_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI Query Apple's FindMy network with Python
wkjagt wrote 2 hours 33 min ago:
This is awesome. Now I's starting to hope a similar thing is possible
to manage Screen Time.
re wrote 11 hours 21 min ago:
From a quick skim of the repository, it looks like this is only for
accessories/devices that you own. I hope that this is the case, and
that it doesn't work for the "Find My Friends" functionality.
I'm okay sharing my location with trusted people so that they can
occasionally manually check where I currently am. I don't like the idea
of them theoretically being able to automatically record my location
and build a complete history of my movements over time.
jjtech wrote 8 hours 56 min ago:
Yeah, uh... you might do well to assume that they can. The Find My
Friends API is really really simple, I have a script somewhere that
can pull the locations of everyone who has shared their locations
with me and record it.
(I'm also the one who wrote the original code that was refactored a
couple times until it became this project... [1] )
URI [1]: https://github.com/JJTech0130/pypush/blob/async/examples/ope...
malmeloo wrote 10 hours 47 min ago:
You're right, locating friends is not currently supported. I would
assume that this feature is implemented by simply sharing your
device's (already recorded) latest location ping with your friends,
in which case this is also currently out of scope for the project -
the library only intends to interact with the
"other-devices-find-my-device" network in order to be
account-agnostic.
On a separate thought, if Apple has not taken concerns such as the
one you portrayed into account when designing Find My Friends then I
would suggest not using the system altogether. At that point it's
only a matter of time before someone figures out how to extract the
data. But that's an entirely different story and a personal
consideration you'll have to make.
lolinder wrote 11 hours 18 min ago:
You should probably just assume that the recording is possible and
not share your location with people you don't trust to not do that.
Find my Friends isn't Snapchatâthere's nothing in the pitch about
ephemerality, so you shouldn't assume they engineered it in as a
design constraint.
upbeat_general wrote 12 hours 16 min ago:
For the longest time Iâve wanted a way to record my location history
in a durable way, without resorting to google maps history (which is
great but hasâ¦obvious downsides), or some hacky short-term custom
solution.
I wonder if someone could integrate this into a more coherent long-term
platform.
emilburzo wrote 4 hours 42 min ago:
> without resorting to google maps history (which is great but
hasâ¦obvious downsides)
Maybe relevant: they moved it to on-device now:
URI [1]: https://9to5google.com/2023/12/12/google-location-history-ti...
dotty- wrote 10 hours 50 min ago:
I starred this on GitHub a few weeks ago! [1] Have not played with
it, but maybe could fit your needs!
URI [1]: https://github.com/Freika/dawarich
upbeat_general wrote 9 hours 53 min ago:
Oh this looks cool, will give it a try!
joshmarinacci wrote 11 hours 18 min ago:
There are , or at least were, commercial services that did this. What
do you want to do with this data? What form do you need it in?
upbeat_general wrote 9 hours 51 min ago:
I think itâs just super handy to know where youâve been. Great
to be able to find places (âOh I loved this Thai place I went to
4 years ago in X cityâ)
Also to be able to find photos in specific locations (if you
integrate it with geotagged photos like google does).
Itâs one of those things I donât actively care a ton about in
the short term but is useful data to have in the long term if it
can persist without a lot of effort.
Edit: I think form is âirrelevantâ as long as itâs well
supported and can be useable in different services later on. Same
thing with notes imo (and why I use markdown). Has enough features
but importantly is and will be well supported.
1659447091 wrote 5 hours 35 min ago:
If you mostly walk or bike places, Strava[0] is a great way to
record where you have been. I use it mostly for recording my
travel (and hikes) since I walk more when visiting other places,
not so much at home. Have it start recording in the morning and
off in the evening. Pause if I take a bus or train and then can
edit to clean it up later. Photos with geo tags can be uploaded
and when you look at the map the photos will be at the location
you took them. Also has a fun feature where you can replay your
walk/hike/etc. It's been awhile since I downloaded my data but it
was easy and everything you could want is there. The free tier is
everything you need for something like the above
[0] [1] [added] been using it since ~2012
URI [1]: https://www.strava.com/
josephernest wrote 13 hours 31 min ago:
I don't have an iPhone or Mac.
Can I buy an AirTag, initialize it with the help of a friend who has an
iPhone, and then locate the AirTag or ring it from my PC with this
Python lib?
It would be awesome.
stavros wrote 11 hours 48 min ago:
I bought some $8 third-party AirTags from AliExpress, flashed them
with some firmware, and used Macless Haystack to track them without
owning any Apple devices. [1] Google have also launched their own
network, Find, which is turned off by default and useless for now.
URI [1]: https://notes.stavros.io/programming/third-party-airtags-res...
philsnow wrote 12 hours 4 min ago:
Note that, locating airtags and making them play sound requires them
to be near some other iDevice (the battery is a standard CR2032), so
if you live in a remote ranch or something and nobody around you has
an iphone, they might not be very useful.
lolinder wrote 11 hours 2 min ago:
It wouldn't even need to be a remote ranchâeverything I'm seeing
suggests they have a range of between 30-100 feet depending on
walls and whatnot, which means even in a typical suburb you've got
pretty high odds that none of your neighbors have a device within
range at the moment you need it.
bolognafairy wrote 8 hours 13 min ago:
My experience is that this is rarely true in reality. I live in a
freestanding house in a suburban area (not in the US, let alone
SF). Iâve moved a couple of times since Iâve started using
AirTags. Even when none of my own devices have been around, I
still manage to get quite frequent location updates.
lolinder wrote 7 hours 25 min ago:
How frequent is frequent?
For the use case of identifying where they are on a map, I can
certainly believe that an iPhone will connect more often than
you move the object the tag is attached to. But when it comes
time to actually trigger a sound to find it stuck under a
cushion or what have you, is there going to be an iPhone within
range at that moment?
NavinF wrote 3 hours 33 min ago:
That's a very unusual use case. When one of my airtags is in
my building I can locate it with ~0.1ft precision using UWB.
No matter how many other iPhones are in the building I can't
get <100ft precision without UWB.
The difference between "airtag is in under the top left
corner of the couch cushion" and "airtag might be in the same
building as you" is so large that I wonder why you don't get
a old used iPhone and swap the battery to create a functional
phone.
tamjai wrote 12 hours 36 min ago:
Tile Tracker already has that. I wouldn't relying on Apple being
merciful.
malmeloo wrote 13 hours 8 min ago:
Theoretically yes, once the AirTag is deployed the keys should be
static and you should be ready to go. Apple should also not be able
to "ban" the tag at some later point in time.
I would suggest signing into a separate Apple account that's under
your control to pair the AirTag, however. Not due to the risk of
being banned, but because I have the suspicion that removing an
AirTag from your (friend's) account may prompt the device to instruct
the AirTag to reset. But if you sign into another account, pair it
using an iDevice and then log out, that shouldn't be an issue.
trashcan wrote 13 hours 35 min ago:
It's not clear to me how to actually get the required plist file to
make this library work. Neither of the scripts in this issue seem to
work: [1] Is the syntax to run them just `swift `?
Swift/ErrorType.swift:253: Fatal error: Error raised at top level:
main.MyError.noPassword
URI [1]: https://github.com/malmeloo/FindMy.py/issues/31
malmeloo wrote 12 hours 55 min ago:
Which version of MacOS are you using? I believe Apple has made
changes to the keychain in the latest version which prevents the
scripts from working properly.
The only Apple "device" I have regular access to is a hackintosh, so
this stuff is frustratingly hard to debug. So far I've been relying
on efforts from the community, but the scripts appear to be somewhat
flaky and don't always work for everyone unfortunately.
trashcan wrote 10 hours 7 min ago:
I am on Sequoia 15.3. If I can do anything to help, let me know.
malmeloo wrote 16 hours 15 min ago:
Hey everyone! I'm the author of FindMy.py. I'd like to use this moment
to give a shout-out to some other people that deserve way more credit
than me, as the project definitely would not have existed without them.
If this stuff interests you then please do check them out, there is a
dedicated section in the project's README ( [1] ).
If you have any questions, feel free to ask :-)
URI [1]: https://github.com/malmeloo/FindMy.py?tab=readme-ov-file#credi...
josephernest wrote 13 hours 29 min ago:
Congrats ! I don't have an iPhone or Mac. Can I buy an AirTag,
initialize it with the help of a friend who has an iPhone, and then
locate the AirTag or ring it from my PC with this Python lib?
acer4666 wrote 57 min ago:
I don't see how you would get the private key for the airtag off
the iPhone without jailbreaking it. The readme of the project
implies you can do this but the docs are completely lacking
sneak wrote 15 hours 47 min ago:
Could you please include some usage examples in the README?
malmeloo wrote 15 hours 43 min ago:
There is an examples directory that covers basic usage: [1]
Official docs: [2] I realize that the docs are rather empty right
now; it takes a lot of time to turn my thoughts into text, which I
do not really have at the moment. Contributions are welcome, of
course ;-)
URI [1]: https://github.com/malmeloo/FindMy.py/tree/main/examples
URI [2]: https://docs.mikealmel.ooo/FindMy.py/
trees101 wrote 16 hours 25 min ago:
Does this require you to run a virtualized apple OS in order to keep
track of your tags?
cruffle_duffle wrote 17 hours 14 min ago:
I remember there was a time when âweb servicesâ were the new
hotness and everybody was gonna offer some API to whatever they had
online.
What happened to this? Weâve even got the authentication part nailed
down now thanks to OAuth! There is even API gateways that you can park
in front of your stack that manage all the hard parts like granting
client secrets to API consumers and showing registration screens to
developers.
There is really nothing stopping you from opening up parts of your
stack to developers and tinkerers so they can do cool shit. It even
gets people to lock into your product that much more because now
theyâve integrated some part of their workflow into your system in a
way that might not be possible without your service!
So yeah. You already have these APIâs exposed for your front end apps
to use. Why not just slam a developer portal on top and let people
access some of it? Who knows what cool things theyâll cook up!
daft_pink wrote 17 hours 18 min ago:
Itâs interesting, because it could allow you to log location over
time. Generally, I can only see peoples location when I open the app,
but this would allow me to ping every 30 minutes and create a very long
log that I could technically create manually, but would be quite a bit
of work.
stavros wrote 11 hours 46 min ago:
You don't need to do that, the API will happily return the last N
days of location pings.
malmeloo wrote 10 hours 24 min ago:
This, indeed. Quick addition: Apple only stores locations for up to
7 days, so I would recommend running it once per day or so if you
don't need live data. If you do, be careful not to request too
often (sub-30 mins) if you value your account dearly.
leobg wrote 18 hours 13 min ago:
Can I use this, if I have an iPhone, to trigger actions on a server
based on my location?
For example, âWhen I come home, fetch the latest electricity prices
and notify me if I should plug in my Teslaâ.
I tried that using Shortcuts, but they wonât run location based
without confirmation. (There are some workarounds, but they, too,
donât work reliably in my experience.)
enlightens wrote 11 hours 14 min ago:
If you literally mean when you return home, Iâve been running
Shortcut automations triggered by leaving home and arriving home,
using the built in âMy Homeâ triggers. They donât require
confirmation and as best as I can tell have been completely reliable.
malmeloo wrote 15 hours 59 min ago:
Technically, yes! I have an experimental Home Assistant integration
here, if you're into that stuff: [1] However, do note that AirTags
put themselves into "nearby" mode when they're near an owner device,
at which point they become untraceable to the FindMy network (the
system where other iPhones are finding your AirTag and uploading its
location). That also makes it invisible to this library. It is
however still possible to detect it using the BLE signal it is
broadcasting in nearby state, which is supported by the library but
not yet by the HA integration.
URI [1]: https://github.com/malmeloo/hass-FindMy
cruffle_duffle wrote 17 hours 20 min ago:
Stupid question but couldnât you just always plug it in and then
automate the bit where it actually energizes the outlet?
owenthejumper wrote 19 hours 18 min ago:
Using this as soon as Play sound is integrated!
pixelmonkey wrote 20 hours 42 min ago:
This looks great. If this Python implementation of the FindMy API
actually works, it would be a major technology quality-of-life
improvement for me. I hope Apple lets it stay alive.
Everyone who shares location with me does so over Find My, and my
family insists on using AirTags. As a 100% desktop Linux and mobile
Android user, it is one of the few things that I always need to remote
in to my Mac Mini to access because there are no x-platform FindMy apps
and the FindMy iCloud web app does not have feature parity to the macOS
and iOS apps. One of a long list of offenses where Apple refuses to
make things easy for x-platform friend groups and families. Very
annoying.
vitovito wrote 6 hours 48 min ago:
I ended up using Shortcuts to publish a set of screenshots from an
always-on Mac every 10 minutes or so for a set of shared, family
AirTags: [1] I couldn't reliably get iOS to do the same, and my tests
of an Android-compatible tag found it was detected much less often
than an AirTag riding along with it.
URI [1]: http://vitor.io/android-airtags
fluidcruft wrote 18 hours 50 min ago:
One that really annoys me is inability to monitor/control my kid's
device useage and time limits.
amit9gupta wrote 17 hours 38 min ago:
Possible in the apple ecosystem. If the kids are part of a
"familly", you can monitor / control using Parental Controls
accessed from your iPhone > Settings > Screen Time.
Also checkout firewalla
URI [1]: https://help.firewalla.com/hc/en-us/articles/360008214094-...
cjrp wrote 13 hours 17 min ago:
Iâve always thought their implementation of this is pretty
poor. Lots of granular options but itâs difficult to cover all
bases.
fluidcruft wrote 17 hours 6 min ago:
I actually have Firewalla (it's great!). But it's only helpful
when a kid's phone is connected to the network itself (which they
can escape easily by disconnecting from wifi). The native stuff
works on all networks.
alwa wrote 17 hours 30 min ago:
It sounds like the gpâs objection might be that theyâd like
for their children to use iPhone and its parental controls, but
they themselves would prefer to use other platforms to manage the
supervision features. As far as I know, you do in fact have to be
within the apple ecosystem to manage the ScreenTime features as
you suggest.
Firewalla looks really thoughtfully designed! Iâm glad to be
aware of it.
nulltxt wrote 18 hours 58 min ago:
Does Blue Bubbles work for this? They have find my built into their
app
bronson wrote 18 hours 40 min ago:
Kind of? Right now it feels like it's glued on the side and a good
proof of concept. It takes a lot more panning and zooming than it
should. But it DOES work, one-way: you can see your friends'
locations but they can't see yours.
GeekyBear wrote 19 hours 7 min ago:
What information is available through this api that would not already
be available over the web?
malmeloo wrote 15 hours 46 min ago:
To the best of my knowledge, AirTag locations still cannot be
obtained through the iCloud website. The locations it shows are
simply generated by the devices themselves and uploaded directly to
Apple. This library specifically only queries the FindMy network,
which is the system that allows other iPhones (and iPads etc.) to
"find" your devices.
The library also explicitly does not integrate with your Apple
account, but only uses it to query encrypted location reports from
Apple. This can be done with any account, even if it does not "own"
the device, as long as you can generate the correct keys.
pixelmonkey wrote 18 hours 56 min ago:
Hopefully locations shared by users not part of my iCloud Family
account, and "Items" (Apple jargon term for AirTags). Currently it
only shows macOS or iOS "Devices" directly linked to my iCloud
account, or in my iCloud Family, none of the locations shared by
friends. And it shows no "Items," not even those in my iCloud
account.
(... yep, it looks like one of their example programs is about
accessing AirTag info via API: [1] ...)
URI [1]: https://github.com/malmeloo/FindMy.py/blob/main/examples/r...
bolognafairy wrote 8 hours 26 min ago:
âItemsâ is not an Apple jargon term for AirTags. AirTags are
not the only thing that can show up in this list. Third-party
FindMy-compatible devices are quite common.
Since you frankly seem to have a bee in your bonnet about Apple,
Iâd suggest that you actually look into these. They might be
more to your taste.
phillco wrote 19 hours 41 min ago:
Even within Apple's platforms, there's pretty limited support for
automation -- you can say "Siri find my keys" but there's no App
Intents / Shortcuts support for automating anything within Find My
(AFAIK), which is a bit disappointing.
Angostura wrote 12 hours 16 min ago:
I suspect they might be a bit wary of the privacy implications of
giving other apps/Shortcuts access to Findmy data
UniverseHacker wrote 18 hours 43 min ago:
What about Apple Automator and Applescript?
lelandfe wrote 12 hours 59 min ago:
Find My has no any exposed Applescript commands. You'd next need
to try (I think, been >a decade) Accessibility Inspector to find
the names of the interface so you can tell Applescript what to
click on. On some apps, even this doesn't work.
I also suspect Find My is a Catalyst-ported iPadOS app, which
tend to be awful/useless for scripting.
hirvi74 wrote 8 hours 18 min ago:
> You'd next need to try (I think, been >a decade)
Accessibility Inspector to find the names of the interface so
you can tell Applescript what to click on. On some apps, even
this doesn't work.
I am cursed with a lot of experience doing just this. However,
I will say that every year it's getting harder and harder to
do. The new security/accessibility changes in Sequoia have made
things even more of a nightmare.
pixelmonkey wrote 19 hours 38 min ago:
Yes, although I recently discovered Hammerspoon which is a clever
little bit of open source macOS desktop automation technology:
URI [1]: https://www.hammerspoon.org/
BeefySwain wrote 19 hours 55 min ago:
What does "x-platform" mean in this context?
pixelmonkey wrote 19 hours 42 min ago:
Cross-platform. There are 3 major desktop operating systems
(Windows, Linux, and Mac) and 2 major mobile operating systems
(iPhone and Android). Every single OS has a huge marketshare
worldwide (including Linux, if you count servers).
A truly x-platform app is one that works well on all 5 of these
platforms, e.g. Signal. A moderately x-platform app is one that
works well on the two mobile operating systems and on web as an
alternative to desktop, e.g. WhatsApp. A single-platform app, like
Apple FindMy, only works properly on e.g. Mac + iPhone. Apple tends
to be the only major industry player that produces these sorts of
apps, e.g. iMessage, FaceTime, Final Cut Pro, Keynote. Although
with Keynote you can often get by with the iCloud web version,
which has a useful 80%-or-so of the desktop app's features. Even
apps like Meet, Zoom, and Teams -- run by rival companies -- are
more x-platform than major Apple apps.
bolognafairy wrote 8 hours 18 min ago:
Linux is not a âmajor desktop operating systemâ. Letâs be
intellectually honest here, particularly because youâre using
the number â3â to bolster your argument that Apple is being
negligent or unfair or whatever.
Be annoyed at Apple for not âsupporting Androidâ or whatever
all you want, but letâs not pretend that Apple isnât paying a
very justifiable amount of attention to desktop Linux. What next,
iCloud.com doesnât load properly in Lynx?
MacsHeadroom wrote 5 hours 58 min ago:
Estimates from earlier this year are over 60 Million Linux
powered desktop PCs globally.
That's not a huge portion of total market share but is still
major by some measure.
stavros wrote 18 hours 53 min ago:
I think the GP knows what cross-platform means, but is confused
by using "X" as shorthand for "cross". In my opinion, it's not
widespread enough for the four-letter saving to be worth the
confusion.
jpc0 wrote 16 hours 59 min ago:
I didn't directly interpret it a cross-platform but more as (x)
platform... Asin variable x which is not Apple... Which is
semantically the same I guess but not entirely.
Just to add to the different ways that that exact grouping of
letters can be interpreted.
Maybe because I see an API as being able to be accessed from
anywhere, so you could query it from a home automation device
to trigger something when you are withing X meters of your
house, which even if Apple truly released a cross-platform
version of Find My that wouldn't be possible.
pixelmonkey wrote 18 hours 50 min ago:
That's a good point, well taken. Especially now that "X" is the
name of a social media platform :-)
marzell wrote 18 hours 13 min ago:
Long before the richest man on earth bought Twitter to be his
personal megaphone to help him prepare to become president in
order to boost all his personal endeavors, the letter X has
been used as a sort of contraction to replace common
morphemes like "cross", "trans" etc, in places where the
physical representation "x" likens to a cross or crossing of
some sort, or in reference to the Greek letter Chi. Must we
change our use of language to support this guy, too?
Xtian Xmas xfer tx/rx xor...
int_19h wrote 12 hours 51 min ago:
I don't think "xor" belongs to that list, given that the
"x" in it is a shortening of "eXclusive".
alehlopeh wrote 16 hours 23 min ago:
You pretty much listed all the examples where thatâs done
(x-ing is also a big one, on signs), but there are way more
cases where no one would ever use the letter X like that. I
think parsing that kind of âsyntax sugarâ takes more
cycles than a lot of people care to spare just to
understand what a stranger is saying online. Itâs too
loose to be commonly applicable. Things like âXmasâ are
accepted on a case by case basis.
The argument wasnât made out of principle, either. If it
were more widespread, it would be worth the potential
confusion. Itâs just not. I agree with that.
sshh12 wrote 19 hours 45 min ago:
Cross platform (something that works well outside of Apple
apps/devices)
t00 wrote 5 hours 18 min ago:
Cross platform -> â platform -> t platform might be a better
choice
roger_ wrote 20 hours 59 min ago:
Hope someone integrates this with Home Assistant soon!
malmeloo wrote 15 hours 58 min ago:
[1] It still has some rough edges, but I've been running it for a
few months now for myself and some family members without any major
issues :-)
URI [1]: https://github.com/malmeloo/hass-FindMy
Havoc wrote 21 hours 15 min ago:
What are the chance that this keeps working long term?
Sounds awesome & makes airtags more appealing, but if apple is just
going to shut it down next week then less so
malmeloo wrote 15 hours 31 min ago:
So far they don't really seem to care, however we've seen the lengths
Apple is willing to go to when it comes to protecting their sweet
revenue stream during their fight with Beeper. OpenHaystack has been
functional for a long time, but they obtain locations from a running
Mac, while this project directly accesses their API. This is also the
most attention this project has received in a long time, so we'll see
how that goes.
Over the past year only of my accounts has been banned by Apple, and
I was using that one to request locations every 5-10 minutes 24/7 in
Home Assistant, with no other usage of the account other than one
registered hackintosh. I'm currently using another account that is
querying data every 15-30 minutes, which has been working fine so
far. You just need an account to anonymously download location
reports, so if your throwaway gets banned just create a new one and
things should work again. Just make sure to attach it to a real
device or hackintosh at least once to "activate" the account's iCloud
API.
I do just want to make it clear that I have no intentions on keeping
this working "at all costs" - at least not without other people
willing to help me out. The library is currently not even trying to
be stealthy, and it can be easily detected using heuristics if they
really wanted to.
Havoc wrote 29 min ago:
Cool. Thanks for the detailed response.
Afraid only devices I've got are iphones and icloud accounts where
I can't risk a ban.
ttul wrote 18 hours 37 min ago:
From Appleâs perspective, if someone uses the FindMy APIs to
provide a commercial service that diminishes the privacy offered by
Appleâs official apps, they would likely send a C&D letter. But for
hobby projects, itâs not worth clamping down hard.
stonegray wrote 20 hours 10 min ago:
Changing the underlying find my network to break this would be
challenging if not impossible while keeping the privacy protections
in place. Apple canât identify devices sending data to find my, and
doesnât log requests. Short of changes that would break
compatibility with older devices it should be relatively stable.
OpenHaystack has been doing this for a few years now and Apple has
made no efforts to restrict it.
malmeloo wrote 15 hours 26 min ago:
You're correct in saying that it would be challenging for them to
overhaul the entire network, but this library directly makes API
calls to Apple's servers to request location reports. So while the
tags would likely keep working, they could totally block the
library or your account if they really wanted to.
alphan0n wrote 19 hours 6 min ago:
Iâve been using FakeTag[0] and OpenHaystack[1] coupled with a
vibration sensor to notify me when various things happen around my
house. Inspired by this [2] article. Itâs worked flawlessly for
~2 years.
[0] [1] [2]
URI [1]: https://github.com/dakhnod/FakeTag
URI [2]: https://github.com/seemoo-lab/openhaystack
URI [3]: https://hackaday.com/2022/05/30/check-your-mailbox-using-t...
gjsman-1000 wrote 20 hours 7 min ago:
> Apple canât identify devices sending data to find my, and
doesnât log requests.
So what you're saying is that a decent firewall could still inspect
the traffic, or the patterns thereof.
Also, this doesn't make any sense, as if Apple doesn't know which
AirTag belongs to who, Find My would be very useless; and law
enforcement would be furious.
stonegray wrote 19 hours 55 min ago:
Airtags are associated with your apple ID for safety, but when
you make a request for the location from Find My it doesnât
include any information about which airtag youâre asking about;
just a CSPRNG-incremented public key that changes every 15
minutes. The location data itself is not available to Apple.
Here is Appleâs docs on how they prevent themselves from
inspecting traffic on Fmi:
URI [1]: https://support.apple.com/guide/security/find-my-securit...
meindnoch wrote 18 hours 30 min ago:
So how does Find My work on icloud.com then?
malmeloo wrote 16 hours 7 min ago:
The short answer is that it doesn't. The iCloud website only
shows devices that are actively uploading their location to
Apple, such as iPhones and iPads. AirTags are not shown
there, as they use the FindMy network instead (the whole
other-devices-find-your-airtags mechanism). This library
focuses on the latter.
Apple devices can query your AirTag's location because they
sync its shared secrets through the iCloud keychain, which is
used to generate temporary keys that can be use to download
and decrypt the tag's location.
meindnoch wrote 15 hours 34 min ago:
>Apple devices can query your AirTag's location because
they sync its shared secrets through the iCloud keychain
I see. But can't Apple simply read this data from my iCloud
keychain? Or is this kind of data sharing through iCloud
keychain e2e encrypted?
malmeloo wrote 2 hours 32 min ago:
As far as I understand, the keychain is indeed e2e
encrypted and it requires at least one of your other
devices to be online in order to sync. However last time
I checked Apple still fails the mud puddle test, so there
does have to be some kind of master key that decrypts the
data in the case of account recovery.
alphan0n wrote 16 hours 58 min ago:
Itâs explained pretty well in link provided in comment your
replying to.
The tl;dr is: The information is publicly available in an
encrypted form that is only readable by the party with the
key.
Think of it like this, when you mark an item as lost you
publish a hashed public identification key, if another device
detects that key it creates a location report encrypted with
your public key and posts it to a public list of encrypted
reports, you decrypt the report with your private key.
meindnoch wrote 15 hours 40 min ago:
>you decrypt the report with your private key
Where would this private key be coming from when opening
Find My on icloud.com (a website)?
alphan0n wrote 15 hours 25 min ago:
From your keychain. Decrypted locally.
If you mean from another device other than one that your
keychain is on, ie, a browser on a device you havenât
logged into before, you canât.
You can get an active location through iCloud if the
device is powered on or its last location before power
off if the setting is enabled. But you canât decrypt
find my location reports without the private key, which
is only available in devices youâve logged into.
meindnoch wrote 2 hours 47 min ago:
Websites can access my keychain? Since when?
wutwutwat wrote 19 hours 13 min ago:
So Apple has no way to see anything even when developing the
platform itself?
They must have a way to decrypt payloads or otherwise get into
the system they built and control. The fact that they let law
enforcement know when someone is stalking someone with an
AirTag shows that the data is available to them. Itâs silly
to think otherwise, paper or not.
NavinF wrote 10 hours 34 min ago:
> they let law enforcement know when someone is stalking
someone
Source? That's not a thing
refulgentis wrote 6 hours 8 min ago:
+1
future10se wrote 18 hours 48 min ago:
> The fact that they let law enforcement know when someone is
stalking someone with an AirTag shows that the data is
available to them.
Not technically correct. Apple devices (and Android phones
with the appropriate app) detect if an unknown AirTag is
moving with them and makes it home, possibly signalling a
stalking attempt.
The heuristics for this happen locally; Apple isn't "aware"
of this happening. That said, when you first set-up an
AirTag, the serial is tied to your account. Therefore, when
you physically find an unknown AirTag and report it to law
enforcement, they can then subpoena (or get a warrant?) Apple
for information on the AirTag owner's identity.
The serial itself, and any personal identifiers, are not used
in the locating process, however.
This is well documented in the paper above, in articles, as
well as in reverse engineering efforts.
zikduruqe wrote 21 hours 23 min ago:
You used to be able to query this data locally from your MacBook, but
Apple decided to encrypt it. It was fun to put an AirTag on your cat,
then use GPS Visualizer to plot your cat's activities overnight. [1]
URI [1]: https://github.com/icepick3000/AirtagAlex
URI [2]: https://www.gpsvisualizer.com
bolognafairy wrote 8 hours 16 min ago:
> but Apple decided to encrypt it.
Yes. As part of a major effort to reduce the abuse potential of
AirTags, something that people have been very justifiably demanding.
zikduruqe wrote 2 hours 6 min ago:
Ah yes.
The data that is already displayed in my GUI, is now encrypted on
my disk that I have full access to. Got it. /s
alibarber wrote 1 hour 37 min ago:
I think the concern could be that someone other than you might
have access to your disk or computer.
Perhaps some people in a uniform could get access to that
computer, physically or otherwise, and then have access to lots
of interesting location histories from it, and they may not have
your best interests in mind.
andoando wrote 13 hours 12 min ago:
i tried that except damn cat figured out how to take its collar off
every time
qup wrote 21 hours 6 min ago:
While we're here, I have an ask (of anyone). I want the same exact
thing you said, except for an outdoor dog on a large property.
I would like a tag that just records its own GPS coordinates locally
on-device, every so often, and then when my dog comes home, I can
check where she's been.
Does this exist?
jdiez17 wrote 13 hours 37 min ago:
I have a TK913 GPS tracker for my ebike, which is configured to
send location reports to my server running Traccar[1]. I'm very
happy with the setup, it Just Works. I can check where my bike is
at any point from the web UI from my phone. It supports A LOT[2] of
these cellular-enabled GPS trackers. [1] [2] [1] devices/
URI [1]: https://www.traccar.org/
URI [2]: https://www.traccar.org/devices/
spike021 wrote 17 hours 41 min ago:
My dog has a Fi GPS/cellular collar. You could just get that and
leave it on at night and it would show you where your dog wanders
around.
eightysixfour wrote 16 hours 15 min ago:
This person specifically wants offline.
janten wrote 20 hours 49 min ago:
They are called GPS trackers or GPS loggers. You can find some that
save coordinates to a microSD card and optionally send the location
via cellular connection for about 10 dollars on AliExpress.
zikduruqe wrote 20 hours 59 min ago:
You know honestly? I have thought of using a XOSS cycling computer
( [1] ).
I have used them before on various bikes and they work just fine.
Battery life is about 25 hours, it is weather resistant, and then
you can sync them after you record an activity. And at less than
$30, if it gets lost, it isn't the worst thing in the world.
URI [1]: https://www.amazon.com/XOSS-Speedometer-Accessories-Waterp...
cdurth wrote 20 hours 59 min ago:
You could definitely use meshtastic devices to do this
Raed667 wrote 21 hours 1 min ago:
Any cheap Garmin watch should do the trick
1986 wrote 20 hours 55 min ago:
And if you want to spend more, Garmin even makes a range of dog
tracking equipment:
URI [1]: https://www.garmin.com/en-US/p/965617
mikeweiss wrote 21 hours 24 min ago:
As someone who lives in an Android family but would still like to use
air tags since it's the biggest network in the U.S. I'd love a way to
add and use air tags without needing to have an iPhone!
Schiendelman wrote 13 hours 26 min ago:
The whole point of services like this is to get you into the
ecosystem. This is a value add for iPhone users.
oulipo wrote 21 hours 25 min ago:
I'm also interested by the Haystack project to have an ESP32-based
object identify as an AirTag and be able to follow it
Does anyone knows if their approach is "sustainable", or if Apple can
easily "block out" such hacks from their network?
Its_Padar wrote 20 hours 48 min ago:
If it functions exactly as an AirTag does then it would be hard as
they would not want to block all previously sold AirTags
crazygringo wrote 20 hours 41 min ago:
Is there something it can do to whitelist legitimate AirTag serial
numbers?
stonegray wrote 19 hours 49 min ago:
They do, Airtag hardware need to be signed to add to your iCloud
account. But the actual location beacon messages are not linked
to your iCloud account and canât be associated with the
sending airtag.
bhy wrote 20 hours 28 min ago:
I don't think AirTag work that way. AirTag protocol is
specifically designed so Apple or other parties will not be able
to track users by serial numbers.
gjsman-1000 wrote 20 hours 5 min ago:
Where there's a will, there's a way. Apple is very clear law
enforcement can approach them with any AirTag and they will
immediately be able to tie it to a user.
bolognafairy wrote 8 hours 11 min ago:
That is not the same thing.
kolinko wrote 18 hours 13 min ago:
One doesnât exclude the other - a physical airtag may have
an ID available, but not broadcast it anywhere.
Also, âwhen thereâs a willâ¦â doesnât really apply
to cruptography
delijati wrote 22 hours 0 min ago:
Can i add xiaomi "airtag" with it?
malmeloo wrote 15 hours 55 min ago:
I'm not familiar with these tags, do they implement the FindMy
protocol? If it's a proper 3rd party AirTag ("Works with FindMy")
then it should be supported, see the AirTag example in the repository
for more info.
Galanwe wrote 22 hours 20 min ago:
Fore those not familiar with the Apple ecosystem, what does "Find My"
do? locate apple devices ?
incanus77 wrote 19 hours 23 min ago:
I donât use the person tracking very often except on group
vacations, but I track a vehicle with an AirTag after a car theft for
a little peace of mind (along with other preventative measures).
Every now and then itâs handy for my own devices, too, including
alerting me when Iâve accidentally left one behind at a non-routine
location.
vasco wrote 21 hours 47 min ago:
With the Apple and the Google ecosystems!
cube2222 wrote 22 hours 6 min ago:
Importantly, it works in a peer-to-peer kind of way. Apple devices
act as kind of beacons and nearby iPhones can notify Apple servers of
any nearby devices they detect (in a way not decryptable by Apple,
only by the owner of the devices).
So AirTags, MacBooks, and turned-off iPhones are findable via
passing-by turned-on iPhones.
lopkeny12ko wrote 21 hours 56 min ago:
Is it not a glaring privacy and security hole that turned-off
devices can still be located?
Maybe it's just me, but if I own an internet-connected device and I
turn it off, I expect it to be off. That an iPhone's definition of
"off" means "you can't use it but other random people's iPhones in
the vicinity can still connect to and ping it" rubs me the wrong
way.
tzs wrote 15 hours 43 min ago:
Other phones in the vicinity don't connect to yours. Yours uses
Bluetooth LE to periodically broadcast some data. Other phones in
the vicinity relay that data along with the approximate location
to Apple.
jen20 wrote 21 hours 52 min ago:
It is not. If you donât want your device to participate, you ca
elect not to enable Find My during setup. The vast majority of
people would rather a their couldnât just turn off a stolen
phone and render it unlocatable.
rainsford wrote 20 hours 40 min ago:
Also the location is only accessible to you, the owner of the
device. Not Apple or "random other people's iPhones".
The engineering and thought that went into the whole thing to
be useful but also privacy protecting is actually pretty
impressive, and exactly the kind of thing we should be
encouraging companies to do if we care about privacy.
Especially since as you point out, you can still easily turn it
off at any point if you want.
anderiv wrote 21 hours 53 min ago:
The off-but-still-on functionality can be turned off, and the OS
does disclose that by default the device is still findable on the
power off screen.
latexr wrote 22 hours 11 min ago:
[1] > Find My is an asset tracking service made by Apple Inc. that
enables users to track the location of iOS, iPadOS, macOS, watchOS,
visionOS, tvOS devices, AirPods, AirTags, and a number of supported
third-party accessories through a connected iCloud account. Users can
also show their primary device's geographic location to others, and
can view the location of others who choose to share their location.
Find My was released alongside iOS 13 on September 19, 2019, merging
the functions of the former Find My iPhone (known on Mac computers as
Find My Mac) and Find My Friends into a single app. On watchOS, Find
My is separated into three different applications: Find Devices, Find
People and Find Items.
URI [1]: https://en.wikipedia.org/wiki/Find_My
kabirgoel wrote 22 hours 13 min ago:
Correct. You can also share your location with friends. A lot of
friend groups (at least my age) use Find My as a kind of social
network.
Nextgrid wrote 19 hours 54 min ago:
Does it have any battery impact? I've never tried these always-on
location tracking things partly due to (unfounded?) concerns about
battery use.
msh wrote 18 hours 57 min ago:
its not always on in that way. It will report your location when
requested, and optionally just before shutting down.
gomoboo wrote 21 hours 51 min ago:
How does that work woth your friends? Always on access or just
occasionally?
GeekyBear wrote 19 hours 30 min ago:
> Always on access or just occasionally?
You have quite a few granular choices.
> You can share your current location once, temporarily share
your location while you're on the way to an expected destination,
or share your ongoing Live Location... for an hour, until the
end of the day, or indefinitely.
In Messages, you can use Check In to share your location... Your
location is shared only if there's an unexpected delay during
your trip or activity and you're unresponsive.
URI [1]: https://support.apple.com/en-us/105104
haliskerbas wrote 21 hours 47 min ago:
Always on, works as a great way to check in on close friends or
have them check in on you (like someone going on a first date)
toomuchtodo wrote 21 hours 48 min ago:
Always on. You can see where your friends are at both in Find My
and under their contact photo in your iMessages chat.
johnisgood wrote 21 hours 15 min ago:
Personally I do not find the idea comforting that someone
(anyone) may know where I am at all times. I would not even
trust Apple either.
sleepybrett wrote 19 hours 14 min ago:
you can control who you share your location with and for how
long. I think the options are, just once, for an hour, for
the day and forever.
proteal wrote 20 hours 5 min ago:
This is actually one of the big differences between
generations. Itâs not just the norm for young people to
share locations, but rather almost expected, with real social
consequences for not. Yes itâs probably a little weird to
have someoneâs precise location 100% of the time, but since
youâre sharing it with me thereâs a good deal of trust
implied (though this is not always the case as it has become
more normalized). However, if we stop sharing locations, that
usually implies a divorce of the relationship. People will
shut you out of their life if you stop sharing your location
with them, no matter the reason. From that lens, the choice
is simple. Youâve gotta share your location, even if itâs
a bit icky from a privacy perspective or you risk losing an
entire cohort of friends. I will admit, there is a strange
level of intimacy for having done it. In a world increasingly
dominated by the pixels on this 4x8 screen, it is a nice
reminder that the text bubbles on my phone actually come from
real people that I can show you on a map.
(Obviously you can find friends who donât care for it and
you can live a normal life and be just fine. Iâm privacy
conscious but I still share my location with a handful of
friends for the above reasons.)
aniviacat wrote 16 hours 19 min ago:
> People will shut you out of their life if you stop
sharing your location with them
Is the implication of this that such people just don't
interact with Android users? That seems like a significant
self-imposed limitation. Or are Android phones just
extremely unpopular in your area?
proteal wrote 15 hours 18 min ago:
Yeah, I switched to an iPhone solely for the blue text
bubbles. Among young women in my bubble, 98% have
iPhones. Iâd get sneers at bars from girls when my
first text on their phone was green. People would
complain openly about my phone ruining their group chats.
While I preferred android tech, switching to iPhone was a
no-brainer because it removed a lot of friction in social
settings.
47282847 wrote 13 hours 14 min ago:
Itâs a bit sad that these days I canât say if you
are joking or not.
toomuchtodo wrote 12 hours 41 min ago:
URI [1]: https://nypost.com/2024/10/07/lifestyle/are-...
rvnx wrote 21 hours 0 min ago:
It's a virtual leash for couples.
toomuchtodo wrote 20 hours 28 min ago:
Blame the emotionally dysfunctional, not the tool. Itâs
only a problem if it changes how you would live your life
or pressured or coerced (in which case, say no).
simonw wrote 22 hours 14 min ago:
A bunch of stuff:
- Find your Apple Watch, AirPods, laptop etc
- Find family member devices if they've granted you access to do that
- Find AirTags
- Show you the location of friends who have granted you access
DIR <- back to front page