Chipolo ONE

Bluetooth

Passé en revue le : 8 novembre 2021

Mozilla a effectué 6 heures de recherches

L’avis de Mozilla :

If you're forgetful, spacy, or just anxious you're going to lose your wallet, trackers are great. Plop one of these little, colorful trackers in your bag, wallet, car, or favorite hoodie and keep track of it through the Bluetooth on your phone and the Chipolo app up to 60 meters around you. Get the Chipolo ONE Spot and get all the same benefits plus track all your belongings in the world through Apple's Find My network of millions of devices. Yay for never (well, probably not never) losing anything ever again.

Que pourrait-il se passer en cas de problème ?

Chipolo’s little Bluetooth trackers -- the ONE and the ONE Spot help users track lost stuff. The ONE Spot works on Apple’s huge Find My network, which is great if you’ve lost something out of Bluetooth range. The biggest concern with the Apple ‘s own Airtag trackers that work on their Find My network when they came out earlier in 2021 was whether they could be abused for stalking. Apple took steps to mitigate these concerns, by shortening the time an Airtag will sound an alert when separated from its owner from 3 days down to 8-24 hours. They also promised an Android app to allow Android phones to received alerts too. These are all good, if imperfect, steps forward. And while Chipolo does say they have unwanted tracking protection, unfortunately it looks like Chipolo hasn’t made the same updates to their ONE Spot trackers Apple made to their Airtags to strengthen these protections. In part because it would require a firmware update to the tracking device and Chipolo told us their latest trackers do not have a firmware update mechanism. This is a big concern for a device that could track users just about anywhere in the world on Apple’s Find My network of millions of phones and iPads.

When it comes to privacy, Chipolo says they may share some of your personal information, including name and device IDs with third parties like Google and Facebook for advertising purposes. They also say they may use your location information to provide you with personalized offers with your explicit consent. All in all, Chipolo’s privacy practices aren’t terrible, they also aren’t as strong as the privacy practices Apple uses for their Airtag trackers. Apple also uses stronger encryption to protect your location data.

What’s the worst that could go wrong with Chipolo’s trackers? Well, because we can’t confirm they have implemented the same stronger anti-stalking measures that Apple Airtags have to help protect users from unwanted tracking on Apple’s huge Find My network, we’re concerned the Chipolo ONE Spot tracker could be used to stalk an unsuspecting person, putting them in danger. This is the scary reality of our world with small, cheap tracking devices tied into a network of millions of connected devices. We hope Chipolo figures out how to better protect their user’s from stalking soon.

Conseils pour vous protéger

Check the tips on how to know if someone is tracking you without your consent.

mobile

Ce produit peut-il m’espionner ?

Caméra

Appareil : Non

Application : Non

Microphone

Appareil : Non

Application : Non

Piste la géolocalisation

Appareil : Oui

Application : Oui

Que peut-on utiliser pour s’inscrire ?

Quelles données l’entreprise collecte-t-elle ?

Comment l’entreprise utilise-t-elle les données ?

Chipolo may share your data (including Personal Information) with their affiliates or Data Processing Partners. These include, for example, Amazon, Google Analytics, Facebook. Chipolo may share information that can be used to personally identify your device (e.g. persistent identifiers such as IDFA, IDFV, advertising ID and IP address) for the purposes of displaying advertisements.

Comment pouvez-vous contrôler vos données ?

You can request deletion or correction of your information. Chipolo promises they will store your information for no longer than necessary.

Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?

Moyen

No known incidents in the last 3 years.

Ce produit peut-il être utilisé hors connexion ?

Oui

Bluetooth connection is still required to use the device.

Informations relatives à la vie privée accessibles et compréhensibles ?

Oui

Liens vers les informations concernant la vie privée

Chipolo Privacy Policy

Ce produit respecte-t-il nos critères élémentaires de sécurité ?

Oui

Chiffrement

Oui

A security researcher says that Chipolo app is using static keys, which is weak. (https://blog.d204n6.com/2020/08/ios-chipolo-app-research-and-encrypted.html) According to the company, the physical devices (Chipolos) communicate with the owner's phone via a Bluetooth Low Energy connection and they don't use any extra encryption except what is already provided by the Bluetooth Low Energy's transport layer. There are, however, no personal information included in this communication - it is basically just a mechanism for the app to detect if a specific Chipolo is nearby and to make it ring on demand. Their apps use TLS for encrypting data in transit to the servers"

Mot de passe robuste

Oui

Only mobile apps require users to login. Chipolo do basic checks for password strength when people decide to use a login with a password.

Mises à jour de sécurité

Non

The latest Chipolo devices does not have a firmware update mechanism. The Chipolo app has regular updates.

Gestion des vulnérabilités

Oui

Manage security vulnerabilities. Bug bounty is in the process of creation.

Politique de confidentialité

Oui

Le produit utilise-t-il une IA ?

Non

Pour aller plus loin

I found my stolen Honda Civic using a Bluetooth tracker. It’s the latest controversial weapon against theft.
The Washington Post
5 Best AirTag Alternatives for Android Users
Guiding Tech
AirTag vs. Tile Mate vs. Chipolo ONE Spot: Which should you buy?
iGeeksBlog
iOS - Chipolo App Research and Encrypted Realm Databases
D20 Forensics
Can Stalkers Track You Using Apple AirTags?
Kinza Yasar