I wish there was a good option for non Apple users. From what I've heard Google made their version pretty bad, as expected. They rate limit how often you can search for your own tags, they won't show the location until a tag has been seen by multiple phones, there's poor coverage. One test I saw showed that Samsung's network was better, which makes no sense since Samsung phones should be a subset of all Android phones in Google's network, but that's Google products for you. Sounds good in theory but poorly executed, even years after Apple showed how to do it.
It's actually hilarious that whoever was in charge of Google's finder network decided to cripple the product's one and only function by prioritizing privacy.
In this tradeoff, Google gained a handful of articles mentioning the "innovative" privacy improvements (before the writers had a chance to test how terribly the network actually performs). For that, they sacrificed the chance to compete with Apple in this category, which outside of device revenue also weakens Android/Pixel ecosystem and market share. You really can't make up this level of incompetence.
> It's actually hilarious that whoever was in charge of Google's finder network decided to cripple the product's one and only function by prioritizing privacy.
That sounds like that "whoever" was the corporate legal team. Every time I tracked down these kind of idiocities in large corpos, it's usually legal or security team that overrode common sense and sabotaged their own product.
> It's actually hilarious that whoever was in charge of Google's finder network decided to cripple the product's one and only function by prioritizing privacy.
That is a hilariously apt and depressing point. Wow.
Google's interest in user privacy extends as far as keeping competitors or customers of google from getting data about an Android user other than through Google.
Well sure, you could accuse Apple and Huawei of the exact same thing and still be right. Hardware OEMs are extremely desperate to force their customers through first-party services to extend the value of their sale. News at 11.
Because America lacks any form of conscious consumer protection, this is apparently fine to our regulators. Our market is entirely comfortable with OEMs fighting over who gets the right to exploit a customer with their defacto monopoly.
It's hard to believe how Google could mess up their network so badly. Apple network shall be totally dwarfed.
As a nomad-traveler, the Apple network is not particularly relevant to me, I don't travel to the wealthiest cities with a lot of Apple phones, but to the "rest of the world" where Android market share is close to 90% dominance. But even there, it still seems that Apple is doing better than Google (...)
> From what I've heard Google made their version pretty bad
I have one on my keys. The one time I tried to use it, despite refreshing multiple times, it gave me a bubble with a quarter mile radius. It turned out to be in my bag right next to me.
It's not very useful for tracking your things though, which arguably is why you would use it. I wouldn't trust Google's network to find a stolen bike or lost luggage for instance, but air tags are used for that all the time[0]. Finding my lost keys at home is a perfectly valid use case for tags, but you don't need a network for that, just some Bluetooth and maybe UWB.
No, that's the whole point of the fiasco. That setting is not for the tracker but for the tracking devices. For Google Find My trackers to behave similarly to AirTags, every single android user would have to go to their Find My settings and explicitly change, how sensitive their phone is.
Looking through the code, it looks like this uses your personal Apple Mail entitlements to pull the locations that get collected by devices on the FindMy network:
Can someone point me to something I saw earlier? Apple alerts users to "tags that might be following you". Someone made an implementation that used a KDF to rotate the mac address or private key or something, but it was predictable in a way you could track each derivation of the of the mac/private key.
There is a really obnoxious petty theft problem where I live, and the time it takes to constantly get my windows fixed or forced entry crap removed is worth a significant amount of my personal time. I have zero desire to confront anyone, but I'd like to be able to create a track for a PI or Law enforcement some day.
You can buy GPS cellular trackers. Then just get a really cheap or even free IOT sim.
Alternatively you could probably just walk to your nearest drug addict hangout with case of bottled water and ask them to stop breaking into your stuff.
Can you though? Every time airtags come up here someone is like "you can get GPS trackers already! they're cheap!" but I actually looked and actual GPS trackers that don't require a subscription or have various other flaws seem to be very difficult to find.
If there's a GPS tracker that uses an eSIM and isn't sketchy af and has decent battery life and isn't £100 let me know! I would love that for my bikes.
Hm, AFAIK AirTags rotate their private key anyway, so I don't know if that will help your problem. Maybe they rotate it slowly, though, I'm not very familiar with the exact algorithm.
In my submissions you can find a link to an article I wrote about OpenHaystack and those alerts. TL;DR, I was never warned by iOS about an OpenHaystack based tracker that I stuck inside my car for a while. That was a couple of years ago though, so things may have changed.
I wish it had a way to integrate with the Find My app instead of having to go through their own (wonky) process to retrieve locations. The chinese clones can do it (even with their own branding), so it must be possible somehow.
I think that's the wall in Apple's walled garden here. From reading the official Apple spec. for partners a while back, as part of the pairing process, something is signed by the device with a cert/key that apple issued to that developer (after coming to an agreement i.e - $$) - and, crucially, is different from the keypair that the device will use to actually broadcast. This is then validated by apple and thus allowed to be added to that apple-id's account and hence on to the app.
The keys broadcasted by the devices themselves in 'lost' mode (i.e. not in 2 way contact with the owner's device) are arbitrary and completely opaque, Apple doesn't have any way of tying them to an ID or device or developer. This is how the proposed project here works - these keys will always find their way to the apple server.
It seems like the knockoff ones have just hijacked a legit key for the pairing process. This means if Apple desires and finds out the key, it can probably remove all devices from all accounts - although the devices themselves will keep on broadcasting and their locations could be accessed in the above janky way. I wonder too if the original key owner might get a large bill for per-device royalties if/when Apple searches it's DB for a count of 'devices-added-to-an-apple-id-signed-by-this-key'...
Apple officially supports third party trackers, who’s manufactures are issued, by apple as a part of their MFI programs, keys with which these third party devices must use to sign their pairing requests to the users apple account.
Perhaps these $5 devices do indeed include legitimate keys from apple to use from this, perhaps they have copied one from another device.
The Chinese clones use the Apple FindMy program, so they are official tags which can be displayed in the app. The OpenHaystack is a hack which uses different keys, and can't be shown on the app for cryptographic reasons
The clones are limited though, are they not? Like, they don't have the directional stuff and all that do they? I may be misremembering what I've read elsewhere.
You can buy third party "Find My" compatible tags for about $5 from Temu or Aliexpress. Although they're about the same size as regular Airtags, they're:
- easier to take apart (if you want discard the casing), and
- cheaper
I took one of the ones I have out of its casing to see what could be made thinner, and I found that most of the thickness was due to:
- The batter holder (CR2032)
- The speaker
- The button
The speaker and button could probably be dispensed with after initial setup. The battery holder could be removed, and the power supplied from the side instead of the top (if you want a thin card-like form factor).
I certainly can't claim to have ordered and received one, but there are absolutely $5 UWB devices for sale on AliExpress, and that's before any bulk discount.
If Apple sells them for $20 it's highly likely some random Chinese seller can make money at $5.
I'm looking for a source of like ~100 UWB-only ones aiming for about 2~3 weeks of battery runtime on a pack of 2~3 AA batteries. Mostly depends on what voltage end the chips handle better: 2V low end, or 4.5V high end.
The aim is to keep track of where shared equipment is during the logistics phases of 39c3.
And, also, using the quite possibly wall-wart-piwered base station network to provide what's essentially rather precise indoor-GPS to users with sufficiently open FiRa hardware.
Another thought: these $5 tags still seem as good or better than a DIY tag using the current version of OpenHaystack, right? Unless OpenHaystack supports UWB?
I wish me a budget 10000 mAh size "phone slab format/shape" power bank with like 18W output at 9~12V kind of "fast charge" style, and a built in Google air tag.
They already have a button and a battery and a case; only need to add the BLE and the Google-mandated buzzer.
I'd pay 5 bucks more than for the competition without the integrated tracker. That should easily cover the cost, right?
You can't win with people complaining on hacker news ;-) I was just thinking of the old days when iphones first came out and so many people added them to their signatures "sent from an iphone" or something.
Yup, there was a project recently that used the airtag network to transmit data from a hardware keylogger. The computer could be totally gapped and the data still gets home via the typist's iPhone.
I saw someone use this to track his mail state. They have a contact sensor inside their mailbox that rotates the broadcasted key based on the trigger count.
If the key changed, aka a new different device is visible, you know mail has been dropped in, very clever !
I wonder if the creator had neighbourhood style mailboxes down the road? If not this seems quite complicated solution for an object that is probably with range even BLE.
I tried building a mail sensor a couple of years ago where the mailbox was a fair distance from where I was living. I was not able to create a solution that didn't either have false positives or false negatives. For an outdoor object jostled by wind and rain it is harder than it seems.
I wish we had more / more easily accessible networks that let you do this.
Something that would let you send extremely tiny (<1kB) packets, using a wireless protocol that could be implemented extremely cheaply, piggybacking on the bandwidth of nearby internet-connected devices in a privacy-preserving way.
Amazon has a network like this called Sidewalk, using Alexa devices as gateways, but I don't think it's very open to third-party experimentation, and it's definitely not an interoperable standard on the gateway side.
This is a technically interesting project, but is there any situation at all where it's worth using? It seems like it just allows you to build airtag-like devices that sorta work on the Find-My network with some rough edges, but I can buy proper AirTag clones in various form factors for a couple bucks - far cheaper than I could ever make a custom bluetooth device using this project. Am I missing a use-case?
Okay yeah, that appears to be true. Looks like the broadcast part currently only runs on Linux (or microcontroller firmware), while the client only works on macOS, so you'd need to lose your Linux laptop and then find it with your Apple computer, but it does seem like that setup would work if you had it. Maybe it'll be ported to other OSs at some point, if that's even possible.
They've been perfect for me. I buy them on Temu for around $2.50 each and they work exactly like normal AirTags minus the ultra wideband precision finding. I pair and track them in the normal iOS FindMy app. Haven't been using them long enough to know how long the batteries last, but they advertise >1 year and they still all report pretty full batteries after a few months of usage, so I'm hopeful.
The credit card form factor ones for wallets are more expensive ($10) but can be wirelessly recharged on Qi chargers.
"Brand" is a somewhat nebulous concept for chinese knockoffs, but the particular ones I got are each branded as "RSH Smart Tag." Though I'm pretty sure all the different listings are the same device coming out of the same factory with different random brand names printed on them. I'd just compare all the ones that say they work with iOS Find My and have wireless recharging, then get the cheapest one, specific branding be damned.
Edit: I just checked, and actually only two of my cards (which came in a two-pack) are branded with RSH, and the other one has no branding on it at all. It's definitely an identical device though - the only difference is the lack of branding.
QQ: Why would one build your own? Is the cost of building one's own lower than just buying an Airtag off the shelf? I recently bought some for about $15. Would building my own be cheaper?
No, the BLE identities of these tags are currently practically indistinguishable from original tags, and could be made completely identical if necessary. In fact, changing the device's MAC address is part of the specification. What they could block, is the method used by these projects to fetch encrypted location reports. However, the original OpenHaystack project (this one) needs to run on macOS and lets the system handle account authentication, so it's unlikely to get blocked any time soon.
Yes, because they get a commission for every device registered on the network.
In the join process, there is a key that is shared only for developers who paid the fee - which is why it's not really trivial to create an AirTag clone without dumping the Apple AirTag flash
I wonder what’s the upper limit of transmissions a single device can upload to Apple servers? If the Apple device has no cell service or WiFi, how long will the history of that location ping reside on device?
Also, is there a DoS vector here?
- attacker manages to simulate 1M+ Bluetooth devices
- victim randomly passes by and it crashes their phone due to a massive number of devices in single location and constantly uploading to Apple servers
Yes. I did it with that too.
Basically all nrf51 / nrf52 are compatible with the protocol. In my case I've written the code in Rust - but it's pretty much the same thing as the example
Would there be a way for the bluetooth device to rotate its broadcast keys in a predictable way to avoid the iphone notification of "unknown airtag close by" messages? Seems like this could be exploited for surveillance.
Technically it would need to rotate every 15 minutes or so - the notification you're talking about happens when the device is in "lost mode" (away from its owner): in that case the key is rotate every 24 hours
I wish there was a good option for non Apple users. From what I've heard Google made their version pretty bad, as expected. They rate limit how often you can search for your own tags, they won't show the location until a tag has been seen by multiple phones, there's poor coverage. One test I saw showed that Samsung's network was better, which makes no sense since Samsung phones should be a subset of all Android phones in Google's network, but that's Google products for you. Sounds good in theory but poorly executed, even years after Apple showed how to do it.
https://security.googleblog.com/2024/04/find-my-device-netwo...
https://9to5google.com/2024/08/01/find-my-device-stress-test...
https://9to5google.com/2024/08/03/google-android-find-my-dev...
https://www.androidcentral.com/accessories/testing-new-googl...
It's actually hilarious that whoever was in charge of Google's finder network decided to cripple the product's one and only function by prioritizing privacy.
In this tradeoff, Google gained a handful of articles mentioning the "innovative" privacy improvements (before the writers had a chance to test how terribly the network actually performs). For that, they sacrificed the chance to compete with Apple in this category, which outside of device revenue also weakens Android/Pixel ecosystem and market share. You really can't make up this level of incompetence.
> It's actually hilarious that whoever was in charge of Google's finder network decided to cripple the product's one and only function by prioritizing privacy.
That sounds like that "whoever" was the corporate legal team. Every time I tracked down these kind of idiocities in large corpos, it's usually legal or security team that overrode common sense and sabotaged their own product.
> It's actually hilarious that whoever was in charge of Google's finder network decided to cripple the product's one and only function by prioritizing privacy.
That is a hilariously apt and depressing point. Wow.
Google is a timid shell of its former self, it won't dip a foot in a pool without making sure the water is warm.
Google's interest in user privacy extends as far as keeping competitors or customers of google from getting data about an Android user other than through Google.
Well sure, you could accuse Apple and Huawei of the exact same thing and still be right. Hardware OEMs are extremely desperate to force their customers through first-party services to extend the value of their sale. News at 11.
Because America lacks any form of conscious consumer protection, this is apparently fine to our regulators. Our market is entirely comfortable with OEMs fighting over who gets the right to exploit a customer with their defacto monopoly.
It's hard to believe how Google could mess up their network so badly. Apple network shall be totally dwarfed.
As a nomad-traveler, the Apple network is not particularly relevant to me, I don't travel to the wealthiest cities with a lot of Apple phones, but to the "rest of the world" where Android market share is close to 90% dominance. But even there, it still seems that Apple is doing better than Google (...)
> From what I've heard Google made their version pretty bad
I have one on my keys. The one time I tried to use it, despite refreshing multiple times, it gave me a bubble with a quarter mile radius. It turned out to be in my bag right next to me.
So, you're saying it was correct? ;)
Red arrow pointing at Earth on solar system
Nailed it.
Lower your expectations until they're already met. Go team, we did it!
It was technically correct.
Samsung's solution is not a subset, but a superior, separate concept.
It works incredibly well, even at the most remote countries' airports, villages, etc I can find my 2 tags. A peace of mind.
This guy concludes that Samsung SmartTag is the best, even if you are an iPhone user:
https://m.youtube.com/watch?v=9wefUV_bR0Y
Seems like they should just piggyback on FindMy also
I dunno, a less than perfectly all-seeing omnipresent tracking network actually is a little comforting
It's not very useful for tracking your things though, which arguably is why you would use it. I wouldn't trust Google's network to find a stolen bike or lost luggage for instance, but air tags are used for that all the time[0]. Finding my lost keys at home is a perfectly valid use case for tags, but you don't need a network for that, just some Bluetooth and maybe UWB.
[0] https://www.forbes.com/sites/barrycollins/2024/12/17/lost-lu...
https://help.vanmoof.com/hc/en-us/articles/16053155393181-Ho...
Google is still seeing everything, of course, just not the plebs.
There is a setting, where you can disable that it needs to be seen by multiple phones.
No, that's the whole point of the fiasco. That setting is not for the tracker but for the tracking devices. For Google Find My trackers to behave similarly to AirTags, every single android user would have to go to their Find My settings and explicitly change, how sensitive their phone is.
Looking through the code, it looks like this uses your personal Apple Mail entitlements to pull the locations that get collected by devices on the FindMy network:
https://github.com/seemoo-lab/openhaystack/blob/8d214aa5eb68...
I wonder if this were also possible by making an Apple developer account.
There are versions that do not require the interaction with Apple Mail.
All you need is an Apple account - the code doesn't have to run on Apple HW: https://github.com/biemster/FindMy
Can someone point me to something I saw earlier? Apple alerts users to "tags that might be following you". Someone made an implementation that used a KDF to rotate the mac address or private key or something, but it was predictable in a way you could track each derivation of the of the mac/private key.
There is a really obnoxious petty theft problem where I live, and the time it takes to constantly get my windows fixed or forced entry crap removed is worth a significant amount of my personal time. I have zero desire to confront anyone, but I'd like to be able to create a track for a PI or Law enforcement some day.
You can buy GPS cellular trackers. Then just get a really cheap or even free IOT sim.
Alternatively you could probably just walk to your nearest drug addict hangout with case of bottled water and ask them to stop breaking into your stuff.
Can you though? Every time airtags come up here someone is like "you can get GPS trackers already! they're cheap!" but I actually looked and actual GPS trackers that don't require a subscription or have various other flaws seem to be very difficult to find.
If there's a GPS tracker that uses an eSIM and isn't sketchy af and has decent battery life and isn't £100 let me know! I would love that for my bikes.
Yup, usually $20-30 per month is what I found. It would be cheaper to just use an old phone and use a cheap pay as you go cell service
Do you have more info on free IOT sims? Are the plans just super low data rate?
Hm, AFAIK AirTags rotate their private key anyway, so I don't know if that will help your problem. Maybe they rotate it slowly, though, I'm not very familiar with the exact algorithm.
In my submissions you can find a link to an article I wrote about OpenHaystack and those alerts. TL;DR, I was never warned by iOS about an OpenHaystack based tracker that I stuck inside my car for a while. That was a couple of years ago though, so things may have changed.
I wish it had a way to integrate with the Find My app instead of having to go through their own (wonky) process to retrieve locations. The chinese clones can do it (even with their own branding), so it must be possible somehow.
I think that's the wall in Apple's walled garden here. From reading the official Apple spec. for partners a while back, as part of the pairing process, something is signed by the device with a cert/key that apple issued to that developer (after coming to an agreement i.e - $$) - and, crucially, is different from the keypair that the device will use to actually broadcast. This is then validated by apple and thus allowed to be added to that apple-id's account and hence on to the app.
The keys broadcasted by the devices themselves in 'lost' mode (i.e. not in 2 way contact with the owner's device) are arbitrary and completely opaque, Apple doesn't have any way of tying them to an ID or device or developer. This is how the proposed project here works - these keys will always find their way to the apple server.
It seems like the knockoff ones have just hijacked a legit key for the pairing process. This means if Apple desires and finds out the key, it can probably remove all devices from all accounts - although the devices themselves will keep on broadcasting and their locations could be accessed in the above janky way. I wonder too if the original key owner might get a large bill for per-device royalties if/when Apple searches it's DB for a count of 'devices-added-to-an-apple-id-signed-by-this-key'...
This isn't actually the case. Apple supports 3rd party trackers - see https://mfi.apple.com/ and https://developer.apple.com/find-my/
Yes, this is exactly what I’m saying.
Apple officially supports third party trackers, who’s manufactures are issued, by apple as a part of their MFI programs, keys with which these third party devices must use to sign their pairing requests to the users apple account.
Perhaps these $5 devices do indeed include legitimate keys from apple to use from this, perhaps they have copied one from another device.
The "chinese clone" are official supported, here is how: https://developer.apple.com/find-my/
The Chinese clones use the Apple FindMy program, so they are official tags which can be displayed in the app. The OpenHaystack is a hack which uses different keys, and can't be shown on the app for cryptographic reasons
The clones are limited though, are they not? Like, they don't have the directional stuff and all that do they? I may be misremembering what I've read elsewhere.
This is amazing. I love Apple AirTags but they are so bulky and an odd shape.
I would love a AirTag the shape of a credit card to go into my wallet.
I would love a smaller AirTag to go on my cats collar.
You can buy third party "Find My" compatible tags for about $5 from Temu or Aliexpress. Although they're about the same size as regular Airtags, they're:
- easier to take apart (if you want discard the casing), and
- cheaper
I took one of the ones I have out of its casing to see what could be made thinner, and I found that most of the thickness was due to:
- The batter holder (CR2032)
- The speaker
- The button
The speaker and button could probably be dispensed with after initial setup. The battery holder could be removed, and the power supplied from the side instead of the top (if you want a thin card-like form factor).
Guessing those are missing ultra wide band?
Seems doubtful to me that someone implemented all three frequencies at 5 bucks
How much do you think a $20 AirTag costs to actually manufacture?
I don't know how much it costs to manufacture, but nobody is selling a UWB tag for $5. For $5, you only get BLE.
I certainly can't claim to have ordered and received one, but there are absolutely $5 UWB devices for sale on AliExpress, and that's before any bulk discount.
If Apple sells them for $20 it's highly likely some random Chinese seller can make money at $5.
Can you link me to one? I haven't found any of those.
I'm looking for a source of like ~100 UWB-only ones aiming for about 2~3 weeks of battery runtime on a pack of 2~3 AA batteries. Mostly depends on what voltage end the chips handle better: 2V low end, or 4.5V high end.
The aim is to keep track of where shared equipment is during the logistics phases of 39c3.
And, also, using the quite possibly wall-wart-piwered base station network to provide what's essentially rather precise indoor-GPS to users with sufficiently open FiRa hardware.
The problem is they don’t have accurate positioning via UWB, so you only get a map pin and a beep, not an arrow and an exact distance.
The $5 tags are comparable to tile or google tags, but miss the key feature of airtags.
I have seen modified AirTags on Etsy that enable the uwb to work
Have almost pulled the trigger and bought one multiple times but I keep just losing my wallet instead
Source: https://www.etsy.com/ca/listing/1318724878/modified-3-mm-sli...
I was wondering what you were talking about, as I have never seen the arrow when trying to locate a genuine AirTag that's misplaced within our house.
But that's because neither of the devices I've used to locate things (a recent iPad and an iPhone X) have the UWB hardware.
Another thought: these $5 tags still seem as good or better than a DIY tag using the current version of OpenHaystack, right? Unless OpenHaystack supports UWB?
They make super-thin AirTag compatible cards that fit in wallets.
The ones I’ve seen don’t have precision finding, but yes. Some even have wireless charging.
Only Apple Airtags have precision finding. I assume because its something not allowed to third parties.
I’ve even seen some wallets with built in “Find My” support.
Kindle cover would be extremely useful.
I wish me a budget 10000 mAh size "phone slab format/shape" power bank with like 18W output at 9~12V kind of "fast charge" style, and a built in Google air tag. They already have a button and a battery and a case; only need to add the BLE and the Google-mandated buzzer. I'd pay 5 bucks more than for the competition without the integrated tracker. That should easily cover the cost, right?
A Kindle or cover with Find My support would make my wife overflow with happiness.
Take a cover, place inside a credit-card sized airtag
Here's my 8.5 lb calico cat with the AirTag* she's had on her collar since she was a 3-month old kitten:
https://imgur.com/a/r9EGSOc
*Photo taken a moment ago with Meta Stories glasses
Kind of a weird flex by mentioning the meta glasses. Nice looking cat
* Wrote this on my cell phone. ;-)
>Kind of a weird flex — I love this! So HN.
Because once when I posted an imgur photo here with no camera provenance, a commenter asked "What camera was used to take that photo?
FunFact: it's MUCH easier to take a photo of your cat with glasses than a phone — hands-free is the future IMHO
You can't win with people complaining on hacker news ;-) I was just thinking of the old days when iphones first came out and so many people added them to their signatures "sent from an iphone" or something.
It's all cool.
Use this for my dog, it is super minimal...
https://www.amazon.com/gp/product/B09DCVFNFF/
Only thing is that I found that I needed to wrap the airtag itself with some clear tape to keep it from twisting itself out of the holder.
for my cat: https://imgur.com/a/r9EGSOc
Haven’t done the research but I wonder if you can use this to piggyback with tiny arbitrary data data payloads.
Yup, there was a project recently that used the airtag network to transmit data from a hardware keylogger. The computer could be totally gapped and the data still gets home via the typist's iPhone.
I am guessing this is the story: Keylogger leaks data via Apple AirTag network https://news.ycombinator.com/item?id=38126302
It's not airgapped if it has bluetooth access.
Presumably you stick the bluetooth antenna in the physical keylogger.
Sounds like a line from a conversation between a couple of pre-teen AIs.
I saw someone use this to track his mail state. They have a contact sensor inside their mailbox that rotates the broadcasted key based on the trigger count.
If the key changed, aka a new different device is visible, you know mail has been dropped in, very clever !
That is a fascinating project. Here is the link if anyone else is interested:
https://hackaday.com/2022/05/30/check-your-mailbox-using-the...
I wonder if the creator had neighbourhood style mailboxes down the road? If not this seems quite complicated solution for an object that is probably with range even BLE.
I tried building a mail sensor a couple of years ago where the mailbox was a fair distance from where I was living. I was not able to create a solution that didn't either have false positives or false negatives. For an outdoor object jostled by wind and rain it is harder than it seems.
I wish we had more / more easily accessible networks that let you do this.
Something that would let you send extremely tiny (<1kB) packets, using a wireless protocol that could be implemented extremely cheaply, piggybacking on the bandwidth of nearby internet-connected devices in a privacy-preserving way.
Amazon has a network like this called Sidewalk, using Alexa devices as gateways, but I don't think it's very open to third-party experimentation, and it's definitely not an interoperable standard on the gateway side.
I don't particularly want my devices transmitting arbitrary packets from unknown parties.
Starlink's Swarm (or what ever they are calling it now) might be nice if they ever release the hardware and pricing.
Too bad Fon didn’t work out, it could have been a global mesh network useful for this kind of thing.
How about LoRaWAN?
Hmmm, but can you use it to set up an actual AirTag without having another apple device like iPhone or Mac?
Possible with https://github.com/dchristl/macless-haystack
I think you can (haven't tried), check this repo https://github.com/malmeloo/FindMy.py/blob/main/examples/rea...
Would love to know who downvoted this and why. Is this not a valid question?
Previous: https://news.ycombinator.com/item?id=26342504
Can these be paired with the actual Apple Find My app and found in the app?
This is a technically interesting project, but is there any situation at all where it's worth using? It seems like it just allows you to build airtag-like devices that sorta work on the Find-My network with some rough edges, but I can buy proper AirTag clones in various form factors for a couple bucks - far cheaper than I could ever make a custom bluetooth device using this project. Am I missing a use-case?
If you had a laptop with Bluetooth, you could install this on it and find it if it were lost, I think.
Okay yeah, that appears to be true. Looks like the broadcast part currently only runs on Linux (or microcontroller firmware), while the client only works on macOS, so you'd need to lose your Linux laptop and then find it with your Apple computer, but it does seem like that setup would work if you had it. Maybe it'll be ported to other OSs at some point, if that's even possible.
Would your computer have to be open and running I’m guessing?
Are the clones any good though? Where do you even get them?
They've been perfect for me. I buy them on Temu for around $2.50 each and they work exactly like normal AirTags minus the ultra wideband precision finding. I pair and track them in the normal iOS FindMy app. Haven't been using them long enough to know how long the batteries last, but they advertise >1 year and they still all report pretty full batteries after a few months of usage, so I'm hopeful.
The credit card form factor ones for wallets are more expensive ($10) but can be wirelessly recharged on Qi chargers.
Any recommendation for brand etc for credit card sized ones? I’ve an old Tile that needs replacing.
"Brand" is a somewhat nebulous concept for chinese knockoffs, but the particular ones I got are each branded as "RSH Smart Tag." Though I'm pretty sure all the different listings are the same device coming out of the same factory with different random brand names printed on them. I'd just compare all the ones that say they work with iOS Find My and have wireless recharging, then get the cheapest one, specific branding be damned.
Edit: I just checked, and actually only two of my cards (which came in a two-pack) are branded with RSH, and the other one has no branding on it at all. It's definitely an identical device though - the only difference is the lack of branding.
They are quite good. I get mine on AliExpress and the batteries have been lasting for at least a couple of months now.
I’ve been meaning to toy with smaller form factors. In theory a lot of gadgets with a battery could be made trackable.
It allows you to locate a fleet of object without having to rely on wifi / GPS etc
QQ: Why would one build your own? Is the cost of building one's own lower than just buying an Airtag off the shelf? I recently bought some for about $15. Would building my own be cheaper?
I used to put one on my indoor/outdoor cat. She was a small cat so I always felt bad by how large the airtag was.
If we were still doing this, I would consider building an optimized one that's smaller and a better shape for her
Another use-case could be to build a tag that is able to leverage multiple different networks (Tile, Chipolo, etc)
Impressive. Would Apple be able to simply block non-Apple usage of Find My network usage simply by refusing to relay non-Apple BLE ID?
No, the BLE identities of these tags are currently practically indistinguishable from original tags, and could be made completely identical if necessary. In fact, changing the device's MAC address is part of the specification. What they could block, is the method used by these projects to fetch encrypted location reports. However, the original OpenHaystack project (this one) needs to run on macOS and lets the system handle account authentication, so it's unlikely to get blocked any time soon.
There's also projects that don't need access to macOS (you still need an account) https://github.com/malmeloo/FindMy.py
EDIT: just realized I'm replying to the author of the project lol
If I remember correctly, Apple was supposed to openly accept and encourage others to leverage their network and make more “AirTag” capable devices.
Yes, because they get a commission for every device registered on the network.
In the join process, there is a key that is shared only for developers who paid the fee - which is why it's not really trivial to create an AirTag clone without dumping the Apple AirTag flash
A quick search on Amazon shows a number of generic trackers compatible with “Find My”. In fact, the one on my dog’s collar is one of these.
I wonder what’s the upper limit of transmissions a single device can upload to Apple servers? If the Apple device has no cell service or WiFi, how long will the history of that location ping reside on device?
Also, is there a DoS vector here?
- attacker manages to simulate 1M+ Bluetooth devices
- victim randomly passes by and it crashes their phone due to a massive number of devices in single location and constantly uploading to Apple servers
So would this allow you to track a fleet in mostly realtime?
So, how exactly do you "build your own tags"? You need Bluetooth-enabled devices that can run this software?
https://robu.in/product/nrf51822-cfac-r-bluetooth-3-1edr-ble...
Will this chip work ?
Yes. I did it with that too. Basically all nrf51 / nrf52 are compatible with the protocol. In my case I've written the code in Rust - but it's pretty much the same thing as the example
Would there be a way for the bluetooth device to rotate its broadcast keys in a predictable way to avoid the iphone notification of "unknown airtag close by" messages? Seems like this could be exploited for surveillance.
Sure, that works.
One can also just cycle through a sufficiently large bank of pre-allocated keys, such that a findmy receiver doesn't see the same key too frequently.
You just need to derive a new key, this process is already part of the protocol to avoid being tracked while you wear your airtag
Technically it would need to rotate every 15 minutes or so - the notification you're talking about happens when the device is in "lost mode" (away from its owner): in that case the key is rotate every 24 hours
Yes, the FindYou project [0] has shown this to be possible.
[0] https://github.com/positive-security/find-you
> All you need to use is a mac.
Might as well require you to pay 1000$ up front to use.