If you're forgetful, spacy, or just anxious you're going to lose something, trackers are great. Plop one of these little, colorful trackers in your bag, car, or favorite hoodie and keep track of it through the Bluetooth on your phone and the Chipolo app up to 60 meters around you. Because its a close-range tracker, it works best for things you want to keep near you and take with you -- like your wallet or keys. And hey! It fits on a keyring. There's even a wallet-friendly one shaped like a card called, appropriately, the Chipolo CARD. How handy. Yay for never (well, probably not never) losing anything ever again. How is Chipolo at privacy...well, they are OK, but they do share your data for advertising purposes, so, yeah.
What could happen if something goes wrong?
The original Chipolo ONE was designed to keep track of things at close range -- about 60m (or 200 feet) away. That's the length of a hockey rink, in case you were wondering. So if you lose something in your house, or even your backyard, you should definitely be able to find it with a Chipolo ONE tag. Unless you live in a very very large house -- in which case you can probably just buy another one. Because bluetooth trackers don't leverage a huge network to find your stuff, they don't raise the same privacy concerns -- that they could be used to track people's movements -- that other trackers do, like AirTags and Chipolo's AirTag alternative, the Chipolo ONE Spot.
As for Chipolo's privacy practices, they're just OK. They may share some of your personal information, including name and device IDs with third parties like advertisers Google, Facebook, TikTok, and Rakuten for advertising purposes. They also indicate they may use your location information to provide you with personalized offers with your explicit consent. Another thing we don't like to see is that Chipolo says they "... may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; ... respond to a government request." We really wish they'd have a higher bar for sharing with law enforcment that just a "request" . One cool thing is that it seems like Chipolo extends the rights afforded by Europe’s stronger privacy law, GDPR, to all its users, so it seems everyone can delete their data no matter where they live. We do like to see that.
Tips to protect yourself
- Check the tips on how to know if someone is tracking you without your consent.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible."
What can be used to sign up?
You can register for the use of services by manually creating a Chipolo account or by using an existing third party account, such as Apple, Google or Facebook, to create one.
What data does the company collect?
An email address, a first and last name, and a shipping and billing address; contact phone number; location information; approximate location (IP address).
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
No known incidents in the last 3 years.
Child Privacy Information
Can this product be used offline?
Bluetooth connection is still required to use the device.
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
A security researcher says that Chipolo app is using static keys, which is weak. (https://blog.d204n6.com/2020/08/ios-chipolo-app-research-and-encrypted.html) According to the company, the physical devices (Chipolos) "communicate with the owner's phone via a Bluetooth Low Energy connection and they don't use any extra encryption except what is already provided by the Bluetooth Low Energy's transport layer. There are, however, no personal information included in this communication - it is basically just a mechanism for the app to detect if a specific Chipolo is nearby and to make it ring on demand. Our apps use TLS for encrypting data in transit to the servers."
"Only our mobile apps require users to login. We don't require a password if people use their Google, Facebook or Apple account to sign in (and we encourage this way of logging in due to simplicity). We do basic checks for password strength when people decide to use a login with a password."
The latest Chipolo devices does not have a firmware update mechanism. The Chipolo app has regular updates.
Manage security vulnerabilities. Bug bounty is in the process of creation. "We can easily be reached via our support channels at support.chipolo.net or via our privacy email - [email protected]."
Use ‘Find My’ phone apps. But don’t trust them.The Washington Post
I found my stolen Honda Civic using a Bluetooth tracker. It’s the latest controversial weapon against theft.The Washington Post
5 Best AirTag Alternatives for Android UsersGuiding Tech
AirTag vs. Tile Mate vs. Chipolo ONE Spot: Which should you buy?iGeeksBlog
iOS - Chipolo App Research and Encrypted Realm DatabasesD20 Forensics
Can Stalkers Track You Using Apple AirTags?Kinza Yasar
Got a comment? Let us hear it.