Researchers Come Up With Better Idea To Prevent AirTag Stalking

An anonymous reader quotes a report from Ars Technica: Apple's AirTags are meant to help you effortlessly find your keys or track your luggage. But the same features that make them easy to deploy and inconspicuous in your daily life have also allowed them to be abused as a sinister tracking tool that domestic abusers and criminals can use to stalk their targets. Over the past year, Apple has taken protective steps to notify iPhone and Android users if an AirTag is in their vicinity for a significant amount of time without the presence of its owner's iPhone, which could indicate that an AirTag has been planted to secretly track their location. Apple hasn't said exactly how long this time interval is, but to create the much-needed alert system, Apple made some crucial changes to the location privacy design the company originally developed a few years ago for its "Find My" device tracking feature. Researchers from Johns Hopkins University and the University of California, San Diego, say, though, that they've developed (PDF) a cryptographic scheme to bridge the gap -- prioritizing detection of potentially malicious AirTags while also preserving maximum privacy for AirTag users. [...]

The solution [Johns Hopkins cryptographer Matt Green] and his fellow researchers came up with leans on two established areas of cryptography that the group worked to implement in a streamlined and efficient way so the system could reasonably run in the background on mobile devices without being disruptive. The first element is "secret sharing," which allows the creation of systems that can't reveal anything about a "secret" unless enough separate puzzle pieces present themselves and come together. Then, if the conditions are right, the system can reconstruct the secret. In the case of AirTags, the "secret" is the true, static identity of the device underlying the public identifier that is frequently changing for privacy purposes. Secret sharing was conceptually useful for the researchers to employ because they could develop a mechanism where a device like a smartphone would only be able to determine that it was being followed around by an AirTag with a constantly rotating public identifier if the system received enough of a certain type of ping over time. Then, suddenly, the suspicious AirTag's anonymity would fall away and the system would be able to determine that it had been in close proximity for a concerning amount of time.

Green notes, though, that a limitation of secret sharing algorithms is that they aren't very good at sorting and parsing inputs if they're being deluged by a lot of different puzzle pieces from all different puzzles -- the exact scenario that would occur in the real world where AirTags and Find My devices are constantly encountering each other. With this in mind, the researchers employed a second concept known as "error correction coding," which is specifically designed to sort signal from noise and preserve the durability of signals even if they acquire some errors or corruptions. "Secret sharing and error correction coding have a lot of overlap," Green says. "The trick was to find a way to implement it all that would be fast, and where a phone would be able to reassemble all the puzzle pieces when needed while all of this is running quietly in the background." The researchers published (PDF) their first paper in September and submitted it to Apple. More recently, they notified the industry consortium about the proposal.

A lot of effort to preserve an illusion of privacy

[HBI]

Back in the late 80s and early 90s, I used to work with my dad's company doing insurance investigations. We had _no issues_ locating people without Airtags or any other electronic doodads. Most people are remarkably easy to locate and use the same routes and go to the same places in the same vehicles every day. This would come up in worker's comp cases - someone is claiming disability and then they're hauling heavy stuff around on some side job or whatever. So you'd set up a minivan with tinted windows

Re:

[Baron_Yam]

As with GPS trackers before them, things like AirTags don't create the ability to stalk people, they merely lower the bar to entry. The easier it is to do, the more people with borderline ethics will do it.

That's not really the issue, though, because those borderline people who will stalk if it's convenient enough probably aren't in the 'dangerously obsessed' category.

But even the dangerously obsessed stalker probably has to go to work or shop or sleep from time to time. They're not working shifts with a

Re:

[burtosis]

Air tags don’t lower the bar of entry much at all. They need to piggy back off phones and the only benefit is they don’t need a monthly subscription because other people are paying that. For less money you can buy a device that’s not much larger that has its own cellular modem and GPS, then you just pay for the data and can track them far more effectively even where there aren’t other phones around as long as cellular service exists.

Re:

[HBI]

I had call to install a GPS tracker device once, and it is as you say. It was magnetized, attached to a car frame rail and was essentially undetectable short of putting the car on a lift and searching for it. Immensely accurate also with a roughly 60 day battery life. The vendor software kept logs of where the vehicle had been, gave you all kinds of geo information...it turns out they are used a lot for company vehicles and the like.

Re:

[Baron_Yam]

Right, but a GPS tracker still requires either that you periodically download your cached data or that you fork out for a mobile data connection.

Airtags are a LOT less expensive and a lot less work.

Also, a professional tracker installation will often involve tapping the car's power system and possibly even using the car's existing antenna(s)... though my understanding is that latter part involves a fair amount of skill to tune so it works without interfering with the existing systems and maybe having the ve

Re:

[HBI]

If I'm understanding the operation of the Airtag correctly, it relies on Apple devices being present within BT range to broadcast its signal. I can envision situations where this would not be true. My initial example of the JB Hunt unit (that was the company) being parked in some remote community in Sussex County, NJ. Even today, I wouldn't guarantee anyone within BT range of that truck would have an Apple device. Maybe. I can think of remoter places than that.

If we are talking pure urban, then sure, i

Re:

[Baron_Yam]

>If I'm understanding the operation of the Airtag correctly, it relies on Apple devices being present within BT range to broadcast its signal.

Yep. That's what makes it so inexpensive - you don't need a powerful signal and you don't need a (direct) mobile data connection.

And though this does leave gaps in coverage, I imagine for the price point it's a pretty attractive option.

Re:

[HBI]

I concede your points, I just think the feeling of being immune from being tracked is something people should shed. I know if someone wanted to follow me, it would be the simplest thing in the world. Sure, I could be evasive, but i'm in a hurry most of the time and that soaks up time.

Re: A lot of effort to preserve an illusion of pri

[firewrought]

I know your comment was tongue in cheek, but the system doesn't have the speed, resources, and discernment to handle the number of people who would, if technology enabled them, readily stalk their ex'es immediately after a breakup or during a divorce.

Re:

[larryjoe]

The belief that we are somehow hard to find is ...maybe a secret agent fantasy?

I can think of at several scenarios where a tagged item is hard to find: (1) Some people are trying to hide, such as a battered wife or someone being pursued by law enforcement. (2) Some items are not trying to hide but are not otherwise easy for the owner to track, like luggage on a flight or a Mark Rober glitter bomb. (3) A pet on the loose follows no travel pattern and can be difficult to find.

Re:

[TwistedGreen]

So what you're saying is, it's not paranoia if they're really after you.

Re:

[gweihir]

That is not the problem. Your approach still requires a modicum of skill and insight. The problem is that AirTags put tracking of people within reach of complete cretins that otherwise could not do it if their life depended on it.

Re:

[bickerdyke]

"skill" is somehow not the right word here.

It doesn't take much skill to order a GPS tracker from the next China-Shop on Amazon Marketplace. It requires knowledge of the availability of those tracking devices. And the old fashioned GPS trackers simply aren't in the news and commercials as much as the airtags.

Re:

[SecurityGuy]

The difference is that airtags or generically any tracker makes finding people/things essentially zero effort. If I stick an airtag in a little-used pocket of your laptop bag, I can know where you are (or where the bag is anyway, which may be good enough) for a couple months. I don't have to set up a minivan or follow anyone. Just use my phone.

Is it invisible or lying?

[awwshit]

HTTP 418

The anti-stalking features are incredibly annoying

[brunes69]

Travelling with an Airtag in your bag? Be prepared to have it randomly beep-bop-boop in the middle of the night when someone in a room adjacent to you decides to make it buzz, because their phone popped up that you were "stalking" them

Want to use an Airtag to track your bike or other possession? NOPE - thief is alerted of the AirTag almost immediately!

Meanwhile, anyone who actually wants to stalk someone can buy a *real* GPS tracker for $20 and not have to deal with any of this BS.

Re:

[Malays2b0wen]

The Airtags are marketed to the masses who want others to think and do stuff for them. This, of course leads to unintended consequences for the user such as an Airtag alerting the bike thief to it's presence because of the outcome of a boardroom meeting thousands of miles away.

Re:

[garote]

Any AirTag that is still audible is not adequately hidden/secured to the bike.
That thing should be an unrecognizable lump of dried epoxy, spray-painted black underneath a fender.

Re:

[burtosis]

Just pop it open and disable the speaker. Use a piece of cellophane tape to isolate the prongs from the PCB from the disc speaker imbedded in the plastic back. It takes about 30 seconds and is reversible.

Re:

[JoeDuncan]

Want to use an Airtag to track your bike or other possession? NOPE - thief is alerted of the AirTag almost immediately!

Right?

My first thought was: "isn't *secretly tracking something's location* THE ESSENTIAL air tag use case?"

Airlines would have a *fieldday* chucking all bags with known airtags into a faraday cage just so to cover up their own incompetence.

Re:

[cerberusss]

The attraction of the AirTags for this sort of thing is that it's got the brand on it. You say "buy a real GPS tracker" but which one? There's like a dozen weird brands, some have off-brand apps, some configure in clumsy ways via text messages, and I don't know which to pick because they all have fake reviews. I'm overdoing it here, but I don't think there's one brand you can trust.

Re: The anti-stalking features are incredibly anno

[brunes69]

Airtags aren't even real GPS trackers. Real GPS trackers have GPS chips in them and send you location using LTE or SMS. you cam buy them on Aliexpress for next to nothing

Re:

[AmiMoJo]

GPS trackers have fairly limited battery lives, because GPS and connecting to the cellular network consumes a lot of energy, compared with occasionally Bluetooth transmissions.

GPS trackers are larger too, so not so easy to conceal. Especially on a person, like in their bag or clothing.

Sorry if this makes AirTags less useful to you, but my safety comes first. Don't worry too much though. Thieves have been able to detect AirTags within minutes since they were launched, and have mostly not caught on.

Re:

[thegarbz]

Fun story I'm on holidays right now. The guy next to me on the plane on the way over showed that his luggage was not loaded on the plane. He stopped the stewardess in a panic and got fobbed off in the best possible way. "Sir we don't look over your shoulder when you do your job, trust us to do ours. Go talk to our desk if your bag isn't at your destination." and walked away and ignored him while he bitched and moaned while they got the plane ready for final take off.

Air tags get you no where. The airlines k

Re:

[Dixie_Flatline]

They're only useful after the fact when your bag is sitting in a room somewhere and the airline claims they don't know where it is. But I agree with the attendant for the beginning of the flight--the bag will probably get where it needs to be, regardless of the plane it's on. Their logistics aren't actually that bad in general. I've only had a bag delayed once in my life.

Re:

[garote]

Yeah, that guy's only problem was in his agitated attitude. I've already used airtags to HELP airline staff locate my own oversize luggage, one time after it got mislaid on the wrong side of the Atlantic, another time when it was sent to the wrong country, and yet another time when thee staff at one major terminal couldn't prove to the staff at the other major terminal that my item was still in their possession.

It's all about attitude. I'm polite, patient, and upbeat, but I'm dogged. When you're trying t

Re:

[garote]

The little sound played by the AirTag can be easily disabled, but in the case of tracking a bike, that's not even relevant, because if you've got more than a few brain cells applied to the problem, you've already purchased an item like the Pinhead airtag box to firmly secure the tag to the frame, or found some other way to attach the tag that muffles the song as a byproduct just because it's so over-done.

E.g. slathering black two-part epoxy all over the AirTag (who cares if this makes it single-use, this is