I lost my phone like a dufus about a two weeks ago. Battery died and I had no idea where it was. When I pulled the my google location history, it was too coarse to tell me anything other than 'at your house'. However, I was able to pull the raw data from google and post process it by time stamp into a series of rasters that were fine enough for me to see that the phone was definitely in the bedroom/ bathroom area. After processing my data, finding my phone took all of a minute.
Sure. I pulled my data in the standard takeout.google.com/ process. The result is a json (? iirc). I parsed the json into x, y, and rasterized it using gdal.
Is that something Google's not doing with the data, but could? (E.g. they don't because their maps don't show most houses precisely enough or whatever, so it wouldn't be useful?)
Or is it relying on the fact that you are triangulating or similar from the known exact position of your WiFi routers or similar down to the inch, and Google doesn't have any way of knowing that?
Or they have decided that it's too creepy to use at all, so they don't use it for targeted advertising. Seriously, why does everyone assume that companies are evilly cackling in volcano lairs? They know that violating user trust is really expensive and a bad idea.
By the way, I'm pretty sure I've seen that Google's advertising targeting is only allowed to use "neighborhood level" location, which is designed to be coarse enough to not allow specifying individual people.
On the other hand, if the information is aggregated to a final answer, why is the data then kept? What if the _wrong people_ get ahold of the more sensitive information _because_ the data was kept beyond its useful life?
In their defense: it is perfectly fine with me to keep my location data, so I can download it later and do cool and/or useful things with it as long as
- it is opt in,
- it can be deleted by me
- is not given to anyone else
For all my trashing of Google lately (check my comment history) I actually expect and belive them to defend my raw data in a way that few others are able to. It all boils down to incentives:
- as long as they keep the data between them and me they can sell targeted ads again and again. If the data leaks then others can skip the middle man.
- as long as they keep their reputation as nice guys that is an immense advantage.
Now this might of course be changing, so everyone should consider if they personally trust this arrangement going for the future:
- it seems some part of the organization is tightening the screws around the Chrome team to squeeze out more revenue.
- of the data is available there is always the risk of attacks both cyber attacks as well as legal attacks.
Describing Google's data collection practices as "opt in" is a bit generous.
>In going through a set of privacy popups put out in May by Facebook, Google, and Microsoft, the researchers found that the first two especially feature “dark patterns, techniques and features of interface design mean to manipulate users…used to nudge users towards privacy intrusive options.”
Location history is one of the areas where Google has employed dark patterns.
For example:
>Ways that Google tricks users into sharing location
Android users are pushed through a variety of techniques:
Deceptive click-flow: The click-flow when setting up an Android device pushes users into enabling “Location History” without being aware of it.
Hidden default settings: When setting up a Google account, the Web & App activity settings are hidden behind extra clicks and enabled by default..
Misleading and unbalanced information: Users are not given sufficient information when presented with choices, and are misled about what data is collected and how it is used. Information about location data being used for advertising, for example, is hidden away behind extra clicks.
Repeated nudging: Users are repeatedly asked to turn on “Location History” when using different Google services even if they decided against this feature when setting up their phone.
Bundling of services and lack of granular choices: If the user wants features such as Google Assistant and photos sorted by location, Google turns on invasive location tracking.
More alarmingly, when users attempted to turn off location tracking:
>In a wonderfully clear example of “dark patterns” designed to mislead users and retain control over their data, Google continues tracking your location even when you turn off Location History and are told that “the places you go are no longer stored.” Google says it tells users, but its disclosure is the bare minimum and users are discouraged from further interference with data collection.
This is the main reason I trust Google with my data compared to other companies the data they have on me is their biggest competitive advantage no way they are selling it to anyone.
Genuinely curious, could you provide an example of Google "doing things they swore they never would" with consumer data? Because I know they do plenty of things with data that people think are creepy, but I don't recall ever seeing a story about them doing things they swore they wouldn't (besides the nebulous "don't be evil") or even lying about what they were actually doing with consumer data.
If it's happened time and time again, it should be easy to pull up a source, right?
>Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking
When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.”
Random example: when Chrome logged you in the browser without any warning, because you logged in to Gmail it also swiftly synced your local data (like browsing history) to your Google profile. That’s akin to stealing your data and I think at some point they must have promised not to do it...
>Google has been accused of breaking promises to patients, after the company announced it would be moving a healthcare-focused subsidiary, DeepMind Health, into the main arm of the organisation.
The restructure, critics argue, breaks a pledge DeepMind made when it started working with the NHS that “data will never be connected to Google accounts or services”.
They claimed multiple times publicly that they weren't scanning emails of students of schools that forced students to use Google email and Chromebooks, when in fact they were using them to build ad profiles.
"While the allegations by the plaintiffs are explosive, it’s the sworn declarations of Google representatives in response to their claims that have truly raised the eyebrows of observers and privacy experts. Contrary to the company’s earlier public statements, Google representatives acknowledged in a September motion to dismiss the plaintiffs’ request for class certification that the company’s consumer-privacy policy applies to Apps for Education users. Thus, Google argues, it has students’ (and other Apps for Education users’) consent to scan and process their emails."
"In November, Kyle C. Wong, a lawyer representing Google, also argued in a formal declaration submitted to the court in opposition to the plaintiffs’ motion for class certification that the company’s data-mining practices are widely known, and that the plaintiffs’ complaints that the scanning and processing of their emails was done secretly are thus invalid. Mr. Wong cited extensive media coverage about Google’s data mining of Gmail consumer users’
>Mr. Wong’s inclusion of the following reference to the disclosure provided to students at the University of Alaska particularly caught the attention of privacy advocates: The University of Alaska (“UA”) has a “Google Mail FAQs,” which asks, “I hear that Google reads my email. Is this true?” The answer states, “They do not ‘read’ your email per se. For use in targeted advertising on their other sites, if your email is not encrypted, software (not a person) does scan your email and compile keywords for advertising. For example, if the software looks at 100 emails and identifies the word ‘Doritos’ or ‘camping’ 50 times, they will use that data for advertising on their other sites.” “The fact that Google put this in their declaration means we take it as true,” said Ms. Barnes of the privacy watchdog group EPIC. Google’s sworn court statements reveal that the company has violated student trust by using students’ education records for profit.”
Their only goal is the make money - by definition. It is not that people assume that they are evil - just that they will follow on things that will earn them money.
My new startup uses SDKs embedded into popular apps that make ultrasonic clicks and use sonar-like reflections to estimate the length of toilet paper remaining on the roll (using AI, machine learning, and blockchain, obviously). /s
Perhaps this level of location resolution is not stable enough at Google scale to present it?
AKA: better to show reliable fuzzy information than unreliable precise information.
Considering that google has a history of cloaking information via the UI (see purchase history hidden if you have G Suite, but still fully accessible via takeout), and that Google offers advertisers the ability to see if you have visited a particular store even in an indoor mall, I am sure google knows your location more precise than it reports.
This is pretty cool, but I'm still confused on what data you used.
By my data, do you mean data from Google Android Device Configuration Service?
If you're logged into Chrome or GSuite tools from desktop locations, I just wonder how useful the data from those other products would be, if it even has location data.
I'm downloading my data archive to check it out...
Probably just looked at the last data point depending on the type of data was available. If its longitude / latitude values then its going to be pretty precise, although I would also like to know where to pull more granular data.
The GPS receiver isnt' sufficiently accurate for one point to be useful, but in aggregate, it was accurate 'enough'.
So although the numerical precision is pretty high, the actual accuracy is pretty low, I think I pulled all the points from 2am-6pm in the final time stamp to figure out where the phone was.
Well, I looked for a week-ish, and was fap-all out of ideas where it was. I was at the point where I was looking in ridiculous locations (freezer, garage, washing machine, garden, tool shed).
This took about 20 minutes to hack together, and I found the phone in 10 minutes of looking in the 'right' spot. My phone had fallen behind the bedside stand and found a way to balance itself between the bed and the baseboards. The bed post is ~phone width, so even looking, you just couldnt see it.
That being said, I work in the geospatial sciences doing geospatial data processing, so 20 minutes for me may not be 20 minutes for some one else.
My car got broken into and my iPad nicked. I was able to locate that, however, the cops here in NZ were really unhelpful.
They said the GPS location wouldn't be sufficient for a search warrant as they have had many cases of false positives.
I said I would give the ssid and ip address of their wifi network, even then they wouldn't agree for a raid.
It was only when the thief (who was a minor) took the pic of his family member, which I then furnished to the police (via iCloud), they could do something.
Wondering what good is technology, if the law takes a while to catchup, well at least here in NZ.
It's not just NZ. Police in the US are no better. In the Dallas PD, the detective assigned to the case when our house was burgled would not respond to emails sent to him providing evidence. After reaching out through other avenues to reach the detective, he flat out responded with being too busy to read emails. The case went uncleared. However, a few weeks later, there was a random call saying they found an iPad reported as lost/stolen and would be willing to return it for a small finder's fee. Again, the police refused to assist during the meet up.
I've noticed in my lifetime that a number of crimes have become ad-hoc decriminalized.
Smaller crimes like bicycle theft or small electronics are basically "who cares" to the police. Many police departments don't even do bicycle registrations anymore.
Even car theft has sort of fallen to insurance companies to take care of. A lot of people just want a police report to turn in to insurance so they can get a new car.
I don't know about serious crimes. Are people more often caught with lots of data and the erosion of privacy?
I'm sure they prefer to focus on bigger cases - why go with a single bike theft if they can investigate an organized bike theft and laundering organization? Why bother with a single phone theft if they find a warehouse full of stolen merchandise?
But yeah, that does mean a lot of petty crime goes unpunished. Stealing a bike here has become normalized - as in, "my bike got stolen, I need to get home so I'll just steal another". Mind you that's only possible with shoddy locks.
> Why bother with a single phone theft if they find a warehouse full of stolen merchandise?
Because many more people are affected by minor crime than major crime. In the UK, where the police's funding has been reduced significantly, it's next to impossible to get them to do anything for burglary and minor thefts (although they're quite reactive if you say something impolitic on Twitter).
All your options assume a perfectly rational world. The world we have now is not one of those 3 options, but it exists. Things are often internally contradictory.
On Rentals I would disagree. Most rentals today depend on 3: to reclaim the money from the original purchase they force every user to pay, using police and court system as the means to enforce that payment and to prevent theft. Maybe in an anarchy rentals would also be quite successful by centralizing the problem of keeping property safe.
Services like Uber are interesting because they essentially strive to eleminate ownership by eleminating the thing to be owned.
When I get frustrated with the police, it helps to remember that they make like $25/hr or less. In a wealthy suburb I just moved into a few months ago, I learned that a majority of the children of the police are growing up below the poverty line.
The local politicians are apparently very liberal about their views on police (do not support), so they keep the pay as low as possible. All the police have to live outside the community and commute to work the area since it is unaffordable for them to live here.
I’m actually surprised they serve as well as they do under the circumstances.
Funnily in the UK I got Oxford police to enter a house based on GPS and ssid and me remotely setting a loud alert on the phone. The robber sadly smashed it though while being apprehended.
I can definitely see the point regarding GPS location, I remember an article about people living at some default coordinates suffering from something like daily or weekly police raids.
This reminds me of a (probably apocryphal) story a South African friend of mine told me once about the state of policing down there in the late nineties / early noughties.
The story goes that a man wakes up in the middle of the night to the sound of burglars looting his garage. Given the occurences of aggravated robberies in SA at the time, often involving guns, he didn't want to confront the miscreants himself, and so called his local police department.
Apparently since no actual violence had been done at this point, the police-person to whom he was speaking claimed that they had no free units to come and attend, and that they'd send a car round in the morning to collect evidence. At this point the call ended.
The man who was being burgled was understandably unimpressed with this, thought about what he could do, and then rang the police back.
"Don't worry about the burglars here. I shot them." he says.
Within minutes his house is surrounded by police cars, and the burglars are under arrest.
The commander of the responding officers says to the man "I thought you said you shot them?"
The man replies "I thought you said you had no units free?"
Can this be used as essentially 100% effective anti-theft?
If an Apple device is constantly emitting a BLE beacon code that can't effectively be changed in any way by a thief...
...then unless a thief keeps the device in their basement and never has anybody visit, your stolen device will almost certainly be detected sooner or later, and then you just call the police?
Even if the thief has sold it by that point and disappeared, if local law means the stolen good reverts to you, then people would quickly learn never to purchase any phone there's even a chance of having been suspiciously acquired.
Thieves already know that stolen iPhones are usually not operable. Even with the old Find My iPhone, even after the device has been wiped, only the original owner can activate it again. So these stolen phones are usually broken down, with parts sold separately.
They are getting smarter. A family member had their phone stolen and Find My iPhone reported that the phone was off for months and so she gave up searching. One day, she got a text on her new phone saying "Find my iPhone has found your phone, click here to login to Find my iPhone". It turned out to be a phishing page for her AppleID credentials. She fell for it and I'm assuming the thieves were able to finally get into her phone. To this day I have no idea how they were able to get her phone number. From the SIM maybe?
Similar story here, but instead of a phishing email it was a legit Find My iPhone email six months later saying her phone pinged from Morocco.
So yup, sounds like they’ve either resorted to stripping them for parts or selling them whole (and still firmware-locked) to innocent buyers in places where you’d have practically no legal recourse — who then become victims to the theft as well, ironically. And by then, of course, you’ve likely had a new phone for long enough to not lose much sleep over it.
Brian Krebbs covered phishing of users who lost their iPhones, although he doesn't talk about how the "thief" managed to retrieve phone number from the the stolen phone.
Whilst I was in China two years ago, someone mentioned that you can swap out the memory of an iPhone with one from another iPhone (e.g. water damaged) to get around an iCloud lock. So although it's quite sophisticated as a method, it's definitely doable.
You have to do a full iCloud logout which involves your iCloud password in order to disassociate a device from your Find My Phone. It's actually quite involved.
The problem I see with this is that your phone always has to be broadcasting the BLE beacon, regardless of if it is lost or not. Otherwise it could randomly end up lost in a place with poor/no service... and would never be found
For phones, how often is this really an issue? Sure, this is useful for the Tile type "dumb" devices... but if my phone has no cell or data service... it's probably because the battery is dead.
Some people have hypothesized that this isn't necessarily for finding phones. This might be about using phones (and iPads, Apple Watches, MacBooks, etc.) to create a network like the one used by the Tile product for finding wallets, keys, etc. This could be a product Apple unveils in September.
This is for tracking lost MacBooks. Apple said this at the keynote. They may expand it beyond laptops, but that's the initial scenario. (It's a great one.)
Complete speculation here, but I wouldn't be surprised if devices could keep broadcasting the ping after they're "dead". Tiles last for years without charging, so I bet if Apple can leave on only the bluetooth beacon after the battery drains past where it can power the rest of the phone then this would be doable.
Again complete speculation, I have zero clue if the current hardware is even capable of doing this.
The current hardware might not be, but you could run this on a secondary chip similar in specs to the T2 or Secure Enclave. You could theoretically even have a second battery specifically for this purpose, but that would likely be cost-prohibitive.
The T2 chip is a derivative of the A10. It has similar power requirements to the SOC in modern iPhones.
They could probably use a cut down derivative of the W2 chip used in AirPods with the audio codec etc. removed. I’m guessing phone batteries reach a point where they’re still storing energy but can’t provide enough current to safely boot the whole phone. The BLE chip could sip on the remainder of the battery for a long time.
This would be excellent. I'm hesitant about the prospect of an ARM based macbook, but having both seems mighty compelling. As a lower power application CPU for light usage, or a full x86 with accelerators / co-processors when needed.
Not at the moment, but one element suggesting it will be in iOS 13 is that the UK Home Office announced their app for validating European passports (which uses NFC but only on Android at the moment) will be able to work on Apple devices at the end of this year - basically when iOS 13 will be released.
Yes, and this is already happening due to the feature that Macbooks have to connect to eg. BL keyboards and mouses. Perhaps also the "Smart Sleep" function (not sure what it's called exactly) that periodically connects to Wifi to fetch emails so they're there when you open your Mac again. This has happened to me and other folks here in NL, by the way.
Given how little power it takes to operate something like a Tile, maybe the beacon will continue operating for quite a while after the battery is too low to operate the whole phone.
Stolen while in airplane mode, and you're going to rely on BLE? A "good" thief would learn that he'd need to carry around a Faraday cage (read: some tinfoil) to block the signals. The only disadvantage is that the act of putting tinfoil around an iPhone then becomes suspicious.
Someone could wrap a phone in tinfoil pretty quickly or have one ready-made in the shape of a pouch. Or start carrying a special pouch that stops signals.[0]
Either way once you remove the phone from sight, the suspicion is probably over. The only next step is to kill the signal.
Seems undesirable if it doesn't automatically silence the phone by disabling incoming calls. If they still ring while in a sealed back, then I don't see the "artists" they're marketing yondor to, being very happy.
If I'm someone who works in actual life and death related matters and on a regular on-call schedule, I need to be able to
1) Still continue to have a life
2) Not have my phone completely disabled just because I went to see a comedy gig.
Having to leave the comedy gig when my phone starts vibrating in the bag is a good compromise, as is wearing a smart watch that can notify me exactly what the call or message is about before I do.
The selling point is to reduce visual / audible recordings of the performance, allowing artists to say or do things that may be problematic when taken out of context.
Apple is highly averse to having your phone send out any BLE beacon all the time. Likely what they will do is the following:
1) The iPhone will be considered the "master" (aka BLE Central device)
2) All of your devices that you enroll in your "find my" service will be required to sending out a periodic BLE beacon or a similar bluetooth packet (BLE peripheral device)
3) The iPhone will periodically listen for BLE beacons and upon receiving that beacon it has 3 options:
->option 1, save the time/location when it saw that beacon
->option 2, scan the device with a BLE "scan request" operation which asks the device to provide more information -- it provides the "scan response" packet which can and often is different from the main advertisement packet
->option 3, connect to the device and query further information like your macbook battery level and maybe other info
For option 1, the iPhone never needs to send a packet ever and will simply have its BLE RX radio stage on listening for advertisement packets -- which are sent in clear text for anybody to listen to. The RX stage is listening periodically and works on a statistical basis where if the beacon side is transmitting very rarely then you can easily miss the beacon.
So.. what you should take away from this is that highly likely Apple will only allow the iPhone to be the master and all of your other devices will be periodically sending out beacons. So if you have this enabled and you walk around with your iPad Pro and your iPhone together and people sniff bluetooth packets, they can track when you walk down the sidewalk past you every day. For example if you live near a busy street in New York or something, start sniffing for bluetooth packets and you'll find tons of stuff. Tons.. most of it is random bluetooth headphones, but pretty soon it will be iPad Pro's.
Don’t think phone. In the keynote I think they showed it with a Mac, which isn’t available with cell service. Or as someone else mentioned maybe you have an iPad without cellular.
Basically anyone who runs the Milwaukee One Key app will watch for signals from tools and other devices with the One Key transmitter and upload the location. So if your tool is stolen and comes within range of someone running the One Key app the location should get uploaded.
> generate the list of pseudonyms from a single short “seed” that both Timmy and Ruth will keep a copy of. This is nice because the data stored by each party will be very small. However, to find Timmy, Ruth must still send all of the pseudonyms — or her “seed” — up to Apple, who will have to search its database for each one.
I would imagine something along the lines of TOTP would provide a better mechanism here. There would be no need to scan a whole list of pseudonyms, and the BLE would rotate the identifier it transmits frequently. The lassie device can include GPS timestamps when it reports the device to apple.
>can use a single [private] key regardless of which randomized version of her public key was used to encrypt.
I have not seen this before. Trying to wrap my brain around how this works. In terms of ECC I thought public and private were a single pair. Can anyone explain what is going on with public key randomization?
You can derive a new public key from someone's ECC public key, and they can derive the corresponding private key by applying the same transformation. It's somewhat magical! I wouldn't be surprised if Apple is using a scheme based on this instead of ElGamal, they already use ECC extensively.
Interesting, I hadn't thought of using the techniques of deterministic cryptocurrency wallets to solve this problem. I need to read more about exactly how they work.
It is also easy to solve this simply using ECC and ECDH. I just wrote a scheme on the board in the office. It might have slightly larger data payload than the deterministic wallets approach.
Warning: this is baseless speculation from someone with only a semester of cryptography experience.
If you asked me to implement "randomized public keys" I would generate a master key pair (MPUB and MPRIV). Then, I would combine MPRIV and a random value N in a one-way function to make a new key K. I would use K as effectively a "random public key" and use it as if it was MPUB (the one-way function would have to output a K that is in the same format / usable like MPUB). I would distribute N along with K, as N is useless without MPRIV.
I have no idea if that is how they did it but that's what comes to mind.
Just speculating but would something like random_key=hash(static_key + datetime) work? static_key is pre-shared between cloud and device and datetime is also known by both device and cloud if rounded down to some accuracy.
The article gives the example of El Gamal encryption [1]. Looking at the key generation section, it seems like you could keep a single (q, x) pair and create a new (G, g, h) for the same x.
I designed a similar system a few years back to provide proof-of-presence. Imagine a block chain of devices at locations (an alibi lets say). All devices are miners and only devices in your vicinity (think BLE) can "confirm" "transactions" (your presence) on the chain.
As with anything public + blockchain it had all the Cryptoeconomics incentives problems you would expect and I never solved them.
Finding a lost device has much lower stakes than proving an alibi in court so I see how this model would work.
A potential concern - does this system implement forward secrecy? Is that even possible?
The threat I'm thinking of is some organisation that is able to crack the private key at some point in the future and therefore able to work out where you have been in the past.
Of course, the phone's location in the recent past is exactly what this system is designed to produce. Would it be possible to rekey the connection on a regular/opportunistic basis?
Can the signal be jammed? Or simply put the stolen device in a metal box.
As for the tracking: I really like the idea. However, in my country finding your device isn't the issue, it is getting it back that's the problem. Police won't go and enter the particular house were your device is.
Nice article, and also nice application of cryptography. I hope Google and Apple will both compete and challenge each others about inventive ways to defend people privacy, both at the hardware and software levels
How is that going to work? All communication that you initiate must be active. The only passive option would be broadcasts like TV or radio stations, but that’s not particularly useful if you want to view a specific website.
Many people disable Wifi when they're not planning to be actively connected to a network. Even ignoring the privacy benefits, it can improve battery.
I'll add my voice that this is nice, and I appreciate Apple's approach and privacy improvements, but I'd kind of like to be able to turn Bluetooth on and off the same way I can with WiFi.
I want most connections on my phone (with a couple of small exceptions) to be user-initiated only.
> Many people disable Wifi when they're not planning to be actively connected to a network. Even ignoring the privacy benefits, it can improve battery.
In a recent iOS update, it turns on automatically again; you can only disable it "until tomorrow". Not sure if that's until midnight, until "morning", but it doesn't seem to be "for 24 hours".
- hidden ssid access point - your phone will broadcast unique data looking for it (initially the ap must listen and respond)
- regular named ssid access point - your phone can passively listen for the name and join if it is available. (initially the phone must listen and respond)
Could be more like a key RFID. Like, the system could have died, its antenna has been restructured to work like an RFID; so if there is a live device in the area, it can resonate and generate a slight signal.
NFC is passive until powered by an external signal. It's very short range, but it does not require internal power. There could be a longer range version at some point.
Yes, but an NFC tag cannot initiate a connection on its own volition. And that’s very much a feature I like in WiFi: I can actively start downloading something. A WiFi card that only responds to an external ping is useless.
I think what berbec is saying is maybe you can locate an NFC device that has a depleted battery.
That said, I don't know if apple NFC works that way. Apple can use NFC to read nearby NFC tags, and possibly become an NFC tag, but I don't know if it can respond in a static way without power.
BLE is insanely battery-efficient. And in most scenarios with a lost device, it's either stationary or will be stationary for a sufficient period of time to be discovered, so a ping only once every hour is probably more than enough to locate it. Or a ping with exponential backoff as battery depletes.
Sending the locations from these pings likewise also uses negligible battery, as Apple already coalesces timers and network traffic like push notifications.
I don't understand the mentality where people think Apple would have announced this without doing any testing on its battery life impact.
Yep. I have a BLE speed sensor on my bike which runs off a CR2032 coin cell. It's been two years of daily commuting and I've yet to change the battery.
"Apple's recommended setting of 100 ms advertising interval with a coin cell battery provides for 1–3 months of life, which increases to 2–3 years as advertising interval is increased to 900 ms."
iPhone's have about at 10X larger batter than that. So iPhones can do this for ~20-30 years if configured correctly.
It is not about BLE beacons. Right, they are energy efficient. But receiving party needs to listen constantly and proces these messages. With 1000 beacons around at 1s interval it means the intermediary node needs to send 1000 notifications per second to Apple. That can be buffered and optimized, but still it is some non-trivial number and possible bottleneck to be exploited.
TLDR; The idea of the new system is to turn Apple’s existing network of iPhones into a massive crowdsourced location tracking system. Every active iPhone will continuously monitor for BLE beacon messages that might be coming from a lost device. When it picks up one of these signals, the participating phone tags the data with its own current GPS location; then it sends the whole package up to Apple’s servers.
The title is a question. Which is why it ends with a questionmark. The article attempts to answer the question with theories. The article isn't written by Joe Random; it is written by Matthew Green who teaches cryptography at John Hopkins university.
Okay, so this would make it insanely easy to stalk any iPhone user.
1. Get BLE tracking tags, and register them with Find My.
2. Covertly attach the BLE tracking tags to things your target owns (backpacks, cars, bikes, etc).
3. You constantly get updates on your tags locations via their iPhone and other iOS devices near the BLE tag(s). This gives you their approximate location and movement history, facilitated primarily through their own iPhone and data plan.
The only "BLE tracking tags" reported to use Find My are Apple devices, and if you can attach an Apple device to something your target owns, there are many means you can use other than Find My to track them.
I mean, if you can accomplish step 2, you don't need Apple at all.
Yes, except you'd need to get your target to install the Tile app and use it frequently enough that it keeps background location privs.
If Apple does come out with a cheap Tile-type device with a then this could be a legit concern. If you hid one in a person's belongings then you'd get hits from their phone- and turning it off wouldn't work, because random passersby would report their location as well.
This could even be better (worse) than spy-gear standalone GPS trackers because the battery would last for a very long time.
One of the fundamental rules of security is that if your adversary has physical access, it's over. This sounds like that but with extra steps. If somebody has access to your equipment and am able to attach arbitrary items to your bag, then it could be any tracker (Tile, cheap GPS tracker, iPhone, etc.), then of course it's over from a security perspective.
I have no idea how the FindMy BLE system works, but i strongly suspect that the cheaperst compatible "tag" you will find will be an iPhone. Might get a tad expensive to do this...
Assuming the newest ipod touches will work with this, $200 is the cheapest you could do this with in terms of using an iOS device (not that i'm suggesting this is a great option. As pointed out by the other second-level comments, you could just use tile or a real gps tracker without needing iOS).
The potential of low cost tags is in the first paragraph, and an overview of how the system would work is in the second. My takeaway is that you will be able to use something far cheaper than an iPhone.
> The good news is that Apple claims that their system actually does provide strong privacy, and that it accomplishes this using clever cryptography.
But that does nothing to protect your privacy against Apple.
I already have to make sure that I disable WiFi and Bluetooth when I enter commercial establishments. Now I have to stop using Bluetooth whenever I leave my house?
Why do you do that? All Apple devices generate randomized MAC addresses for networks that they haven't connected to, so they shouldn't be able to track you. In addition, no other actors will be able to gain useful information from the bluetooth pings, they simply forward the encrypted data to Apple. All they can tell is that an Apple device exists nearby, but not who owns it or if they've seen the same device before.
If you're talking about apps on your phone tracking you by looking at nearby wifi networks, then Apple also fixes that in iOS 13.
...Unless you have a private wifi AP you connect to. Then your device is individually identifiable and trackable.
In addition, I believe apps that use ibeacon technology can respond to specific ibeacons. But I think your phone can become a beacon.
I suspect (but am not certain) that if your phone is running app XYZ it can talk to other phones running XYZ through the XYZ registered beacons (if location services are on for app XYZ).
Also, just for an interesting example of where some of this stuff can go... The target app will change the price of an item if it finds you are in a store (search "target app price switch").
Did not know this. I figured all those wifi connections I get near stoplights were slurping up mac addresses to track people. I wonder if it generates a mac address every single time or just upon first interaction with a wifi network it doesn't know about?
Apparently the initial implementation (iOS 8) randomized it every time the screen sleeps or wakes. I wasn't able to find any recent documentation detailing the current behavior - probably similar?
```
iOS uses a randomized Media Access Control (MAC) address when conducting
Wi-Fi scans while it isn’t associated with a Wi-Fi network. These scans could
be performed in order to find and connect a preferred Wi-Fi network or to
assist Location Services for apps that use geofences, such as location-based
reminders or fixing a location in Apple Maps. Note that Wi-Fi scans that happen
while trying to connect to a preferred Wi-Fi network aren’t randomized.
The short answer is because it makes me feel better.
The long answer is that it prevents tracking my movements within a store. Stores appear to be increasingly installing and using such trackers, and I do not wish to be tracked.
Not being able to be identified personally, or to be identified as the same person who was there last week or that I also went into other stores isn't sufficient to me.
WiFi can be used to track most people's phones because they'll have personally identifiable networks they're set to auto-connect to. Randomizing the Mac address is not enough to prevent tracking in that scenario.
Unless Apple has some way to guard against this that I've never heard of? But I don't think they do.
JohnFen's root comment is totally wrong (Apple is encrypting your location so even they can't read it), but on the WiFi side of things this seems spot on to me. Turn your WiFi off when you leave your house.
As it says on the page, this is to make sure a bunch of things still work (eg. you wouldn't really thing you need to keep Bluetooth enabled to use the pencil). Maybe the toast text "disconnecting nearby Wi-Fi until tomorrow" could be a little clearer.
You can use shortcuts to disable and enable things.
I use one labled ‘Car’ that turns off wifi, enables cellular data and BLT for the stereo and terminates after it ensures my (non-DNS) VPN is on. The other, ‘Home’ turns off cellular data and BLT, wifi on and again ensures my VPN is still active.
Also if you’ve got anything newer than a iPhone 6, you can 3D touch the settings icon to a pop-up menu to Bluetooth, Wi-Fi, Cellular Data and the Battery sub-menus. From there it’s an extra tap or two to disable stuff completely.
Formatting is likely terrible, I mobile-phoned this in..
If this "no privacy from Apple" widget is using separate low power or parasitic power circuitry, it is entirely possible for it to be running and operational in a switched off phone with a battery on 0% charge.
I lost my phone like a dufus about a two weeks ago. Battery died and I had no idea where it was. When I pulled the my google location history, it was too coarse to tell me anything other than 'at your house'. However, I was able to pull the raw data from google and post process it by time stamp into a series of rasters that were fine enough for me to see that the phone was definitely in the bedroom/ bathroom area. After processing my data, finding my phone took all of a minute.