> It's possible to build your own tracker atop the Find My network without these anti-stalking features.

Are you sure? It seems to me that the anti stalking features depend on the stalkee's / tief's software stack, not the stalker's stack.

The biggest anti-stalking feature is that the tracker will beep when it's notified when it's moving in proximity with a phone or other device. So obviously it's trivial to create a tracker that doesn't beep.

Your phone can also refuse to send notifications about the location of a nearby tracker if it thinks it's being tracked, but if there are a bunch of other phones nearby that can relay that information there is nothing to stop them from doing so.

True, you can build without any acoustical feedback (or maybe even feedback not triggered by the find my network, but only by your own app).

But the target's phone will still be notified that "Someone else's tracker is moving with you", won't it?

Unfortunately, OpenHaystack is not as open as I'd hoped.

> All you need is a Mac and [...]

That’s because Apple themselves limit access to authenticated (but supposedly anonymous - aka doesn’t matter whose) Apple IDs before allowing access to the geodatabase

Not for long, since cross compatibility with android is apparently coming.

IIRC, they need you running macos to get the data via a plugin for apple mail. If you only needed an appleID, it could likely be done in a web browser.

The cross compatibility is only for anti-stalking features, and is probably implemented in such a way that you couldn't use it to implement a tracker that works in both systems.

You're right. I think I misremembered a news article I read about a week or so ago, that I can no longer find.

What I don't get is why nobody seems to have done the work to reverse engineer the onboarding workflow, and why Apple doesn't allow onboarding on Mac devices. I had to buy a (used) iPhone just to onboard AirTags, despite onboarding Mac devices works without one.

If I were to do this on a certain chip and put it in a random person's car, wouldn't they get a message showing 'X found moving with you'? Or is that only implemented for AirTags themselves?

Yes, they would, it tracks all BT devices, not just Airtags.

But even with an unmodified tracker, it's quite hard to locate one in a car, because there is a lot of hiding spaces (especially if you put one in some hard-to-reach space such as under the carpet in the cabin etc...).

what if you do a tracker that randomizes bluetooth mac address every few minutes?

And also modulate transmit power as RSSI is often used for distance and movement calculation.

That would probably work. Not sure if one actually exists though.

It very much does and has for a while now: https://samteplov.com/uploads/who-tracks-the-trackers/tracke...

Using randomized or rolling addresses avoids detection to an extent, depending on how many randomized addresses one uses and how often they're rotated.

However, it's also trivial to detect randomized (or rolling) addresses due to the address being utilized for more than a single locality. Although, I'm not sure that either Apple or Google is actually doing the randomized detection even with this new patch.

> So now it is on me to know whether my object is lost or stolen?

Sounds like you responsibility - your belongings, you should know where they are or if they are missing.

How would you have survived before AirTags?

This was posted to the wrong comment, apologies.

What an asinine comment, I can only presume was written on a Palmyra stone tablet