I’m usually not a fan of the argument “what’s in it for me” except, in this case, you know Amazon is benefiting a lot from this. So, why shouldn’t opt in have some sort of benefit as well.
A decent overview of AirTags for anyone not paying attention to them.
https://www.fastcompany.com/90628073/apple-airtag-privacy-security
Each AirTag is about the size of a coat button and is designed to let you track whatever item you’ve attached it to, all from the Find My app on the iPhone, iPad, Mac, or iCloud.com. You set up a new AirTag by pairing the diminutive gadget with your iPhone. During the pairing process, the AirTag is associated with your Apple ID, thus making it trackable inside the Find My app.
AirTags don’t rely on an internet connection of their own. Instead, they piggyback off of a network of almost a billion iOS devices and Macs already out in the world. Each AirTag sends out a unique encrypted Bluetooth identifier; other Apple devices can detect it and relay the location of the AirTag directly to an owner’s Apple ID account.
This entire process is end-to-end encrypted so that no one but the owner of the AirTag—not the owners of the crowdsourced devices picking up the AirTag’s location or even Apple itself—ever has access to the AirTag’s current or past location. And the Bluetooth identifiers that AirTags emit are not only randomized but “are rotated many times a day and never reused so that as you travel from place to place with the AirTag, you cannot be re-identified,” Huang says.
Drance and Huang are also keen to note that though almost a billion Apple devices act as a crowdsourced monitoring network that helps keep track of AirTags, the AirTag owner can never see which devices its AirTag’s location is pinging off of or who owns those devices.
AirTags also have a unique security feature called Pairing Lock, which protects against people who may find your lost item and snatch the AirTag from it to use as their own. Huang likens Pairing Lock to the iPhone’s Activation Lock. “It means that if you lose your AirTag, somebody can’t just pick up your AirTag, re-pair it with their phone, and continue using it,” he says. “This has been really impactful for the iPhone and we think it will be for AirTag as well.”
Not only can people who gain hold of an AirTag not use it for themselves, but they also can’t find out the identity of who owns it. Every AirTag has a unique serial number printed on it, but the identity of the owner cannot be derived from that number unless that owner activates the AirTag’s Lost Mode. That’s a toggle in the Find My app that marks your AirTag as lost. Once you’ve toggled that option on, someone who finds your lost AirTag can then scan it with any NFC-equipped device (such as an iPhone or Android phone) to display a web URL prompt on that device. Tapping on the prompt will take the finder of your AirTag to an Apple support page featuring the AirTag’s unique serial number and—if the AirTag owner so chooses—the phone number of the AirTag’s owner so the finder can call or text.
By the way, thank you @stusser for moving it. I figured a conversation here would be valuable to people that don’t check P & R (and considering how much trouble it can get me into, I understand that point of view).
There’s no way to access the airtag internals without cracking it open and soldering wires to the board. That’s a high bar, so even if Apple can’t block compromised airtags from its network they would be fairly difficult to hack yourself or expensive to purchase. Maybe worthwhile to spend a couple hundred bucks on a single tag if you’re a private investigator or a hardcore stalker or something, but not anything that will be common.
You can turn that “feature” off, you know.
Yes though I just have them set their unit to bridge mode since I have my own router and wifi.
For what it’s worth, I was resetting an old Echo Dot and the option to opt out of Sidewalk popped up during the setup process. Yes, it should be opt in, but at least it’s not hidden from new users.
Why does the thread title say Apple is creating a mesh wifi system when they are not doing that?
Because of AirTags, which is deeply integrated to Apple devices, so pretty much works the same way.
Or so I assumed when I started the thread.
But it’s not a WiFi network in Apple’s case. It’s a type of mesh network, we can just call it that.
Amazon and Apple are both getting into leveraging their installed base of devices as mesh networks, but in different ways (Amazon’s is WiFi) and for different reasons. That contrast is part of what makes this interesting.
Good Point. I’ll see about the name change to Creating a Mesh System.
But don’t the Amazon Devices use Bluetooth to create the mesh, just like Apple?
This thread reads like these systems are bad. I have never heard anyone complain about Apples system. Find My has been around for a decade, AirTags are just new. If your Bluetooth is always on, it’s always out there pinging anyway. You’ve always been able to sit in a public place and see other people’s phones using AirDrop. It’s pretty harmless.
Amazon’s is using people’s WiFi without asking. I thought that was the part we are mad about.
Amazon is designing a network to transmit general purpose data over your internet connection. Apple just listens for devices around it and passes some keys and location data back to the mothership if it finds it.
It would be very hard, if not impossible, to hack Apple’s solution based on how I understand it works. Maybe if the key it reads off a tag could cause a buffer overflow in Apple’s code? Since it’s all controlled by Apple it’s orders of magnitude easier to secure than something like what Amazon is attempting, which is two way traffic.
Another way to look at this is I I think I could personally audit Apple’s code for exploits and feel reasonably secure afterwards. Amazon’s however? No way would I feel comfortable trying to tackle that. It would be way too complex for me to rule as safe or not.
I like this thread. I understand more about Amazon’s Sidewalk than I would’ve otherwise. It sounds like it’s clarified how Apple’s “Find My” feature and AirTags work for people too.
I think there is a meaningful difference in how AirTags function than how Apple used Find My in the past, and it’s helpful to have a discussion about that. AirTags have no networking capability, only Bluetooth, so they’re relying on the devices of strangers in a way Apple’s other devices never had to in their tracking capabilities. The security concerns of that are valid, and I’m glad Apple seems to have thought through them well.
Amazon uses a 80 kbs to create a larger network through Bluetooth, so the whole “Uses Wifi” thing isn’t a big deal to me. And, you can turn it on or off. So, I’m not mad about it. I think it has some interesting possibilities, especially since it works with cool things like Tile.
On the other hand, Amazon isn’t really providing individuals with a lot of value. Sure, it helps other people, but who wants that?
By the way, doesn’t Apple still need to communicate with the outside world if it finds an Air Tag?
Sidewalk mesh would be more palatable to me if people who carried a disproportionate amount of traffic for others got compensated. E.g., if my neighbor has a camera that ends up on my network, I’m going to be sharing a lot more Internet than using it. Even Amazon credit would go a ways. This is all theoretical since I don’t own any Amazon hardware besides Eero and they don’t have this feature (yet, etc etc.)
I can completely understand this point of view and I hope Amazon considers something like this.
For now, I’ve got Sidewalk turned off, but I’m interested in learning more about it. It might become something really cool.
If you have a cap on your monthly bandwidth, it could actually hurt you. I recall Comcast’s initial implementation of bandwidth caps and their open wifi APs actually resulted in users getting penalized for traffic that came over their connection even when someone was connecting to the open Comcast AP (i.e. some other yahoos traffic would count against the subscriber’s cap). I think Comcast got that sorted out, but am not 100% sure.
Yes, at some point Apple is still piggybacking on someone else’s Internet connection, acting as a free rider on bandwidth that someone else is paying for. Or, to be less charitable, stealing bandwidth from another user. Fortunately, I can’t imagine the amount of bandwidth is very significant, but given the number of 1 GB cell phone plans out there (or prepaid plans where you pay through the nose once you go over your allotment), it could be a problem for at least a subset of users.
Very good points.
As I said, I current have it turned off, but if Amazon wants to bribe me to turn it on, I would be open to it.