from Hacker News

Apple reveals more about AirTag stalking protections

by roguson on 4/30/21, 2:16 PM with 131 comments

  • by djrogers on 4/30/21, 4:58 PM

    There are a lot of comments here about how useless these protections are, because A or B already exist, or C works better for stalking.

    I think most of those comments are missing the real point here. If an Apple product were ever used to stalk - or God forbid, harm - an individual, it would be a big national story. If a Tile or a Samsung tag (or an amazon gps tracker made for stalking) were used in the same way, it would likely only be mentioned in passing if the story were reported at all.

    That's why it's so important for Apple to do this. Additional benefit - this may push other vendors to do similar things, pushing stalkers back to more tailored devices. That's still helpful, as it's a lot easier to show intent if someone uses a device like that (as opposed to 'whoops, I lost my airtag).

  • by w0mbat on 4/30/21, 4:13 PM

    All these stalking counter-measures make it useless if your device is stolen rather than mislaid.

    If my bag is stolen I want it to contain a hard to find device, not one that gives away its position (by warning the thief). I also want an easy mechanism to give the police temporary access to track it, til they catch the thief and get my stuff back.

  • by gnicholas on 4/30/21, 11:28 PM

    > If you are an iPhone user, for instance, and someone has placed an AirTag on your person, your phone will eventually alert you that an AirTag that isn’t yours has been found “moving with you.” Apple didn’t clarify how quickly or often this alert will arrive, but it did share that it will occur when you arrive at your home (the address stored in your Apple “Me” card) or at certain other locations that your phone has learned you frequent over time. Apple declined to disclose further specifics, citing the interest of public safety.

    It’s not great that the alert won’t trigger until you get home. At that point, the stalker now knows where you live.

  • by smiley1437 on 4/30/21, 4:26 PM

    I'm curious - does Tile have similar protections for their devices?

    Because I found this article that says Tile trackers were used by bad actors

    https://blog.malwarebytes.com/stalkerware/2019/07/helping-su...

    So, if Airtags have stalking protections, why wouldn't I just use a Tile to track someone? They're sortof in the same ballpark of price and size.

    Is it because Apple's scale is so wide that it makes their Airtags significantly better for stalking?

  • by avalys on 5/1/21, 1:39 AM

    “Instead, an AirTag that has not paired locally with its iPhone in three days will emit a sound.”

    Ugh, so if I’m gone for longer than a weekend all my stuff at home is going to start beeping? I’m sure my roommate will love that.

  • by fasteddie31003 on 4/30/21, 4:52 PM

    I really hope these Airtags can reduce theft. Living in SF I had so many bikes, bags and motorcycles stolen. I'd love to have an Airtag in these things and show the police where my stolen item was. I wonder what law enforcement's response is going to be with the airtags? Will having an Airtag's location be enough for a warrent? Will people become vigilantes and try to get their stuff back without law enforcement?

  • by vaillant on 4/30/21, 4:01 PM

    This really feels like a losing battle - especially the part where you only get warned about being stalked by the AirTag if you have an iPhone. Having the technology to know where things are is great but we need to figure out how to account for bad actors somehow.

    I don’t have answers but tech companies can’t create the tools that enable harm and then wash their hands of it. Good for Apple for doing _something_, points for effort.

  • by dang on 4/30/21, 11:18 PM

    Url changed from https://9to5mac.com/2021/04/30/airtag-stalking-protections/, which points to this.

  • by londons_explore on 4/30/21, 11:49 PM

    How exactly can stalking protection work with apples claim that the system doesn't provide any outsider or apple themselves the ability to track your airtag?

    Surely stalking protection is doing exactly that? Couldn't I take a modded/hacked iPhone and track somebody elses tag all day long from near the edge of UWB range?

    Apples original paper [1] said the signals emitted contained no unique/trackable identifier except to the key-holder who could link together all the rolling keys. Yet that can never offer this stalking protection feature.

    Have Apple dropped the privacy protections they had in mind to enable this anti-stalker feature?

    [1]: https://www.wired.com/story/apple-find-my-cryptography-bluet...

  • by ibudiallo on 4/30/21, 4:52 PM

    Ok, so I made these things called OttoTags in 2017. Think of them as AirTags with QR code instead (I'm a solo dev)

    From what I understand, when you find an airtag, you connect it to your device and it gives you the owners contact info. Anyone can get your phone number.

    When you find an ottotag, you scan it and you contact the owner through ottomon. From here the GPS location is captured and communicated. All interactions are done through the service (ottomon.net). This layer act as a security layer where we filter out spam and possibly stalkers based on past behavior and other heuristics.

    The two parties can communicate without revealing any information about themselves. So yeah, Apple could have made it much simpler, but they are my competitors now so let's keep this between us.

    Edit: For more info -> https://www.ottomon.net/blog/privately-communicate-on-ottomo...

  • by BitwiseFool on 4/30/21, 4:03 PM

    I must have lived a sheltered life because none of these concerns crossed my mind.

  • by bombcar on 4/30/21, 3:51 PM

    If you really want to track someone it's not that hard to just buy an iPhone and turn "find my iPhone" on and slip it somewhere. You could even hardwire it into a car so it remains charged.

  • by nixpulvis on 4/30/21, 4:58 PM

    Here's a crazy hypothetical for some mulling...

    Let's say an abuser does use this, and goes on to track someone and then kills them (or commits some other very serious crime). The cops get involved, they start looking into it and discover (through a lapse in other privacy elements of this technology) that a third-party's iPhone was the one that gave away the location.

    What are the third parties' legal defenses from the law to avoid being labeled an accomplice here?

  • by Invictus0 on 4/30/21, 3:38 PM

    Are these domestic abuse activists aware that GPS tracking devices already exist and have existed for a long time? See here for an example [0].

    [0]: https://www.amazon.com/Real-time-Tracker-Worldwide-Coverage-...

  • by RcouF1uZ4gsC on 4/30/21, 3:57 PM

    It seems that people already in that situation are already very vulnerable and AirTags don’t really add that much new vulnerability.

    If someone has physical access to you and your devices, it will be very hard for you you be sure they are not tracking you. With a lot of Android devices, you can root them and get access to a ton of location data.

    Many apps also store your location data. You can also side load apps that would do this even more so.

  • by jakear on 5/1/21, 2:41 AM

    This is such an amazingly terrible invention I have no clue where to begin. How many people will be sexually assaulted by predators planting these devices in the bags of unsuspecting folks at bars and tracking their every location? How many domestic abuse survivors will be terrorized by their abusers planting the tag on some possession then having access to their every location? Hell, how many folks will be burglarized by criminals who plant the tag on their car and can see when someone is away for on a distant vacation.

    Some technology very much should not exist. “Tags that use an unsuspecting victim’s own phone to report their location back to a would-be criminal without their consent” is definitely on the list.

    That being said, there are very easy ways to make this unusable for these cases, and I have no clue why they haven’t been implanted. Off the top of my head: a notification any time a tag has been away from it’s owners device for more than X time and has been around your device for at least Y time since, saying “it looks like XXX’s airtag has been lost and is with you, click here to message them”. Yes, this would sacrifice the privacy of the airtag owner, but it’s an opt-in, they only suffer if they buy an airtag. Compared to as-is a completely random unsuspecting person with no involvement in the ecosystem has both their privacy and security compromised.