked. To this day, despite the tile being in “lost mode”, I’ve never gotten a ping. There’s real value in these trackers, because people pick up things that aren’t theirs.


I have around 10 airtags installed in various places. The amount of peace and anxiety relief it brings me is priceless.

And none of these problems are airtag specific. You can buy fairly accurate GPS trackers for about $30 that don't even have the android scan feature.


They are far more noticeable and less suited for covert tracking than AirTags: they need far more power, reducing the time of autonomous work, they are significantly bigger, they need to be in the coverage area of mobile network.

Also, AirTags look far more innocent, giving a plausible deniability excuse to a potential stalker. Oh, that's where I lost that key, it's on the floor of your car! With specialised tracker that excuse won't work.


>>and significantly increases the average person's risk of stalking.

I mean, increase from 0.00001% to 0.0001% is still significant and yet I still wouldn't worry about it in the slightest.


> I mean, increase from 0.00001% to 0.0001% is still significant and yet I still wouldn't worry about it in the slightest.

I think there's probably a little gender bias at play in your risk estimation. I too am not particularly worried about someone stalking my 6ft ass - but I'd say a majority of my female friends have experiences with stalking at some point in their life.


Yes, you are right of course. But I suspect even when taking gender into account, the risk of being stalked AND tracked by an AirTag is absolutely miniscule and not worth worrying about. But I'm talking completely out of my ass, would love to see some data behind it.


The people getting stalked have a 100% risk. You don't care because for you it's all just statistics.

With statistical arguments, why do we spend so many resources on prevention of anything, e.g. cancer, when it only impacts a small number of people?

This kind of argument always comes down to choice. You care or you don't. Hard to argue. If you don't care about the fate of those "few", mostly women, well... there is no law of physics that I could throw at you, my negative judgement of your argument is not based on anything hard. Which is the case for a huge amount of such choices. You can have a society based on and steered by pure statistics and benefits, but what you will miss is that the very nature of such a society changes because you cannot put that into numbers.

The core of the argument is qualitative, which does not lend itself well to number-based reasoning.


>>The people getting stalked have a 100% risk. You don't care because for you it's all just statistics.

I don't know why would you say such a thing.

Let me give you another example - the chance of getting stabbed on the streets of London is probably comparably miniscule to being stalked.

And now if we extend that argument - almost 100% of people getting stabbed are men.

Does that mean that as a man I should start wearing a knife-proof vest? Is me refusing to do so "not caring" or that "it's only statistics for me"?

After all, people getting stabbed have a 100% risk of getting stabbed - that's a pointless statement if I have ever seen one.

I just don't understand the aggression of that statement - just because my gender is statistically unlikely to be stalked doesn't mean that somehow I suddenly don't care, or that women shouldn't care - just that in your daily life you should really consider how big of a risk something really is.

>>With statistical arguments, why do we spend so many resources on prevention of anything, e.g. cancer, when it only impacts a small number of people?

That isn't the argument though. We aren't arguing spending or not spending money to prevent a small number of cases(in which case I'd say absolutely this money should be spent). I replied to someone who said AirTags should be completely and entirely banned over a very small number of cases where they were used maliciously.

To use the cancer comparison - it's like someone saying that we should ban bacon worldwide because it's a known factor in certain cancers. I'd also argue against it, because the risk to any one individual from eating bacon is absolutely miniscule.


You personally may not have to worry about it, but a handful of well publicized cases of misuse (say someone getting stalked/murdered) will probably be a bigger monetary hit to Apple than their profit from this entire line.


With the same analogy, we should stop producing kitchen knifes because someone may stab someone.

We should also stop producing cars because someone may crash someone.

Almost every technological device (or even a simple device) can be abused in wrong hands, nothing to do with Apple or AirTags.


but that's precisely the wider point: new technology enables new behaviors, but in some cases, benefits are much smaller than downsides.

i don't think the jury is out on airtags just yet. it's clearly revolutionary technology in terms of reach, for better or worse.


Then that is Apple's concern, in the meantime I'll enjoy using their product for legitimate purposes.


Reminder that the OP of this chain is explicitly coming at this question from Apple's POV.

>I continue to think Apple should have never released AirTags to the public, and should discontinue it

This discussion is specifically about what Apple should do, so I don't see how this is relevant.


You don't recognize the huge value of AirTags for Apple - the AirTags give Apple a valid excuse to create an ad-hoc network (Find My Network) of Apple devices that can better spy on each user, thus giving them better access to the users personal data regardless of their privacy settings. For example, if you haven't opted out of the Find My Network (turned it off), but turned locations off due to privacy concern, Apple can now get that data from others iDevice users near you. They can use it to upgrade your social graphs (who you hang out with), where you shop and eat outside. With Find My Network enabled, Apple devices are no longer fully powered off but go into a low power mode so that they can still talk to another iDevice through Bluetooth.


> I continue to think Apple should have never released AirTags to the public, and should discontinue it. It's a very limited income stream, with limited use cases, and significantly increases the average person's risk of stalking.

You sure have a lot of strong opinions on what apple "should" do.

Don't like it? It's a free market. Don't buy it and if you're afraid of being stalked, check out the app they released.

I wonder how come all you people come out of the woodwork now that Apple released this thing, yet when Tile did there was no such forced concerned anywhere.


That leaves "finding your keys within your home" as the only truly "officially supported" use case.

People lose stuff all the time. That's why most public places have Lost And Founds.


For Android there is also the free alternative to Apples Android AirTag called "AirGuard"[0]. It was out way sooner than Apples application and seems to be far more advanced than it (i.e. has the features you claimed the apple android air tag application was lacking).

[0]: https://f-droid.org/packages/de.seemoo.at_tracking_detection


My cat gets out often, and an AirTag allowed us to find her several times over the past year; sometimes notifying us before we even realized it.


Planning the same for my cat who goes out a lot: is there a special collar that has a place for AirTag or what is your setup?


I bought a silicone collar thing from Etsy. It works okay but it’s large.


People are actually selling AirTags with the speakers already disabled, this is a massive hole they're consistently overlooking.


Addressed head-on in the press release:

> Display alert with sound: When AirTag automatically emits a sound to alert anyone nearby of its presence and is detected moving with your iPhone, iPad, or iPod touch, we will also display an alert on your device that you can then take action on, like playing a sound or using Precision Finding, if available. This will help in cases where the AirTag may be in a location where it is hard to hear, or if the AirTag speaker has been tampered with.


Did you miss the part where the parent was referring to people who don't have iOS devices?


yes indeed — I missed it


So alarm shouldn't be considered to anti tracking feature.


>All a stalker needs to do, is remove the speaker

What am I missing here-- it seems like it would have been trivial for Apple to add a microphone and have the AirTag stop sending location if the speaker isn't working. And have the firmware check the speaker is actually emitting sound, so no amount of physical rewiring can defeat it.

Anyone know why they didn't do this?


Another fringe use case no one has mentioned:

Finding a detached ski in titty-deep backcountry powder. AirTags can be literally life saving.


Curious if you have tried this. I was under the impression the snow/water content would block the signal


Android users can use AirGuard, an open source app to detect AirTags following you: https://play.google.com/store/apps/details?id=de.seemoo.at_t...


Technology can be used for good and bad. If Apple AirTags disappeared tomorrow Tile and GPS trackers would still exist, but Apple have highlighted legitimate use cases to hundreds of thousands of people like me for theses devices (I use mine for my luggage and my dog).


I agree completely. I love the idea of Air Tags, but we all saw this coming a mile away and Apple should never have been allowed to release these.

The fact that this post from Apple even EXISTS is direct acknowledgement of this being a horrible, dangerous mistake.

I know what they were trying to achieve, but it isn't worth the misuse by a long shot.

People will think it's not a problem until someone is tracked with one and killed.

The only thing I can think of (besides not selling them) is to open them up so they can be used with Android, and work with Google to add support for them to Android's OS.


Police in the UK does not follow up on requests to retrieve iPhones from FindMyPhone because the GPS tracking isn't exact enough to find the correct appartment.

So for stolen items, it is also useless.


This is partially correct but depends on presentation - I tracked a phone to a house, they said they couldn't help because it wasn't accurate enough, I said I was going to knock on the door and demand it back, they turned up in ~3 minutes and recovered it for me, arresting the person who had it at the same time. Because I presented it as "I am going to put myself in danger to recover this item" they were duty bound to act. Still didn't help much as it was held as evidence for literally months.


> So for stolen items, it is also useless.

It's not. I've recovered my phone after it was stolen by simply showing up to the house it wandered off to the next morning.

I've done this a number of times for friends (perhaps not really the brightest idea in retrospect) and you'd be surprised at how many folks simply apologize and hand it over when confronted. If they refuse, at least you tried.

Plenty of folks will take matters into their own hands for a $1,000 device that may be a source of their livelihood. Not everyone can simply walk away from that and absorb the loss.


I wonder what the %s are of people that lose a device and do not immediately lock it? Is there a large enough market for buying stolen phones that are locked to make them useable again?

Do these people expect to extort a finder's fee? I just don't think "criminal" enough to understand the value of a stolen phone.

> Plenty of folks will take matters into their own hands for a $1,000 device

I was once mugged at gun point and the 2 guys took my wallet/cash/phone. For some stupid reason, I thought it a good idea to kindly ask for my wallet and phone back by convincing them the phone was several generations older, it would be locked as soon as I returned home, as well as any cards in my wallet being canceled. Also, just to avoid the pain in the ass of dealing with the banks and not going to the DMV for a new ID. The 2 guys laughed, and gave me everything back except the cash. To this day, I don't know what made me think that was going to happen. However, as soon as I turned the corner, I was on the phone with 911.


> I thought it a good idea to kindly ask for my wallet and phone back by convincing them the phone was several generations older, it would be locked as soon as I returned home.

About a decade ago when El Salvador was more dangerous, cell phone theft at gun point or knife point was more common. And well SIM cards used to be easier to remove from phones.

So the "good thieves" would allow you to remove the sim card from the phone before stealing it from you.

There were also times where the thief would be "pickier" than you, so if you had a very old or a damaged phone they would just give you your phone back after mugging you.

Two tricks were faking an ugly phone while carrying without a battery cover and cover it with duct tape. Or carrying a hidden good phone and a visible old phone.


Yes.

I work on a busy robbery squad in London and iPhones are absolutely the target, whether they're locked or unlocked.


Where do you live? Seems crazy to me to know that many people with stolen phones- and I’m in London!


I would guess that since it's getting pinged by any/every iPhone that gets within ~10 meters, the AirTags are often more accurate, since "more samples". That probably doesn't help in all situations, but helps in a lot of them.


Possibly even by the criminals own devices. It's kind of genius


> And since most lost items turn into stolen items after a few hours

Is that a feeling or something you can source?


You can post anonymously on a forum against them. I sent them an email thanking them for making them. In the end, I buy their stuff and you guys don’t. They know that.


AirTags are pretty incredible for finding lost pets.


> And since most lost items turn into stolen items after a few hours

Source?


> Android users are still vulnerable

This isn't really under Apples control though. But I guess they could go out of their way to provide an AOSP pull request, that would be big of them.


does 2) really mean that, or does it mean that many people have downloaded it.

does 2) get updated if someone deletes the app?


Android users don't exist in the Apple mindset.


>Android users are still vulnerable

You misunderstand how airtags work. Airtags can't track an android user. It can only track people with iPhones (and possibly other apple devices).


Airtags leverage the popularity of iPhone devices and use that, not a single phone. Given there's a high probability of someone in the surrounding with an iPhone, you don't have to have an iPhone so that an Airtag will track your movements accurately enough.


That's not how Airtags work. From Apple's website:

> Your AirTag sends out a secure Bluetooth signal that can be detected by nearby devices in the Find My network. These devices send the location of your AirTag to iCloud — then you can go to the Find My app and see it on a map.

Airtags broadcast their ID via bluetooth and then any nearby iPhone with "Find My" enabled will be looking for these signals. If something is found, it sends the information to Apple and Apple then makes it available to the Airtag user.

The person or object doesn't need a phone (be it Android or iPhone) to be tracked. All Airtag needs is to be detected by someone else's iPhone.

Why are Android users vulnerable? Because iPhones will automatically warn you if a tag that isn't yours stays near you for a long time while Android users have no idea. Apple released an app for Android, but it requires users to perform manual scans...


So just to clarify. The attack is:

You as Android user live in a an apartment block. Your neighbor below has iPhone. Your neighbor keep getting warnings on his phone that unrecognized AirTag is nearby. He can’t find any and doesn’t speak with you about it.

When moving across the city it would be even worse as there is no neighbor that would get the tracking warnings.


Most people with Android phones participate in society with everyone else, and don't segregate themselves away from anyone who might have an iPhone.


This is a great response - very happy to hear Apple's involvement with various groups to make things better.

Some noteworthy bits:

> we innovated with the first-ever proactive system to alert you of unwanted tracking

If that's true, then Apple just raised the privacy bar and now Tile and other small players need to up their game to stay relevant.

There is also lesson to learn here: whoever makes a tech/product popular is the one who gets the heat for all its shortcomings/problems. It doesn't matter how many existing small players were doing a horrible job for years.

> As an iPhone user moves, Precision Finding fuses input from the camera, ARKit, accelerometer, and gyroscope to guide them to the AirTag

This is something that's not appreciated. The UWB chip on the Airtag can only help iPhone know how far away it is from the tag. It's 3D modelling of the world through camera vision that helps triangulate and guide the user via live on-screen direction.

Next time you think why we need tech X, just remember that you can't foresee what it'll enable in the future - (and before you comment "all AR stuff to find my keys faster?", re-read the previous sentence again).


> If that's true, then Apple just raised the privacy bar and now Tile and other small players need to up their game to stay relevant.

No they didn’t. This “feature” is garbage for the people who actually buy it. It makes putting air tags on things shared by a bunch of people a huge pain in the ass.

“Freaking people out who are on the bus with you because you forgot your phone but have your keys” is not a selling feature.


> This “feature” is garbage for the people who actually buy it.

I'm one of those people who has 10 Airtag, who lives with others and haven't had this problem. As far as I (and many others) am concerned, "Apple just raised the privacy bar and now Tile and other small players need to up their game to stay relevant."


You can chose to stop getting an alert if a particular device is following you, so that should handle the communal device with an AirTag?


Can you? I was away with work for a week and left all my keys (with AirTags) at home. Got home and they were all in the fridge.


>I was away with work for a week and left all my keys (with AirTags) at home

The parent comment said "You can chose to stop getting an alert if a particular device is following you". I don't see how what they said applies to your scenario, given your scenario is literally the opposite.

Since you weren't near the airtags, you couldn't have stopped them from beeping/following you. But whoever was at your home near the airtags (presumably the person who put them in the fridge) had the ability to disable them from beeping/following them.


Last I tried, it only disables it temporarily.


>> we innovated with the first-ever proactive system to alert you of unwanted tracking

> If that's true, then Apple just raised the privacy bar

Except that's only true for Apple users. Fuck everyone else I guess.

subtext: buy Apple, lest you get robbed or stalked because of Apple


I mean Android only has a market share 70%, practically nobody uses it anyways /s

The fact that there were open source unwanted AirTag finder Apps on the PlayStore way before Apples official app arrived perfectly demonstrates how much Apple really cares about privacy. They only „care“ about the privacy of the people who pay them to care.


> Fuck everyone else I guess.

They do seem to have dropped the ball on their Android app. Majority of reviews on that app is people complaining that it doesn't do background scans!

Not sure if there is a technical limitation in doing so on Android, but if not, I hope they make, what seems to be a small effort to make things better for Android users.


There's an open source app that does it, AirGuard: https://play.google.com/store/apps/details?id=de.seemoo.at_t...

So I don't think it's a technical limitation.


> The UWB chip on the Airtag can only help iPhone know how far away it is from the tag.

I thought the MMIO antenna array would have indicated a rough direction of the signal.

But perhaps that isn't accurate enough to be useful? Since the distance is accurate to a few cm and the iphone is moving, it can use it's own calculated position from the computer vision data to apply multilateration to multiple UWB distance samples over time.


Imagine: Bluetooth beacons for helping you find stuff in stores rather than for tracking your movements without permission.


Coins have flip sides :)

But tech wise, I think UWB combined with AR is the tipping point for the application you mention. Bluetooth is unfortunately too coarse to be very useful in locating items. It's still useful in locating stores in a shopping mall though, and that we haven't seen yet.


UWB can measure distance within 10 cm/4 inches. In ideal scenarios it doesn't take much movement to locate a target, even without a vision component.


> It's 3D modelling of the world through camera vision that helps triangulate and guide the user via live on-screen direction.

Aaahh, that is why Apple’s app refuses to help me find my cat in dark apartment at night! It just says “It is too dark” and provides a button to turn on flashlight.


I like the functionality of the AirTags so I don't want them nerfed, but I can think of no way to fix their fundamental problem of being such easy to use stalking devices.

Chefs knives are great for cooking and are inexpensive and easy to purchase; they can be very dangerous weapons in the wrong hands so we make it against the law to use them in that manner. Maybe that's the best we can do with AirTags.


From the link:

> Precision Finding: This capability allows recipients of an unwanted tracking alert to locate an unknown AirTag with precision. iPhone 11, iPhone 12, and iPhone 13 users will be able to use Precision Finding to see the distance and direction to an unknown AirTag when it is in range. As an iPhone user moves, Precision Finding fuses input from the camera, ARKit, accelerometer, and gyroscope to guide them to the AirTag through a combination of sound, haptics, and visual feedback.

I guess this probably only works for people who have iPhones, but it still at least makes tracking somebody using an AirTag a somewhat risky proposition (for example, if a person is stalking somebody using this technology and knows their target has a non-iPhone, they never know if that person might have a friend with an iPhone).


What's different from a thief stealing my bag and carrying it around in their car versus me putting an airtag in the exact same location without them knowing?

If a thief has my bag I definitely don't want them knowing they're being tracked. Maybe I don't quite understand something about this announcement.


It’s honestly pretty silly to expect to track down thieves because they stole something with a tracking device in it. Are you really going to chase a thief and confront them? Do you really think the police are going to do it for you?


Yeah the police do exactly that.

When my father’s Android was stolen we called the cops and they told us to the park a block away from the thief’s house (last ping from Find My Device) and wait for them. They took a report from us, confronted the thief at his house, and got the phone back. The thief claimed that he found it at the post office and intended to return it, but the phone was in airplane mode (accessible from the lock screen) so that was clearly never gonna happen. This was in San Jose.


It is entirely reasonable to expect the police to recover stolen high value items whose location is known. Particuarly if the items were obtained with violence or weapons.


Were AirTags ever marketed as theft recovery devices? Or only as a lost and found system?


For the user, there's little difference.


> Chefs knives are great for cooking and are inexpensive and easy to purchase; they can be very dangerous weapons in the wrong hands so we make it against the law to use them in that manner.

What? I've lived in several western countries and I've never had a knife purchase that was tracked or controlled in some way.

There's only one place I know of that controls ownership of chef's knives: the Xinjiang region of China.[1]

1. https://twitter.com/joshchin/status/943159015994880000


I believe he's saying that stabbing someone is illegal


Current stalking laws already cover such abuses of airtags. I see quite a few comments in this thread proposing a total ban of airtags, which makes about as much sense to me as wanting to restrict chef knives.


That is the exact point the comment you replied to was making.


I don't think he was prescribing new laws, only saying that the status quo is the closest we can get.


Killing someone with a nuclear bomb is illegal too but it’s also illegal for you to buy a nuclear bomb.


Knife purchases are controlled in the U.K.[1] Persons under 18 are not allowed to buy knives, but in practice this means most people are showing an ID to purchase a knife.

[1] https://www.gov.uk/buying-carrying-knives


In addition, carrying a knife on you without a good reason is a crime in itself - and yes going home with a knife you just purchased is a perfectly valid reason. But having a knife on you "just in case" is not, unless you live in the middle of nowhere or are a farmer or something. Get stopped in the middle of London with a knife and that's a serious crime.


I must say, as an adult in the habit of carrying a lockback folding knife whenever I leave the house, a practice I ultimately owe to Lord Baden-Powell, I found it.. discomfiting that this benign practice is illegal in London. Lovely city in general, one of my very favourites, but there's something grim about that.

"Be Prepared" was considered a perfectly valid reason at one time. Still is in hmm. Many places.


Not disagreeing with you per se, but what is benign in some contexts might not be so benign in others. Knife crime is a big problem in London - the tight regulation is in response to these circumstances. For instance, of the 126 homicides committed in London in 2020, 71 were committed with knives.[1]

[1] https://www.onlondon.co.uk/the-number-of-homicides-in-london...


It seems plausible to me that the crime we want to deter (shoving a sharpened piece of steel into someone) isn't easily or effectively prevented by adding carrying such a piece of steel to the list of crimes.

They're in every kitchen, how are we to prevent them from being carried out of the nearest one? Ask yourself!

The list of good reasons to carry a pocketknife which are aren't shanking someone is unenumerable and lengthy. It's an absurdity and I despair when I have to see Brits pretend to the logic of it out of some misplaced solidarity. Kudos for the NHS but the knife loisense fills me with pity for what a once mighty nation has become.


The target of these laws is not kitchen knives. Pocketknives (manual blade, less than 3") of most kinds are legal.[1, see exceptions] Bans of this kind are fairly common (for instance, in California, there is a ban on concealed carry of fixed-blade knives; in Los Angeles, the ban extends to openly carrying a "knife or dagger" defined as "any knife having a blade of three inches or more in length".[2] These laws strike me as very reasonable.

[1]https://www.gov.uk/buying-carrying-knives [2]https://www.losangelescriminallawyers.com/los-angeles-knife-...


It’s a bit funny to imagine but the NYC knife murder rate is actually higher than London. Against the background of substantially greater crime, though, it fades away.

It’s just a difference in culture. Despite the stabbings, Americans will not tolerate knife control to the same degree.


My father-in-law (from the US) always carries a small utility/hunting knife, which he packed in his checked luggage when taking a leisure trip to England.

I believe it was at a museum or another public attraction that a police officer saw the knife in its holder on his belt, stopped him, demanded he surrender the knife, and told him he'd be arrested if he didn't.

He was very upset - he'd had that knife for decades.


Wow.

Not disagreeing with or commenting on that policy at all, but I had no idea knives were treated so seriously in the UK (and presumably elsewhere).

Meanwhile in much of the US, not only can you can openly carry a gun around, you don’t even need a permit.

Just wow.

The world is vast and strange.


The Brits don't have a 2A. We have it because of the Brits. Life isn't that strange if you follow it back.

They have knife bans because they never let their citizens have guns, so there are knife attacks, so they ban knives.

That's why terrorists when they can't sneak AK47s in, rely on vans to run people over, that's why there are bollards everywhere.

Chemical attacks, axes and such can also be used to kill or harm people.

People will find a way to kill people. Guns are an equalizer for weaker humans against stronger ones.

I conceal carry everyday. I don't want to be in a knife fight and I don't want my life to depend on me being stronger than the other person.

You hope not to ever use it, you have it everyday just incase, you practice regularly to stay sharp.


I agree with you, but note that NYC (a frequent point of comparison with London, despite stats incompatibilities) has more knife murders than London, ie their second biggest category is bigger than our first category of murders by weapon. https://www.euronews.com/2019/06/18/deadly-knife-crime-how-d...


I wasn't trying to compare the rates in which we murder each other.

New York is a shithole and terribly ran, of course the murder rate is higher, especially these days.

There's a lot of gang violence and pickpocketing, knives are the goto choice, especially since it's so hard to get a hand gun legally in that city. Better to carry a knife otherwise you're a default felon.


It would attract too much attention carrying an axe around for no reason and Dilbert Grady's family massacre might be the largest ever where only an axe was used and using the axe was mostly for theatrical effect. with a gun, an 8-year-old can probably easily murder a dozen adults. I am not for gun banning anywhere but I don't like likening guns to knives or sticks or stones. It seems no different from likening riding an aircrafts to walking on one's legs.



I grew up in Houston, Texas, where it was a felony to carry basically any knife bigger or more threatening than a Swiss army knife, but open-carrying a handgun was legal.

I don't think knife bans have anything to do with the the 2A or the lack thereof. Knives can be seriously dangerous weapons, and in an urban environment, the stealth afforded by a knife over a gun presents further menace.


I said knife bans happened because there are knife attacks.

Guns are already banned and there weren't many with civilians already so it was effective.

So that leaves knives as the main weapon of choice. There are mainly knife attacks, so there are knife bans.


You said, "They have knife bans because they never let their citizens have guns, so there are knife attacks, so they ban knives"

Texas has numerous bans on knives, despite letting their citizens have guns. Your causal logic is incorrect.


> Your causal logic is incorrect.

It's not, I'm sorry you can't follow the simple logic that people pick up a knife because they don't have a readily available gun, so there are more knife attacks than anything else, so they ban knives more aggressively.

> Texas has numerous bans on knives,

Texas does have bans on specific types of knives, but not a blanket ban or anything w/ length.

It's like saying because full autos are banned Texas has a gun ban.


> It's not, I'm sorry you can't follow the simple logic that people pick up a knife because they don't have a readily available gun, so there are more knife attacks than anything else, so they ban knives more aggressively.

I get that this statement sounds intuitive to you, but I would challenge you to substantiate a correlation between gun restrictions and increased violence with bladed weapons with some data before talking about causality. I personally think the majority of such violence is opportunistic, so I would be surprised if such a correlation were truly borne out by any data.

> Texas does have bans on specific types of knives, but not a blanket ban or anything w/ length.

When I was growing up in Houston, it was a felony to carry anything with a blade over 5.5" on your person. (I distinctly remember my scoutmaster warning us about locking or fixed blades >3.5", but that may have been a Houston or Harris County ordinance.) It looks like this was effectively repealed in 2017 per https://www.houston-criminalattorney.com/texas-switchblade-l...


Interestingly enough, Brits used to also have right to own and bear arms, but they lost it in early 20th century. That’s what happens with freedom, if you don’t watch it.


I just don't get these comments at all.

British people absolutely have freedom to own guns, just perhaps not in the way Americans do, but yes they are in no way forbidden nor is anyone's freedom in danger - I know lots of British people with guns, way more so than where I'm originally from(Poland). You apply for a permit, then a local officer comes over to your house to just make sure you have somewhere safe to store it and that's basically it, go and buy yourself a gun, no problem at all. If you know anyone who lives on a farm they will most likely own at least one shotgun, for shooting rabbits if nothing else.


No. In Britain, to even own a gun, you must argue that you have a “good reason” to do so. If you don’t have a good reason, you won’t get the license. In US, guns ownership is considered a right, and you do not have to justify why you want to exercise this right.

Second, the ownership license does not entail right to actually carry the firearms. Brits used to have this right, but it’s now gone forever, especially as handgun ownership is effectively banned altogether anyway.

UK only has twice as many guns per capita as Poland, by the way, and I think a lot of it is actually a remnant of era when Brits had more freedom.


But we also know some laws an unenforceable in practice so are at best a deterrent if that law is made known to everyone, however in practices, laws not even a TLDR are rarely made known and people also forget what with everything else going on in the world.


> Every AirTag has a unique serial number, and paired AirTags are associated with an Apple ID. Apple can provide the paired account details in response to a subpoena or valid request from law enforcement. We have successfully partnered with them on cases where information we provided has been used to trace an AirTag back to the perpetrator, who was then apprehended and charged.

This makes me wonder, could Apple go further?

What if Apple put up a web page where anyone could type in the serial number of any AirTag they found, and instantly see the name and phone number of its owner? Apple could even print the website URL on the back of every future AirTag (albeit presumably in tiny print).

I bet that would make stalkers think twice! And, I don't think there's any technical reason Apple couldn't do it, right?

What I'm not sure about is whether this would be an invasion of the owner's privacy. But, if you're using AirTags to only track your own belongings, when would this ever come up? The owner's privacy seems less important than that of an unwitting victim, since the owner can choose to not buy an AirTag.


Consider theft. Now the thieves have the victims phone number to attempt to further steal from them. Or if there is an audible sound, they know the police is coming after them and can drop the airtag and avoid apprehension.

This is a two edge blade. Personally, if I was going to use an airtag I would use it to protect myself in case of theft. Now, the thieves can locate the airtag due to a notification and move it to an unsuspecting other victim, which will then move on to press charges against me, and I will have to defend myself in court. I don't see the appeal.


Right, or even consider the original case where you have an AirTag on your keys for if you lose them - given a name and a phone number, someone who finds your keys can quite possibly figure out where you live and use the keys.

Most things you lose are both less dangerous lost and worth less to a criminal (and hence less likely to induce someone to become a criminal) if they can't be tied back to you. Don't put "If found, return to 123 Main Street" on your keys, don't put "Apple Confidential" on your USB keys, don't engrave "Property of North West" on her Switch, etc.


Hm, how easy is it to get an address from a cell phone number these days? Maybe Apple could only include the Apple ID?

My goal would be to provide enough information so that, if the AirTag's owner is someone the victim knows, they'll be able to determine who it is. Apple needn't provide enough information to identify random strangers, because most stalkers aren't random strangers. (And, the AirTag is appealing due to its ease of use; it would be easier and cheaper to buy a GPS tracker than set up a burner iPhone.)

It may not be possible to do this in a completely harmless way to the AirTag owner, but I do think potential victims should get more priority here. Telling everyone to file a police report isn't great IMO, because potential victims may have all sorts of reasons for not wanting the police involved.


But Apple is already saying you shouldn't use AirTags for cases of theft. The AirTags already attempt to alert people to their presence, including with sound.


"Don't expect to be able to use AirTags as an anti-theft device" is very different from "AirTags should allow thieves to do even more harm to you"


Lose a pair of keys? With that system in place anyone who finds them can trivially find out what door they open.


If I understood correctly, this still doesn't protect you against custom Airtags using embedded boards[1]. You could just use any serial number you want and maybe even incriminate other people by using the serial number of their authentic Airtag?

[1] https://github.com/seemoo-lab/openhaystack/


If your threat model includes someone "just cloning your airtag and planting a clone", I think you've got big issues you need to deal with.


If they can link serial numbers to appleids it would imply that they could block non-apple devices? Unless the Apple serial numbers are also randomly generated or something? (Might check the apple docs later)


Now if only I had sand paper around.

In theory I think you just need to get it closer to an iPhone, no print needed.


I honestly can't tell if you're being sarcastic but this is horrifying.


I wonder how this would work. Even if you do find the Apple ID the AirTag is associated with, how do you find the person associated with the Apple ID? You can use any name you wish there as far as I know.


If you have an iPhone, it would be hard to fake your phone number.

It could be a burner phone, but if you're going to put in that much effort you might as well get a GPS tracker. And, chances are the stalker is probably someone you know.


> And, I don't think there's any technical reason Apple couldn't do it, right?

Technical no; Adding a fraction of a penny to engrave the uuid on the tag is a non-starter.


But they offer free engraving anyway???


Well, Apple could potentially make users download an app to read the UUID (hopefully not iOS-only), although obviously printing it would be better.


this would violate privacy laws like gdpr


Why and how?

I'm quite familiar with gdpr, btw -- and I don't see how being able to look up a uuid or some other nonsequential identifier via a site to find the owner obviously violates it. There's a strong legitimate interest case for anyone in possession of a global tracking tag being able to find out the owner, I would think.


the problem is an api that returns someone’s pii without authenticating they are allowed to see it.

a uuid on its own is not a problem. but if you can take one and establish a link pii then the uuid becomes a pii risk.


The far bigger problem is the airtag itself, which spews unpermissioned tracking data without any consent required.


There is consent. If you don't want the "spewed tracking data", you can disable the Find My Network completely.


Apple has made no attempt at getting consent from whomever the airtag is on. Maybe if you have an iphone it could alert you.


You dont know the circumstances for why an airtag is where it is, what if a parent sewed one into their kids clothes or bag or shoe, but got ripped out or something?

Apple should know who possesses the airtags at the very least, and if an airtag is reported lost/stolen, that info could be conveyed back to the person who found it, but nothing more until Apple has then liased with the "owner" to find out what to do next. Obviously this can be automated to some degree.


I don’t want some asshole who steals my keys to be able to look up my name. How is that a good idea?


"It’s why the Find My network is built with privacy in mind, uses end-to-end encryption..."

"Apple can provide the paired account details in response to a subpoena or valid request from law enforcement"

Hmm


Both can be true. The actual pairing of tag to owner is encrypted in the communication of its whereabouts. Some stranger detecting an AirTag that you own is not able to determine that you own it.

But also Apple can pair the serial number of the physical tag with the account that registered it. I think this requires the actual tag to be retrieved. The serial number isn't transmitted in the clear; it's gotta be read off the tag case.

That's my understanding of it anyway.


The serial number, and last four digits of the owners phone number, is available to anyone that is within NFC range of the AirTag.


From my understanding, location is E2E but they still register the serial to your account.


probably the same loophole as the "end-to-end encryption" in iMessage. it's end-to-end, but the client is their close-source proprietary software, so if they need access to the data they can just remotely access the client software that you've authenticated and access whatever they need to.


That’s not the iMessage loophole. The loophole is when you have iClouds backup enabled. They have access to it. Disable the backup, you disable the loophole.


Maybe something has changed or i'm missing something, but my understanding is that even without iCloud backup enabled, if you went through the "i forgot my password" process they could remotely generate a new key and create new copies of all your iMessages encrypted with the new key. Which is effectively replicating exactly the attack that e2e is supposed to protect against.


That's not the only iMessage loophole. They also obscure key distribution and have the ability to add and remove keys that are ostensibly for your devices at will. Technically you can check in keychain but virtually no one even does that between their own devices, let alone share and verify out of band with every other party they communicate with.

"E2E encrypted, we can't even read it, unless you use iCloud, or we get a NSL, or if we feel like being a MITM today".


End to end encryption has become a buzzword.

It prevents identifying who an air tag is identifying its location to. It prevents identifying what air tags you're searching for.

It is unclear to me how either property is useful to protecting someone from being tracked by someone else's air tags.


The location is end-to-end encrypted, Apple doesn't know where an item is at any given time, only the owner does.

Who owns the tag (assuming someone has it in their possession) is not end-to-end encrypted.


Might be useful: https://github.com/seemoo-lab/AirGuarg, a third-party Android app, can force an AirTag to make a sound even if Apple hasn't determined that tag has been following you (the BLE characteristic is unauthenticated: https://github.com/seemoo-lab/AirGuard/blob/main/app/src/mai...)

HN discussion: AirGuard: Protect yourself from being tracked by AirTags and Find My accessories (298 points, 150 comments) https://news.ycombinator.com/item?id=28577951


Fixed link: https://github.com/seemoo-lab/AirGuard

AirGuard is great. They optimized the app to the point that it doesn't even show up in my Android device's battery usage statistics anymore. It's a set and forget app that scans for AirTags in the background automatically, but also when you trigger a manual scan. It's free and open source.

Apple's Tracker Detect app for Android (https://play.google.com/store/apps/details?id=com.apple.trac...) doesn't have automatic scanning, and requires the user to open the app and tap the button to manually scan for AirTags. It also forces the user to wait 10 minutes before they can make the AirTag emit a sound. I'm glad that the Technical University of Darmstadt made a better solution and released the source code, too.


This works assuming the speaker hasn't been compromised by a would-be stalker.


There's already a thriving market in muted airtags, a quick ebay search will get you there.


There would be the hazard that you can no longer say it was an accidental stalking if you use a professionally tampered with device. Given that there are a lot of iPhones out there even if your device doesn’t detect it your friend may ask what is up. Then law enforcement can use the AirTag serial number to track back to the account it is linked to.


Yep. But there is also potential for civil disobedience / mischief there.


Seems like it could be humorous to walk around a crowded stadium with a loop forcing everyone's airtags to go off


And if I don't have a phone at all...? (I don't have a phone at all.)


99% of the tracking notifications are given to my family members. It’s hilarious that you can’t “join” a family members tag so it can be shared within the family.


Being in an iCloud family does suppress the tracking notifications.


I don’t think so. My wife and I are iCloud family and I still get alerts every time I drive the car without her.

Of the four pack I bought one is useful for finding my keys, one is a PITA in our car, and two I never got around to using.


i.e. completely stop or just reduce? Because I was going to say it would make sense for the "threat model" to go beyond "traditional" stalking to domestic abuse etc.


Completely stop.


Not true, you will receive notifications as usual.

You can choose to supress indefenitly.

Source: have iCloud family with like 10 airtags.


Really? Since which iOS? I got them as late as yesterday on a famly members' phone.


That must be recent.


agreed - my wife and I still get alerts about each others keys being with us. I wish there was a way to actually see the location of other family member's AirTags, so that I can find my wife's keys with my device. It's annoying that we can see eachother's phones and Macs in the Find My app but can't see eachother's AirTags.


Are you on a shared iCloud account? This never happens to my wife and I but we’re on the same iCloud family account.


Interesting. Just one data point, but my wife and I both have airtags on our keys. When I drive her car (and she's not in it), I get a notification about her keys traveling with me. We're on the same iCloud "family" account. I wonder if there’s something else that needs to happen?


When you go into "Find My", can you see your wife's devices and keys?


I see all her other devices, but not keys. Now that I know how it should work, going to see if re-registering the keys changes things.


I would reach out to Apple about that. It’s not supposed to work that way.


“Okay, so what we’re going to try and do here, is reset and erase, and not restore from iCloud backup, so we can rule out this being something in your profile.”


When you say "iCloud family account", do you mean you both log into the same account using the same credentials, or that you use "family sharing" to, e.g., share iCloud data, purchases, etc.?


Not the same credentials, the other one. I forget what they call it, but basically we pay one bill and share iCloud storage and apps between us.


Yes we have some kind of shared account or family/group, e.g. with shared iCloud storage and so on.


I don't think that the timing of this has much to do with the following, but I find it an amusing coincidence:

Just a month ago the German activist Lilith Wittmann used an airtag to corroborate the suspicion that a branch of the German government she (or anyone else who should) never heard about before called "Bundesservice Telekommunikation" (Federal service of telecommunication) is just a front for the Bundesamt für Verfassungsschutz (Federal Office for the Protection of the Constitution, the federal domestic intelligence agency). Unfortunately I only found this [0] article in english quickly, a longer piece by herself in German can be found at [1].

[0] https://www.imore.com/german-woman-uses-airtag-find-governme...

[1] https://lilithwittmann.medium.com/bundesservice-telekommunik...


Notably they hint at one of the problems but don’t discuss fixing it at all: it’s bizarre that AirTags can’t be shared with a family account. It’s irritating that if I grab my wife’s copy of the car key I get alerts about being tracked, and, conversely, it’s frustrating that she can’t locate my copy of the key when that’s the one that’s closest.


Probably deliberate since unconsented spouse tracking is probably the most common type of tracking. Maybe an icon and periodic notifications, similar to how the location service works could be a way to allow.


Sibling comments have effectively pointed this out, but obviously it could be optimal per tag, and also given we already have Find My Friends access to each other it’s a completely meaningless objection.

Point is it should be at minimum opt-in possible because without it it clearly misses the obvious connection to a selling point of Apple (family sharing).


That's pointless, my partner and I can see each others' phones anyway.


Then it could be tied to the option on sharing location with a family member


If somebody steals your car/purse/whatever with an airtag on it, and that person has an iPhone, will they get notification that somebody is tracking them?


Yes.

"If a Find My network accessory that's separated from its owner is seen moving with you over time, this alert is displayed"

https://support.apple.com/en-us/HT212227


Oh so this is really only useful for tracking stolen items if whoever steals it doesn't have an iPhone or an Android with their app on it, I never realized that.


The AirTags are explicitly designed to track lost items, not stolen items.


This being the case, I don't understand why they need more than "this is where you were the last time your phone was near the tag"?


Can probably track the iPhone that the AirTag notified. If apple and law enforcement (private?) want to…


Nope, Apple can't tell you where an AirTag is nor can they tell you what iOS device relayed the location.


Apple can track an iPhone and so can telcos


That seriously degrades the usefulness of airtags. I might want something with less privacy features included.


Yes, though I'm not sure how long it takes for that warning to pop up.

In my experience, it's generally more than the few minutes someone that grabs a purse will keep the purse before looking for cash/whatever.

A car is, of course different. I had the brilliant idea to put an airtag in my car so I could find it if I forgot where I parked. Then I got a call from a very worried SO that borrowed my car that thought they were being stalked (there's a history there of issues, so yeah, fun times).


If it's a car why not get a cheap 2nd hand iPhone SE, and either a massive battery pack or wire in a 5V inside the dashboard and hide it there. Then you can just track that phone. It will have GPS too.


I get an alert every time I ride my wife’s bicycle. It would be nice to be able to mark her tags as ok to be near me.


Being able to share AirTags via a family iCloud account seems to be a pretty commonly requested feature. It does seem a little silly that I can track every device attached to the account but not AirTags.


Even outside of family. I would buy an airtag for my dog for when my friend watches them. It'd be nice to drop off my dog and "share airtag with this user" so they can have a resource in case my dog got lost.


I suspect they are working on it, but the crypto is privacy-preserving enough to make centralized authorization management hard.

Specifically, you get a cryptographic secret when you pair the key, it broadcasts as a bluetooth beacon with encrypted messages based on that secret and current time, that get reported up to an Apple service.

When you want to see your accessories, your device will compute the encrypted messages at appropriate times and have apple search for them.

However, there's no network push to an AirTag available to tell it to rotate keys. You could grant more people to see a tag by sharing the secret - but you then could not remove that permission without physically resetting the tag.

I suspect the solution will eventually be having derived keys from the secret and date, and date-based "leases" for permissions - I share the current key to allowed peers. That would mean revocation might be represented in the UX immediately, and take a day (or some other time period) to actually start to fail cryptographically.


sorry I didn't mean the MAC address but rather an HMAC-based key derivation. I suspect they rotate MAC addresses every half hour or so, but the broadcast itself is encrypted such that you can't tell two belong to the same AirTag without knowing the secret.

I might have a secret key for the AirTag, and the encrypted messages derive a new key each day based on the current date, then encrypt a check-in message based on the current time.

If I share the secret key, its permanent access until a hardware reset of the AirTag. If I want to share "for a while", I just share a bag of those derived keys for the date range. The UX might represent it as not having a date range, and my devices which know the secret just periodically share out the derived keys when online to give out keys, and effectively make it so that any revocation of permission takes a week.

The other option is for me to be able to share enough information with Apple's servers that (on permission change) it blocks the AirTag web service query itself. That won't help you with any shared secrets allowing someone to detect its the same tag even after MAC rotation.


I do think it should be possible to share encryption keys (ignore this MAC alas doesn’t work because the MACs and randomized and rotate fairly frequently when in the vicinity of an owner’s devices)


That feature already exists. If you are sharing your device locations with your iCloud family members you won’t get the complaint notifications.


I get them pretty much everyday for my wife's Airpods despite us being on iCloud Family Sharing. Guess something's buggy.


I'd like to be able to mark my own tags as okay. My phone will NFC with the tag in my pocket, and just about every time I pull it out I have a "go to lost.apple.com?" prompt.


I'm not always a fan of Apple's decisions, but short of pulling AirTags off the shelves and scrapping the product entirely, they've gone far beyond any of their competition (Tile) with this stuff.

Ultimately, maybe we're better off just losing things sometimes.


To be honest, I'd be fine if I just got notified at the instant that my AirTag became separated from my phone, and see the location when that separation occurred. They already have this feature, and it's the only thing I really need. I'm not going to go chasing after a thief myself, and I highly doubt the police will care that I have a tracker on my stolen keys. Even if I leave them on a bus, it's not like I'm going to chase down the bus. I'll just call the lost and found and let them know which bus I left them on.

Wouldn't this make unwanted tracking essentially impossible?


Let’s see how hard it is to neuter the sound generation within the AirTag itself. If it’s silent itself, an Android or no-device trackee is vulnerable.

There is not much tech that lacks unpreventable malicious use. Needs to be expected for pretty much anything.


You don't have to actually do that. The devices aren't directly authorized by Apple. So long as you broadcast the right beacons over BT you can make any device findable by the Find My network.


Would it be possible to design the device to detect if the speaker has been tampered with? Perhaps having some sort of microphone on board to detect whether the speaker is functional would work.


This could be put into the speaker driver, to do something like an impedance measurement, to verify that something that looks like a speaker coil is still present. If you wanted to make something hard to defeat, you could measure the capacitance between the coil and case, as a deflection measumerent, to verify that coil was actually moving in a way that it should be. Both would probably add a relatively large amount of power consumption, completely change the design, and add a bunch of cost, where nobody would be interested anymore.



Exactly - this seems like the kind of thing where the only way to really mitigate its abuse is to not have it at all.

"Your scientists were so preoccupied with whether or not they could, they didn’t stop to think if they should." - Dr. Ian Malcolm


Are airtags still useful for eg. tracking a stolen bike? Or will it now alert the thief within minutes that the bike contains a tracker?


I don't think you can simultaneously limit unwanted tracking and still track thieves surreptitiously. Basically both are "unwanted tracking" by the "victim".


Well now the airtags give the thief a way to locate the airtag and remove it--in addition to telling them that the air tag is there.


Destroy the speaker and hide the device inside a tire, steerer tube, or other such place?

I mean the thief will get notified, but what are they going to do? Dismount tires, disassemble steering assembly, remove the grips, undo the saddle, bottle mount, Garmin mount, bash guard, lights, etc? This all takes time and skill, it can’t be done on the spot and if they dragged the bike home or to a fence they have already disclosed the location.


There's an entire market for this (and I own two for this express purpose): https://www.etsy.com/listing/1015753561/the-original-apple-a...


Now you've increased the motivation for thieves to carry EMP guns with them... they already do that to deactivate merchandise loss prevention tags (RFID).


Would those locations actually work? A tire is a physically violent place, and a steering tube looks a lot like a faraday cage.



There are details not exposed outside of NDA, but my suspicion is that there is a requirement that MAC rotation happen more slowly, like every 15 minutes, and it is a bluetooth MAC and the actual GPS/cell based 'movement' which together trigger an alert.

If a bike's Find My support randomized its MAC on every broadcast, it may very well not be possible to tell that it is not a new device each time. That might not be allowed per the licensing agreement, and that might be something that Apple has heuristics to detect and alert on.


I believe an AirTag stops randomizing some broadcast identifier when it’s separated from its owner. The AirTag by itself has no location awareness. But when an iDevice sees the same separated AirTag at multiple locations it fires the alert.


Airtags were never supposed to be used to track stolen things, but to retrieve lost things.

People complaining about airtags being nerfed were misusing them in the first place


> People complaining about airtags being nerfed were misusing them in the first place

I sense the "you're holding it wrong" philosophy never really changed at Apple.


That may be the case, but not in this case. AirTags had anti stalking built in from the start and were specifically marketed for lost items over stolen items.


Surely you can see how that would be a poor design choice. It's quite a common use case for tracking devices like the AirTag.


How is that a poor design? How would you design it to not alert the thief but alert someone they are being stalked?

You can only have 1. Can’t have both.


It is poor design only if we are calling this misuse. For the record I don't think Apple is doing anything of the sort. They knew exactly how these AirTags would be used, so they wouldn't blame the user as misusing the tags.


You can use a fork as a spoon but you don't get to complain about how bad it performs. Nowhere in Apple's marketing is the airtag advertised as a device to track stolen things


That doesn't really change anything. Throughout the design phase Apple was fully aware that a large portion of users would use AirTags this way.


I've heard of multiple people using airtags to prevent and successfully recover stolen vehicles and property after armed carjackings, and as dystopian as that feels, it seems to me far less invasive to society to narrowly target violent criminals than hiring more beat cops to randomly pull over (disproportionately innocent and disenfranchised) people over miniscule driving infractions to hunt for the actual criminals.

I'm happy to see some actual numbers but it seems the devices have been used far more often to deter actual, serious crime than to cause it. Perhaps they should focus on improving the product for what it's actually good for and not nerf it's core functionality because of the extreme edge case of a few bad actors.

Samsung has a similar product called SmartTag and it's also quite good from what I've seen, and on cursory glance seems to not be hyper focused on "fixing" this "problem".


Yeah; I’d prefer it if the police could nerf it (by enabling notifications) to help out stalking victims, but thieves could not.

Alternatively, if (with an actual warrant, and involvement of the airtag owner) the police could link location trajectories of any phones that travelled with the stolen airtag, that’d be nice. Not sure how to avoid abuse with that scheme.


That’s not how the media narrative works unfortunately. Source: I’m in media.


At what point do you go “you know, the low severity problem we’re solving (finding my keys) is probably not worth creating high severity problems like stalking and sexual assault?”


If there’s enough demand someone will eventually solve it


I'm sure they're frustrated that people keep using AirTags as tracking devices rather than local thing-finders, but I think there are good reasons for that.

Local trackers have been around for a long time. I had a "TV remote finder" years ago that you'd stick to a TV remote (or keys), and it would beep when activated by a second device. More recently, Tiles work pretty well, assuming you don't need direction finding. Personally I don't regularly lose anything large enough to benefit from an AirTag. I need it for things like individual AirPods.

But a small device with a worldwide range and no subscription fee that I can attach to a car or suitcase? That's a novel capability. I have one in both cars and my electric skateboard.


> "TV remote finder"

I was sorely disappointed when they announced the new Apple TV remote, and it didn't have airtag built into it.


I want to see AirTags built into all mobile Apple devices. iPhone, iPad, remotes. With it's own rechargeable battery, it would be really useful when my silly kid forgets where he left his iPad.


The find my network is supposed to be that already - Apple devices even ping when turned off. Try opening “find my” and clicking devices. If you all share a family account, their iPad should display its location.


It only lasts as long as the battery does, plus 24 hours (as in, the location will be visible for 24 hours but won't update after the battery is dead; after 24 hours Apple hides the last known location).

Even then, it is unreliable. The last time my son misplaced his iPad (a week ago), after I put it back on the charger it didn't start beeping (I had told it to make a sound via Find My) until about 12 hours after it was turned back on. Simultaneously I got the notification that it had been found. Not too impressive, IMO.

An AirTag, though, would have its own rechargeable battery and would be able to locate the iPad for a year after it got lost. In my ideal implementation it would work just like a regular AirTag, the only difference being a circuit to keep the battery charged, and being embedded inside the case of the iPad.


I have an AirTag in my car. I can always find my parking spot. I use this more often than to find my keys.


That's a creative use I hadn't thought of before. I guess it probably wouldn't help me since I use CarPlay, which causes the phone to save the parking location automatically, but I can definitely see a use case there.


"We're working closely with the police on our pervasive, no-permission geo-tracking system" is a *terrible* fucking message to hear.

It won't be long before they have tiny mics, too. And the little speakers they have, of course, can be disabled.

We on HN should really band together to do something about this. There is already https://github.com/seemoo-lab/AirGuard which is cool. What else could be done? I can think of some general directions:

1) Fill their network with noise somehow. If there are lots of tags, or tags pretending to be other tags, then information on which tag is where will be less valuable

2) Make something that forces existing tags to out themselves (should they have working speakers)

3) Jam their radio signals. Probably illegal in the U.S. under FCC rules, but perhaps there's a way to do it where you're not actually jamming, you're merely doing something else that causes them to not work.

4) Find some reliable way of identifying them via a wand, your phone, etc.

5) Apply political pressure to make this sort of thing illegal (especially for the authorities)

6) Make laws that say if you're using spectrum to build a mesh network, it has to be open to everyone


I recently had a car stolen and was able to recover it and police made an arrest because I had a Tile hidden in it. This wouldn’t be possible with AirTag notifications.

On an unrelated note if you have any FCA vehicle thieves have a programmer that plugs into OBD2 that will delete yours keys from the car and pair theirs in under 2 minutes so they can crank the car and drive off. It’s not even the relay amplifier attack that affects a lot of other cars.


"Every AirTag has a unique serial number, and paired AirTags are associated with an Apple ID. Apple can provide the paired account details in response to a subpoena or valid request from law enforcement."

For a company that 'values privacy', how do they think it's acceptable to only advertise this information now?


Every iPhone has a unique IMEI that can be provided to law enforcement based on a valid request. And everyone carries one in their pocket!

They've never advertised this information. Are you also up in arms about that?


If only there was a way to figure out what the website address is, maybe they indeed would have "advertised this information" ...

https://www.apple.com/privacy/government-information-request...


This is not the kind of detail that should be buried in small font.

Apple has a privacy report card for every app on their store, a whole “data linked to you” section.

If that is necessary for apps, why is that not necessary for a product that literally can track you?

It should not be buried.


> ...and we condemn in the strongest possible terms any malicious use of our products.

Then subject them to malicious users before releasing them to see what sort of ideas they can come up with in a few days, and mitigate those before general release.

Go schedule a room at Defcon, give people AirTags, and see what they do. If they neutralized your mitigations in an hour, well... other people can figure that out too. That the speakers are so easy to disable... well, yeah, you should have figured that out before release.

I'm a bit concerned about Apple's internal ability to reason about malicious actors. This is the second time in recent history they've released a shiny something, only to discover it torn to shreds in very short order by people. The whole CSAM hashing algorithm being as weak as it was to manipulation should not have been a surprise to them - but it sure seems like the system was designed without considering that the first hashing algorithm was trivial to intentionally collide.

"Buy an iPhone to prevent people from tracking you, and if you want to see where the tracker is, buy a really new one!" is some sort of sales pitch, certainly, though this new set of things sounds so prone to false positives and annoyance that I'm not sure how long it will be until people just turn the whole thing off (if that's an option).

It's a neat concept, but doesn't seem to have survived contact with reality and humans very well.


I've said this in other threads, but I'm probably done buying AirTags, because the anti-stalking features, that I assume you're aware of, are so annoying, that I don't want to add any more to my life.

When I get in my car with my wife, we both get a notification that an AirTag is following us, because my wife is potentially stalking me with her purse and keys. I can silence this notification for only one day. I can't disable it, because that's what a stalkers or abusive boyfriend would do. They randomly beep and boop to notify me that they exist, and I'm being stalked, and to put my phone near the offending AirTag so I can see the serial and last four digits of the owners phone number.

If someone were actually stalking me, I probably wouldn't notice.

I think the whole concept is almost doomed, if you're to be satisfied. The purpose of an AirTag is to track a thing. The desire of a stalker is to track a thing. I don't think these two identical problem spaces can exist together, in some harmonious way, that would satisfy people with your concerns, without constant annoyance. Just imagine if these were more popular and you did something crazy like, got on a bus, or went on a plane, walked any reasonable distance down a street with someone in your proximity.

I would love to hear a solutions that doesn't result in constant notifications. I also think it's completely silly to say "We'll we just have to restrict location track of anything, because there are bad people out there. Period." If the metric is to stop all the bad, then technology needs a huge lobotomy!


Apple just needs to add shared AirTags to iClould family sharing. I think that’d solve your issue and ~90% of other unwanted stalking alerts. They already allow shared “Find My iDevice” and just need to add AirTags to the mix.


I agree, but from previous HN threads, people have said that this would enable people in abusive relationships to be stalked. Also, it appears that some distance is required to trigger the notification, so I imagine stalkers could use the AirTags within this distance. For example, to find which apartment someone lives in, within a building.

I think there will always be headlines about stalking and abuse, and people claiming Apple didn't do enough (even though it's so annoying as is), regardless.


> would enable people in abusive relationships to be stalked

I can see that concern, but family sharing ALREADY lets you share iDevice locations at all time. That's a superior form of stalking compared to AirTags... So I just don't get this concern. It might just be perception though. From a PR perspective this is a bad time to release any feature that could be perceived as reducing AirTag stalking alerts.


Yep. People saying that have no idea.


Family sharing is how you permanently silence one with you. Otherwise the only option is 24h.


It appears to already be in the mix for me. I see other reports on this thread saying the same.


or just be able to mark an airtag as friendly?


> then technology needs a huge lobotomy!

Yes, it does. It really, really does. The absolutely human-toxic nature of most modern consumer tech ("You buy me, I feed you ads, and collect absolutely as much data as I can to improve the ads other people pay me to deliver to you!" model being the core complaint here) has done a huge amount of damage to humanity.

There are upsides, but we culturally seem horrible at actually evaluating things fairly. Always-on devices, constantly sending notifications, are just horrible to every aspect of humans - and the more we learn about just how horrible the are, the better the companies involved refine their ability to "drive their users nuts" for more eyeball-time to view ads, desired or not.

So, yes, if what you get out of my writings are that we should radically pull back on what consumer tech is and can do, you're evaluating my position quite accurately.


> If the metric is to stop all the bad, then technology needs a huge lobotomy!

I think we need to change the metric. Every tool humans have ever invented can be used maliciously. So we have fallback options, like punishment, to mitigate that. Apple needs to make you read and acknowledge a notice when you get an AirTag that says quite clearly that they know the serial number and will happily provide your contact info to authorities on request. And then police need to actually arrest people for misusing tags to stalk.


Why should the public bear the costs of a $2 trillion dollar company's decisions? Why should overpoliced communities be subject to even more policing?

The solution here is to restrict airtags to finding your own stuff only. That takes away some of the utility but also all of the stalking risk.


I think you’re completely misunderstanding the threat model here.

First the reality: Malicious actors interested in, e.g., tracking other people or other people’s things without their knowledge or consent, have many other options. To defeat them, an Apple product just needs to be somewhat less convenient/useful/cost-effective than some of the many other options.

Second, the perception: Apple needs to convince their customers and potential customers that they care and they’ll do something when there’s an issue.

As released, they pretty much had number one covered, though improvements are always good. So they are mostly working on number two… it’s good when there are actual improvements, but that’s not the main point.


Exactly– the SmartThings tracker didn't ship with any of these features. Tile didn't either. The only reason this is such a conversation is because Apple built these anti-stalking features and marketed them.

Not to mention I could probably make a crappy GPS tracker with none of these alerts and stick it to people's stuff. It may be clunky, but there are plenty of good hiding places. Or I could just get this[0]. Or this[1]. Or any of the dozens of trackers I can find on Amazon that would be perfectly good for stalking.

[0]: https://www.amazon.com/Amcrest-LTE-GPS-Tracker-Geo-Fencing/d... [1]: https://www.amazon.com/LandAirSea-Waterproof-Magnetic-Person...


AirTags shipped with anti-abuse features on day one, no other product provides any anti-abuse features whatsoever.

The speaker could be defeated, but the anti tracking stuff cannot be stopped without breaking the basic functionality.

If you’re demanding that companies must go to great length to avoid abuse of their products why aren’t you demanding the same from tile? Why not the myriad gps trackers on Amazon? It’s not unreasonable to demand that Amazon ensures every such tracker they sell has speakers and anti abuse features.


> It’s not unreasonable to demand that Amazon ensures every such tracker they sell has speakers and anti abuse features.

I agree, however, this thread is about Apple's AirTag devices, and complaining about Amazon's incredibly vile sales practices seems at least somewhat off topic for it.


And Apple's device have vastly superior anti-abuse features than every other product, and clearly apple has not stopped fighting said abused.

What's happening now though is people are attacking apple because AirTags anti-abuse features work, and people have identified when they're being stalked.

We haven't heard stories like this about tile, not because it doesn't happen, but because the complete lack of any anti-abuse features mean that victims are unaware they're being tracked.


To what extent is any hardware manufacturer responsible for malicious usage of their product in your opinion? Surely you don't believe that all bases can be covered no matter how simple the product prior to launch. I credit Apple for making a best effort at launch and continuing security and support for much longer than the industry standard in their products. But realistically there is no way to launch something flawless as you seem to be suggesting.


I don't think all bases can be covered, certainly. But neither do I think Apple has been doing a good job of even trying to do a good job of it, at least recently.

Apple clearly put some thought into how the product would be misused, and added some features for that - but then appears to have not bothered having actual (simulated malicious) users test those features to see how they'd bypass them. Things like "removing the speaker" seem oddly trivial, yet there's no indication Apple even thought through that situation. It wouldn't be too difficult to design something in which the deliberate disabling of the speaker rendered the device useless after a few days, yet would be unlikely to trip in normal use. They're pretty well sealed.

"Red teaming" something like this in the early design phases is often useful to be able to figure out how to mitigate these sorts of attacks, and Apple, far too often lately, seems to be in a "...they did what? No, they can't have... we didn't think they'd... ugh, OK, let's add something to support that..." mode.

And if they don't have family sharing support, as seems to be the case from the other comments here, it clearly means they weren't tested with any sort of realistic use case, because "Oh, yeah, my wife's keys in her purse keep making my phone go off when we're driving together" seems a common use case to discover in testing.

I don't think a company should be responsible for all malicious uses, but when those uses seem utterly trivial to manage (remove speaker, your tracking target uses Android and like almost all Android users hasn't downloaded Apple's app to check for AirTags following them), I think they've missed something really important in the design phase.


Making AirTags safe is fundamentally impossible, a bit like trying to make a knife impossible to hurt yourself with.

For example:

> deliberate disabling of the speaker rendered the device useless after a few days

That only kicks the can. Now people will silence the speaker from outside, for example by covering the whole AirTags in superglue and foam to muffle all vibrations.


> for example by covering the whole AirTags in superglue and foam to muffle all vibrations.

Which makes it larger, harder to hide, and easier to find. Go try - see how much foam it takes to reasonably muffle the beeper. It'll take a lot more than you think.


If I put it in your bag or in your car, I can make it 10 times bigger and you will still not notice it.

Use your own thinking, how would a red team go about silencing the device.

Also, try covering your phone speaker holes with your finger. See how effective that is.


I think that a key issue in this case isn't just that Apple made a device that could be used for tracking - after all, you could engineer or buy a different tracking device from a number of vendors - but that its feasibility was massively increased due to a unique Apple asset - its network of iDevices. That is, Apple released a product that was uniquely good at tracking people due to an Apple-specific asset.

Slightly less, but still very importantly, there's the fact that by design you can't see if someone is tracking you unless you buy another Apple product, which wasn't an intrinsic engineering limitation, but just a choice that Apple made for their own profit.


Apple released an Android app that lets you check for AirTags separated from their owner near you: https://play.google.com/store/apps/details?id=com.apple.trac...

Of course you have to know about it and it only provides scanning when the app is open instead of constantly doing it in the background like iOS.


> its feasibility was massively increased

As was the risk of getting jail time if you use it to stalk someone. Something you don't really worry about with a generic GPS tracker. That handy, convenient AirTag will give the police your address.


Makes me wonder how much liability the owner or participants in the network used for tracking carry if bad things are facilitated by the network.


I'd really want to ask weird and possibly insensitive, but nonetheless (I believe) a legit question - shouldn't be it a society that needs to somehow change (I've no idea how, though), rather than technologies killed because it threats existing societal stuff? I hate to say this but it really feels that our assumptions of privacy are becoming outdated and there's no going back.

Unlike e.g. facial recognition, AirTags are not even some new breakthrough, just some well-known existing technologies made a bit more mainstream/commonly available (can't even say "more affordable", the price point hadn't changed). Yet, it causes an uproar.

Technological genie just cannot be put back in the bottle and it's only gonna get worse in the future, as tech will become smaller, smarter and more magical.


> ...shouldn't be it a society that needs to somehow change (I've no idea how, though), rather than technologies killed because it threats existing societal stuff?

We've allowed, collectively, anything that falls in the "tech" realm to deploy first, ask questions later, and more or less force society to conform. I think it's been absurd, we see more and more backlash against it, and rightly so. A company shouldn't be able to just ignore the law and do whatever they want because they use computer chips, but we've seen more or less exactly that in a number of cases.

- Uber/AirBnB can be seen as venture-capital funded, money losing ways around existing taxi/hotel/rental laws, and their tendency to expand into a market without permission and then demand the right to stay there against the laws that prohibit exactly such things, is an example of this model. - The various "Dump tons of scooters in a city without asking, profit, and make cleanup the city's problem" is another example here. It's littering, really, but somehow tech companies involved get a pass because it's neat. - Literally every "We collect all the behavioral data you don't realize we're collecting to improve our models of you so we can sell better advertisements to our actual customers" business model does the same thing - take first, ask permission never (or, at least, try very hard to never have the topic come up).

I'm not OK with this, and I hope more and more people aren't OK with it either.

> I hate to say this but it really feels that our assumptions of privacy are becoming outdated and there's no going back.

Privacy shouldn't be something subject to the current state of technological surveillance. We should, as a society, decide what privacy ought to be, and then limit tech companies accordingly.

Europe seems to be making decent headway on this front, with "No, you can't just keep doing that..." rulings against tech companies. I hope that spreads.


> I'm not OK with this, and I hope more and more people aren't OK with it either.

Cool, that's a societal change - awareness.

I can't argue against your ridesharing datamining examples. I can't say the data they've hoarded is actually valuable - just based on the fact almost all their ads are complete misses. I've yet to see any personal data hoarder company to be able to actually pull off anything sensible, not that some ML model realizing nonsense in lines of "meatbag bought a sofa, meatbag must love sofas, let me show him all the sofa recommendations" (lol). Anyway, that's not the point. I don't fancy this data collection and sure agree it's not a bad thing to stop it. Just as I'm fed up with small prints, shrinkwrap licenses and other things we pretend people read and understand that they don't.

When I wrote my comment I thought about somewhat different things. Tracker devices or face recognition is different because it can be done in what marketing calls a "privacy-respecting" way, on device. Yet, it's a fact if someone can point a camera on you, they can match you with their previous data, and if someone can plant a device on you (and devices get smaller and smaller every few years) they can know your location. And it's not about companies producing something, it's about the technologies itself, when the technology can be used for both good and bad things. Like a knife or a laser pointer.

It doesn't make sense to me to tell companies to not produce such technologies. It's impossible to make technologies be usable for good things and not usable for bad things. A knife is always a weapon (or it's not a knife and you can't use it to make yourself a sandwich), a key tracker can always be used to stalk (or it won't be ever useful to find stolen things). But some people are so desperate for "safety" they do want to nerf anything that can be even theoretically abused to absolute uselessness.

Things like this is what bothers me.


Meanwhile, you can get a cheap GPS tracker for the price of an AirTag or two…


And if you want it to report out, it has to have an active cell plan, and the power consumption is rather radically higher than "years on a button cell," so the device is bigger, it needs a clear enough view of the sky to get a GPS signal, etc. They're an awful lot less useful and less discreet. Again, not impossible by any means, but certainly quite a bit less convenient than an AirTag with a removed speaker.


I don't think the typical issue is that someone can maliciously track some other person specifically for years. Longevity of the tracker is an added benefit, not what makes it different.

Honestly, in my personal opinion I feel that only thing that's really different is the company's notoriety. It's no fun to bash Tile (people just don't have any beef with them), but kinda fun when it's Apple. And that they've actually sent out a viral idea ahead of product release focusing attention on this aspect (so, naturally, it echoes back).


That was kind of my point. People can buy these GPS trackers for the same price and have a stealthy surreptitious tracker. What’s new is Apple made so omg, better freak out and write eleventy-one angsty articles about them. In this case I can’t even muster an eyeroll at how silly it is.


If I were actually interested in tracking someone for nefarious reasons, I absolutely would not use an AirTag. I mean, it has a serial number that will lead the police right back to me. I'd use something that doesn't have my name on it.


I just checked and all the reports of misuse so far don’t seem to be “for months at a time”. I can also get a prepaid sim with very little identification and there’s no direct link from an arbitrary gps device to the person who used it.

I think there was a brief surge in people abusing them because they thought AirTags were untraceable, which they very explicitly are not. As apple says in the article they can directly go from an AirTag to the account that owns it.


> I just checked and all the reports of misuse so far don’t seem to be “for months at a time”.

Its also only like 6-8 months old at this point.


Or just get a Tile, that will ping any Amazon echo or Ring doorbell it goes near.


You're both right; it's an interesting question. Something that can't be used maliciously is probably not useful for much of anything at all. OTOH, when the potential for harm is far greater than the potential for good, as it arguably is here, that calls for extra discretion on the part of the developers.


> as it arguably is here

That may be understating it a bit. I honestly can't decide which is greater.

Airtags as-is are nerfed for non-technical reasons as to make them more or less useless to me, despite their ability to be incredibly useful.

For example:

Due to the nag/anti-stalking alerts I can't put them on dog collars due to day-care visits. No way for others to whitelist a tag on their phone, or any way to silence it.

Same goes now for the car. It's annoying to just toss one in each trunk in case of theft or whatnot, since the cars are shared.

The privacy concerns have more or less turned this product into something of a very narrow usage band - aside from a personal bookbag or whatnot I don't see many other realistic uses at this time. Not useful for hiding in my power tools, etc. etc.

I had pretty high hopes for these for some peace of mind (dogs), and I live in a high crime area so being able to track my expensive items has proven useful in the past. I was excited about expanding on this use until they started crippling them.


There are lots of tracking solutions out there, most of which do not even attempt to protect against abuse. So, Apple seems one step ahead of the competition here.

Regarding CSAM, I have not seen any credible threat model with those hash collisions.

> "Buy an iPhone to prevent people from tracking you, and if you want to see where the tracker is, buy a really new one!"

The tracker beeps, and displays information to Android phones, also. They did what they could to make it easily findable.


Have any of the AirTag stalking mitigations actually been defeated by hackers? Besides physically removing the speaker.

The “an AirTag is traveling with you” alerts haven’t been defeated as far as I can tell. Apple tweaked some of the time periods after launch but the core technical mitigations are the same.

I agree the current situation is non-ideal, but it’s not clear to me this is from a lack of sufficient pre-release pentesting.


> The “an AirTag is traveling with you” alerts haven’t been defeated as far as I can tell.

Perhaps not, but they're meaningless to the >50% of the population that doesn't have a modern enough iPhone as their daily carry phone.

Having moved back to a flip phone, I literally have no way to identify if such a tag is being used against me.


And 100% of the population has no way to monitor if a GPS tracker has been planted.


GPS trackers are a lot pricier and often bulkier though, somewhat limiting the probability of it to be used by the average stalker. Barrier to entry is significantly higher.


> GPS trackers are a lot pricier and often bulkier though

A quick look on Amazon UK suggests that there are plenty of cheaper options and, whilst not many, there are options of a similar size to the AirTags.

Now, admittedly, none of them have the same feature set as an AirTag but if you're at the point of buying GPS trackers to stalk someone, I doubt you're thinking about the technical distinctions.


"We have successfully partnered with them (police) on cases where information we provided has been used to trace an AirTag back to the perpetrator, who was then apprehended and charged."

Obviously each air tag is associated with an iCloud account, so this could be quite an effective move on Apples part.


A less charitable reading is "We've had at least 1 solid case of criminal use of the AirTag that lead to arrest and charge.".


Why would that be less charitable? Many things can be abused criminally. Arrest and charges are how our society deals with it if someone does. Deterrence prevents crimes in many cases. Not all, but many.


It's not common for many companies to admit that their product was used for crime, and here is one, in a PR piece about "We care sooo much about our users' safety!"


Some things should just be mandated to be cross-platform, and this seems like a good start. Phones scan for wifi and other BT devices, and this is just another BT device. There's an option for turning on a notification for open networks and authenticating to them, just give me a similar option for BT/UWB/whatever lost trackers.


AirTags last only one year and you can't replace the battery or recharge it? Is that right what I'm reading? I gave up on Tile for that reason about 3 years ago, although they may have added a replaceable / rechargable one.

The Tiles were useful while they kept charge. Apple has a lot larger participant network as well than the tile network.


Not only can you replace the battery, part of the directions for dealing with an unknown AirTag that you found tracking you is to remove the battery.


> We hope this starts an industry trend for others to also provide these sorts of proactive warnings in their products.

I guess they're hoping Tile (or whoever else) will feel obligated to create similar nerfs or annoyances on their trackers? I thought this was interesting because this is one time vertical integration (having a huge network of iPhones) is putting an Apple product at a competitive disadvantage


This kind of scares me. Privacy first tech groups seem to be getting more vocal about trying to change the whole industry.

I hope someday we have a fully open global tracking network, not affected by Apple an Mozilla and all the rest who seem to want to destroy any technology that can be used to invade privacy, regardless of how many legitimate uses it has.


I really thought that Tile would release some sort of fixed LoRa type antennae in popular areas (SF, LA, NYC) managed by them that would act as supplements to their app tracking which they knew was mediocre. I've never been able to successfully use Tile's tracking, and AirTags work great.

I think the Amazon Sidewalk has a lot of potential in this space as a viable alternative to the iDevice network apple has. Google should def release competition that can leverage their device network too, considering their comparable hardware penetration.


Can you give examples?


Battery Status API, Ambient Light are the two big Mozilla examples I know, but I suspect the list may be fairly long. I believe they are also against web bluetooth and serial.

Apple has some permission stuff that apparently degrades Tile on their platforms IIRC.


There is no reason for any of those to be exposed to the web.

For web specs you can't just think "I could do this cool thing", you have to say "what can a random popup ad do with this". Our experience with WebGL shows permission dialogs are a bad experience, and people will also click "yes" to make them go away. Most users report "would you like notifications" from websites as being spam/annoying.


When the only consequence is being tracked, it's mostly fine if people just click yes.

It's generally common knowledge that all sites are tracking you in all ways that they can and any time they ask for a permission it's to spy on you. Users who actually are more concerned with privacy probably will not click every random button.

Which is in itself one bit of trackable information, but that's about it.

Battery status is very useful for kiosk applications. Web Bluetooth is obviously great for all kinds of IoT things.

The more dangerous ones like Bluetooth can require you to explicitly select a target, and most people will notice something is wrong if they see MyBonerBest.io wants to connect to a list that includes their watch and light bulbs.

EU Cookie consent is somewhat changing that all, by training people to click yes on prompts faster than their eyes could even focus on them.

If there is a risk, it's probably more that people click out of reflex than out of not understanding, which can be partly mitigated with improved UI.


Sometimes I wonder if Apple has bitten off too much with this particular product. Not sure it’s worth it.


It was a bit strange that they ever sent "unknown accessory detected" messages. They should say it's airpods.

It was also strange that they told people by notification that an airtag was with them, but didn't let them search for it using precision finding. Why would they do that?


These feel like welcome changes. Don't think it addresses all the past concerns.


Mostly all seem ok. The only one that makes me a little sad is the precision finding tool will make it easier for thieves to spot tags on bikes.


Yeah, but the original purpose was for keeping track of your own stuff, not as a deterrent for theft.

For your bike, I would recommend something from here: https://www.cyclingweekly.com/group-tests/find-your-stolen-b...


It addresses none of the key past concerns. Specifically the ability for the devices to operate with their speakers disabled and no effective means for non-iPhone users to detect they are being tracked. The Android app Apple released is basically useless since it requires manual scanning.


> The Android app Apple released is basically useless since it requires manual scanning.

It is better than nothing. The limitation on background scanning is likely due to Android + diverse hardware not providing a low-power way to do such a thing.

The more effort Apple takes to bind an Apple ID to a real world identity, the more consequence comes from abuse of a tag. The alerting serves to make that consequence more likely.


The only real question is - can I explicitly disable airtag tracking on my iPhone


And a follow-up if the answer is yes: can you still be notified that someone is using an AirTag to stalk you if you do so?


You can opt out of the Find My network:

https://www.igeeksblog.com/how-find-my-network-work/


I have an AirTag that I dropped by mistake inside a taxi in another country over 6 months ago. It is still active, and still reporting up to the minute location to this day... Apple is really minimizing the real issue.


"We plan to update our unwanted tracking alert system to notify users earlier that an unknown AirTag or Find My network accessory may be traveling with them."

How does this work if one doesn't own an iPhone?


There is an Android app which allows Android users to see the same notifications.


Yea, but philosophically, you shouldn't have to opt in (to opt out) - if I don't want to any part of apple's ecosystem, this forces me to actively opt out.


I mean, you could be hanging out with a friend who has chosen to wear a tracking device. I'm not really sure how far you can go with this idea.


What do you want them to do? Shoot brain waves in to your skull to notify you without any device?


There's really nothing they can do short of not doing the airtags at all. The spectrum does not belong to them, it's leased to them and they are a user. We can ask for oversight.


Google/Android already scans for BLE beacons. It could add a notification for a BLE beacon it sees following users.


No, the airtag owner is the user.


What about Tile and other AirTag competitors? None of them even have an app to alert you to unwanted trackers at all.


No love for them either - but your retort is pure whatabout-ism - it doesn't address my core complaint.


Does it also conveniently increase the coverage of the network?


Nope, that requires their magic low power networking chip thing


Funnily enough, the app that works like iPhones (AirGuard, open source) was created by people from a German university.

Apple's own app is almost useless as it only works if the user performs manual scans... but who does that?


https://play.google.com/store/apps/details?id=com.apple.trac...

With 100.000+ installs it seems only a very small percentage of Android users is aware or cares


Look at the reviews. It doesn't seem to work. It requires manual scanning and does not work in the background.


That doesn't help people who don't use Android either.


I’m curious why they don’t add a way to report and kill the AirTag’s signal if you’re being followed by one


Because then it becomes useless for it's intended use.

Say someone put a tag inside their backpack, their backpack gets stolen. The person stealing it can then just open their App, see there's an airtag in the bag, report it and kill its signal.


I think the AirTag stuff will eventually be limited to localized areas where the tags are wirelessly powered.


Just keep nerfing it Apple. They made the beeps louder with this new update too. So every time my wife borrows keys, my car, etc it's gonna go nuts. I guess I'm going to have to rip the speaker coils out of all of them at this point.


TBH sharing keys is a nightmare even without airTags. Honestly recommend each spouse gets their own key to each vehicle. Once my wife had her keys stolen and we made do for a year sharing my car key and it was hell (because both of us prefer the EV to the minivan).

I don't track keys but I track my wallet and my wife does not need or ever ask for that.


Luckily keys are on the way out. Between a August Smart Lock and a Tesla I haven’t carried keys in years and I don’t miss that nightmare.


How are fobs different in this scenario?


You can drive your Tesla using your smartphone app or other devices.


unless if their servers go down, in which case you can't unlock your car


Proximity unlocking does not rely on LTE, and still works. Remote unlocking using the app would not work, because it relies on LTE. So the car can still be unlocked and used as normal in areas where there is no cellular reception. This is not some egregious oversight.


I may be incorrect, but I believe once you are near the car that it can connect via Bluetooth and operate over that local network, rather than going through the public internet and routing commands through Tesla's servers, but again, I could be misunderstanding how those features operate.


Or the cellular network goes down, which happens about once a year during a bad winter storm.


Or just buy them on eBay, pre-silenced.

I'm really not exactly sure what happened here in this "update", other than "FYI, we'll give out information after being subpoenad" and "we'll also include a dialog to say "don't track people with these"."

"So, basically nothing, then?"


It will alert people that they are being tracked even sooner than the threshold now, and it will now play an even louder alert tone.


The "alerting people that a tracking device may be moving with them" is a good thing, though they definitely buried the lede on that, I feel.

A louder tone? I thought a lot of the issue was that people using them nefariously were disabling the speaker entirely, or buying AirTags that others have helpfully pre-disabled for them.


It's nuts that there's no family sharing ability, which would moot this common issue.


Is there really no family sharing features? I see this complaint all the time, but I've never once had a warning despite my wife and I both having AirTags on our car keys ever since they were released. We've had our car complain when one pair of keys are left in it, but never a peep from the AirTags.


The issue is that it thinks you’re being tracked when someone else’s AirTag is near you for a period of time, but the owner isn’t. So if you’re with your wife and her keys, no problem. If you borrow her keys and leave the house without her, then it’s triggered.


These Apple "updates" are just going to get crazier and crazier, aren't they?


So Apples response is the equivalent of a cookie popup? Throw a bunch of warnings in?


What’s missing is Family Support! My wife and I share keys. Where’s that use case?


And yet still no update about sharing an airtag with my family...


They could also make them not work if the speaker is removed.


What is super annoying is getting the AirPods traveling with you notice when you’re around family that live in the same house or when you’re traveling on a plane or anywhere else crowded. It’s completely useless.


I don't want this crowd source surveillance.


Too late for that. Look at how many people around you are using iPhones. They're all taking part in the FindMy network.


Try not buying them.


unwanted tracking should be an open standard.


The funny thing is that people just remove the speakers of that small thingy and hence it should just be banned as a whole


and as the article indicates, they are combating this exact issue by adding additional alerts on your device when an AirTag is traveling with you, as well as giving you the ability to use precision finding to locate the nearby AirTag in case you can't hear it.


The anti-stalker virtue signaling from Apple basically kills any chances of finding stolen belongings. AirTags only work for finding misplaced stuff, not stolen stuff because they will alert the thieves before you get a chance of recovery. This was never an issue with Tile.


Tile never gained enough market traction for it to be an issue. No use using a system to track your stolen goods that can't provide you with a location because there's no phone running the Tile app within hailing distance.


Hilarious. In one statement they claim to prioritise privacy and then also explain why their product is not at all private and can practically be used against the owner by law enforcement.

Apple don't care a jot about privacy. This became clear with the CSAM debacle. That's why I left their ecosystem, and I'm very happy with my new phone running GrapheneOS.


Hot take: There is no conceivable way to make Airtags safe, and they should be banned entirely.

The problem is that by leveraging Apple devices to get worldwide geolocation and data service effectively for free, they make tracking trivially easy in a way that no other entity could.


Should all GPS trackers be banned then? The problem with AirTags is they're accessible; these problems have always existed with any kind of GPS tracking.


Serious question – which commercially available GPS tracker can be used for this purpose? I have been looking for one for years (not for stalking, I promise) and absolutely nothing fits the bill. They are all large (impossible to slip into, say, a purse), expensive, have minimum $20/mo subscriptions (with credit card registration), require you to register a SIM card, and have a battery life measured in days.

Now you just have to walk into an Apple Store with $20 cash and set up a fake Apple ID.


It is non trivial to setup an apple id without tying it to your identifiable information. Using an airtag to track someone will notify them if they have any apple products or check with a non apple phone.

Vodafone curve is a commercially available gps tracker that is about the same size and cost of an airtag. A vodafone sim is £3 a month, and you can sign up for a pre paid sim card without a credit card or providing identifiable info. There is a bike version that ties into a bike tail light for charging. The battery life can be much longer this way.

There are non cell based ones like the See.Sense AIR, the battery life is generally much longer



I think one (more expensive) answer is to use the best tracking service that currently exists: Google Android OS. Buy a small android phone [1]. Put it in power save mode, to reduce power draw, and drop it in.

This would be much less alarming than some tracking device or an AirTag, especially if you put some innocent looking picture on the Home Screen, so it looks like some kid dropped their phone in their purse, on accident.

Reading this comment thread, I assume many here would agree that we should ban all small smartphones.

[1] https://www.androidauthority.com/best-small-android-phones-7...


They tend to be larger and more expensive, because they generally need to contain a GPS receiver to know their location and a cell phone transmitter and data plan to transmit that location.


Invoxia


GPS trackers require that you sign up for cell service, which is a non-trivial obstacle to overcome, and opens the user up to tracking by law enforcement.

Thanks to Apple's usage of their own proprietary network, both difficulties are automatically negated.


You need to link your telephone number to use an AirTag indirectly - i.e. You need an AppleID to link the AirTag to, and you are required to provide a telephone number in order to create an AppleID (which is validated via SMS).

In principle, Apple has the ability to match the AirTag to a phone number (if they do this or not, I don't know).


To add to this, anyone can scan an AirTag that they've found, with NFC, and get the serial and last four digits of the owners phone number.


Regardless of how convincing you can be that banning them would be a good idea, under what legal framework could they conceivably be banned (at least in the United States)? You can literally buy guns just as easily in many places in the United States (granted, guns are more expensive). Maybe the FCC could make try to argue that they have the authority?


I don't see how you can ban AirTags without also banning products like Tile


Or any GPS enabled device that also has a cellular connection


The key difference is in Apple's market penetration -- Tile tried to build something like Apple's Find My Network™ but it was largely useless because it only worked if random people near the tag were running the Tile app in the background.


I understand why people are concerned about AirTags and not Tile. What I'm saying is, it seems difficult to ban a given implementation of a technology based solely on the number of users. I don't think a framework even exists for us to say "Tile cannot allow their app to be installed on more than X number of smartphones".


Presumably any new ban would also cover Tile.


You might as well say the same for any product that can be misused by criminals. I use crowbars to lift heavy objects, but they can also be easily used for leveraging open doors that I have no legal access to...


mmm the free part

maybe they should make airtag operators accumulate freely tradeable data credits and iPhones reject relaying location data without a balance of credits

helium network works this way

for airtags it would make bad behavior more expensive and maybe another way to track bad actors or disable their ability to be a bad actor.

or not. just saw the free part


What is unsafe about airtags that is unique?


First apple creates a cheap spying tool that makes it simple to break the law and then "condems" its illegal usage. How is this any different from groups that sell hacking tools?

If they were really concerned about privacy, they'd make set a higher bar to track things across their network - eg. Require Filing an official police complaint of the loss and submit the paperwork to get access to the tracking - win/win. You could still allow local Bluetooth tracking within range of the phone like Tile as that can conceivably be used only for personal items.

Instead, they're pushing the responsibility of safeguarding from their spying tools back to people

I'm sure they're going to be very soon be hit by a lawsuit from someone rich who doesn't really care about how much it costs to take them on. Their legal seems to have been asleep at the wheels.


> How is this any different from groups that sell hacking tools?

You can use a hammer to break into a house. Still legal to buy and sell hammers.


> In an upcoming software update, every user setting up their AirTag for the first time will see a message that clearly states that AirTag is meant to track their own belongings, that using AirTag to track people without consent is a crime in many regions around the world

That really should do it. I mean, in the unlikely event that a message to first time users doesn't solve the problem of people being stalked using AirTags, go ahead and keep working on the other updates. Belt and suspenders. But my guess is, it won't be necessary.

They should consider adding a message for iPhone users to tell their friends with Android phones that they "should be really careful not to get tracked by AirTags, because there's no way they'd know about it".

/s


They can just install an app if they're worried about being tracked by AirTags: https://play.google.com/store/apps/details?id=com.apple.trac...

Just remember to add the Tile app too, it does the same thing.


Wont run in the background though - you have to actively think to use it each time your worried about being stalked.


There are other apps that run on the background, that's just the official Apple one.


Don't forget the Samsung SmartTag app!


> New privacy warnings during AirTag setup: In an upcoming software update, every user setting up their AirTag for the first time will see a message that clearly states that AirTag is meant to track their own belongings, that using AirTag to track people without consent is a crime in many regions around the world, that AirTag is designed to be detected by victims,

I expect that this will be about as effective as the antipiracy warning at the beginning of every movie is.

> and that law enforcement can request identifying information about the owner of the AirTag.

Haven't there been a lot of stories of victims going to police with an AirTag, but this not happening?

> iPhone 11, iPhone 12, and iPhone 13 users will be able to use Precision Finding

How convenient. Now you need a modern, expensive Apple product to protect yourself from stalkers.


> How convenient. Now you need a modern, expensive Apple product to protect yourself from stalkers.

To be honest, this is more about technical capability than an intentional lock-out.

If older phones simply don't have the hardware to do precision finding, what would you propose Apple does? No precision finding for anyone?


I'm pretty sure many modern Android devices have the required technical functionality including UWB.

Airtags as global trackers should not exist. Finding things locally is a completely different use case.


Design products so this isn't a problem in the first place.


What do you want, a time machine?

You can still find the AirTag just fine, you just won't get the fancy "hot potato" animation and precision distance/direction that UWB offers.


I had someone in the law enforcement community reach out this week to ask if I knew of a way to determine an owner of an AirTag. I mentioned that they should be able to reach out to Apple to identify the owner, but, the serial number had been removed and wanted to know if there was a way to pull it from memory in a forensically safe way, as Apple required the serial number for these requests.


You can just hold the AirTag to an NFC-enabled phone and it'll open a webpage with the tag's details.


Honestly they should be required to offer an Android app that even though don't let you pair your own airtag, could notify you if someone is stalking you.


They do offer that - it's called 'Tracker Detect' on the play store (by Apple).


Unlike iPhones, it doesn't notify you. You have to open the app and start a scan manually every time.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: