Tracking Tags (AirTag, Chipolo, etc)

Are there any half decent privacy respecting tracking tags?

I saw Chipolo and was considering it, but saw they don’t have the best privacy policy…

That said, I am using GrapheneOS on my phone. I was considering creating a separate user profile. Downloading the Chipolo app on said profile, but blocking its access to the internet and location services until I need to locate what I’ve put the tracker on.

Thoughts?

Bump, will like to know as well.

Bump. I was researching this today.

I don’t think there is any privacy-respecting tracking tags, the only thing we could have are tools designed to protect yourself from being tracked by these tags like AirTags, one example of this is AirGuard, available on F-Droid.

Should a tool like this be recommended on PG?

I think airtags solve a fundamental problem, but they have to be designed from the ground up in terms of privacy.

the specs being discussed for this show some promise.

I haven’t seen any indication yet that the specs being proposed by Apple/Google are going to address this problem, currently they’ve overcorrected a bit too much towards anti-abuse and away from tracker privacy, with a huge 24 hour rotation window :confused:

[…] Apple developed a particularly thoughtful mechanism to regularly rotate the public device identifier—every 15 minutes, according to the researchers. This way, it would be much more difficult for someone to track your location over time using a Bluetooth scanner to follow the identifier around. This worked well for privately tracking the location of, say, your MacBook if it was lost or stolen, but the downside of constantly changing this identifier for AirTags was that it provided cover for the tiny devices to be deployed abusively.

In reaction to this conundrum, Apple revised the system so an AirTag’s public identifier now only rotates once every 24 hours if the AirTag is away from an iPhone or other Apple device that “owns” it. […]

[…] researchers say that these changes have created a situation where AirTags are broadcasting their location to anyone who’s checking within a 30- to 50-foot radius over the course of an entire day—enough time to track a person as they go about their life and get a sense of their movements.

“We had students walk through cities, walk through Times Square and Washington, DC, and lots and lots of people are broadcasting their locations,” says Johns Hopkins cryptographer Matt Green, who worked on the research with a group of colleagues, including Nadia Heninger and Abhishek Jain. “Hundreds of AirTags were not near the device they were registered to, and we’re assuming that most of those were not stalker AirTags.”

This requires leaving your Bluetooth, location and Wi-Fi on at all times which isn’t a good solution.

1 Like

Apple claims to use end to end encryption for their airtag location data (An update on AirTag and unwanted tracking - Apple (AU)). Who knows exactly what this means and what metadata is still being sent, but it’s more than I’ve heard from any competitors. You may be out of luck if you don’t have an apple device though.