snork.ca: Here's Tom with the weather... Light Snow, -7.6°C [W: -15°C] - Precip 0 hrs

AirTag And Tile Privacy Issues 2021-11-06


Recently, a dog-walking neighbour of mine was telling me about the AirTag she put on her dog's collar. The idea is that she can use her phone to track where her dog is. She even showed me what appeared to be realtime tracking on her phone as we walked along the path. I thought that the AirTag was pretty tiny and didn't know how it gets its location info back to the phone. Then, even more recently, a friend reminded me that she had an unused Tile device sitting on the shelf. So I had a look at it, but still didn't feel like I had a firm grasp of just what information gets transferred where. So I did a little homework.

tiledog Image stolen from the tile.com web site.

As near as I can tell, both AirTags and Tiles work the same way, and there are two parts to the setup. The first part is the tag itself which has a small battery and a unique ID number. It constantly blasts out its ID number over Bluetooth, that's it. The other part is the application you install on your phone. This software runs all the time in the background, even when you are not busy looking at it. The app is constantly searching for ANY tag (not just ones you own). Whenever it finds a tag, it sends your phone's current GPS coordinates to Apple or Tile along with the ID of the tag it sees. So when my dog-walking neighbour was showing me what appeared to be real-time tracking on her phone, it was actually her phone that was doing the tracking because her phone is the one with the GPS in it. At the same time, if there were other people nearby with AirTags, her phone was also silently sending information about those other tags to Apple. I wonder what other information it was sending to Apple.

There are two significant dislikes I have with this setup. One is that part of the cost of using a Tile or AirTag is the constant monitoring of your current GPS coordinates (along with the current time) and the constant uploading of information about all nearby tags to the true owner of the tags (Apple or Tile). This constant traffic will likely contribute to faster battery drain since the GPS and bluetooth are constantly being used and faster data plan drain since there is a constant trickle of data being sent to the tag manufacturers. The other significant dislike is that the data being sent is supposed to be about the tags, but is really about where your phone is. Where everyone's phone is. Even if you are foolish enough to believe that Apple and Tile are privacy advocates, the data could easily be stolen from them or gobbled up when either company is purchased by some third party you never thought would buy them.

As a side effect of this tracking design, I noticed something that seems to apply to a lot of things these days. It is only useful in cities. If the dog in the photo above is to be located, it must be within a couple hundred feet of someone running the application. That's right, if it runs to a mall or an apartment building it might be close enough to a Tile/AirTag phone to be found, but if it runs to the woods somewhere all the owner can find is where the signal was lost. If you wanted to track something in a rural location you're SOL. There's simply not going to be enough phones running the app to make tracking even remotely [pun intended] reasonable. You know, if there was an open source version of the application and if I could run my own server (or use someone else's custom server) I would consider these mildly useful. The problem would obviously be that my private server wouldn't be getting the crowdsourced data that these goofs are getting. With the obvious privacy nightmare these things are begging for, I wouldn't touch them with a ten foot dog leash.

Made with Notepad++ and FastStone, hosted on Devuan with nginx, without javascript, google bullshit, CDN crap, or cookies, and powered by NK shrooms.