You can already purchase a huge range of items that do exactly what an airtag does. Everyone is already fair game for this type of stalking, it is silly to try and paint apple in a bad light here.
Tile uses everyone with the tile app installed. It's not the same by sheer numbers, but it's more than enough that if someone slips a tile tracker on you they will know where you're at. Or, if someone wants to spend a bit more money, not even much more, they can buy a full GPS tracker that doesn't need anything to report on it. Apple isn't coming out with some groundbreaking spy tech here, this is very routine stuff thats been in a small format forever. And guess what, none of the existing ones do anything to alert anyone of stalking, unlike Apple. I don't even like Apple but this is silly.
Tile uses everyone with the tile app installed.
It's not the same by sheer numbers
It's not Apple's "fault" they're more popular but the end result is that these AirTags are orders of magnitude more potentially dangerous thanks the fact that there are orders of magnitude more iDevice users than Tile app users.
Imagine I'm some kind of creep looking for victims in a club or whatever. I'm planning to accomplish this by dropping Tiles into their bags.
Statistically, how many Tiles would I need to buy and sneak onto persons in order to have a reasonable chance of snaring a victim who just happens to have the Tile app installed? 50? 100? 1000? Not impossible, but not particularly feasible.
How many AirTags would I need to sneak onto victims? Perhaps only one, if they happen to use their phone in public and I see it's from Apple -- that's something I can tell at a glance, unlike wondering if they have the Tile app installed.
The limitation of any tracker is battery lifetime. The AirTag circumvents this by only using low power transmission and the network of all iPhones and iPads in the world, which then relay via their own wifi/4G.
What is certain is that we'll see sophisticated modifications to AirTags that (1) disable the beep, (2) disable anti-stalking.
Theoretically remote attestation and self-disabling anti-tamper could be used, but the potential wins for bypassing the Apple protocol are enormous, the Holy Grail of surveillance espionage.
"Holy Grail of surveillance espionage"... maybe the holy grail alarmist statements.
Why are firmware modifications for this "certain" first off?
And what modifications allow this to work as designed without setting off anti-stalking? If you somehow change the ID it's reporting which afaik is a signed value anyways, how are you going to get access to it's location?
If you don't disable anti-stalking then this is no better than run of the mill GPS trackers which can already run for days to weeks
Nation state attacks are certain because of the massive payoff if they are successful. Were you asleep when the Snowdon NSA leaks happened? [1]
If you can change the ID you can cycle through a list of valid IDs. You can even use it for bit rate comms, ~16 bits an hour or something, which is enough to signal events like "number of iDevices in vicinity", or, if other hardware is used, step count/hour, which works even in GPS denied environments.
The beacon location reported by Find My is generated by the reporting phones' GPS/cellular/wifi location system.
Regular GPS trackers have no means to exfil their data. They don't work in GPS denied environments (poor inside buildings, underground, anywhere a $20 jammer is enabled). OCGs routinely use low power GPS jammers now. Using GPS or 3G requires much more energy, and 3G is easily detected by motivated groups.
So while it might not be great for stalking your partner/ex, it is very tempting for professionals.
"Were you asleep when the Edward Snowden leak happened"
... yeah I'm not going to play this game.
Nation states are certainly doing better than AirTags if that's what you're worried about Secret Agent.
Passive trackers will let you pinpoint someone indefinitely.
And someone motivated is going to catch your spurious 3G emissions but miss an AirTag literally designed to be noticable?
Puhlease. If a nation state is chasing you and this is what turns the tides I strongly suggest turning yourself into their embassy now, save yourself the trouble.
I personally don't think anyone is fair game for stalking and this device lowering the barrier to entry should be discussed, and discussing it shouldn't get the kneejerk reaction that they're being painted in a bad light. There are plenty of questions here like:
- How does the anti stalking alert in apartment buildings or people frequently in close proximity for long periods of time?
- Since they considered that this is a risk in the first place then are non Apple users are risk here too? Did they provide appropriate mitigations for them as well?
- What's the future for the Find My network? It would be interesting to standardize and allow for more interoperability in the Find My network.
How is this lowering the barrier? I bought a orbit for my keys that does exactly what this does, for cheaper, like 3 years ago. I would actually say nothing apple does about using this for stalking is useful in the least, because if someone wants to stalk you they can get one of a dozen devices, for cheaper, that would be better because they're not a obvious white and silver apple branded monogrammed thing. Noones at risk, because everyone already was, apple users included. As for the future of it, I think there's already a bike company building the find my system into their bikes, so probably anything high theft could make its way onto a network like this.
Orbit only works with bluetooth on your phone, not the entire Find My network. Additionally, I think it's a fallacy to say that it's fine for Apple to not consider the risks because some other products didn't consider the risks.
