Passé en revue le : 8 novembre 2021
L’avis de Mozilla :
If you're forgetful, spacy, or just anxious you're going to lose your wallet, trackers are great. Plop one of these little, colorful trackers in your bag, wallet, car, or favorite hoodie and keep track of it through the Bluetooth on your phone and the Chipolo app up to 60 meters around you. Get the Chipolo ONE Spot and get all the same benefits plus track all your belongings in the world through Apple's Find My network of millions of devices. Yay for never (well, probably not never) losing anything ever again.
Que pourrait-il se passer en cas de problème ?
Chipolo’s little Bluetooth trackers -- the ONE and the ONE Spot help users track lost stuff. The ONE Spot works on Apple’s huge Find My network, which is great if you’ve lost something out of Bluetooth range. The biggest concern with the Apple ‘s own Airtag trackers that work on their Find My network when they came out earlier in 2021 was whether they could be abused for stalking. Apple took steps to mitigate these concerns, by shortening the time an Airtag will sound an alert when separated from its owner from 3 days down to 8-24 hours. They also promised an Android app to allow Android phones to received alerts too. These are all good, if imperfect, steps forward. And while Chipolo does say they have unwanted tracking protection, unfortunately it looks like Chipolo hasn’t made the same updates to their ONE Spot trackers Apple made to their Airtags to strengthen these protections. In part because it would require a firmware update to the tracking device and Chipolo told us their latest trackers do not have a firmware update mechanism. This is a big concern for a device that could track users just about anywhere in the world on Apple’s Find My network of millions of phones and iPads.
When it comes to privacy, Chipolo says they may share some of your personal information, including name and device IDs with third parties like Google and Facebook for advertising purposes. They also say they may use your location information to provide you with personalized offers with your explicit consent. All in all, Chipolo’s privacy practices aren’t terrible, they also aren’t as strong as the privacy practices Apple uses for their Airtag trackers. Apple also uses stronger encryption to protect your location data.
What’s the worst that could go wrong with Chipolo’s trackers? Well, because we can’t confirm they have implemented the same stronger anti-stalking measures that Apple Airtags have to help protect users from unwanted tracking on Apple’s huge Find My network, we’re concerned the Chipolo ONE Spot tracker could be used to stalk an unsuspecting person, putting them in danger. This is the scary reality of our world with small, cheap tracking devices tied into a network of millions of connected devices. We hope Chipolo figures out how to better protect their user’s from stalking soon.
Conseils pour vous protéger
Check the tips on how to know if someone is tracking you without your consent.
Appareil : Non
Application : Non
Appareil : Non
Application : Non
Piste la géolocalisation
Appareil : Oui
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Quelles données l’entreprise collecte-t-elle ?
Contact information, location
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
No known incidents in the last 3 years.
Ce produit peut-il être utilisé hors connexion ?
Bluetooth connection is still required to use the device.
Informations relatives à la vie privée accessibles et compréhensibles ?
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
A security researcher says that Chipolo app is using static keys, which is weak. (https://blog.d204n6.com/2020/08/ios-chipolo-app-research-and-encrypted.html) According to the company, the physical devices (Chipolos) communicate with the owner's phone via a Bluetooth Low Energy connection and they don't use any extra encryption except what is already provided by the Bluetooth Low Energy's transport layer. There are, however, no personal information included in this communication - it is basically just a mechanism for the app to detect if a specific Chipolo is nearby and to make it ring on demand. Their apps use TLS for encrypting data in transit to the servers"
Mot de passe robuste
Only mobile apps require users to login. Chipolo do basic checks for password strength when people decide to use a login with a password.
Mises à jour de sécurité
The latest Chipolo devices does not have a firmware update mechanism. The Chipolo app has regular updates.
Gestion des vulnérabilités
Manage security vulnerabilities. Bug bounty is in the process of creation.
Politique de confidentialité
Vous avez un commentaire ? Dites-nous tout.