[HN Gopher] AirGuard: Protect yourself from being tracked by Air...
___________________________________________________________________
AirGuard: Protect yourself from being tracked by AirTags and Find
My accessories
Author : commoner
Score : 132 points
Date : 2021-09-18 17:48 UTC (5 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| azinman2 wrote:
| > Our goal is to protect privacy and to find out how many people
| are opposed to tracking.
|
| Asking how many ppl are opposed to tracking is a silly question
| that won't get you anywhere -- it's answer in a vacuum doesn't
| make sense as it needs to be contextualized. "Are you ok with
| google seeing your IP so they can sell you ads to give you free
| YouTube" is an example of context where people see trade offs.
| Most people won't understand the full spectrum of what's going
| on, and if it all in the end results in just ads, many are fine
| with that as long as they're getting free stuff with it.
|
| The bigger questions on societal level trade offs shouldn't be
| answered by lay people but rather regulation in the name of
| public interest.
| bogwog wrote:
| Google doesn't just "see your IP" to sell you ads. They collect
| a lot more information about you than that, so I don't know why
| you consider your question to be more useful than the one you
| quoted.
|
| Neither one provides enough information for the average person
| to give an informed answer. They're both equally
| biased/leading, but in opposite directions.
| akomtu wrote:
| Legislation is the proper protection here.
| bloodyplonker22 wrote:
| Government intervention is not the answer to everything. It is
| slow and inefficient.
| [deleted]
| orangepanda wrote:
| Kidnapping is already illegal. Curious, it still happens
| akomtu wrote:
| Name one company in the US that's built business around
| kidnapping.
| johnhenry wrote:
| Right Direction (http://www.rdas.net/)
| randyrand wrote:
| I'd like protection against devices not made by US
| companies too
| hef19898 wrote:
| Well, since Apple isn't owning its own phone production,
| that would have interesting consequences, wouldn't it?
| KingMachiavelli wrote:
| The tracking using Airtags has very little to do with Apple or
| any entity that could be controlled via legislation. Airtags
| themselves don't allow a non-owner to access location data
| anyway.
|
| The tracking via Airtags is just putting a device on someone's
| person without their knowledge. That is already illegal but
| unless you know a crime has been committed you are SOL.
| katbyte wrote:
| Not to mention you can detect an airtag, cellular devices
| your out of luck
| hughes wrote:
| Is there a specific policy you think should be legislated that
| would prevent unwanted tracking?
| akomtu wrote:
| A blanket ban on hoarding, storing and selling personal data
| for any purposes other than natsec. Basically, treat personal
| data like nuclear materials in the laws.
| smoldesu wrote:
| I wasn't onboard at first, but I actually think that's a
| pretty reasonable take to have on it. Apple _should_ be
| allowed to implement Find My, but only as an open standard
| that other manufacturers can implement so they can also
| have safety features. Simply notifying every iPhone isn 't
| going to stop someone from putting it in a kid's backpack,
| tracking your vehicle, or any other obvious edge case.
| There are lots of solutions here, but all of them involve
| Apple tipping their hand: something they've vehemently
| opposed in the past.
| aeontech wrote:
| As of spring 2021 they actually opened up the Find My
| spec for third party manufacturers [1] - that's how those
| electronic bikes and headphones can have built-in Find My
| tracking now.
|
| [1]: https://developer.apple.com/find-my/
| crooked-v wrote:
| How does that relate to AirTags (or similar devices, like
| Tile)? The companies that make these trackers aren't
| selling the data to anyone external, only displaying it to
| the person who bought the device.
| akomtu wrote:
| Tracking someone like that would be a felony, ideally,
| with an order to stop operations for the company who's
| facilitating it. Using my analogy above, that's like
| dropping a bag with nuclear waste into someone's pocket.
| dylan604 wrote:
| Couldn't this fall under stalking legislation?
| crooked-v wrote:
| > with an order to stop operations for the company who's
| facilitating it
|
| So, you want to shut down all manufacturers of phones,
| GPS devices, and Bluetooth devices? Because that's what
| you're asking for here.
| psychometry wrote:
| That should be a clear indication your analogy is
| garbage...
| jounker wrote:
| Great. So you just made an app that helps bike thieves find the
| airtag hidden in my bicycle.
| bogwog wrote:
| Why would you assume the bike thief doesn't have an iPhone?
| justblender wrote:
| >If a devices follows you, you will get a notification in less
| than an hour!
|
| Not sure if this is right for me, my wife could cheat on me
| faster.
| KingMachiavelli wrote:
| Pretty cool but why does it have to be limited to AirTag or any
| specific devices? It would be easy to expand it to keep track of
| any nearby Bluetooth device and a corresponding whitelist. (Or do
| AirTag devices rotate Bluetooth MACs?)
|
| Airtags are just one implementation of a Bluetooth transmitter
| and a long life battery but anyone could probably build a similar
| device dedicated to tracking with off the shelf parts.
| tinus_hn wrote:
| AirTags, like all Apple devices, use randomized Bluetooth
| addresses, otherwise they allow scanners to follow their users
| location over time.
| ollien wrote:
| I don't think that's an Apple thing, but rather a BLE thing,
| isn't it (though technically opt-in)?
|
| https://www.bluetooth.com/blog/bluetooth-technology-
| protecti...
| jeroenhd wrote:
| Airtags are the only devices (that I know of) that can leverage
| a worldwide network of iPhones to transmit their location
| rather than a power intensive LTE or GSM link. They also don't
| require any external antennae for location determination like
| those GPS trackers stalkers use.
|
| Those features make make AirTags more practical for any use,
| good or bad. They do rotate Bluetooth MAC addresses so only you
| and Apple can follow where the tag has been, supposedly.
|
| Furthermore, if your target has an iPhone, you can partially
| leverage their phone against them. Of course Apple saw this
| coming and added a warning. If you're on Android you'll have to
| rely on apps like these (or the theoretical app Apple promised
| at some point) to prevent AirStalking
|
| Tile has offered a similar mechanism for years but the lack of
| a worldwide network of automatic data collection points makes
| their network a lot less useful for good or bad people.
| btown wrote:
| A prominent group of Virtual YouTubers (whose talents use
| avatars and keep their real identities anonymous) recently
| needed to stop allowing fans to send gifts to talents,
| despite them always having been screened, because the gifts
| might contain AirTags that could ping the sender when they
| arrive ina talent's home. It's not that this wasn't possible
| before, but it suddenly became _easy_ for a would-be stalker
| to execute the attack.
|
| A tool like this that _reliably_ detects AirTags rather than
| relying on whatever heuristics Apple uses to say "an AirTag
| is following you" would be invaluable for people's opsec, be
| they performers or journalists or anyone else desiring
| anonymity.
| katbyte wrote:
| Tile will now leverage Amazon sidewalk to have a similar
| affect - which is all alexa and ring doorbells I think?
| wasmitnetzen wrote:
| Amazon Sidewalk isn't really a worldwide thing. Amazon has
| a localized website in only 20 countries, my guess is that
| in most other countries there aren't many Alexa and Ring
| devices.
| judge2020 wrote:
| Same difference. The majority of people reading this are
| regularly within a half mile of a Sidewalk device (well,
| the ones that work on 900MHz) and might be wary of a Tile
| being used to track them as well.
| politelemon wrote:
| It irks me that the onus of not being tracked is on the
| "target" themselves.
|
| Further, there's no protection if you have no smartphone but
| are in a dense population area surrounded by devices that are
| part of this surveillance network.
|
| There is no aspect of this that is privacy friendly except
| for the hand waving.
| mikestew wrote:
| There's protection even if you're standing there naked
| (except for the AirTag, of course, that has been secretly
| duct-taped to your buttocks): if the paired phone isn't
| around, the AirTag makes noise. I can confirm this because
| my spouse is currently out of town, and I've grabbed her RV
| keys a couple of times to put stuff in the RV. And every
| time I pick the keys up, the AirTag goes off. It eventually
| shuts up _just_ shy of my threshold of looking for a way to
| turn it off. (Or I could just make sure to grab my keys
| instead of hers. -\\_(tsu)_ /- )
| cianmm wrote:
| You can remove the battery pretty easily thankfully, if
| it's annoying you.
| https://found.apple.com/airtag/disable#
| UncleEntity wrote:
| > There's protection even if you're standing there naked
| ... if the paired phone isn't around, the AirTag makes
| noise.
|
| Unless someone piggybacks on Apple's find my network
| using their own hardware.
|
| I read the specification and turned my laptop into an
| airtag clone one day I was particularly bored, really
| isn't complicated.
| Andrew_nenakhov wrote:
| It is trivial to damage airtag to disable the dynamic. So
| a committed stalker will do it without difficulty.
| mwint wrote:
| At some point, a committed stalker has access to lots of
| other options for stalking that are easier than the
| AirTag game.
| dragonwriter wrote:
| > Airtags are the only devices (that I know of) that can
| leverage a worldwide network of iPhones to transmit their
| location rather than a power intensive LTE or GSM link
|
| Sure, but "of iPhones" is doing a lot of work in that
| sentence. Worldwide network of <users of some common hardware
| or software> generally isn't as uncommon.
| spookthesunset wrote:
| > Airtags are just one implementation of a Bluetooth
| transmitter and a long life battery but anyone could probably
| build a similar device dedicated to tracking with off the shelf
| parts.
|
| There is nothing Dropbox does that can't be done with rsync.
| eatbitseveryday wrote:
| This seems to notify you of nearby tags but does not disable them
| in some way.
| bloodyplonker22 wrote:
| Think about what you just suggested. If I could arbitrarily
| disable airtags around me, I could go around in public and
| disable everyones' airtags.
| daniel-thompson wrote:
| How would an app on device A disable device B?
| KingMachiavelli wrote:
| Airtags do allow non-owner devices to disable some
| functionality such as turning off the alarm. I doubt they let
| you turn off the tracking since that would completely defeat
| the anti-theft aspect of Airtags.
| rootusrootus wrote:
| > I doubt they let you turn off the tracking
|
| I'm not sure how they would even do that in the first
| place, since the AirTag doesn't track anything.
| KingMachiavelli wrote:
| I meant it could let you turn the device 'off'? Sure the
| AirTag isn't the device doing the tracking but if it
| isn't broadcasting itself then other devices can track
| it.
| judge2020 wrote:
| Although, if you find one, it's trivial to remove the
| battery or smash it with a hammer.
| herf wrote:
| Constant buzzing would presumably make the batteries run out.
| smoldesu wrote:
| You need a separate app for that, I think I've heard it called
| "Ball-peen Hammer"
| paxys wrote:
| I understand using it for keys and stuff, but attaching airtags
| to valuables and carrying them out in public has to be the
| stupidest idea ever. Apps like these are soon going to turn them
| into "steal me!" beacons.
| psychometry wrote:
| Please explain to me how a thief is going to use the existence
| of this tech to enable theft.
| schrodinger wrote:
| I think their point is that knowing there's an air tag on
| something nearby indicates it's probably something of value
| worth stealing.
| acdha wrote:
| How often is that something otherwise invisible, however?
| Like if I put one on my bike are there really many thieves
| who would otherwise not have considered it? I'm sure there
| are some small things which are relatively covert but it
| seems like a relatively uncommon situation.
| jedberg wrote:
| Feel free to steal my daughter's water bottle. I don't
| track it because it's valuable, I track it because she's
| irresponsible.
| Jcowell wrote:
| I'm confused about the difference between keys and valuables
| (as if keys aren't valuables). Both suck to misplace and it's
| helpful being able to find their pinpoint location or event of
| separation.
| TeMPOraL wrote:
| > _With the app you can play a sound on AirTags and find it
| easily._
|
| I wonder how it does that. Unauthenticated BLE characteristic?
| This would imply anyone could force an arbitrary AirTag to make a
| sound. Obvious application: force _all_ AirTags nearby to keep
| making sounds.
| shreddit wrote:
| Seems so, there's a constant named AIR_TAG_SOUND_CHARACTERISTIC
| with this value: 7DFC9001-7D1C-4951-86AA-8D9728F8D66C
| ollien wrote:
| The small evil part of me wants to extract this part of the
| source and just bring my phone onto public transit for a
| while to see what happens.
| Aulig wrote:
| Now I'm curious too - if you decide to do it, let me know
| :D
| Scoundreller wrote:
| You don't AirDrop cat photos to people at mass gatherings?
| jdavis703 wrote:
| Why annoy people like this? My e-bike has Find My tracking
| built in to the firmware. As long as you don't steal my bike
| you have no privacy concerns from me securing my bike. Even
| better I can track my bike down without involving the police,
| so the potential thief doesn't even have to worry about being
| shot by some trigger happy cop.
| tdfx wrote:
| In many areas of the US, that trigger happy cop will be the
| difference between you recovering your property and you being
| severely beaten when you show up in a rough neighborhood
| trying to get your bike back.
| jcims wrote:
| What if someone else is tracking your bike? Or backpack, or
| car, etc? GPS trackers exist so this doesn't eliminate that
| concern, but at least if someone tries tracking you with an
| AirTag you have an option to locate it.
| rubyist5eva wrote:
| Great, now instead of getting shot by a cop you'll get the
| crap kicked out of you instead.
| teakettle42 wrote:
| Is "cop shoots bike thief" something you actually think is
| common enough to note?
|
| This implies a concerning reality departure.
| midasuni wrote:
| Depends on the colour of the skin of the bike thief, but
| cop shoots innocent driver seems fairly common
| bogwog wrote:
| This is something Apple should be providing themselves (edit: for
| Android). They already have "Apple TV", "Apple Music", and a
| "Move to iOS" app. Is it really so much to ask for a stalking
| prevention app?
| hypothesis wrote:
| I can see those cheery iStalking ads already, telling you to
| get anti-stalking subscription.
|
| And, of course, for adventurous devs they're going to introduce
| a StalkingKit!
| judge2020 wrote:
| This already is the case. iOS alerts you of any airtag it
| detects for a long enough time.
| celsoazevedo wrote:
| Since this app is for Android and the Apple apps mentioned by
| the parent comment are for Android, I think he's saying Apple
| should be the ones providing their own AirTag app for
| Android, not university students.
___________________________________________________________________
(page generated 2021-09-18 23:00 UTC)