return to table of content

Apple and Google deliver support for unwanted tracking alerts in iOS and Android

pompino
153 replies
22h50m

It’s possible the tracker is attached to an item the user is borrowing, but if not, iPhone can view the tracker’s identifier, have the tracker play a sound to help locate it, and access instructions to disable it.

That means someone can steal your stuff, and then disable the tracker so you can't find it. Most people and myself included were sticking these cheap tags on everything we own, and it was genuinely useful during travel or in scenarios where theft was a consideration.

thebruce87m
65 replies
22h45m

That means someone can steal your stuff, and then disable the tracker so you can't find it.

This is by design. AirTags were never marketed as an anti-theft device. They had anti-stalking features from day one which were/are at odds with anti-theft.

It was marketed as helping you find things that are lost, nothing more.

pompino
25 replies
22h44m

Design doesn't matter after a point - you have to meet your users on their turf. Most people were using it for other reasons - and if Apple's stance is, fine - don't buy it, then so be it.

ezfe
11 replies
22h30m

It's been that way since day 1

pompino
10 replies
22h14m

No, not in a free society. For any product, users should be free to use it for any (legal) use they see fit.

Artificially limiting the use of a product goes against the hacker culture.

https://en.wikipedia.org/wiki/Hacker_culture

Uehreka
2 replies
21h49m

For any product, users should be free to use it for any (legal) use they see fit.

None of these companies ever agreed to be bound by that value, and aren’t under any obligation to adhere to the tenets of Hacker culture. Hackers as a group have failed to convince the public that these things matter, so as far as these businesses are concerned, they don’t.

Like, I agree, it sucks when companies restrict what I can do with a device. But when that happens I don’t talk about it like they betrayed me, I knew what I was buying and decided to buy it anyway.

pompino
0 replies
20h41m

Do you think online protests or discussing these issues results in any tangible outcomes? (I do)

JumpCrisscross
0 replies
21h43m

Hackers as a group have failed to convince the public that these things matter

I distinctly remember friends at Apple being surprised, in the aftermath of San Bernadino, at the backlash they received for refusing to break the encryption on the shooter’s phone for the FBI [1].

[1] https://en.m.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption...

sodality2
1 replies
22h3m

You’re free to use the purchased device. You’re not free to demand changes. It’s not like you’re unlocking functionality that should be built in. Changing this would require patching the firmware of every iPhone

iamthirsty
0 replies
21h58m

You’re not free to demand changes.

I mean, technically you are — doesn't mean anyone will listen.

tdeck
0 replies
20h25m

So why are you trying to artificially limit the use of my phone to alert me to other people's tracking devices?

ribosometronome
0 replies
20h26m

Using a tech device to find and disable hidden trackers is pretty "hacker culture".

neallindsay
0 replies
20h6m

I can use a steak knife as a screwdriver but I wouldn't expect it to be good in that role.

criddell
0 replies
22h0m

Hacker culture would mean working around the limitation, not complaining that some consumer product doesn’t work exactly how you want it to work.

FWIW, there are videos on YouTube showing you how to silence the speaker. No idea if they work or not, but it's hacker culture at work.

chollida1
0 replies
18h56m

The reason apple designed it this way is so that someone can know if they are being tracked. If an air tag not associated with your phone is close by for a certain period of time, then it notifies you that you are being tracked.

This is a safety feature and its been there since day one.

asdfaoeu
5 replies
22h32m

There's two products here Bluetooth trackers and phones. People don't want to buy phones that expose themselves to tracking by other people.

pompino
4 replies
22h4m

Every phone is already being being tracked and logged. What youre really saying is that people often tolerate some tracking if done by CIA/phone company/Apple/Google/FB. We're just playing with semantics here. Tracking is either acceptable or not. The only real solution is to go off-grid.

tdeck
1 replies
20h23m

It's reasonable for a person to have a threat model that's more concerned about their violent narcissist ex attaching an AirTag to their car than about the CIA.

PurestGuava
0 replies
11h40m

It's astonishing how few people actually seem to realise this.

wolfendin
0 replies
10h33m

CIA/phone company/Apple/Google/FB/some rando are all different, independent, situations; as a reasonable adult I have decided that some of them are acceptable, some of them are not.

datadrivenangel
0 replies
14h48m

If the FBI wants to obliterate me, they can get a warrant and send goons to my house. The costs of preparing for that threat model are excessive, so I don't.

If some scumbag ad company wants to track me, they can eat shit on my adblocker and not track me. The cost of preparing for that threat model is trivial, so I do.

fkyoureadthedoc
4 replies
21h43m

Most people were using it for other reasons

Source? I just use them to find my keys and remote, didn't know it was popular to try and recover stolen property given the alerts when you're near not-your-airtag for any length of time.

superb_dev
0 replies
12h52m

To no one's shock, the police departments are giving poor advice

dragonwriter
0 replies
4h50m

Police department recommendations are often wrong, and often based on either poor information about the domain the advice is being given in or actively-promoted (by police leadership) disinformation.

Police agencies aren't systematic domain experts except in the application of force to obtain compliance, as well as not having an interest in accurate advice.

macintux
0 replies
20h48m

There have been news articles since practically the day of release. I tracked stolen keys to a house a few miles away, but didn't feel like risking my life for them.

There are any number of products allowing you to mount them inconspicuously.

madeofpalk
0 replies
21h53m

The device, from the beginning, was not designed as an anti-theft tracker. It’s always had features that made it unsuitable for this use case. At every point Apple has made it very clear they’re not interested in meeting users on that turf.

Users can say they’re not interested in it because it doesn’t suit their needs - that’s completely fine.

CPLX
0 replies
18h9m

The killer use case here, as I think most people have figured out, is figuring out where your stuff is when it's in a system you don't have visibility into. Like if UPS says it's "on the way" from NYC to LA or something, and especially if the airline isn't sure where your luggage is. It's just spectacular for that.

And of course where did I leave my keys and is my backpack in the car or at work stuff, but that's the obvious/advertised use.

zarzavat
19 replies
15h59m

Perhaps something was lost in translation then. The most likely reason to lose things is because they are stolen.

sambazi
4 replies
9h53m

The most likely reason to lose things is because they are stolen.

you should probably move

zarzavat
2 replies
7h49m

There’s not many places in the world where theft isn’t a concern. Just small villages where everybody knows each other, and repressive countries.

Singapore is the only place I’ve been where I didn’t worry about theft.

jobs_throwaway
0 replies
4h43m

Theft is a concern where I live in Brooklyn but its an order of magnitude less likely that I lose something to theft vs me misplacing it

franga2000
0 replies
7h14m

There's a big difference between "theft isn't a concern" and "theft is the main reason things are lost". A place where you're more likely to get your things stolen than you are to misplace them is definitely a place with above-average crime rates.

And while I don't know where you've been and what your tolerance level for "worrying about" theft is, I've never worried about theft anywhere but very touristy places in huge cities.

michaelt
0 replies
2h15m

Perhaps zarzavat just isn't prone to losing things.

Personally, I'm careful enough with my keys etc (and lucky enough) that I don't lose them - I lived for several decades before the invention of the airtag, and developed habits not to lose things.

On the other hand, bicycles getting stolen? That happens.

nexus7556
4 replies
15h47m

Uhh, I don't know about that. Since getting airtags I've misplaced my car keys multiple times, left my wallet on an airplane, and had multiple airlines misplace my luggage. In that same time I've not had anything stolen.

hackernewds
3 replies
12h16m

Your anecdata is not data

peddling-brink
0 replies
10h48m

But it serves to counter a ridiculous sweeping generalization.

kibwen
0 replies
6h7m

Anecdata suffices to counter anecdata.

freedomben
0 replies
1h31m

It is when it's countering other anecdata. If anyone has actual data then by all means show it and that will trump the anecdata, but without that, anecdata is all we have.

jb1991
3 replies
7h7m

The most likely reason to lose things is because they are stolen.

That gave me a good laugh.

weberer
2 replies
3h49m

It sounds silly, but I understand where he's coming from. I used to live in Philadelphia. You couldn't leave your bag down on the subway without someone running off with it right before the doors closed.

kelnos
0 replies
8m

Sure. I also live in a place where you can't leave your belongings unattended even for a short time without a high risk of them getting stolen. But there's a simple solution to that: don't leave your belongings unattended, ever. Everyone I know who lives where I live knows that, and the incidence -- at least among my friends -- losing things to theft is super low.

I don't think this is a good situation, mind you, but I think people in my circle still misplace things orders of magnitude more often than their stuff gets stolen.

freedomben
0 replies
1h33m

Wild. a family member of mine has paranoid schizophrenia and if something isn't where she thinks it should be she immediately jumps to "it was stolen." Even if the glasses are on her head or the phone is literally in her hand, she'll declare it was stolen and get upset.

It makes me wonder if she lived in one of those places earlier in her life (before I knew her) and might be more justified than it seems... ?

stephenr
1 replies
12h52m

I don't know where you live but that isn't at all true anywhere I've lived.

I've had two reasons to need to "find" things with AirTags where I specifically didn't know where they were:

- airline bungle, so luggage was left at a transit airport.

- forgetting where something had been put down.

But the most common usage is the opposite, positive confirmation: we've just left for the airport, check if everything says "with you" once you're a few hundred meters down the road.

If the most likely reason for something to be "lost" is that it was stolen, maybe you should move somewhere with a less than apocalyptic level of petty crime.

amelius
0 replies
8h57m

I was told airtags stop working when the tag moves along with an iphone (for privacy reasons). This would happen on an airline.

renewiltord
0 replies
12h57m

Not for me. It’s cure for forgetfulness.

nazgulsenpai
0 replies
5h14m

I've lost my car keys hundreds of times and they were stolen exactly 0 of those times.

sandworm101
9 replies
22h27m

> helping you find things that are lost, nothing more.

So it is now on me to know whether my object is lost or stolen? Even if I magically knew all the details, that isn't a bright line rule. One person's "lost" luggage is another's stolen electronics. Clearly, more people are using these things to track down stuff that has been taken rather than find the remote control lost somewhere in their living room.

Will apple allow people to disable the tracking of other people's iPhones too in the name of privacy? What if my wife leaves her phone in my car? Can I get tracking disabled on that phone so she cannot track my location?

microtherion
6 replies
21h16m

So it is now on me to know whether my object is lost or stolen?

No. AirTags let you track your objects whether they are lost or stolen. It's just that they also alert potential thieves to their presence, so any reasonably competent thief will be able to disable them.

Clearly, more people are using these things to track down stuff that has been taken rather than find the remote control lost somewhere in their living room.

My use cases are to (a) find items that I misplaced or lost somewhere on my own. (b) track the whereabouts of luggage that got lost by an airline.

These cases are not particularly hindered by anti-stalking mechanisms.

cyberax
5 replies
21h8m

My use cases are to (a) find items that I misplaced or lost somewhere on my own. (b) track the whereabouts of luggage that got lost by an airline.

You are technically not allowed AirTags in luggage because they contain li-ion batteries.

jerlam
2 replies
20h37m

Nor do AirTags contain lithium ion batteries, they use standard non-rechargable CR2032 cells.

Jtsummers
1 replies
20h20m

CR2032 batteries are lithium batteries, so they do fall under the rules for "Spares" (no to checked baggage). They are permitted "In Equipment" for checked baggage. They are on the "Lithium Metal" row as one of the three example photos.

microtherion
0 replies
4h12m

At some point, airlines were raising concerns, but the rules have changed.

When I recently pointed out to the lost luggage department at an airport that I knew for a fact that the luggage (or at least the tracker) was right at the airport, they did not appear to be surprised or concerned at all.

happyopossum
0 replies
22h13m

So it is now on me to know whether my object is lost or stolen?

This isn't new - AirTags have always been this way. The only thing changing today is the cross-platform and 'standard' aspect to it...

dragonwriter
0 replies
4h54m

Clearly, more people are using these things to track down stuff that has been taken

Clearly, adding “clearly” before a slight rephrasing of the unsupported assertion made upthread doesn't turn it into a supported claim.

beeboobaa3
6 replies
3h52m

It's interesting to think about how AirTags generally go against the wishes of the owner of the device.

The AirTag has anti-stalking protection. An important feature, but not something the owner of the AirTag may want.

iPhones share the location of nearby AirTags with apple. Good for the owner of those AirTags, but the owner of the iPhone may not want this.

Shank
4 replies
3h6m

The AirTag has anti-stalking protection. An important feature, but not something the owner of the AirTag may want.

Yeah, that’s like, the issue with trackers. If I buy an AirTag to stalk my ex girlfriend, why should Apple want to help facilitate that goal?

freedomben
3 replies
1h35m

You're right of course, but this represents a huge shift in the way we think about our computers now, and speaking only for myself I don't think I like it.

It used to be that when you bought a computer, it was yours. It did your bidding, nobody elses. Security features it had were about keeping other people out, not keeping you out of your own device.

Now, mostly IMHO thanks to Apple, the idea has really shifted. The owner of the device is a "threat" just like anybody else is. The device protects itself against unauthorized actions from the owner, and it does what the mother company wants it to do, regardless of the owner's desires. If the owner is trying to stalk somebody, then that's a better outcome than having the stalker enabled, but we don't get to pick and choose which things the device follows it's owners desires or the mother company's. If the mother company wants you using their chosen DNS servers, or exfiltrating user data for analytics, or showing you ads (Amazon especially), that's what will happen. Now that we've made it acceptable for companies to behave like this, they are going to (ab)use it to the max. I think this is a tragedy of the commons personally. People optimizing for individual use cases at the expense of the collective, leading to disastrous results for the collective.

burnte
1 replies
1h3m

It used to be that when you bought a computer, it was yours. It did your bidding, nobody elses. Security features it had were about keeping other people out, not keeping you out of your own device.

Yeah, but when your device can infringe on others, it's ok to curtail those features. No one has unlimited rights.

AnarchismIsCool
0 replies
14m

That's a very problematic argument though. My the same logic you could say "people shouldn't have free speech because they might say something mean.

CobrastanJorji
0 replies
1h11m

Isn't this a success of the commons? Apple decided on behalf of everyone else to use THEIR phones to find YOUR missing thing. That's a win for you as the owner of the AirPod. In order to make that decision palatable to the crowd, they tried to make sure your ability to use their phones without asking had minimal opportunity for abuse (they don't want you to be able to track them with their own phone).

comex
0 replies
51m

iPhones share the location of nearby AirTags with apple. Good for the owner of those AirTags, but the owner of the iPhone may not want this.

You can turn this off. Though, doing so is bidirectional: it also prevents your phone from sending out its own Bluetooth beacons when it’s not connected to the Internet, for other phones to pick up. Which might not be what you want. But if you’re worried about privacy impact, it probably is what you want.

Also keep in mind that the protocol already minimizes privacy impact by, among other things, encrypting the location coordinates with a key Apple doesn’t have.

oblio
1 replies
10h15m

They weren't marketed but it was implied. If you forgot, they had to patch them a while after release due to stalking concerns so that "day one" point is moot.

thebruce87m
0 replies
9h12m

I watched the release live. They have altered the timings of the anti-stalking notifications but they were there on day 1.

Edit: here is an article around the time of release describing how they work: https://www.washingtonpost.com/technology/2021/05/05/apple-a...

To discourage what it calls “unwanted tracking,” Apple built technology into AirTags to warn potential victims, including audible alarms and messages about suspicious AirTags that pop up on iPhones. To put Apple’s personal security protections to the test, my colleague Jonathan Baran paired an AirTag with his iPhone, slipped his tag in my backpack (with my permission), and then tracked me for a week from across San Francisco Bay.

I got multiple alerts: from the hidden AirTag and on my iPhone.
kstrauser
43 replies
22h37m

Yep. That ruins half the value of AirTags. It's a limitation that their competitors, like Tile, didn't have until very recently.

Every time this comes up, someone butts in with "they're for lost items, not stolen ones!", which is technically accurate but pedantic beyond reason. "Stolen" is a special case of "lost" for most people. In both cases the object is out of the owner's possession. "Stolen" just means it's deliberately missing and not accidentally so.

I understand, sympathize, and support the idea of making life harder for would-be stalkers. My gut instinct says non-notifying AirTags would make life harder for many more thieves than the self-tattling AirTags does stalkers. Apple and Google agree with each other that inconveniencing those losers outweighs abetting thieves. That's their decision to make. I'd still be irritated if I couldn't find my lost-with-the-help-of-a-thief bike because my AirTag told the thief I was looking for it.

smeej
14 replies
22h29m

I think the idea is that thieves that have already been successful at removing the item from your possession are much less of a threat to your life than someone who is actively tracking where you are. It's a debate worth having, which one should be the priority, but I can appreciate the logic of doing it this way.

kstrauser
13 replies
22h16m

I can, too. I can also think of counterexamples: if a person is broke, they use their bike to get to work, and someone steels it, that's going to give them a very, very bad week. There's some hard calculus there I'm glad I'm not in charge of. Blocking 1 stalker is clearly more important than blocking one sunglasses thief. I suspect that blocking 1,000 bike thieves would have a bigger societal benefit than blocking 1 stalker.

These are hard questions. I can appreciate the challenges. And yet I'd still be highly peeved if I could my AirTag laying on the ground because it alerted a thief who then removed and discarded it.

vlovich123
8 replies
21h5m

I think we can agree that victims of domestic abuse and stalking have a risk of physical harm and that physical harm trumps property rights / being peeved right?

This is a 0-sum choice & erring on the side of not letting this product be used for stalking seems like a sane choice. There are stalking products you can go buy that are more expensive that can give you the theft protection you want. Apple's and Google's monitoring network is unfathomably large and can passively monitor any device anywhere in the world. The threat vectors they have to balance against abuse is completely different.

kstrauser
6 replies
20h40m

You say that right after I give an example of where property crimes can seriously mess up someone’s life. Yes, 1 person’s personal safety is more important than 1 person losing a convenience item. If it were a choice between 1 person’s safety and 1,000,000 persons’ transportation, I’d pick the latter every time.

The choice Apple faced clearly isn’t 1 stalking victim against 1,000,000 people unable to get to work. I use that example to show that it’s not as simple as “safety vs annoyance”. Apple and Google ran the numbers and erred on the side of safety. That doesn’t make it an automatic or simple choice.

vlovich123
5 replies
18h42m

Think about it this way - without AirTags and with AirTags + anti-stalking, your bike theft scenario is unchanged. Without airtags and with AirTags without anti-stalking, your personal safety scenario is worse. Those are the discussions I remember when I worked on CoreLocation at Apple. It had nothing to do with running the numbers, at least pre-development. I would be slightly surprised if someone tried to put numbers to that - Apple is pretty values-based when it comes to those kinds of decisions.

The stalking issues go well beyond personal safety. Police officers, judges, politicians and cops who now have to worry about someone chucking a $25 airtag in their car which is much easier to do innocuously and those people have power to craft regulations and laws. Abortion rights are even more contentious now & stalking comes up there.

There just isn't a scenario where opting in the entire world-wide smartphone community into enabling mass stalking at a never before price point is a net positive - there just aren't enough poor people with stolen bikes to shift that equation. There's a reason AirTags destroyed Tile - Tile's network is laughably small & would always be that way compared with the reach you get at the OS level. That drastically shifts the threat model.

kstrauser
3 replies
18h28m

We'll never know. The personal safety issues are important and I'd never argue otherwise. Having cheap, effective crime deterrence seems like it could be a nice thing if you could wave a magic wand and remove the stalking angle. Apple keeps adding features to those ends, like the new Stolen Device Protection updates, that shift the risk-reward math for device thieves. I could still buy a cheap used phone and stick a SIM in it, hide it in a victim's car, and use that to track them without alerting them to it. And still, we get nice tools like Find My because more people are likely to lose their phone or have it stolen than to stalk their exes with it.

I understand the personal safety issues. They're important. I get it. That doesn't stop part of me from wishing I could use these cheap, convenient lost item devices to help me track down stuff that wasn't exactly accidentally lost.

vlovich123
2 replies
17h3m

Buying an old phone or watch and using FindMy is a compelling counter argument. The problem is that the cost of that is meaningfully higher - it’s a $25 one time purchase vs ~$50-100 + a recurring ~$30/month. The size of the device is another one - the phone or watch is substantially bigger than an AirTag (or how small an AirTag could become over time). Finally, a phone or watch has a much shorter battery life to support tracking. You could trade off accuracy for a much longer battery life, but you’re still capped to maybe a couple of days or even a week if you really know what you’re doing. That’s compared with ~1 year of unattended AirTag use.

As for crime prevention, I think you’re overestimating how much of a benefit that would have. Stolen device protections remove the value from the stolen device. That’s not the case for your stolen bike - thieves don’t actually care if you can track the device because a) knowing where your stolen property is doesn’t actually aide in it getting recovered b) as long as they can move the stolen product along quickly enough the information becomes too stale to action on it (remember - police usually need a search warrant). My cousin’s car got stolen with AirTags in it but he got lucky in that the police did something about it - plenty of news stories of AirTags in cars with people trying to get the police to do something and the police not being able to for a variety of reasons. And that’s cars which are orders of magnitude more expensive than bikes that police won’t bother with. Look up VanMoof theft stories to convince yourself that tracking is useless: https://www.reddit.com/r/vanmoofbicycle/comments/zbexyr/upda...

diebeforei485
1 replies
12h43m

Smart watches are not meaningfully larger than airtags if you take the wristband off, and a cheap prepaid plan for $5 or $10 would be more than sufficient. You also don't need FindMy because the cell network itself can triangulate.

There are also dedicated devices, such as this one - https://www.t-mobile.com/devices/iot/syncup-gps-tracker-devi... - and lots of companies in China make similar products.

There is a genuine need for anti-theft technology. Apple doesn't have to address that market, likely because they're afraid of brand damage, but stalkers already have plenty of options available.

vlovich123
0 replies
3h55m

As I said, the battery model is drastically different for active trackers. 7 days of surreptitious monitoring vs 1 year changes the risk profile of noticing these trackers / how many you can have before the logistics of recharging all of them wears on you. And if you’re unlikely to recharge each of these every single day, your protection drops on average to 3.5 days.

It’s not just brand damage - passive tracking using every single smartphone opted into the tracking vs active tracking where you have to expend more battery AND pay for an ongoing cellular connection each month is a tangibly different use-case with different threat models.

nsagent
0 replies
3h31m

Thanks for sharing your experience at Apple. It's really valuable to understand exactly how decisions are made at big tech companies, especially for sensitive issues like this.

That said, I'm saddened that the approach seems shortsighted, since it doesn't sound like it considered a holistic picture, but rather was based on a specific value judgement. This seems to put other issues, like the whiplash around the approach to CSAM into perspective.

servus45678981
0 replies
13h20m

That isn‘t enough reason to make these things useless. A knife can be used to kill someone and to cut meat. And we still haven’t removed the sharp edge, have we?

zeroimpl
2 replies
19h21m

Even if the tracker didn’t alert the thief, how hard is it for a thief to find a tracker on the bike on their own? I don’t think an AirTag is going to save too many bicycles.

Seems like the calculus would only make sense when you are talking about big expensive items - cars, boats, RVs. But for those you probably want a non-bluetooth solution.

matsemann
1 replies
10h45m

The bikes getting stolen here are people's "cars". Electric cargo bikes with room for two children is what people use to get around. Getting that stolen ruins daily logistics for people. They cost up to $10k, which is a significant amount of money. People should really rethink the societal cost of bike thieving, they are both more expensive and more integral in how people move around. Not just children's toys.

I only want AirTags or similar to guard against thieves. So if that is not going to work it's quite useless for me. Luckily for bikes, there is https://bikefinder.com/

vel0city
0 replies
3h9m

So I've got the tools to cut that thick bike chain but I somehow can't pull device inside the handlebars out or destroy it? It looks like their special tool is just a star security bit.

And also, would it really hold up to just being cut with whatever tools the thief used to cut your bike chain?

barkbyte
0 replies
21h8m

Stalking is way more common than successfully recovering items with a tracker like this. It’s usually a bad idea to even try. I followed a tracker into someone’s yard only to discover that the thief had thrown the tracker over the fence and I was just trespassing.

pompino
13 replies
22h26m

Yes, I think the PR backlash for such features is too great that it spoils them for the rest of us.

When people "misuse" any technology, it seems the consensus nowadays is that the responsibility is shared between the technology creator/owner and law enforcement. Personally, I'm not fully sold as this is mainly a sociopolitical question.

vlovich123
10 replies
21h3m

It would 100% be used for stalking & be directly contributing to easier violence against victims. Not sure I buy the argument it's purely because of image PR reasons vs there being a genuine well-founded harm-minimization strategy for why it's designed this way.

pompino
4 replies
20h47m

You can call anything you do as a "genuine well-founded harm-minimization strategy", but nobody is out there banning knives and gardening shears and shovels and baseball bats and other tools that can contribute towards "easier violence" because of the cost to society. You either have an absolutist/ideological view on this, or you're willing to compromise. Ultimately its a matter of perception, and then too, some people are easier to convince than others.

vlovich123
2 replies
18h59m

I really don't understand your argument here. No one is banning you from building stalking devices. Apple and Google have chosen by themselves not to do that & are working to standardize their particular implementation (which you can also see in this thread there's a lot of support for). That's very different from banning knives and gardening shears.

And I think you are taking a very US-centric view. For example, switchblades & similar quick-open knives aren't legal in many jurisdictions. So yes, many countries recognize that tools have a trade-off and are willing to legislate their usage depending on problems being observed.

It's very rare to find a true absolutist on any idealogy unless they're completely blinded - it's just that they draw the line further away than someone else / need a stronger argument to convince them. For example, I'm going to guess that you're not in favor of laissez faire with respect to nuclear weapons & tech - cause that shit is actually really easy and cheap to build these days & the sole difficulty is the regulations that surround it.

pompino
1 replies
15h18m

I really don't understand your argument here. No one is banning you from building stalking devices

I use airtags to not just locate lost stuff, but also as a potential means to find stuff when stolen. Its not about me wanting a way to stalk someone, what a bizarre thing to say!

It's very rare to find a true absolutist on any idealogy unless they're completely blinded - it's just that they draw the line further away than someone else / need a stronger argument to convince them.

Oh, I'm not a libertarian, I'm firmly pro-government. I'm just not pro-nanny state. I'm willing to compromise if the other side is too. However am I not allowed to complain, even a little?

vlovich123
0 replies
4h13m

Its not about me wanting a way to stalk someone, what a bizarre thing to say!

Please describe how what you’re asking for is different than stalking the people who stole your stuff? More importantly, how would Apple/Google know how to differentiate between the two use-cases?

However am I not allowed to complain, even a little?

You can always complain but your complaint is pretty non-sensical because this is private corporations making a decision and government isn’t involved, so it’s unclear how this is a nanny state. Go build your own tracker that meets your specifications?

trallnag
0 replies
20h10m

Countries like the UK are absolutely banning knives, forks, etc.

KennyBlanken
4 replies
13h2m

And yet tiles have been out for something like a decade and I've never seen a news story about them being used for stalking.

100% indeed...

Stop your screeching that is feeding the asinine moral panic that has resulted in these things becoming worthless for tracking packages and stolen items.

vlovich123
2 replies
3h59m

1. You need to go compare the reach of how good Tile’s tracking is vs literally nearly every smartphone being opted-in transparently into tracking these tags. This is drastically different.

2. Tile is a smaller target, so “I’ve never seen a news story” just means the reach of any such story is smaller.

3. Maybe Tile already has similar protections? It’s against their TOS [1]

4. Tile has been sued for stalking [2]

5. Tile is offering an anti-theft feature provided you have to use biometrics & give them a government ID and you have to agree that they’ll sue you if you use it for stalking [3]. So Tile too is clearly concerned about the stalking problem, they’re already being sued around it, & they’re a drastically smaller target than Apple and Google (no one is going to craft legislation around what Tile is doing). Apple is 3x the size of Tile by itself.

You can disregard it as moral panic but how would you distinguish that from a genuine concern of the potential for an abuse for a technology? Strict liability isn’t popular these days but it has ebbed and flowed as a doctrine. Failure to try to try to do a good faith attempt to prevent this problem would certainly land Apple and Google into hot water when a case of stalking inevitably happens using these devices.

[1] https://support.thetileapp.com/hc/en-us/articles/44102774937...

[2] https://whlawoffices.com/blog/why-was-tile-sued-for-tracking...

[3] https://techcrunch.com/2023/02/16/tile-takes-extreme-steps-t...

kstrauser
1 replies
3h13m

3. Tile doesn't (or at least didn't as of when I replaced my last one with an AirTag). I don't put much weight in the TOS bit; I'm sure it's against Apple's, too.

5. If Apple launched an AirTag Pro at twice the price with these controls but otherwise identical hardware, I'd be all over it. They're leaving money on the table.

vlovich123
0 replies
1h59m

Here's a news story about stalking: https://www.nytimes.com/2022/12/06/business/apple-airtag-law...

Here's Tile adding anti-stalking features: https://techcrunch.com/2022/03/17/tile-launches-its-anti-sta...

So which is it? Is it unjustified moral panic with 0 evidence of harm & Tile isn't doing anything or are you just upset that these big companies aren't building the product you want to buy?

With 5 you're now shifting goal posts by introducing a non-sequiter to my point 5. I've clearly highlighted that Apple always balances money-making opportunities against their values around privacy & public safety. No one is forcing you to buy this product. You should also fully expect to see Tile utilize this standard so that they can leverage the reach of having every smartphone in the world scanning for these instead of just other Tile customers.

stephenr
0 replies
12h41m

How would anyone know they're being stalked that way if the device explicitly doesn't notify the person it's stalking?

skybrian
0 replies
22h12m

Thinking system-wide changes through is what public policy is all about, and the same should probably be true of shipping devices in the tens of millions.

(That doesn’t mean it’s easy. Doing pilot studies is a good idea.)

kstrauser
0 replies
22h9m

I think you're right. I get the push toward that consensus. There are plenty of makers (cough cough Purdue Pharmaceuticals) who make awful, abusable things and then say, hey, it's not our fault people are misusing them! It still sucks getting caught in the middle.

kjkjadksj
5 replies
20h4m

There is a big liability issue for these companies if they say its for tracking stolen items. Anecdotally according to reddit threads, police don't care if you have the tracker showing its at the thiefs house, thats not enough evidence to do anything and its not an active crime with people in danger worth being prompt about. law enforcement also don't want you to confront the thief due to the risk of that situation escalating. If these companies start advertising for stolen items they are effectively encouraging vigilanteism and you can imagine how much of a legal headache that will be as soon as the first airtag user is shot dead.

dhosek
4 replies
18h16m

It’s not the police can’t do it, it’s that they don‘t want to do it.

kjkjadksj
3 replies
16h56m

Airtag pinging a location that may not even be accurate is not a reasonable cause for search nor even enough information to know where to search in some cases. Imagine the airtag says it is in an apartment complex. Which of the hundreds of units in that building do you decide to barge through and search? All you have is a 2d map and 35ft resolution on a good day.

caf
1 replies
12h33m

It's not enough for a search but it's enough to knock on the door and ask.

kjkjadksj
0 replies
8h17m

How do you expect this to work out? "Hey did you steal my phone?" Again if its a multistory building you aren't finding the correct door.

dhosek
0 replies
2h58m

Yes, but it should be enough if the victim of the theft was able to walk into the store and see his bike there.

If you ever have something stolen, ask the cops how much time and effort they’ll dedicate to finding the stolen goods. They do not care.

criddell
2 replies
22h12m

Apple doesn't want stalkers and they definitely don't want any part of leading people into confrontations with thieves.

AirTag isn't the right product for you. Buy a tracker from somebody else.

trallnag
1 replies
20h11m

This so much. Confronting thieves is always a bad idea. I prefer to view it in a positive light. The thief probably needed the stolen item more than I did. The thief is happy, I am happy for the thief. The overall happiness in the world has increased!

meindnoch
0 replies
2h11m

Imagine being this cucked.

bloppe
1 replies
22h15m

It's a fundamental tradeoff. And who's affected in each case?

The anti-stalking bias degrades the product for people who've bought an AirTag and become victims of theft. It's a limited population. People are unaffected by default.

The anti-theft bias means everybody is a potential victim of stalking. If I have no interest in AirTags, anybody else can still tape one to the bottom of my car and track me wherever I go. Everybody is potentially affected.

Even if theft is far more common than stalking, an anti-theft bias would be a tough position for Apple to defend if it means they're potentially facilitating stalking for the entire population. It may not be ideal, but I can understand it.

IncreasePosts
0 replies
21h24m

You also have the situation where if air tags did not have the anti-stalking features, there would be far more stalkers in the world. I'm sure there's many people who would not buy a GPS logger and connected to someone's car, but they might "forget" an airtag in someone's car, were it not for the anti-stalking alerts.

I suspect if Apple went the Anti-Theft route, thieves would not stop thieving, they would just start searching large stolen items for air tags before bringing it to wherever they may.

vundercind
0 replies
16h30m

I believe you’ll find that tracking your stolen items is just a recipe for frustration when you tell the police where your shit is and they act like you’re the asshole when you expect them to do anything about it.

(And no, this isn’t connected to current politics—I’ve not known cops to care about tracking down stolen good no matter how much evidence you can hand them, since at least the 90s)

phatskat
0 replies
1h7m

inconveniencing those losers outweighs abetting thieves

This feels incredibly minimizing for people who have been stalked. Or people fleeing domestic abuse, human trafficking, or other forms of abuse where controlling a person’s movement is a large part of the harm being inflicted.

Stalking covers a wide range of activity that impacts people who are usually in a vulnerable or dangerous situation. The people who would use tags to track people aren’t just “losers”, they’re pimps, rapists, murderers, abusive spouses, and so many other awful things.

Inconveniencing them far outweighs someone stealing your luggage.

mft_
0 replies
21h55m

Not sure what I'm missing here, as Airtags have long worked like this - that as long as you had an iPhone or an Android phone with the anti-tracking app installed, you'd be notified of being stalked.

So if your bike thief had an iPhone, they'd be able to find the tag anyway?

AFAIK the only major difference is that it's now being baked into the Android OS so people don't need to actively download the app.

FriedPickles
17 replies
22h36m

It's possible to build your own tracker atop the Find My network without these anti-stalking features. The Find My network can even be abused for low bandwidth data transfer from any point in the world with an occasionally nearby iPhone.

https://github.com/seemoo-lab/openhaystack

OptionOfT
7 replies
21h1m

If I were to do this on a certain chip and put it in a random person's car, wouldn't they get a message showing 'X found moving with you'? Or is that only implemented for AirTags themselves?

imp0cat
3 replies
14h11m

Yes, they would, it tracks all BT devices, not just Airtags.

But even with an unmodified tracker, it's quite hard to locate one in a car, because there is a lot of hiding spaces (especially if you put one in some hard-to-reach space such as under the carpet in the cabin etc...).

anabab
2 replies
7h59m

what if you do a tracker that randomizes bluetooth mac address every few minutes?

nurple
0 replies
1h46m

And also modulate transmit power as RSSI is often used for distance and movement calculation.

imp0cat
0 replies
5h43m

That would probably work. Not sure if one actually exists though.

pests
2 replies
14h34m

So now it is on me to know whether my object is lost or stolen?

Sounds like you responsibility - your belongings, you should know where they are or if they are missing.

How would you have survived before AirTags?

pests
0 replies
11h56m

This was posted to the wrong comment, apologies.

hackernewds
0 replies
11h58m

What an asinine comment, I can only presume was written on a Palmyra stone tablet

neilv
5 replies
22h20m

Unfortunately, OpenHaystack is not as open as I'd hoped.

All you need is a Mac and [...]
sodality2
4 replies
22h4m

That’s because Apple themselves limit access to authenticated (but supposedly anonymous - aka doesn’t matter whose) Apple IDs before allowing access to the geodatabase

jimbobthrowawy
2 replies
18h4m

Not for long, since cross compatibility with android is apparently coming.

IIRC, they need you running macos to get the data via a plugin for apple mail. If you only needed an appleID, it could likely be done in a web browser.

lolinder
1 replies
17h13m

The cross compatibility is only for anti-stalking features, and is probably implemented in such a way that you couldn't use it to implement a tracker that works in both systems.

jimbobthrowawy
0 replies
10m

You're right. I think I misremembered a news article I read about a week or so ago, that I can no longer find.

mschuster91
0 replies
11h38m

What I don't get is why nobody seems to have done the work to reverse engineer the onboarding workflow, and why Apple doesn't allow onboarding on Mac devices. I had to buy a (used) iPhone just to onboard AirTags, despite onboarding Mac devices works without one.

microtherion
2 replies
21h13m

It's possible to build your own tracker atop the Find My network without these anti-stalking features.

Are you sure? It seems to me that the anti stalking features depend on the stalkee's / tief's software stack, not the stalker's stack.

hn_throwaway_99
1 replies
20h43m

The biggest anti-stalking feature is that the tracker will beep when it's notified when it's moving in proximity with a phone or other device. So obviously it's trivial to create a tracker that doesn't beep.

Your phone can also refuse to send notifications about the location of a nearby tracker if it thinks it's being tracked, but if there are a bunch of other phones nearby that can relay that information there is nothing to stop them from doing so.

microtherion
0 replies
4h14m

True, you can build without any acoustical feedback (or maybe even feedback not triggered by the find my network, but only by your own app).

But the target's phone will still be notified that "Someone else's tracker is moving with you", won't it?

m463
10 replies
22h29m

I wonder if there will be a way for airports to disable airtags this way.

kjkjadksj
9 replies
20h7m

They are already pretty worthless as far as air travel goes in my experience. Airtag indicated my bag was on the tarmac at the first airport pretty much until it dropped in front of me in the baggage carriage at the last airport. Effectively it gives me zero information I didn't have already from the old analog method of using ones eyes and following up with airline staff.

m463
5 replies
18h40m

I remember reading about airports wanting passengers to disable their airtags.

I wonder if they would find a way to use this to disable ALL the airtags in an area.

For example, put a UAL airtag on a plane, and use that to disable all the other airtags.

kalleboo
4 replies
15h31m

That was a case where Lufthansa was confused about the difference between (volatile) Li-ion rechargeable batteries and the (benign) Lithium single-use coin cells in the AirTags. They retracted their stance on them after a day or so. It was a fire hazard thing, not a "we don't want you tracking items" thing.

KennyBlanken
2 replies
12h56m

Lufthanasa, like other airlines, was pissed that customers were routinely catching their employees claiming their luggage was "lost" when it was sometimes even sitting a few dozen feet from the person who was claiming the luggage was lost, so they made up some obvious nonsense about them being hazardous.

Unless you think a huge, high-end airline "got confused"? It wouldn't have been against regs even if ti was a lithium ion battery because it's so tiny. What do you think they do about the millions of electric toothbrushes and shavers people travel with that have much larger lithium ion batteries?

They retracted it because it ended up causing a Striesand Effect, putting a lot of sunlight on how airlines do a very brisk business selling "lost" luggage.

mschuster91
0 replies
11h32m

They retracted it because it ended up causing a Striesand Effect, putting a lot of sunlight on how airlines do a very brisk business selling "lost" luggage.

... and lots of cases of "lost" luggage being due to the fact that decades after implementing paper tags, neither airlines nor bag/trolley manufacturers have gotten their asses together and worked on a standardized way to reduce instances of tags simply getting ripped off during handling.

Like, it wouldn't even be that hard. Place a long, wide recess maybe 2mm deep along the entire trolley, where the tag can be stuck in and is guarded that way against conveyor belts or other bags ripping off the tag.

And maybe invent a system where you have to scan your boarding pass and the tag barcode to leave the baggage claim area to reduce the amount of cases where people have taken the wrong bag.

kalleboo
0 replies
10h59m

Unless you think a huge, high-end airline "got confused"?

Having dealt with battery regulations with airlines, couriers and postal services many times, yes, yes I do. They routinely fuck it up, even claiming that AA Alkaline batteries are too dangerous to ship.

m463
0 replies
14h39m

hmmm... that might be what I read.

stephenr
2 replies
12h45m

Their utility is directly tied to how many Apple devices with gps and data are in close proximity to them.

I get significantly better responsiveness from them at an Australian airport or Singapore airport than I do at Bangkok airport. That doesn't mean they don't work, it just means it's unrealistic to expect minimum wage baggage handlers in Thailand to have an iPhone in their pocket.

kjkjadksj
1 replies
8h16m

What about baggage handlers at two major US hubs where this bag flew? Plus presumably an entire plane of iphones and that plane is certainly not a faraday cage.

vel0city
0 replies
3h3m

Its crazy, but sometimes people have non-Apple devices. There's a decent chance none of the baggage handlers had an Apple device on them when they were handling the bag, or they were only around the bag so briefly it was between the airtag's chirps.

There's a good bit of separation between the cabin and the cargo hold. I imagine it could be pretty difficult to get a read from a low power tag deep in a bag in a pile of other luggage with several other big metal plates between.

atommclain
8 replies
22h44m

Yeah, I think the point of these devices is for locating lost items, not stolen items. Trying to handle the stolen use case but not allowing nefarious tracking seems to be at odds with each other.

mschuster91
5 replies
11h35m

Depends on what you're trying to track if it's stolen. A compartment in something like a car or an eBike that allows removal only by using an actually high-security key (i.e. something that LockPickingLawyer can't pick) or power tools that would seriously compromise the structural integrity of the thing in question would be something I'd pay serious money for... but no manufacturer of anything I'm aware of has actually gone that far.

close04
4 replies
4h57m

VanMoof bikes connected to the Find My network if I remember correctly. I thought you can pay for access.

But to disincentivize theft, any device would have to be built in such a way that swapping the electronics or discarding that tracking module makes the device you were protecting worthless. Lots of secure handshakes between paired components, very secure software kept up to date, etc. which sounds unrealistic in most cases.

Together with that network access fee probably makes such solutions economically infeasible today.

mschuster91
3 replies
4h44m

I thought you can pay for access.

Or I could just buy an AirTag on my own.

But to disincentivize theft, any device would have to be built in such a way that swapping the electronics or discarding that tracking module makes the device you were protecting worthless.

Not really. It just needs to be so difficult to remove without a key that thieves physically cannot remove / disable the tag without threatening the stability of the bike, car or whatever.

Doesn't need to be perfect, all it needs to do is provide sufficient survival time against your average crackhead.

close04
2 replies
4h14m

An AirTag is a lost item tracker. What I was mentioning is a stolen item tracker. Very different propositions.

You’re proposing something that may be a paradox. The only way to make something physically hard to remove is to integrate it. Locks are proven to be ineffective for this purpose. When this ideal lock is invented you will simply lock your bike with it directly and achieve the goal of theft deterrence to begin with. No need for tracking if stealing the bike destroys it.

Getting an AirTag into a mechanically locked compartment of your bike is useless. You even mentioned LPL so you know any such lock will be bypassed in a matter of seconds, maybe even less time than it takes you to put the AirTag you just bought in there. So your theoretical protection model hinges on something that doesn’t exist yet: a lock that you can easily open to put an AirTag in and service it but that nobody else can unlock.

Car or e-bike manufacturers paying for access to any “find my” network means they can heavily integrate the expensive electronics in a way that makes removing the “tracker” part truly impossible (it’s on a main controller chip) or severely devalues the object if you do (the chip/board is prohibitively expensive and impossible to find on the open market). It’s more expensive and kills self repair but reliable anti theft might be worth it to you. Think of the iPhone model here.

At the end of the day the Find My network exists to be used by different manufacturers [0]. The unpickable lock doesn’t.

[0] https://www.apple.com/newsroom/2021/04/apples-find-my-networ...

mschuster91
1 replies
3h33m

An AirTag is a lost item tracker. What I was mentioning is a stolen item tracker. Very different propositions.

There's two different types of "stolen items"... you got organized theft, stuff like people stealing cars that are then parted out in Eastern Europe [1]. And then you got stuff like people going for joyrides - this is something that can be solved by even a decently hidden AirTag.

[1] https://www.auto-motor-und-sport.de/news/autoeinbruch-report...

close04
0 replies
2h39m

No I get that. For cars it’s actually a lot harder because they have a lot of valuable parts that can’t be meaningfully secured.

And joy rides are the worst of all because the perpetrators aren’t around by the time you locate your car of bike. Locating it is actually the least of the worries, it’s usually crashed somewhere or thrown in the river.

But a phone, e-bike, or expensive camera, etc. are better served by integrated “Find My”. If it gets to Shenzen it’s lost anyway but otherwise removing the activation locks or location mechanism in practice will destroy the core of the device.

Locking an AirTag behind a mechanical lock cannot achieve the same. It takes a minute to pick or drill the lock and ditch the AirTag in an envelope to Shenzen. Think of LPL and what lock can prevent that. The lock is still the weakest link and if it can’t protect the bike directly, adding layers of complication directly relying on the same weak link seems pointless.

pompino
1 replies
22h40m

Sure, but the owner of the product gets to choose what they use it for. "You're holding it wrong" strikes again.

If Apple's position is - "then don't buy it", they can come out and say it. They certainly have that right.

happyopossum
0 replies
22h7m

If Apple's position is - "then don't buy it", they can come out and say it. They certainly have that right.

They have done that since day one, when AirTags shipped with anti-tracking features enabled...

ryukoposting
2 replies
16h58m

Can you please describe what scenario you imagine an airtag would be useful in tracking down a stolen item in an airport?

I ask because I'm at a loss. BLE from these little devices has ~40ft of range on a good day, and even if a mesh network were involved, I fail to see what the airtag could do that would help you recover your item. Sound an alarm? Great, the thief knows where it is now, and they can just yank it out and throw it in the trash. Give you GPS coordinates? Great, that'll really help after you find security, tell them what happened, convince them it's urgent, and explain to them what they're looking at when you show them the app. Of course that all assumes the airtag (or a nearby mesh device) has a useful GPS fix, and the thief hasn't already found the tag and thrown it in a trash can or something.

radicality
0 replies
12h42m

Imagine you put an AirTag somewhere deep into your suitcase, and someone malicious steals it and then drives off with it. With the current model, the thief will get notified there’s an AirTag traveling with them, and they can play a sound, find it and remove it / disable it.

Imo without these features it would be rather unlikely for a thief to find AirTags quickly or even realize it’s there.

The ~40ft range is more than enough, the global mesh network of all iPhones is the whole point of the AirTags, there’s no “gps fix”.

BHSPitMonkey
0 replies
11h42m

Google Maps generally shows my location inside of airport terminals pretty accurately, so it stands to reason that the network of iPhones in a terminal could plot a tracker's position pretty well. If someone has your bag and you know which direction they're moving, you could possibly catch up and get close enough to either spot it or (assuming you have an iPhone 11+) get a Ultra Wide Band fix to finish pinpointing it.

Bury the tracker somewhere too inconvenient to locate and remove quickly, and they'll count on not removing it until later (or they'll just ditch it once it starts beeping).

lm28469
0 replies
20h26m

Most people and myself included were sticking these cheap tags on everything we own, and it was genuinely useful during travel or in scenarios where theft was a consideration.

It has never been advertised for that has it?

happyopossum
0 replies
22h15m

That means someone can steal your stuff, and then disable the tracker so you can't find it

This has always been the case with AirTags. They've had anti-stalking notifications since day one, and disabling one is as easy as a quarter test of the case to remove the battery.

LorenDB
73 replies
22h51m

It's interesting to see that Google takes this so seriously they're backporting it to Android 6. I guess they probably have metrics on what Android versions are still in active use, but I'm a little surprised that Android 6.0 would still be used heavily enough to warrant the backport. Regardless, it's good to see this sort of industry cooperation from companies who would normally be at each other's throats.

tantalor
25 replies
22h47m

Supporting Android 6 would be like supporting iOS 9.

Apple is only supporting latest version of iOS (17.5).

runjake
13 replies
22h29m

> Supporting Android 6 would be like supporting iOS 9.

1. Your point still stands, but this is because this update is probably shipping as a Google Play Framework update, which works on >= 6.0. Google is not (to my knowledge) releasing a new firmware.

Apple would do well to decouple certain software components from iOS, IMHO.

2. In case others are curious about iOS version market share, statcounter's stats for April 2024:

17.4 (current until today): 51%

17.3: 22%

16.6: 4.3%

16.7: 3.18%

16.1: 2.8%

16.3: 2.12%

https://gs.statcounter.com/os-version-market-share/ios/mobil...

tadfisher
9 replies
21h6m

As a developer, that long tail of folks on the previous major version really sucks with fast-moving frameworks like SwiftUI. There's no way my company (a banking app) would drop 10% of customers, so we typically do N-1 for iOS support.

Our Android app shipped almost 3 years ago with minSdk=24 (Android 6.0) and we haven't had to update it.

ilinx
6 replies
17h16m

I write apps for a large regional grocery store chain, and we have to support N-2. Even then we get support emails every time we bump it up.

flutas
5 replies
16h41m

I work on Android apps for a food company turned media network.

We, to this day...with no talks of changing it any time soon, support all the way back to Android 5.0 (released in November on 2014).

Const-me
4 replies
12h36m

I mostly work on Windows apps. People still complain when software drops support of Windows 7 released in 2009, or Windows 8 released in 2012. Despite none of them are supported by Microsoft.

mschuster91
3 replies
11h42m

It'd be a more fair comparison to take into account Windows 7's EOL which was just a year ago IIRC if you coughed up Extended Support money, its broad install base, and it being the last actually truly decent Windows that had a consistent UI across the place and no ads.

onlytime
2 replies
7h13m

Windows 7 didn't have a consistent UI, though. In multiple places you could find Vista and XP-decorated panels. Your nostalgia is wrong.

BlueTemplar
0 replies
5h14m

That only continued to degrade with Windows 8 and 10 though.

afavour
1 replies
19h46m

The web browser is a big issue with this, too. A Safari release broke IndexedDB and they didn’t release a fix for over two months because browser updates are tied to the OS.

bzzzt
0 replies
12h39m

If there's a critical security update they can release an update within days. So it's got nothing to do with the complexity of releasing a new OS, it's just that they found IndexedDB not important enough to warrant an out of cycle update.

tjoff
0 replies
22h21m

Android 6: 0.79%

mattmaroon
0 replies
5h32m

So this has the downside of not being supported for Androids that don’t use Google Play services right? Like the Amazon tablets?

Still a big win overall I’m just curious what number of devices basically don’t get important upgrades due to this method. (Surely a tiny amount compared to what you’d have if you relied on device manufacturers to update the OS.)

kelnos
0 replies
40m

Apple would do well to decouple certain software components from iOS

I'm not really convinced of this. When you control the entire hardware and software stack, and already provide updates for 7+(?) years per model, would doing this really change much? Google needed to do that because some cheapo manufacturers weren't really providing any updates to speak of, and Google has limited ability to force manufacturers to provide updates on any particular schedule.

It's funny, because to me this is really just the Linux model vs. BSD model, in a way. Linux base systems are cobbled together from various bits of software maintained by different people and groups. Many of those components can be updated independently of one another, including the kernel. The BSD model is to ship the entire base system as a versioned unit, and only update the entire thing monolithically. Android does the Linux model, iOS does the BSD model. Both models work just fine, depending on what your goals are and your distribution model.

I think the one thing I'd argue Apple should decouple from the OS is Safari. A web browser (and the underlying OS web view) should be independently updateable, even after a device stops getting OS-level security updates.

hedgehog
9 replies
22h10m

Google and Apple have fairly different platform software update strategies so I was curious how the support windows line up. Android 6 was the last supported release on devices like the Nexus 5 and Xperia Z3 from 2013 and 2014. iOS 9 was the last version supported for devices like the iPhone 4s and 3rd gen iPad that shipped in 2011 or 2012. Going forward to 2013 iPhones you have the 5s which was last supported in iOS 12. It sounds like Google is able to ship this directly rather than as an OS update that would need to go through manufacturers, while Apple typically deploys these type of fixes by pushing an OS update. I'm curious how far back they'll go, they rarely ship security fixes more than two major versions behind the current release (so maybe down to iOS 15, supporting devices released in 2015).

GeekyBear
7 replies
19h53m

they rarely ship security fixes more than two major versions

Every flagship iPhone since 2011 has gotten at least five years of OS updates, with additional years of security updates after that.

For instance, the original version of the iPhone SE is currently in its eighth year of support, and just got another security update a couple of weeks ago.

JohnTHaller
4 replies
16h35m

One issue with iOS vs Android is that iOS has the browser tied to the OS ala Internet Explorer. Once iOS is no longer supported, you're now using an unsupported insecure browser. And all other iOS browsers sit atop the unsupported insecure browser in iOS.

On Android, the browser is separate and you can install alternative browsers. The current release of Chrome for Android works with Android 8 which was released in August 21, 2017 and dropped January 2021. Android System Webview (the browser engine that other apps can use so they don't have to ship their own) works the same way and is independently updated from the OS.

toast0
1 replies
14h43m

the browser tied to the OS ala Internet Explorer.

Internet Explorer was usually only loosely tied to the OS. Yes, many versions of Windows came with some version of IE, but you could usually install a newer version if you wanted. Every once in a while, a newer version of IE required a newer version of Windows, but that wasn't typical.

As I understand it, on Apple systems, Safari comes with the OS and is updated together --- Safari updates come in OS updates. Mobile IE was very similar though, at least on Windows Phone 7 and newer.

JimDabell
0 replies
8h12m

Safari comes with the OS and is updated together --- Safari updates come in OS updates.

That’s true on iOS but not exactly true on macOS. Upgrading macOS also upgrades Safari, but you can also install newer versions of Safari on older versions of macOS. You just can’t have older versions of Safari on newer versions of macOS.

GeekyBear
1 replies
15h25m

Updating an app doesn't fix an issue that requires a security update, or a replacement driver.

Virtually any Android, Linux, or Windows device that hasn't been recently patched and has Bluetooth turned on can be compromised by an attacking device within 32 feet. It doesn't require device users to click on any links, connect to a rogue Bluetooth device, or take any other action, short of leaving Bluetooth on. The exploit process is generally very fast, requiring no more than 10 seconds to complete

https://arstechnica.com/information-technology/2017/09/bluet...

A browser update doesn't fix that and that and Blueborne was disclosed during the era when an Android device only had a support window of two of three years.

iPhones from over a decade ago were getting security updates, including for the browser, for seven or eight years.

daghamm
0 replies
3h14m

This was from 2017, and nothing came out of it.

Every month or so someone (usually a security company that wants to sell something) find a domesday exploit for android that is unpatchable, and then it gets patched or turns out to be a non issue.

hedgehog
1 replies
19h17m

Two different things, Apple provides a pretty long window of OS updates for each device but doesn't ship updates for older OS versions. For example the 1st gen SE shipped with iOS 9 which has not been getting updates for a few years, but it can run iOS 15 which still seems to be getting security updates.

GeekyBear
0 replies
18h46m

It probably seems odd when you're coming from a history of devices with a very short support window, but you don't need to worry about years when you only get a security update until you run out of years when you get the OS AND security updates first.

For instance, that original iPhone SE came out in 2016, the same year as the original Pixel phone. The iPhone is still supported by Apple today, while the Pixel phone was dropped from support by Google five years ago.

Google had to come up with a way to backport features to older unsupported versions of the OS because their support window was so abysmally short.

Hopefully, this won't be an issue going forward, with Google promising a comparable support window in the future.

seanalltogether
24 replies
22h27m

Google made a deliberate decision long ago to detach library and feature support from the operating system due to manufacturer fragmentation. So most of their new stuff automatically works with old versions of android

Rinzler89
17 replies
21h13m

Same for security updates. A lot of new features and security patches get updated via the Google Play Services to older versions of Android as well.

SubzeroCarnage
16 replies
17h10m

Google Play System updates provide very few security patches and this only applies to devices with Android 10 and higher and most APEX modules are only updatable in later versions.

I track security patch counts of monthly Android Security Bulletin vs available APEX vs my aftermarket backports for A7 through A13 here: https://divestos.org/pages/patch_counts#aggregatePatchCounts

danieldk
15 replies
12h28m

And the annoying thing is that on some phones (like Samsung phones recently, twice), the Play System updates get blocked for months on end. Worse, people who buy a new device are often stuck on ancient versions.

I recently tried an Android phone again for a few months, and the update/security situation is still a mess. E.g. Samsung does monthly updates on more premium phones. But a former flagship like the S22 would sometimes only get the update near the end of the month, even before the S24 is out. Having a phone with known CVEs for the better part of a month is… meh.

For some vendors, like Samsung, things are much better than a decade ago, but it’s still a far cry from Apple rolling out updates to all models simultaneously.

Rinzler89
12 replies
12h3m

>Having a phone with known CVEs for the better part of a month is… meh.

Out of curiosity , have you ever encountered any malware that exploits said CVEs? If a month delay would be so dangerous, Android users, even of new devices would be getting pwned left and right, let alone Android users of device no longer getting patches.

Source: Android user of old phone who hasn't been hacked yet so I'm not sure where exactly the dangers are, as the attack surface is mostly the web browser and the apps, both of which are scanned and covered by up-to-date patches from Google Play Store/Services even on my ageing phone. So as long as you don't browse extremely dodgy websites, and don't download shady apps you should be good as nothing else can't get to the Kernel CVEs on your unpatched phone.

Yeah, I'm sure some crafty malware dev can whip out a targeted virus that can exploit the chain of open CVEs on my particular phone through a MMS message or something, but I'm not sure targeting the 100 or so users left still using this old OnePlus model that's worth less than 20 Euros used (pointing to a user without much income), is a good use of their skills and time, when they could be frying much bigger fish with that know-how like going after Microsoft's Azure or something.

Nor am I being targeted by state actors who have these means. And if you are being targeted by state actors, they have access Zero-Days that even Apple or Google haven't patched yet so you're not safe anyway no matter what phone you have.

autoexec
11 replies
7h20m

If a month delay would be so dangerous, Android users, even of new devices would be getting pwned left and right, let alone Android users of device no longer getting patches...Android user of old phone who hasn't been hacked yet so I'm not sure where exactly the dangers are

What are the odds that you'd ever know if you were hacked? If you have root access on your device your odds of being able to see something amiss are probably somewhat better than if you don't, but even then I wouldn't count on it. How many people detected Predator/Pegasus? It isn't just state actors taking advantage of zero days. A zero day gets that malware on your system, but once it's infected how would you know? There have been reports that millions of android phones are infected at the factory. (https://www.theregister.com/2023/05/11/bh_asia_mobile_phones...)

We know mass infections happen (see https://www.bleepingcomputer.com/news/security/over-nine-mil... and https://www.wired.com/story/android-gooligan-ghost-push-hack... and there have been some bold (if unverified) claims that most android devices are/were infected with something (https://www.zdnet.com/article/bt-almost-every-android-device...).

I don't know how you could possibly be confident that your device isn't infected with something. The devices are designed to keep you from having the ability to poke around too much at their internals and the radios make it difficult to monitor exactly what's being sent/received to the device.

Rinzler89
9 replies
7h12m

>What are the odds that you'd ever know if you were hacked?

Would you know?

>I don't know how you could possibly be confident that your device isn't infected with something.

Easy, my bank account is still full.

How are you confident your phone isn't infected? Being up to date is no guarantee. Until you can poke around with root access to inspect everything it's still Schrodinger's cat in a black box you trust to not be dead inside.

Because how would malware ever make it into my phone? It doesn't just magic itself onto your device once it stops received updates. It needs an entry point off the attack surface. And what's my attack surface since all your examples don't apply to me?

I never download shady Apps from the likes of Huawei AppGallery lol or even off the PlayStore and I don't use Android 5. All apps I use are whatsapp and Google chrome, and I also don't browse shady websites on my phone.

vel0city
2 replies
3h40m

It needs an entry point off the attack surface.

Considering how many vulnerabilities have been in the media stack of Android, all that would take would be an image or an autoplay video on a website.

Rinzler89
1 replies
3h25m

So why haven't I or anyone else here with Androids been hacked already, if it's so "simple"?

vel0city
0 replies
2h43m

Are you suggesting we've got a statistically valid sample of Android users here to suggest that drive-by RCE exploits that have been published and patched on modern Android devices are essentially just a fantasy and aren't actually concerns at all for unpatched devices? And that the people in this sample would always clearly know their device was compromised?

FWIW, while I don't think I personally had an Android device hacked, I do think I've had family members with devices potentially hacked. One family member running an older version of Android continued to have lots of accounts constantly getting stolen despite using a password manager and unique complicated passwords. Pretty much any time they'd be logged in to an app there would begin to be fraudulent orders or other mischief on that service. They never installed shady apps. Rotate the password on another device, no problems for a while. Log in on the phone again and within a day or two have the mischief start again. All that stopped after replacing the device.

Another family member started getting popover ads on their device despite not having any odd apps installed that would be the cause. Even after a "factory reset" the popover ads continued to plague the device, as if it was embedded in the ROM.

steve_rambo
1 replies
6h2m

I've also used phones which haven't received any updates for years without any obvious problems. Just maintaining basic digital hygiene like you do. In theory, one could use a zero-day in a web browser (like the recent libwebp vulnerability), then exploit one of the numerous CVEs in one of the system libraries or the kernel, and own the phone that way even without you doing anything worse than visiting a random website. For example, that's how one of the the first methods of jailbreaking PlayStation 4 operated.

Your average Joe six-pack like myself probably shouldn't really worry about it though, it seems more likely to be used against really high value targets.

You might want to try out another web browser that has aggressive ad blocking (Firefox, Brave, or Vivaldi should do it) since ads are one of the major methods of spreading malware.

catlikesshrimp
0 replies
3h7m

You might want to try out another web browser that has aggressive ad blocking (Firefox, Brave, or Vivaldi should do it) since ads are one of the major methods of spreading malware.

Under rated advise. Too bad said Joe six-pack donesn't follow it because it thinks other browsers "have viruses"

mavhc
0 replies
6h55m

True, given that the average android phone probably needs 100s of CVEs patching, it's kinda weird that there's not obvious epidemic of phones being hacked

gruez
0 replies
4h50m

Easy, my bank account is still full.

To be fair, it's non-trivial to convert hacked bank credentials to actual cash, due to anti-fraud measures, KYC rules, and reversibility built into the finance system. A better indicator would be $1000 worth of BTC on an unencrypted wallet not being hacked.

catlikesshrimp
0 replies
3h10m

Easy, my bank account is still full.

That one is probably not valid.

My bank app is sht, The 2FA is EMBEDED in the app; in the beggining it was a separate app. It also needs Google Play Services. And I live in a third world country with little accountabilty. On top of all that, most people use very cheap chinese phones which never get any update.

Still, bank accounts have never been depleted through hacking of phones.

autoexec
0 replies
6h43m

Would you know?

I very much doubt it.

Easy, my bank account is still full.

That assumes the malware is intended to take your money instead of your data, or even just your internet connection. Malware can be used to attack/infect other devices or even just click ads. What kind of harm could someone who had full access to your device, including access to your internet activity, texts, location, camera, and microphone do to you without telling you about it (blackmail).

Because how would malware ever make it into my phone?

Maybe it was installed at the factory. Maybe it came from literally any one of the many many vulnerabilities that made it possible to infect your device without any indication. Android phones have been compromised via text message, via Bluetooth, via QR code, and via apps.

It's great that you aren't doing anything obviously risky, but that isn't a requirement to get infected and the problem is you just can't know. You aren't the admin of the device. You don't have the authority to control what it does. You aren't allowed to see what it's doing. You can't see who it's communicating with or when.

daghamm
0 replies
34m

I think you are mistaken.

If something is actively exploited they definitely don't wait to months end. Also a Google update is not urgent if the vulnerability is not really exploitable on Samsung (they have some additional security) or a fix is already backported.

Namidairo
0 replies
4h4m

Samsung does monthly updates on more premium phones. But a former flagship like the S22 would sometimes only get the update near the end of the month, even before the S24 is out.

This is complicated by their rolling updates per country, it can be few weeks between the first CSC (3 letter identifier for country and carrier variant) to receive an update and it being rolled out to the final one.

I was towards the end of that update cycle, so the Android security patch level could become quite detached from the actual month.

curt15
5 replies
18h16m

Does this mean system-wide libraries can be shipped via APKs?

gpm
4 replies
16h6m

Yes, that's what google play services is.

wolpoli
2 replies
9h12m

Is this the reason that my old mid/low end android devices become unusable even through they no longer get updates?

darkwater
1 replies
5h11m

That's probably more related to storage performance (I guess eMMC) decreasing over time

catlikesshrimp
0 replies
3h0m

Is this the reason that my old mid/low end android devices become unusable even through they no longer get updates?

More recent versions of apps (like whatsapp, which requires to be updated regularly) are unnecessarily more demanding. Try disabling Play services, all Bloatware, all quasi-bloatware (calendar, contacts), all the way to the default keyboard. (pm disable-user --user 0)

Install FOS replacements with no internet connectivity, e.g. from f-droid and such (not affiliated)

It is easier to buy a new device, but I get attached to my pal ;)

danieldk
0 replies
12h26m

And/or Google Play System updates, which are a separate thing and usually needs to be triggered by hand to get it timely.

treve
7 replies
22h36m

10 years support seems pretty reasonable to me for a major operating system version, regardless of usage numbers.

imwillofficial
6 replies
19h37m

It would be nice, but I wouldn't call it reasonable. That's a LOOOOONG time.

nemomarx
5 replies
15h34m

Isn't 10 years pretty standard for windows OS versions?

luyu_wu
3 replies
14h17m

And 20 years for Linux :P MacOS and iOS really are the major outliers that convince people otherwise here.

jmb99
2 replies
12h55m

Unless I missed a memo, Linux LTS is 2 years of support these days. Many distributions offer 10 year LTS releases, but I’m not sure of any off the top of my head that currently offer more.

luyu_wu
1 replies
5h42m

My point was more so that you can upgrade 20 year old devices to Linux 6.X! You're correct though.

kelnos
0 replies
28m

I feel like a couple things were mixed that aren't the same. The commenter upthread said 10 years for Windows OS versions. I took that to mean e.g. "Windows 11 will be supported for 10 years from initial release".

Sure, you can often install a modern Linux distro on a 20-year-old device (though just as often, you cannot), but that's not the same thing as a single version of Windows being supported for 10 years. The analogous situation is indeed LTS versions of Linux distros, which certainly don't have 10-year support lifetimes, let alone 20.

But the support lifetimes make sense for the various vendors. Apple doesn't need to support a particular major version of macOS or iOS for all that long, because they make sure new versions of their OSes will run on fairly old devices (all of which are devices they've built, and have full control over), and they aggressively push people to upgrade to new major versions as they come out.

Microsoft has a lot of customers who value stability and consistency above all else, and on top of that, they have to support a wide variety of hardware that they don't and can't control. Supporting a major version of Windows for many years makes sense for them.

As for Linux, there's no one single source, so a rolling-release distro can decide to only support the bleeding edge, whereas a cloud provider might roll their own distro for server use and decide to support that for a decade, if they think that's what their customers want.

imwillofficial
0 replies
2h0m

Phones have a far shorter shelf life.

lawgimenez
3 replies
18h14m

Here in Asia, people are still on the older Android versions. So maybe try switching the filter on the website besides US.

mattl
2 replies
17h25m

Where in Asia? Does it vary much by country?

ferongr
0 replies
14h24m

This is a 2019 article with figures from that time. So it's wildly out of date.

toast0
2 replies
22h15m

FWIW, WhatsApp claims support back to Android 5.0, and if they haven't changed their support decisions since I left, that means there's a significant amount of users in the wild on Android 5.0. I'm not surprised Google only goes back to Android 6, they were always dropping versions from support before WA did; their threshold must be higher.

flutas
0 replies
16h35m

Yep, my company would lose a significant amount of our users if we updated from Android 5.0.

A lot of the early Fire TV devices are still out there running Android 5.0, and they are actively used.

beAbU
0 replies
10h11m

WhatsApp majority userbase sits outside of the US, and it's deeply embedded in many 3rd world countries. I'm not sure how their European userbase compares with the African/Asian userbase.

I reckon the WhatsApp userbase OS distribution skews much more to older android versions compared to an app that mostly enjoys US/1st world country userbase.

zadokshi
1 replies
19h3m

They are taking it seriously because of the legal liability issues. Their lawyers are clearly worried about the legal implications of their devices being used to track people and things for illegal purposes and want to make sure they have a level of protection against lawsuits from consequences of tracking devices used for illegal purposes. There are already cases of women being stalked using these devices.

rickdeckard
0 replies
7h24m

Their lawyers are clearly worried about the legal implications of their devices being used to track people and things for illegal purposes

Just that Android devices are not involved in tracking of AirTags, as of today only iOS devices actually share the location of AirTags back to Apple.

They maybe want to change that, but considering the huge amount of volume disparity between AirTags and Google's tags, I assume Apple would have to pay Google for the service of extending their tracking-network...

tmpz22
1 replies
22h32m

Google takes this so seriously they're backporting it to Android 6

Or for contractual reasons, or for some technical reason it was easy enough to be "why not"

xarope
0 replies
12h4m

Or they are pursuing a gov related project, and this was mentioned as a showstopper...

josefx
0 replies
12h38m

I just recently pulled out an old phone that originally ran Android 6 for a project, hardware wise it still runs perfectly. The only thing wrong with it is that I can't upgrade it to a newer Android version.

ChrisMarshallNY
0 replies
5h3m

From what I understand, backporting won't make a difference, unless vendors integrate it into their custom OS installs, and, from what I hear, they aren't really giving legacy support much love.

crhulls
51 replies
17h10m

CEO of Tile / Life360 here.

We decided to opt out of the Google and Apple finding networks and the new proposed standards because it completely ruins the ability to use Bluetooth devices to deter theft. If you put an AirTag on say your bike, and thief steals it, they will get a notification and immediately just find and disable it.

We actually built a (controversial) feature that lets you opt out of anti-stalking features if you scan a government ID. As of today, we have zero known instances of abuse—the friction of scanning an ID is enough to make a bad guy think twice, and a committed stalker can just go get an LTE-enabled stealth GPS device on Amazon. It is crazy that the press and regulators focus on Bluetooth devices when actual stalking devices are readily available.

Some people are commenting on how small our network is. People don't realize that Life360 is on 1 in 8 phones in the US. We are huge outside of tech bubbles. If you are at an airport, mall, or anywhere with any meaningful density of people, our network is on par with the big guys. There is a J curve to the benefits of increasing density, and outside of rural areas we essentially have complete coverage.

Beyond this, we just announced a new satellite-to-Bluetooth network this morning, and we plan to open it up to developers in 2025. It won't matter where you lose your stuff, we will be able to find it. And thieves won't.

https://www.life360.com/find/

WheatMillington
18 replies
16h57m

Personally I feel like the anti-theft nature of these devices is massively outweighed by the horrible outcomes of stalking and clandestine tracking. They're not a theft deterrent, in fact they're generally hidden so a thief has no idea it's there. And what are you going to do, show up with a posse to get your stuff back?

The world would be better if tracking devices did not exist. It's a shame you've decided to actively reject anti-stalking features.

crhulls
8 replies
16h42m

I am very open to being wrong and changing course, but let's have a data-driven decision.

When we launched our anti-theft feature, we were clear that if we found there was widespread abuse, we would change course. We have had literally zero complaints of anyone being stalked with a device where anti-theft was enabled.

And I think you are misunderstanding the new standards. Google and Apple will proactively notify thieves of nearby trackers, and allow a thief to disable it. This is next level bad for anyone relying on their tracking device to protect against theft.

What is the data that would change your mind? I would change my mind if we found that more than .1% of our customers were abusing this feature.

hansvm
4 replies
16h23m

As a personal bias, I believe companies like yours are pathologically unable to do the right thing. Take my reply with that in mind.

I carefully examined life360.com, trying to put myself in the shoes of somebody who was stalked, magically divined that life360 was involved, and wanted to report the issue. The extent of my options on life360.com are:

1. Do Not Sell or Share My Personal Information

And that's it. There does not exist a "contact us" or other general mechanism, and there certainly does not exist an abuse reporting mechanism. If that happens to exist behind other filters or paywalls then it's not relevant when discussing how the average customer would interact with your website.

With that in mind, I would expect an exactly 0% abuse rate regardless of how abusive your product actually is. You confirm that number. I'm not surprised.

The ball is in your court. How do you prove to the world that you _actually_ care about abuse? How _should_ a real abusee interact with your website? Why isn't it obvious? What are the exact numbers? And so on...

crhulls
3 replies
16h9m

We have a member protection link at the bottom of our page - it is not buried. https://www.life360.com/member-protection-resources/

We encourage people to first go to the police, and we work with law enforcement to help bring criminals to justice on a regular basis.

WheatMillington
2 replies
14h29m

That link specifically dissuades anyone who is a victim from contacting your company. It directs them to contact police or a lawyer, and you provide no ability in that link to contact your company.

diebeforei485
1 replies
13h49m

Going to law enforcement is the way to resolve this. The company can then disclose the identity of the owner to law enforcement.

caf
0 replies
11h20m

Really puts the "we've had zero reports" in context though, doesn't it?

koolba
1 replies
16h35m

How is it an anti-theft device if the thief doesn’t know it’s there?

I could see this being used in the aggregate to ascertain drop off points or chop shops, but at an individual level it doesn’t stop your stuff from being stolen. Even the aggregate case requires buy in from law enforcement to actually act on the information which is not a small thing.

crhulls
0 replies
16h27m

Sure, I agree with that. We did user testing and people understood the concept. It is anti-theft in the sense you have a real chance of getting your stuff back, unlike with AirTags and now Google network devices where thieves will just disable the tracker.

rezonant
0 replies
16h25m

We have had literally zero complaints of anyone being stalked with a device where anti-theft was enabled.

First, it's highly likely that someone being stalked wouldn't realize a tile device was the cause. Secondly, you said Tile and Life360 are on only 12% of devices. So maybe 1 out of 10 stalkers will be successful in using your device to stalk. That's not enough data to state so conclusively that this doesn't happen. I'm sure if Tile was more popular (and thus more functional) and more stalkers knew they were the best devices for stalking, they would use them.

zarzavat
3 replies
16h3m

If you think stalking is more common than theft then you must live in a very, very low crime area.

gpm
0 replies
15h59m

Theft is more common. Each instance of stalking does more damage. I haven't the faintest clue how I should weigh the cost against the benefit here, but I certainly don't like how the CEO here is blatantly attempting to downplay the stalking-enabling-externality their theft prevention device has.

WheatMillington
0 replies
14h28m

I didn't say it's more common, but it's FAR more serious.

Bloating
0 replies
15h42m

Social projection is far more common than theft

jaimex2
2 replies
16h44m

Try thinking before posting.

You give the location of your missing property to the Police when stolen.

Tile/Life360 is now a superior product while AirTags are basically useless paperweight.

If you want to stalk someone you have always had numerous options including superior gps/cell based trackers.

nvy
1 replies
16h35m

You give the location of your missing property to the Police when stolen.

They will do nothing.

FrankyFire
0 replies
9h43m

Maybe in the US, I know several cases where stolen bikes were returned and thieves charged in central Europe. I've never lost anything, but had a bike stolen and I'm in fear of having another one stolen. GPS trackers are not a real option for me (monthly fee, high battery consumption, not having an e-bike which would make it easier). These trackers are a great idea and I do get why stalking is an issue. But I'm with the Tile CEO when it comes to other or even better options for stalking. GPS trackers are way more accurate and I assume that swapping them or recharging them is less of a concern in that case.

It's a shame that stalking is a concern. It's a shame that this had to be implemented and effectively breaks the devices use case for most people. But I'm not even mad at Apple or Google, because I also think that it is their responsibility to protect people from being stalked.

Tile is also not an option for me, in Europe pretty much no one uses it. I will still try my luck with Apple and Google/Pebblebee Tags. Does anyone have experience how long it takes until you get notified about a tracker moving with you?

golergka
1 replies
16h25m

They're not a theft deterrent, in fact they're generally hidden so a thief has no idea it's there.

A potential car thief doesn't know if your car has an alarm on it either, but he just assumes that it does because most do. With wide enough adoption of these devices, it could work out the same.

smt88
0 replies
15h45m

My 2022 car has a built in tracker. These will likely become standard.

urda
5 replies
16h32m

I used to love Tile, but nah this ain't it and I'm glad I got off your product ASAP. I'm not ok with how easily Tiles enable stalking.

You were literally just sued for this https://news.bloomberglaw.com/privacy-and-data-security/tile...

Edit: Hey man I'm not engaging you on this, you chose to opt-out of this safety feature and you've enabled stalkers that target at risk groups like me. Nope.

crhulls
2 replies
16h29m

Yes, we were sued, but we will fight it and win. I think most people on Hacker News know to approach lawsuits with skepticism.

And I feel like many people being critical of us are arguing with emotions and not data. You have to scan a government ID and agree to severe penalties for misusing our product. We have had zero instances of reported stalking from anyone who has enabled the anti-theft feature.

Can you articulate with data why what we are doing is problematic?

blincoln
1 replies
15h37m

I briefly installed Life360 when some members of a group trip tried to sell the rest of us on it as a sort of emergency personal location beacon, like the colonists had in Aliens. It's one of the most domestic-abuser-friendly apps I've ever seen.

Most of the people your products are being misused to stalk can't even turn off their location sharing because the person who's insisted they install the app/hardware will assume that doing so means they're off spending time with someone else, or whatever their personal paranoid fantasy is. Why would someone being subjected to that contact you? It would just enrage whoever is monitoring their movements when their account was suspended, or whatever your process is.

The people misusing your products in that way don't think they're doing anything wrong, so they're not going to hesitate to have you verify their ID.

Dylan16807
0 replies
10h42m

Most of the people your products are being misused to stalk can't even turn off their location sharing because the person who's insisted they install the app/hardware will assume that doing so means they're off spending time with someone else, or whatever their personal paranoid fantasy is.

Other than location history, is there a big difference between Life360 and builtin iPhone location sharing? To me, that's not enough to put the product in a different category.

hedora
0 replies
15h37m

Since you’re in an at-risk group, I strongly suggest you look into the sorts of devices the CEO mentioned, especially if you own a car (or any portable thing that could hold a pound of batteries, like a bike or a scooter).

Though some things in that space are marketed to stalkers, there are legitimate use cases for such technologies, and therefore the only LTE tracking devices I’ve seen in person were sold at reputable stores.

lilyball
2 replies
16h48m

Weren't you sued just last year for enabling stalking?

jaimex2
0 replies
16h41m

Did they lose?

Being sued means nothing.

crhulls
0 replies
16h41m

Yes, and we will fight it and win. This was also before we launched our anti-theft feature by the way.

If you want to see the insanity of going after bluetooth devices, just search "stealth GPS device" on google and see what comes up. Ebay is targeting me with an ad that says "Hidden GPS Tracking Device for sale" There are legit LTE enabled stalkers right there in plain sight.

hedora
2 replies
16h20m

Hey; Tile user here. I can’t figure out your iPhone app any more.

It switches between modes at random (map, we’ll notify you, and the signal meter) when the signal is weak, and it says we have to replace batteries constantly. (Even though we just replaced them — is the tile shorted out internally, or do we have to reset a timer somewhere, or what?). Also, it spams upsell attempts while doing this. You may as well be displaying ads for competitors at this high-stress point in the UI flow!

Other than the above stuff, which feel kind of like bugs, I’ve noticed it’s hard to figure out which building (in a 1 acre space) our keys were last seen in. We own all the phones and tiles around here, so giving better precision probably wouldn’t be a privacy issue.

I’d rather go with a smaller, cross platform provider, but we’re seriously considering switching to AirTag.

Thanks for standing up for functionality vs. questionable privacy protection.

Anyway, we’re rooting for you; good luck!

crhulls
1 replies
15h48m

Weird- can you email me? chris@life360.com and I will forward this to get looked into. The map thing seems like a bug. I'd also like to learn more about your concerns on over upsells.

hedora
0 replies
15h13m

Steps to reproduce:

Walk outside away from all other devices.

Walk 100 paces. Put tile down. Walk back to where you started.

UI flow:

1) It shows a map of across town (last ping was hours ago).

2) tap find -> your tile is nearby, wait while we connect (with done button)

3) timeout -> map shows a dot where the phone is, without a big uncertainty circle around it. Can’t zoom.

4) reopen app. Map resets to across town (or, worse, 50 ft in the wrong direction, so you think it pinged a location).

5) walk to pick up keys. No music or phone notification. (Later, an email arrives, usually.)

6) tap around to debug (want to pay for smart alerts?)

7) (when someone else asks me for help). Where’s my credit card?!? Tile is holding my keys hostage for $3!!

8) (if you didn’t pick up the keys) go to step 2.

This is deterministic on iOS with everything up to date. It’s been like this for over a year across multiple iPhone generations.

abalone
2 replies
16h11m

> As of today, we have zero known instances of abuse

Emphasis on known. The whole point of stalking is to hide the device and not get caught. How would a typical victim even discover it? Or even if they figured out they were stalked, that it was with a Tile device and thus report it?

ID scanning is easy to defeat. This is just ripe for abuse and it's good that Apple/Google took measures to block stalking, even at the expense of anti theft use cases.

gpm
0 replies
16h8m

And if it was a tile device, that it had the "help me stalk people" feature turned on. And if it did have that feature turned on, that they should report it to tile. Generally I would expect a significant fraction of people in this sort of situation aren't reporting it to anyone.

Considering the multiple examples listed in the lawsuit [1] that the CEO is aware of, there are certainly stalking instances that they know about. Just none that they know of since 2022 (when they introduced the anti stalking features) with the anti stalking features disabled.

[1] See links on page 13: https://storage.courtlistener.com/recap/gov.uscourts.cand.41...

crhulls
0 replies
15h54m

I won't repeat what I have said in other comments but scroll down for more specific thoughts on the points you make.

At a meta-level, we don't think the bad behavior of a very very small number of abusive should degrade the product for tens of millions of good actors. Theft is unfortunately extremely prevalent and a key reason why customers by trackers - we think the greater good is to responsibly support this use case.

We have put safeguards in place that make it tough to use our products to stalk, and while nothing is perfect, the only complaints of stalking we have received are from people who were allegedly stalked by Tiles that did NOT have the anti-theft feature turned on. By adding this ID scanning friction, which includes a liveness check, we have empirical data that the bad actors go elsewhere.

sprite
1 replies
16h25m

Hi Tile Ceo,

I was able to track down my stolen vehicle with the help of Tile and now put them hidden in all my vehicles since they don't alert like an Air Tag does.

crhulls
0 replies
15h53m

Glad to hear that! If you are up for it, can you email me - chris@life360.com - I'd love to learn more about your story

darby_eight
1 replies
16h50m

If you put an AirTag on say your bike, and thief steals it, they will get a notification and immediately just find and disable it.

This is not a good fit for bluetooth. Bluetooth is trivially detectable whether it's tracked centrally or not.

crhulls
0 replies
16h45m

Humans are lazy. The average person who steals a bike is not going to pull out a Bluetooth sniffer. And if they did, they would probably find dozens of nearby devices (try it yourself - I just did and have 53 Bluetooth devices near me).

Thieves will, however, reply to an alert that says there is a tracker following you and hit the "disable" button. Friction is key. Google and Apple are making it extremely easy for thieves. We are pushing back on this.

csomar
1 replies
16h27m

As of today, we have zero known instances of abuse—the friction of scanning an ID is enough to make a bad guy think twice

So all I need is a stolen ID and then not only I am stalking but also ruining another person's life?

crhulls
0 replies
16h24m

We use a third party and they do a liveness scan with a live camera feed so it is not nearly that simple.

I'm sure we can come up with edge cases or potential ways people could cheat the system, but we are adding so much risk and friction to stalkers that they would likely just buy a real stealth GPS tracker with an LTE connection.

As a genuine question, why is there no outrage for these devices that are literally marketed as stealth trackers?

supportengineer
0 replies
15h53m

Thanks for commenting. I’m a fan of your products.

rezonant
0 replies
16h32m

because it completely ruins the ability to use Bluetooth devices to deter theft

I'd rather have the assurance that at-risk groups like women, marginalized people, and notable people are not at risk of having a cheap and easy to use location tracker attached to them. As others have pointed out, these trackers are not meant for, and are ill-suited to use as anti-theft devices. We've had Lojack like devices for years and they'll still work all the same regardless of the reporting standard.

People don't realize that Life360 is on 1 in 8 phones in the US.

So that's 12% of devices. Another way to look at it is you have a 1 in 8 chance that the device will work and notify you when a potential reporting device approaches it.

CEO of Tile / Life360 here.

As an Android user who is only now getting to use Bluetooth beacon tech like our iPhone friends have had with airtags for quite some time, I'm in the market for these devices. Your statement here makes me think I should look for devices other than Tile, even if they did participate in the standard.

imwillofficial
0 replies
17h7m

Never thought I'd go for a Tile, but you make a compelling case.

hnburnsy
0 replies
16h41m

HN FTW!

eythian
0 replies
7h41m

Some people are commenting on how small our network is.

I'm currently in a city, and when I open the map it gives me a circle telling me that there are 1,807 people using tile in that circle. This city population is a bit shy of 1 million, and while the circle doesn't cover it all it does cover the densest parts, so if we conservatively say 400,000 people in that circle then that means that the percentage of people with the app is about 0.45%. Now I don't know if the Life360 users are included in that count, that said I also have never heard of anyone who uses it here.

As an aside, I do wish the app were able to update more often. I have a tile tracker on my bike (and obviously the app on my phone), and I can leave a place, bike ten minutes to home, lock up the bike, go inside, and the app will often still tell me that my bike is where it was before I rode it home. I guess there's a battery tradeoff there though.

diebeforei485
0 replies
13h39m

I do agree there is a role for an anti-theft device specifically where there is vastly higher requirements from the user (government identification, liveness checks, etc).

I presumed such a device would require a low-power cellular service. Glad to see you're making it work using Bluetooth.

That said these higher requirements should not apply if the device has these anti-stalking notifications.

Btw I loved your TikTok account!

ajsnigrutin
0 replies
16h36m

If you put an AirTag on say your bike, and thief steals it, they will get a notification and immediately just find and disable it.

And if a stalker puts it there, me finding it is a feature.

scan a government ID

Considering how badly companies keep my private data private, be it email addresses or even direct passwords, scanning a government ID for a $10 tag seems really bad from a privacy perspective. Once you get hacked too (like many other, larger companies have been), the hackers will have all the peoples ID scans too to use with another company implementing such features.

SturgeonsLaw
0 replies
15h47m

This has reaffirmed my decision to use Tile. It seems it's now the most effective option for tracking my property among similar bluetooth tags. Stalking is awful but as you say there are many more effective tools for that, tools which will still be available to people who want to use them no matter what Tile does. If an effective product gets crippled - for a good cause, sure - but crippling it doesn't actually advance that cause, why do it?

Noble6
0 replies
12h48m

Judging from the pettiness of the negative comments against Tile, I have to assume it’s the single greatest product on the market! Also, it appears your comment is being suppressed, because the age and number of replies should put it higher, but it’s now buried hours later.

N19PEDL2
0 replies
9h40m

Some people are commenting on how small our network is. People don't realize that Life360 is on 1 in 8 phones in the US.

Do you have any info or statistics to share about the size of your network in Europe?

Bloating
0 replies
15h25m

"We are huge outside of tech bubbles" ... Only the Bubble is huge! Nothing else exists outside the bubble. There shall be no exception.

AndrewDucker
22 replies
21h27m

Annoyingly, though, you can't get a device that is trackable on both iPhone and Android networks.

Which is annoying, because I have an Android and my wife has an iPhone, and it would be nice to be able to both track the same objects.

gnicholas
20 replies
21h26m

Aren't there third-party devices like Tile that you could use? Sure, it can't be tracked by every iOS and Android device, but it's not like there aren't trackers that you and your wife could both use.

AndrewDucker
18 replies
21h5m

True, there are devices that work with both. But they use their own, much smaller, tracking network, rather than having one ubiquitous network.

crhulls
11 replies
17h8m

CEO of Tile/Life360 here - I made a meta comment but I'll call out that because all Life360 users now scan for Tiles, and we are on 1 in 8 phones in the US, our network is actually huge. The small network thing is a misperception. We bought Tile knowing we could supercharge their previously small network.

swat535
3 replies
16h57m

Please stop promoting your product multiple times in the thread, it feels like spam and doesn't add much value to this discussion.

gnicholas
0 replies
15h34m

Like @RobertRies, I found this comment useful. I've never bought a Tile but now that I know they have this much penetration I'm somewhat more likely to. I also had not seen the other posts by GP, so don't find it redundant.

fphhotchips
0 replies
15h35m

I disagree. There's a clear disclaimer of who they are, and they're responding to a specific criticism.

Their comment at the top level also has that disclaimer and while it's written in a bit of a marketing tone, it adds substantive value to the discussion.

One major value of HN is that we get people who are actively involved in building various pieces of technology directly engaging with the community. When there's a strong disclosure of who they are, that's almost always a good thing. (Of course, some organisations don't encourage that disclosure and that's a little more ambiguous).

RobertRies
0 replies
16h7m

I think it's pretty fair to make this clarification and I don't fault a company for wanting to squash misinformation about their product. I found it to be a useful comment because I had no sense of the scale of the Tile network, and I did have an intuition that it was much smaller.

I have zero affiliation with Tile and I have never bought any device like this of any sort, but this is useful information to me as someone who has been the target of frequent bicycle theft.

The criticism I will agree with is that it does feel worded a with a bit of a corporate polished tone that does give that vibe. edit: I think it's largely the "supercharge" descriptor.

wasteduniverse
0 replies
8h2m

Wow, that's awesome. This is the closest I've been to someone directly exploiting my privacy for financial gain. Thank you for linking that article.

renewiltord
0 replies
12h47m

I was in the location data space. These guys got out completely. It was a big loss to the industry since they had great coverage. They definitely weren’t lying about that.

hn_throwaway_99
1 replies
13h21m

I'm a Tile owner (soon to be ex-owner), and I think your response is a little disingenuous. When Google announced recently they'd open up their Find My Device network to bluetooth trackers, I assumed for sure Tile would be on board. I was dismayed to discover Tile specifically has no plans to join the Android Find My Device network, unlike Chipolo and Pebblebee. So I switched to Pebblebee.

The Life360 network may be sizable but it's going to me nowhere close to the iOS or Android networks, and it's going to get a lot smaller with folks like me leaving. If Tile supported the Android Find My Device network I would have stayed.

hackernewds
0 replies
12h17m

Thanks for pointing me to Pebblebee. Recommend trying it out?

hackernewds
0 replies
12h18m

I lost my wallet in Seattle, which fwiw is a first tier tech city and it still is detected once every 4 days

AndrewDucker
0 replies
12h4m

Thank you, that's useful to know.

hanniabu
4 replies
20h32m

How does the tracking network size affect functionality?

mplewis
0 replies
20h24m

If there are more devices that can see your stolen device, there is a higher likelihood you will be able to track your stolen device.

ihuman
0 replies
20h23m

The devices don't have any GPS. Instead, they have a unique ID that phones see, and report their location to Apple/Google/Tile. If the network is bigger/denser, then your devices is more likely to be detected, and detected more often.

daemonologist
0 replies
19h48m

These trackers work by connecting to nearby phones, with the phone supplying GPS information and uploading it via its cell connection. So a Tile tracker will only get its location updated if someone with the Tile app is nearby, and since Tile users are relatively rare the tracking is only reliable in very busy places.

Apple and now Google trackers on the other hand build this functionality into the OS (or Google's near-OS bundle for Android), so if basically any phone comes within range of the tracker it will provide a location update.

Jtsummers
0 replies
20h26m

How does the tracking network size affect functionality?

Ability to actually find lost items. AirTags are so successful (in the US) because of the ubiquity of iPhones which are, effectively, constantly reporting on the location of detected devices. A smaller network of listening/reporting devices will not be as effective unless it happens to be very popular right in the area the device was lost.

yreg
0 replies
19h12m

You can always glue two Chipolos together. Interesting that they don't offer such product yet though.

KaiserPro
0 replies
4h9m

Tile is essentially useless, especially compared to airtags, annoyingly.

I had a tile, however I fianlly got rid of it when I was unable to locate my keys in my house. It sent me on a wild goose chase saying that it had been last seen near my bins.

I was in the same room as them for the first 15 minute of it beaconing.

Airtags seem to acutally work reliably, and because you don't need the app running, has a good network to find them outside of my house

kjkjadksj
0 replies
20h3m

A true hacker would duct tape the airtag to the android phone and call it a day.

ChuckMcM
20 replies
22h55m

This is great and it came up at dinner last night which is kind of weird.

Had the odd experience of going to a retreat where everyone sat listening to speakers, and then all went to lunch, and then back to the speakers, then all to dinner, then back to the speakers. And my iPhone popped up an alert that there was an airtag following me. (It wasn't of course it was an airtag in another attendee's bag to track their bag which they had with them, near me kind of randomly, but being driven by the same forces of movement :-)).

kstrauser
15 replies
22h46m

My understanding is you should only get the notification if the tag isn't with its owner. That's how it plays out in my personal experience. Back when AirTags were completely broken and didn't support family sharing, I'd get notified if I had my wife's car keys with me only when she wasn't with me, i.e. because I grabbed hers to run a quick errand.

This notification would be utterly useless if that were no longer the case: you'd spend half your time on a flight or bus ride closing the unwanted and unhelpful popups.

lozaning
8 replies
22h35m

I took amtrak from Chicago to DC recently and my phone was constantly trying to tell me I was being followed/tracked cause someone else in the sleeper car had an airtag.

kstrauser
7 replies
22h30m

If that happens again, choose the option to stop notifying you about that specific tag.

(Also, it’s possible someone had slipped a tag into that person’s luggage without their knowledge.)

jtbayly
5 replies
22h23m

It sounds like if it happens again, they can just choose to disable the AirTag completely?

kstrauser
3 replies
22h2m

Not if it's another person's.

Edit: I think I misread that. When you see an AirTag popup, you can choose to ignore it for the day or forever. That's from my recollection. I haven't seen one in ages.

jtbayly
2 replies
21h41m

"iPhone can view the tracker’s identifier, have the tracker play a sound to help locate it, and access instructions to disable it."

I wonder if that last bit requires physical access to the tracker?

kstrauser
0 replies
21h34m

It does. Their instructions for disabling AirTags shows you how to remove their battery. That's a good thing: you shouldn't be able to remotely disable someone else's tracker.

Jtsummers
0 replies
21h36m

  3.13.  Disablement

     The accessory SHALL have a way to be disabled such that its future
     locations cannot be seen by its owner.  Disablement SHALL be done via
     some physical action (e.g., button press, gesture, removal of
     battery, etc.).

  Ledvina, et al.           Expires 22 June 2024                 [Page 26]
  Internet-Draft    Detecting Unwanted Location Trackers     December 2023

  3.13.1.  Disablement instructions

     The accessory manufacturer SHALL provide both a text description of
     how to disable the accessory as well as a visual depiction (e.g.
     image, diagram, animation, etc.) that MUST be available when the
     platform is online and OPTIONALLY when offline.  Disablement
     procedure or instructions CAN change with accessory firmware updates.
     These are provided as part of the onboarding process (Section 7).
https://datatracker.ietf.org/doc/draft-detecting-unwanted-lo...

Yes. Physical access would likely be needed for most of these devices and would be sufficient for satisfying the RFC, based on the examples in section 3.13.

So you might get a notification of a device "following" you because I have a tracker in my bag but no phone (or my phone is off, perhaps; or maybe it's just malfunctioning and mis-reporting as happens sometimes). You play the sound and find out it's in the bag underneath your seat on the bus, but that's my bag. You could attempt to rifle through it and take my tracker and disable it, but I'd probably stop you.

ChuckMcM
0 replies
19h22m

As others have pointed out, no, not without access to the Airtag. That said you can make it beep which will cause the owner some surprise/confusion.

hunter2_
0 replies
17h6m

How can I get my Android to stop notifying me about a specific AirTag? I searched quite a bit and couldn't figure it out.

I get these unwanted alerts every time my wife and I travel with luggage that she's placed AirTags into. I guess my phone thinks the owner isn't present because she doesn't have an iPhone. We both have Android phones, and she also has an iPad which she used to configure the AirTags but it's normally turned off.

rsstack
3 replies
22h36m

I use AirPods Pro but an Android phone. My girlfriend and friends we hung out with would complain about these, so I eventually found a way to turn off "Find my device" on the AirPods by connecting them to my iPad. I now can't track them but also people aren't mad at me for "tracking" them.

beeboobaa3
1 replies
3h43m

Interesting. I've had Apple users recommend AirPods to me before, but I don't own any Apple devices so I already had a feeling it wouldn't work out. Would be insane if they would constantly be generating alerts on others their iPhones.

rsstack
0 replies
3h22m

I think if you use them out of the box, they won't generate the alerts. If I understand Apple's data model correctly, once I paired them to my iPad for the first time, they were enrolled to my iCloud account, and then the tracking system was enabled.

kstrauser
0 replies
22h31m

Huh, good point that I hadn’t considered.

throwaway290
0 replies
13h12m

you should only get the notification if the tag isn't with its owner

My airtag occasionally thinks it's not with me and apple watch wakes me up in the middle of the night even though my bag is in the next room of this tiny flat.

JoBrad
0 replies
19h48m

I get notifications about my daughter’s AirPods following me, when she is with me. My daughter is part of my Apple Family plan, and the AirPods show up in my Find My devices. I thought this article was about handling those notifications, at first.

larsnystrom
1 replies
22h47m

I thought such notices wouldn’t appear as long as the AirTag owner’s iPhone was also near the AirTag? Maybe their battery died though.

hunter2_
0 replies
17h1m

My wife fitted her luggage with AirTags but doesn't have an iPhone (just an iPad, normally turned off). The alerts I get are maddening, but I'd rather receive them than disable all alerting...

bryanlarsen
1 replies
22h10m

Try chaperoning a bunch of kids on a field trip. Half of them have trackers attached to their backpacks, so you get a bunch of those notifications.

datavirtue
0 replies
21h47m

Yeah, I'm still trying to make sense of this, at all. Lots of technobable flying around and no big picture talk. Why the fuck would Google and Apple work together on this AND trash their tech at the same time. Feels like they are trying to stave off regulation.

Someone will find a way around this. It's too fun of a hack to go unanswered for more than a week. Now only the criminals will have this physical tracking ability (well,them and Apple+Google).

notfed
7 replies
21h9m

I'm pretty sure my neighbors are getting tracking alerts for my airtag in my house. The speaker keeps going off.

They're 70 years old. I'm sure seeing "AirTag found moving with you" is confusing them and possibly freaking them out.

I bought the airtag for my dog, but now am having second thoughts, I'm just imagining all the freakouts I'll cause when walking on trails.

lanewinfield
3 replies
21h3m

If I'm not mistaken, you have to be actually traveling (i.e. beyond the house) with an unknown airtag for it to start alerting you. If your neighbors are not traveling with you places, it's probably not what's going on.

Kronopath
1 replies
20h51m

Yes, but it’s not always perfect.

I’ve been notified of an “unknown AirTag” while I was home. When I checked the locations it was seen with me, it was a random zigzag within a block or two of my home.

I’m pretty sure what happened is that the AirTag belonged to one of my neighbours, there were some GPS distortions happening that made my phone think it was moving slightly, it kept hearing the AirTag’s signal, and it assumed I was being stalked while wandering near home. This person might have the same thing happening to them.

kjkjadksj
0 replies
19h58m

Same results with the zig zag for me and a neighbor.

kjkjadksj
0 replies
19h58m

If thats the case, then I must have gotten a stalker the same day as I got a new neighbor moving into the adjacent unit.

Jtsummers
1 replies
21h7m

I'm just imagining all the freakouts I'll cause when walking on trails.

You'd have to follow someone for 30+ minutes without your phone (or other device if you paired it with something else) nearby.

kjkjadksj
0 replies
19h56m

Seems pretty easy to do on popular urban trails to be honest. Some of the trails in my town have a group of people every like 30 feet and its pretty easy to end up keeping pace with them the entire hike unless you walk faster and pass them up.

kjkjadksj
0 replies
19h59m

As soon as the new neighbor moved in I got airtag notifications for days until I silenced them. I can see the prompts being scary/confusing for a lot of people. It basically says "unknown airpod is following you around!!!!" almost making you think you have a stalker that put one on your car, when really its the neighbor getting home from work and tossing their keys on the counter near your wall.

exabrial
7 replies
22h26m

Sigh. I get it there's been a few abuses of the technology... but it was literally already ripe for abuse anyway.

Whether Apple intended this or not: The real world primary use case for AirTags is still tracking stolen crap. I would to _not_ want to alert thieves to the presence of an attached tracker in that case. I guess tracking your lost luggage is likely a #2, but if you were to survey what people were actually using them for, I'm betting it'd be #1 above.

The only way I can think of solving this is allowing a silent mode on the tracker that requires both a private key from the user (to avoid getting NSL'd) and a private key from law enforcement (Apple / Google already have law enforcement portals) and finally one-way hashing the keys and publishing the results to a public irrevocable block ledger. One could see if your key was on the list to see if you Airtag was silenced, but you couldn't pick out specific tags that were silenced. The law enforcement agency's keys would also be hashed and published, allowing us some transparency on who is requesting the most tag silences, so we could monitor the monitors. If this were bundled up in a blockchain, and the tags were programmed only to act on a blockchain, we could avoid abuse and gain a useful feature.

happyopossum
4 replies
22h19m

Whether Apple intended this or not: The real world primary use case for AirTags is still tracking stolen crap.

You're conflating your primary use case with the world's. 95% of the AirTags I'm aware of in the wild in both my family and friends are used for finding misplaced items - not stolen ones.

datavirtue
1 replies
21h45m

Same thing.

AndrewDucker
0 replies
21h25m

A misplaced item I left in the office will not be following a third party about. And so will not be mistaken for stalking them.

chankstein38
0 replies
21h30m

A lot of people seem to have trouble realizing that their experience isn't everyone's experience. Good call out!

HumblyTossed
0 replies
15h48m

You're conflating your primary use case with the world's.

But this is not what you're now doing?

sunshowers
0 replies
15h39m

To be honest, no, as someone with pretty severe ADHD I use trackers exclusively to find stuff I misplaced a few hours ago.

chatmasta
0 replies
21h32m

I would to _not_ want to alert thieves to the presence of an attached tracker in that case

Unfortunately, this is practically indistinguishable from:

I would _not_ want to alert my wife to the presence of an attached tracker in her purse
jtbayly
6 replies
22h14m

Wait, Google is literally the world's largest unwanted tracker, right?

Are they going to alert Android users that they have been tracking them?

foepys
5 replies
22h1m

I'd argue that Apple is operating on the same scale, at least regarding physical presence.

Apple disallows disabling Bluetooth and WiFi easily because it allows them to track their air tags everywhere.

Gigachad
3 replies
21h42m

They don’t “disallow” turning off Bluetooth easily. You can trivially do it via the settings app. The control panel pull down does it temporarily because that’s what most people want. 99.9% of people are turning off wifi because the wifi connection they currently have is acting up. So turning it back on tomorrow so the user doesn’t forget and ends up chewing through mobile data is the obvious best UX.

chatmasta
1 replies
21h28m

Nah, this is clearly a deliberate dark pattern from Apple. They could easily add a long-press option on the Bluetooth icon to fully disable it. But they don’t.

My solution is a Shortcut to disable Bluetooth, triggered by a widget on my Home Screen. It’s annoying that I need to allocate space for that, but at least I can (actually) toggle Bluetooth without opening Settings.

sbuk
0 replies
18h58m

Clearly.

lapcat
0 replies
20h45m

Except that every single iOS update, including today's iOS 17.5, silently re-enables Bluetooth even after you specifically disable it in the Settings app.

FB9992639 "Thank you for filing this feedback report. We reviewed your report and determined the behavior you experienced is currently functioning as intended."

astrange
0 replies
18h59m

It's because people come up with all kinds of cargo cult things they think will increase their phone battery but don't actually matter or make it worse. Going into the app switcher and hand killing all apps is the other one.

y04nn
4 replies
20h54m

You know what would be even better? That they agree on a common standard for interoperability between both systems. They both work in the similar way and do the same thing, this would be great to have a standard.

happyopossum
3 replies
20h49m

FTA:

“Apple and Google have worked together to create an industry specification”

“Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology.”

That’s what is happening here. I’m not sure why people are always quick to assume negatives without doing even the most cursory reading of linked articles.

y04nn
0 replies
20h6m

I should have made my point clear, but I'm referring to the tracking compatibility feature, that an airtag would be compatible for geolocation with the Android ecosystem and vice-versa toward building a global single tracking network instead of having 2 coexisting networks.

talldayo
0 replies
20h27m

I think the problem they're referring to is that we're being dragged through this brouhaha to stop an unintended side-effect from a proprietary network. In an ideal world Android users can detect unwanted Airtags because the protocol is documented and open. In the world we live in, Google has to go out of their way to solve problems Apple is inventing for them.

The only possible interpretation of this is that Apple knows their current system wouldn't survive antitrust inquiries. So they're making a pathetically marginal concession ("well we did let you track the hostile users!") to cement the rationale of a pointlessly insular system. Once again, Apple is refusing to fully solve a fixable problem in order to artificially create a market in which to sell their solution.

Arch-TK
0 replies
10h14m

"Apple and Google will continue to work with the Internet Engineering Task Force via the Detecting Unwanted Location Trackers working group to develop the official standard for this technology."

IOW:

"BigCorpA and BigCorpG will continue to work with Why Must This Task Force No Longer Focus On Progressing The Common Good And Instead Now Need To Focusing On Helping Try To Mitigate The Mess That Big Corps Are Causing via the Trying To Unfuck BigCorpA's Massive Privacy Oversight working group to develop an official standard which only BigCorpA and BigCorpG will have the resources to implement."

xarope
4 replies
11h59m

So if people are sticking these on valuable items, is the use case now for thieves to break into a house, wander around and be alerted when said valuable items (which are hidden or otherwise not obviously evident) are close by?

theshrike79
0 replies
10h26m

They would need to stay in the house quite a while to get the alert.

They can't just go around the house waving a very expensive iPhone to find the items :D

spuz
0 replies
7h9m

An alert will appear only when your phone and an Airtag have been moved to multiple locations together over the last few hours.

janandonly
0 replies
10h57m

You've identified a great use case.

antoniojtorres
0 replies
10h33m

I would hope the threshold that has to be crossed for the alert functionality to trigger is more than a few minutes of proximity. Both items would have to move to together to weed out false positives, otherwise you’d set everything off at an airport terminal…

perfmode
4 replies
21h2m

It's beautiful when we can cross boundaries and agree on fundamental goods that benefit us all collectively.

doublerabbit
3 replies
20h23m

But of course, no messaging. They would rather let us fight for that.

lotsofpulp
1 replies
17h48m

WhatsApp/signal/telegram/Discord/MMS/snapchat/etc

yieldcrv
0 replies
17h29m

America masquerading as a class-free society doesn't address people's desire to have a class-based society, so they seek that freedom where they can

winterdeaf
3 replies
18h43m

This is such a charade. Making "invisible" airtags is trivial [1], and I wouldn't be surprised if such airtags are being manufactured en-masse.

We allowed the creation of a global tracking network under the false pretense of privacy. The entire Find My security model falls apart when considering "malicious" tags, and Apple knew about this from the start.

[1]: https://github.com/Guinn-Partners/esp32-airtag

foota
2 replies
13h20m

In that case, couldn't someone just make a tracker tag using GPS and a mobile connection?

wepple
0 replies
6h7m

GPS+mobile tracker:

- 4x the cost plus ongoing fees

- 2x larger

- can’t buy it at any big box store

- relies on a third party who can also see what you’re tracking

- battery limited to weeks, not years

Accessibility and features make these way more compelling

emayljames
0 replies
9h24m

these devices are way more insidious though, a gps/mobile tracker would have more limitations due to it being less able to be hidden and less mobile.

tristor
3 replies
19h25m

As someone that duct-tapes hidden AirTags in my luggage (replacing former use of Tile, but AirTags have a bigger network and I use an iPhone) this is not good news for me. I have close to a 0% concern about stalkers, and I have a significant concern about thievery while traveling. I have an AirTag in my luggage, on my keychain, in my wallet, and in various other places /specifically/ to ensure that while traveling I can recover my belongings and deter thievery. This just ruined all of that.

jerbear4328
1 replies
18h27m

Well, anti-stalking notifications for AirTags have existed on iPhones (and Androids with an app) since the beginning. This only adds built-in support to Androids as well. So, sorry to break it to you, but your system has always been set up to notify any thieves with an iPhone (or a free app installed). Anti-theft is an anti-goal for the AirTag, and, in my opinion, that is the correct choice, because vigilantism is really not a good idea. What would you do with the location of your stolen item? Report it to the police, they won't do anything, and you shouldn't go to that location, the risk isn't worth it.

matsemann
0 replies
10h1m

Vigilantism is a straw man, though. No one said anything about going to that location. And police being useless isn't necessarily a global phenomenon.

Just knowing that you might be tracked when stealing would have been a massive deterrent. Now you know you can just hang out with the stuff you've stolen half an hour to see if it's tagged, and then take it home without repercussions.

r00fus
0 replies
13h35m

AirTags explicitly claim they aren't for anti-theft. I use them to track my luggage so they don't get sent to the wrong airport, not to deter thievery.

All the same I wonder how this will fare on airlines where many people are doing exactly your setup for their carry-ons.

throwaway63467
3 replies
21h59m

Will this work with malicious tags as well? I.e. tags that are designed to not communicate with a given phone but with other devices nearby? Can that be detected? My understanding is that regular tags will communicate with all phones, but maybe there’s a way to differentiate who to respond to or change identity for every ping? Not familiar with the exact protocol but basically many different tags near a phone wouldn’t trigger the warning, so if a tag can produce multiple identifiers that the adversary controls it could still evade detection?

winterdeaf
1 replies
18h19m

As far as I am aware, there is no way to stop malicious tags without modifying the protocol to authenticate the messages being broadcast as originating form a genuine tag. [1]

Making a tag that is not trackable is currently as easy as flipping a bit in the BLE advertisement. The same message is broadcast to all phones, but yes, a tag could also produce multiple identifiers and evade detection. [2]

[1]: Section 8 of "Abuse-Resistant Location Tracking: Balancing Privacy and Safety in the Offline Finding Ecosystem". https://eprint.iacr.org/2023/1332.pdf

[2]: "Track You: A Deep Dive into Safety Alerts for Apple AirTags". https://petsymposium.org/popets/2023/popets-2023-0102.pdf

HeatrayEnjoyer
0 replies
1h27m

The broadcast isn't signed by some kind of hardware key?

IshKebab
0 replies
20h49m

There's some info about Apple's network here:

https://github.com/seemoo-lab/openhaystack?tab=readme-ov-fil...

Seems like in theory you could do that, though there are definitely heuristics you could apply to detect those tags, depending on how stealthy they are being.

Also on the servers side Apple could just limit you to a reasonable number of tags.

gerdesj
3 replies
18h33m

A German Uni's (Darmstadt) IT mob developed an app called AirGuard that has been doing tracking device monitoring for some years now. I have it running right now.

Why on earth re-invent the wheel? A bunch of clever folk have been doing this for years.

gerdesj
1 replies
17h47m

"and who otherwise value open source"

I hope that we can all applaud and value open source but the world is a mad place.

Android: https://play.google.com/store/apps/details?id=de.seemoo.at_t...

I can't find an Apple version so I might suppose that either Apple's nose is out of joint with regards the name, or an Apple version was never released 8)

In the end this is a very decent resource and it should have been covered off by phone floggers, years ago. It's rubbish that G and A are presenting this as something new that they have come up with.

enhancer
3 replies
20h33m

Just vote with your wallets and maybe they will come up with a better solution because clearly people use them in case of theft

kjkjadksj
2 replies
20h2m

No one will touch theft with a 40 foot pole because then they are effectively calling for vigilante justice and a confrontation is liable to escalate.

kjkjadksj
0 replies
8h7m

Mostly because GTA is a larger crime worth prosecuting, and there are like 4500 car thefts in NYC a year apparently.

For bread and butter theft, a bike theft in this case, an owner tried to get the orange county sherriff involved. They managed to come to where the ping was hitting, knocked on the door, couldn't do anything, had to leave. The bike owner went vigilante in this case and took the bike back, forcing the orange county sherriff dept to release this statement:

"As much as the convenience of technology plays a vital role in the quality of our lives, we want to remind our communities to utilize their local law enforcement services when they've been victimized by a crime instead of placing themselves into harm's way."

"GPS tracking devices, like an "AirTag", are used for tracking property like bicycles, backpacks, etc. Putting such devices onto property items will help you locate those items if missing or stolen; however, pursuing its recovery in a vigilante manner because the GPS device depicts its location could place you into a physically dangerous predicament."

https://abc7.com/ebike-theft-airtag-aliso-viejo/13091749/

For a point of reference on the policing culture in Orange County, they are currently running an ad campaign where they have "Crime doesn't pay in Orange County, you steal we prosecute" plastered on LA city and county busses. Its a little bit more active than other areas to say the least.

jkestner
2 replies
4h18m

I first read this as unwanted alert tracking. Like, I’d love to have my phone intelligently track and block unwanted alerts, from the apps and OS makers that spam me.

Angostura
1 replies
4h13m

Swipe the alert and tap options. You can opt to never see it again, or mute it for as long as you want.

sneak
0 replies
2h22m

I think the issue is that disabling notifications entirely from an application is undesirable; applications (Uber, Starbucks, Walgreens) will send you advertising notifications, but if you disable all notifications for the app because it's spamming you, you don't get notified when your car arrives, your drink is ready for pickup, or that your prescription has been filled.

It would be nice to be able to simply switch to a non-spammy vendor in that case, but that's not how the market works in the US.

j16sdiz
2 replies
10h14m

Can't the attacker(?) just buy a tracking device that don't implement this?

sambazi
0 replies
9h51m

sure, but that's not the point

dragonwriter
0 replies
4h59m

Kind of, in that traditional tracking device aren't aubject to this, but it's more expensive; you can't both leverage Apple or Google's network of devices as BT location receivers to track the target and “not implement this”, since this isn't something implemented by the tracking device but by the receiver networks.

cm2187
2 replies
22h10m

Will be fun in a train full of passengers and tracked luggages moving all together.

sigwinch28
1 replies
22h1m

At least for AirTags before today, this functionality allegedly only triggers when the device is not near one of the owner’s iPhones/iPad/Macbooks.

OsrsNeedsf2P
0 replies
17h12m

Will be fun on a United plane full of passengers and tracked luggages moving all together.

Happy?

The28thDuck
2 replies
17h46m

It’s awesome that they are doing this, but doesn’t that incentivize people to use trackers that are not to that specification?

theshrike79
1 replies
10h21m

People always worry about malicious tracking and conveniently forget that you could buy GPS+cellular trackers years and years ago. They are 100% undetectable and very precise.

AirTags always need an iDevice to be close by to update their location.

wepple
0 replies
6h4m

They are 100% undetectable

Nit: they’re very very detectable, just not using your off the shelf phone.

solardev
1 replies
20h26m

I wish I could figure out how to configure my own trackers to stop beeping at me. I previously had an iPhone, but switched to an Android, and now my Airtags all think they're someone else's – even though they come home to the same place as my iPad and Mac every night. I can't figure out how to tell Apple they're actually mine, so they just keep randomly chiming in my backpack every few days... and my Android phone keeps warning me :(

Bloating
0 replies
15h21m

It all belong to the fruit, including you

phartenfeller
1 replies
6h57m

I want a feature to save a tracker as unharmful. Friends of mine carry AirTags on their keys, and if I go for a walk with them, I get the tracker alert every time.

ultrafez
0 replies
5h41m

Strange. It shouldn't alert you unless the AirTags aren't connected to their own phones - do they leave their phones behind when going for a walk?

nottorp
1 replies
9h45m

Wait... are they alerting you about tracking that you don't want? Or are they tracking you even though you don't want it?

And to nitpick, what kind of tracking do you actually want?

emayljames
0 replies
9h41m

Basically this is to stop stalking, where a partner or stranger is using these devices to secretly track the victim.

gnicholas
1 replies
21h33m

Will this affect battery life? I can see how Apple's proprietary AirTags don't affect battery (of smartphones around them) much, but if they're trying to detect other companies' trackers it seems less likely that the battery impact is quite so minimal.

AndrewDucker
0 replies
21h22m

It's exactly the same protocol. That's the point.

Nevermark
1 replies
21h54m

So if someone steals my luggage they can drive around with it until it alerts them and they turn my luggage tracker off?

I am not complaining.

What it amounts to, is that the digital world enables so much information gathering and using flexibility, we need fine grain permissions and controls for our devices and services, so they "do the right thing" for all kinds of corner cases.

But we don't have an information infrastructure for that, so the best we can do is balance concerns.

LeoPanthera
0 replies
21h51m

So if someone steals my luggage they can drive around with it until it alerts them and they turn my luggage tracker off?

It's a common misconception that Airtags and similar products are designed to help you locate stolen items.

They not. "Tracker on stolen device" and "Tracker planted for the purposes of stalking" are indistinguishable situations.

They're to help you find things that you lost. They're amazing for that. They're sometimes helpful for finding stolen things too, but that is a side-effect.

HumblyTossed
1 replies
15h50m

So, why even bother with an Airtag then? I mean, they're useful in luggage and things that are easily stolen, so this just destroys any usefulness in that capacity. I bet you see a huge drop in Airtags being purchased.

nexus7556
0 replies
15h49m

Its more than just theft. I've used airtags to find luggage misplaced (but not stolen) by airlines.

xyst
0 replies
17h40m

What about the unwanted tracking at browsers, within apps, across websites, device fingerprinting, and GPS triangulation?

Oh wait, these companies need this to squeeze more ~~money~~ value out of paying customers.

userbinator
0 replies
18h13m

I believe the title parses as "(unwanted tracking) alerts", and not "unwanted (tracking alerts)" as I read it initially.

sneak
0 replies
18h57m

This is only possible because the unique identifier that an AirTag transmits only rolls over once per day.

This means with a network of trackers, it is possible to track the location of a single airtag over the course of a 24 hour period even if you aren’t the owner.

shermozle
0 replies
16h35m

And here I was reading that headline and thinking it'd allow me to be notified when creepy adtech is stalking me. Of course not.

ryukoposting
0 replies
17h7m

"Specification-compatible" is doing a LOT of heavy lifting here. Sure, there are plenty of well-behaved companies making standards-compliant beacons, but there's nothing preventing proprietary approaches. Even with RPA it should be possible to implement "unwanted tracking" alerts for BT devices showing any given profile in their advertising data.

ro_sharp
0 replies
8h51m

Great, now I’ll get more than two or three of these every day just because I live in a mildly dense city centre…

poszlem
0 replies
20h44m

What truly bothers me as a user of both an iPhone, an airtag, and a Samsung, is the seemingly nonexistent option to "ignore this AirTag forever". I usually leave my iPhone at home, carrying my AirTag in my wallet. Yet, every day, I receive a notification about an AirTag tracking me. I wish there was a way to permanently disable this alert.

majestic5762
0 replies
10h1m

They want to be the only ones spying

imwillofficial
0 replies
20h4m

Excellent work teams. Now expand the tracking networks to each other's phones.

harshaw
0 replies
19h14m

I have two airtags on me at all time. So my wife can find my wallet or my keys. I have an android. The iPhone network is larger so Apple seems more useful. And I can do nothing about these alerts.

euniceee3
0 replies
15h42m

Two points here: AirGuard provides tracker alerts without opting into any of the tracking networks.

With Find My disabled, these Tracking alerts do not work.

downWidOutaFite
0 replies
20h26m

AirTag, Find My accessory, or other industry specification-compatible Bluetooth tracker

What is this other industry spec?

Chipolo, eufy, Jio, Motorola, and Pebblebee

What about Tile?

chobytes
0 replies
1h48m

Seems kind of pointless. The tech for tracking is widely available and straightforward to use. Has been for decades.

LeoPanthera
0 replies
21h50m

I'd like to repost this as a top-level comment because a lot of people are complaining about the same thing:

It's a common misconception that Airtags and similar products are designed to help you locate stolen items.

They not. "Tracker on stolen device" and "Tracker planted for the purposes of stalking" are indistinguishable situations.

They're to help you find things that you lost. They're amazing for that. They're sometimes helpful for finding stolen things too, but that is a side-effect.

Bloating
0 replies
15h10m

Based on the forums comments there is so much stalking, that everyone is stalking someone. Or, is this just a Cali thing?

At least it explains why the roads are so busy. Though, I thought everyone was working from home... which would make stalking yourself much easier.