Tracking Tags (AirTag, Chipolo, etc)

Are there any half decent privacy respecting tracking tags?

I saw Chipolo and was considering it, but saw they don’t have the best privacy policy…

That said, I am using GrapheneOS on my phone. I was considering creating a separate user profile. Downloading the Chipolo app on said profile, but blocking its access to the internet and location services until I need to locate what I’ve put the tracker on.

Thoughts?

Bump, will like to know as well.

Bump. I was researching this today.

I don’t think there is any privacy-respecting tracking tags, the only thing we could have are tools designed to protect yourself from being tracked by these tags like AirTags, one example of this is AirGuard, available on F-Droid.

Should a tool like this be recommended on PG?

I think airtags solve a fundamental problem, but they have to be designed from the ground up in terms of privacy.

the specs being discussed for this show some promise.

I haven’t seen any indication yet that the specs being proposed by Apple/Google are going to address this problem, currently they’ve overcorrected a bit too much towards anti-abuse and away from tracker privacy, with a huge 24 hour rotation window

[…] Apple developed a particularly thoughtful mechanism to regularly rotate the public device identifier—every 15 minutes, according to the researchers. This way, it would be much more difficult for someone to track your location over time using a Bluetooth scanner to follow the identifier around. This worked well for privately tracking the location of, say, your MacBook if it was lost or stolen, but the downside of constantly changing this identifier for AirTags was that it provided cover for the tiny devices to be deployed abusively.

In reaction to this conundrum, Apple revised the system so an AirTag’s public identifier now only rotates once every 24 hours if the AirTag is away from an iPhone or other Apple device that “owns” it. […]

[…] researchers say that these changes have created a situation where AirTags are broadcasting their location to anyone who’s checking within a 30- to 50-foot radius over the course of an entire day—enough time to track a person as they go about their life and get a sense of their movements.

“We had students walk through cities, walk through Times Square and Washington, DC, and lots and lots of people are broadcasting their locations,” says Johns Hopkins cryptographer Matt Green, who worked on the research with a group of colleagues, including Nadia Heninger and Abhishek Jain. “Hundreds of AirTags were not near the device they were registered to, and we’re assuming that most of those were not stalker AirTags.”

This requires leaving your Bluetooth, location and Wi-Fi on at all times which isn’t a good solution.

Apple claims to use end to end encryption for their airtag location data (An update on AirTag and unwanted tracking - Apple (AU)). Who knows exactly what this means and what metadata is still being sent, but it’s more than I’ve heard from any competitors. You may be out of luck if you don’t have an apple device though.

I’m curious about what PG thinks the lesser evil is if we do want to purchase one of these tags in case your (house) keys or wallet get lost.

I too am curious.

I would like a tag just for my luggages in case they get lost. I would turn them on only at the airport, then as soon as I arrive to destination, I would turn it off. Isn’t there something that exist which doesn’t need a phone? There are so many stories I heard from people, losing luggage seems more common then before.

I imagine something like this:

1. You turn the device ON only before you give your luggage. There is a test connection via Bluetooth to make sure the device is linked with your phone.
2. You set a time of departure.
3. At the time of departure (or 10 minutes before), a notification asks you to turn on your Bluetooth.
4. A connection is made with the luggage while you’re in the plane, confirming your luggage has been loaded.
5. Same process at arrival.

Would using uTag have any privacy benefits at all? Also wondering if anyone would know of any good and privacy respecting GPS trackers?

Also wondering about this one!

Maybe something like this could be a good solution?

I anyway do think that a physical device alongside the phone would be better, no way to have a good battery and decent UX if the phone is supposed to be the one to be recovered at all times.

This looks really promising, but after reading on their website, I’m not sure how it works?

It says it works offline, so how does the mesh network work? Only with bluetooth?

Could it be that the offline tracking they suggest relies on pre-downloaded maps and an app that can track the tag in accordance to where the tag last had contact with the app? GPS works without cellular data of course, but how would you find the tag only by having GPS? They must “talk” somehow? I’m curious!

Anyway, I was looking for something more convenient to have on a dog and with not too many privacy trade-offs. Was even thinking about having Paralino (https://paralino.com/) on some little device that could be tucked away in some harness or collar or so, but seems like a hassle with charging or even finding another convenient device to have it on. Would some smartwatch work maybe? Maybe with Gadetbridge or so? And as for the Samsung tag I was thinking that the UWB function could be useful for having in luggage and whatnot if that ever got lost, or even on a dog in more populated areas than what I live in.

I read more about the WisMesh and I think this would actually work. I put it on my list to buy and try.

Here’s a summary:

The WisMesh Tag is a tiny, badge‑style Meshtastic device that lets you track your location and send mesh messages without cellular or Wi‑Fi. It’s lightweight, waterproof, and runs for 2–3 days with GPS active. When powered on, the firmware continuously reads GPS data and packages it into LoRa packets. Those packets are broadcast to any nearby Meshtastic nodes (handheld radios, other tags, or gateways). Each node relays the messages, creating a self‑forming mesh that can cover many kilometres.

The mesh network is also open-source: GitHub - meshtastic/firmware: The official firmware for Meshtastic, an open-source, off-grid mesh communication system.

When receiving the device, it is important to:

1. Update the firmware meshtastic --port /dev/ttyUSB0 --flash.
2. Change the default encryption key meshtastic --set channel_key abcdef1234567890abcdef1234567890.
3. Configure each node’s settings through the web UI.
4. Test.
5. Make sure to always have an up to date firmware.

Good to know:

1. Meshtastic firmware encrypts every LoRa packet with a symmetric key that you set on each node. As long as you keep that key secret and don’t share it publicly, only devices that know the key can read the payload (GPS coordinates, chat messages, etc.).
2. The tag talks only to nearby LoRa radios and to any gateway you connect to the mesh. There’s no built‑in cellular modem or automatic upload to a remote server, so the device itself doesn’t push data to a third‑party cloud.
3. All location data stays within the mesh unless you deliberately forward it to a gateway that then relays it to a server (e.g., for a web dashboard). You decide whether a gateway exists and what it does with the data.
4. Some community setups run public gateways that publish mesh traffic to the internet. If you connect to such a gateway, your GPS traces could become publicly visible.
5. All nodes are peers – there is no central server – and they forward each other’s packets until the data reaches its destination.
6. Because the tag is small and portable, someone who physically obtains the device could extract the stored key (if not protected) and later decrypt past packets that were recorded on the mesh.

I’d recommend watching a few videos about similar Meshtastic products to understand the shortcoming of the tech tho:

• https://youtu.be/0A7A-CSd3e4
• https://youtu.be/1_lbvqCQnMY

And a few others before pulling the trigger on those products.

Thanks for the share!

I believe my use case is strictly making sure that my bags are loaded on the plane, so after watching your 2 videos, I believe this would still work.