[HN Gopher] AirGuard: Protect yourself from being tracked by Air... ___________________________________________________________________ AirGuard: Protect yourself from being tracked by AirTags and Find My accessories Author : commoner Score : 132 points Date : 2021-09-18 17:48 UTC (5 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | azinman2 wrote: | > Our goal is to protect privacy and to find out how many people | are opposed to tracking. | | Asking how many ppl are opposed to tracking is a silly question | that won't get you anywhere -- it's answer in a vacuum doesn't | make sense as it needs to be contextualized. "Are you ok with | google seeing your IP so they can sell you ads to give you free | YouTube" is an example of context where people see trade offs. | Most people won't understand the full spectrum of what's going | on, and if it all in the end results in just ads, many are fine | with that as long as they're getting free stuff with it. | | The bigger questions on societal level trade offs shouldn't be | answered by lay people but rather regulation in the name of | public interest. | bogwog wrote: | Google doesn't just "see your IP" to sell you ads. They collect | a lot more information about you than that, so I don't know why | you consider your question to be more useful than the one you | quoted. | | Neither one provides enough information for the average person | to give an informed answer. They're both equally | biased/leading, but in opposite directions. | akomtu wrote: | Legislation is the proper protection here. | bloodyplonker22 wrote: | Government intervention is not the answer to everything. It is | slow and inefficient. | [deleted] | orangepanda wrote: | Kidnapping is already illegal. Curious, it still happens | akomtu wrote: | Name one company in the US that's built business around | kidnapping. | johnhenry wrote: | Right Direction (http://www.rdas.net/) | randyrand wrote: | I'd like protection against devices not made by US | companies too | hef19898 wrote: | Well, since Apple isn't owning its own phone production, | that would have interesting consequences, wouldn't it? | KingMachiavelli wrote: | The tracking using Airtags has very little to do with Apple or | any entity that could be controlled via legislation. Airtags | themselves don't allow a non-owner to access location data | anyway. | | The tracking via Airtags is just putting a device on someone's | person without their knowledge. That is already illegal but | unless you know a crime has been committed you are SOL. | katbyte wrote: | Not to mention you can detect an airtag, cellular devices | your out of luck | hughes wrote: | Is there a specific policy you think should be legislated that | would prevent unwanted tracking? | akomtu wrote: | A blanket ban on hoarding, storing and selling personal data | for any purposes other than natsec. Basically, treat personal | data like nuclear materials in the laws. | smoldesu wrote: | I wasn't onboard at first, but I actually think that's a | pretty reasonable take to have on it. Apple _should_ be | allowed to implement Find My, but only as an open standard | that other manufacturers can implement so they can also | have safety features. Simply notifying every iPhone isn 't | going to stop someone from putting it in a kid's backpack, | tracking your vehicle, or any other obvious edge case. | There are lots of solutions here, but all of them involve | Apple tipping their hand: something they've vehemently | opposed in the past. | aeontech wrote: | As of spring 2021 they actually opened up the Find My | spec for third party manufacturers [1] - that's how those | electronic bikes and headphones can have built-in Find My | tracking now. | | [1]: https://developer.apple.com/find-my/ | crooked-v wrote: | How does that relate to AirTags (or similar devices, like | Tile)? The companies that make these trackers aren't | selling the data to anyone external, only displaying it to | the person who bought the device. | akomtu wrote: | Tracking someone like that would be a felony, ideally, | with an order to stop operations for the company who's | facilitating it. Using my analogy above, that's like | dropping a bag with nuclear waste into someone's pocket. | dylan604 wrote: | Couldn't this fall under stalking legislation? | crooked-v wrote: | > with an order to stop operations for the company who's | facilitating it | | So, you want to shut down all manufacturers of phones, | GPS devices, and Bluetooth devices? Because that's what | you're asking for here. | psychometry wrote: | That should be a clear indication your analogy is | garbage... | jounker wrote: | Great. So you just made an app that helps bike thieves find the | airtag hidden in my bicycle. | bogwog wrote: | Why would you assume the bike thief doesn't have an iPhone? | justblender wrote: | >If a devices follows you, you will get a notification in less | than an hour! | | Not sure if this is right for me, my wife could cheat on me | faster. | KingMachiavelli wrote: | Pretty cool but why does it have to be limited to AirTag or any | specific devices? It would be easy to expand it to keep track of | any nearby Bluetooth device and a corresponding whitelist. (Or do | AirTag devices rotate Bluetooth MACs?) | | Airtags are just one implementation of a Bluetooth transmitter | and a long life battery but anyone could probably build a similar | device dedicated to tracking with off the shelf parts. | tinus_hn wrote: | AirTags, like all Apple devices, use randomized Bluetooth | addresses, otherwise they allow scanners to follow their users | location over time. | ollien wrote: | I don't think that's an Apple thing, but rather a BLE thing, | isn't it (though technically opt-in)? | | https://www.bluetooth.com/blog/bluetooth-technology- | protecti... | jeroenhd wrote: | Airtags are the only devices (that I know of) that can leverage | a worldwide network of iPhones to transmit their location | rather than a power intensive LTE or GSM link. They also don't | require any external antennae for location determination like | those GPS trackers stalkers use. | | Those features make make AirTags more practical for any use, | good or bad. They do rotate Bluetooth MAC addresses so only you | and Apple can follow where the tag has been, supposedly. | | Furthermore, if your target has an iPhone, you can partially | leverage their phone against them. Of course Apple saw this | coming and added a warning. If you're on Android you'll have to | rely on apps like these (or the theoretical app Apple promised | at some point) to prevent AirStalking | | Tile has offered a similar mechanism for years but the lack of | a worldwide network of automatic data collection points makes | their network a lot less useful for good or bad people. | btown wrote: | A prominent group of Virtual YouTubers (whose talents use | avatars and keep their real identities anonymous) recently | needed to stop allowing fans to send gifts to talents, | despite them always having been screened, because the gifts | might contain AirTags that could ping the sender when they | arrive ina talent's home. It's not that this wasn't possible | before, but it suddenly became _easy_ for a would-be stalker | to execute the attack. | | A tool like this that _reliably_ detects AirTags rather than | relying on whatever heuristics Apple uses to say "an AirTag | is following you" would be invaluable for people's opsec, be | they performers or journalists or anyone else desiring | anonymity. | katbyte wrote: | Tile will now leverage Amazon sidewalk to have a similar | affect - which is all alexa and ring doorbells I think? | wasmitnetzen wrote: | Amazon Sidewalk isn't really a worldwide thing. Amazon has | a localized website in only 20 countries, my guess is that | in most other countries there aren't many Alexa and Ring | devices. | judge2020 wrote: | Same difference. The majority of people reading this are | regularly within a half mile of a Sidewalk device (well, | the ones that work on 900MHz) and might be wary of a Tile | being used to track them as well. | politelemon wrote: | It irks me that the onus of not being tracked is on the | "target" themselves. | | Further, there's no protection if you have no smartphone but | are in a dense population area surrounded by devices that are | part of this surveillance network. | | There is no aspect of this that is privacy friendly except | for the hand waving. | mikestew wrote: | There's protection even if you're standing there naked | (except for the AirTag, of course, that has been secretly | duct-taped to your buttocks): if the paired phone isn't | around, the AirTag makes noise. I can confirm this because | my spouse is currently out of town, and I've grabbed her RV | keys a couple of times to put stuff in the RV. And every | time I pick the keys up, the AirTag goes off. It eventually | shuts up _just_ shy of my threshold of looking for a way to | turn it off. (Or I could just make sure to grab my keys | instead of hers. -\\_(tsu)_ /- ) | cianmm wrote: | You can remove the battery pretty easily thankfully, if | it's annoying you. | https://found.apple.com/airtag/disable# | UncleEntity wrote: | > There's protection even if you're standing there naked | ... if the paired phone isn't around, the AirTag makes | noise. | | Unless someone piggybacks on Apple's find my network | using their own hardware. | | I read the specification and turned my laptop into an | airtag clone one day I was particularly bored, really | isn't complicated. | Andrew_nenakhov wrote: | It is trivial to damage airtag to disable the dynamic. So | a committed stalker will do it without difficulty. | mwint wrote: | At some point, a committed stalker has access to lots of | other options for stalking that are easier than the | AirTag game. | dragonwriter wrote: | > Airtags are the only devices (that I know of) that can | leverage a worldwide network of iPhones to transmit their | location rather than a power intensive LTE or GSM link | | Sure, but "of iPhones" is doing a lot of work in that | sentence. Worldwide network of <users of some common hardware | or software> generally isn't as uncommon. | spookthesunset wrote: | > Airtags are just one implementation of a Bluetooth | transmitter and a long life battery but anyone could probably | build a similar device dedicated to tracking with off the shelf | parts. | | There is nothing Dropbox does that can't be done with rsync. | eatbitseveryday wrote: | This seems to notify you of nearby tags but does not disable them | in some way. | bloodyplonker22 wrote: | Think about what you just suggested. If I could arbitrarily | disable airtags around me, I could go around in public and | disable everyones' airtags. | daniel-thompson wrote: | How would an app on device A disable device B? | KingMachiavelli wrote: | Airtags do allow non-owner devices to disable some | functionality such as turning off the alarm. I doubt they let | you turn off the tracking since that would completely defeat | the anti-theft aspect of Airtags. | rootusrootus wrote: | > I doubt they let you turn off the tracking | | I'm not sure how they would even do that in the first | place, since the AirTag doesn't track anything. | KingMachiavelli wrote: | I meant it could let you turn the device 'off'? Sure the | AirTag isn't the device doing the tracking but if it | isn't broadcasting itself then other devices can track | it. | judge2020 wrote: | Although, if you find one, it's trivial to remove the | battery or smash it with a hammer. | herf wrote: | Constant buzzing would presumably make the batteries run out. | smoldesu wrote: | You need a separate app for that, I think I've heard it called | "Ball-peen Hammer" | paxys wrote: | I understand using it for keys and stuff, but attaching airtags | to valuables and carrying them out in public has to be the | stupidest idea ever. Apps like these are soon going to turn them | into "steal me!" beacons. | psychometry wrote: | Please explain to me how a thief is going to use the existence | of this tech to enable theft. | schrodinger wrote: | I think their point is that knowing there's an air tag on | something nearby indicates it's probably something of value | worth stealing. | acdha wrote: | How often is that something otherwise invisible, however? | Like if I put one on my bike are there really many thieves | who would otherwise not have considered it? I'm sure there | are some small things which are relatively covert but it | seems like a relatively uncommon situation. | jedberg wrote: | Feel free to steal my daughter's water bottle. I don't | track it because it's valuable, I track it because she's | irresponsible. | Jcowell wrote: | I'm confused about the difference between keys and valuables | (as if keys aren't valuables). Both suck to misplace and it's | helpful being able to find their pinpoint location or event of | separation. | TeMPOraL wrote: | > _With the app you can play a sound on AirTags and find it | easily._ | | I wonder how it does that. Unauthenticated BLE characteristic? | This would imply anyone could force an arbitrary AirTag to make a | sound. Obvious application: force _all_ AirTags nearby to keep | making sounds. | shreddit wrote: | Seems so, there's a constant named AIR_TAG_SOUND_CHARACTERISTIC | with this value: 7DFC9001-7D1C-4951-86AA-8D9728F8D66C | ollien wrote: | The small evil part of me wants to extract this part of the | source and just bring my phone onto public transit for a | while to see what happens. | Aulig wrote: | Now I'm curious too - if you decide to do it, let me know | :D | Scoundreller wrote: | You don't AirDrop cat photos to people at mass gatherings? | jdavis703 wrote: | Why annoy people like this? My e-bike has Find My tracking | built in to the firmware. As long as you don't steal my bike | you have no privacy concerns from me securing my bike. Even | better I can track my bike down without involving the police, | so the potential thief doesn't even have to worry about being | shot by some trigger happy cop. | tdfx wrote: | In many areas of the US, that trigger happy cop will be the | difference between you recovering your property and you being | severely beaten when you show up in a rough neighborhood | trying to get your bike back. | jcims wrote: | What if someone else is tracking your bike? Or backpack, or | car, etc? GPS trackers exist so this doesn't eliminate that | concern, but at least if someone tries tracking you with an | AirTag you have an option to locate it. | rubyist5eva wrote: | Great, now instead of getting shot by a cop you'll get the | crap kicked out of you instead. | teakettle42 wrote: | Is "cop shoots bike thief" something you actually think is | common enough to note? | | This implies a concerning reality departure. | midasuni wrote: | Depends on the colour of the skin of the bike thief, but | cop shoots innocent driver seems fairly common | bogwog wrote: | This is something Apple should be providing themselves (edit: for | Android). They already have "Apple TV", "Apple Music", and a | "Move to iOS" app. Is it really so much to ask for a stalking | prevention app? | hypothesis wrote: | I can see those cheery iStalking ads already, telling you to | get anti-stalking subscription. | | And, of course, for adventurous devs they're going to introduce | a StalkingKit! | judge2020 wrote: | This already is the case. iOS alerts you of any airtag it | detects for a long enough time. | celsoazevedo wrote: | Since this app is for Android and the Apple apps mentioned by | the parent comment are for Android, I think he's saying Apple | should be the ones providing their own AirTag app for | Android, not university students. ___________________________________________________________________ (page generated 2021-09-18 23:00 UTC)