If you're forgetful, spacy, or just anxious you're going to lose something, trackers are great. Plop one of these little, colorful trackers in your bag, car, or favorite hoodie and keep track of it through the Bluetooth on your phone and the Chipolo app up to 60 meters around you. Because its a close-range tracker, it works best for things you want to keep near you and take with you -- like your wallet or keys. And hey! It fits on a keyring. There's even a wallet-friendly one shaped like a card called, appropriately, the Chipolo CARD. How handy. Yay for never (well, probably not never) losing anything ever again. How is Chipolo at privacy...well, they are OK, but they do share your data for advertising purposes, so, yeah.
Que pourrait-il se passer en cas de problème ?
The original Chipolo ONE was designed to keep track of things at close range -- about 60m (or 200 feet) away. That's the length of a hockey rink, in case you were wondering. So if you lose something in your house, or even your backyard, you should definitely be able to find it with a Chipolo ONE tag. Unless you live in a very very large house -- in which case you can probably just buy another one. Because bluetooth trackers don't leverage a huge network to find your stuff, they don't raise the same privacy concerns -- that they could be used to track people's movements -- that other trackers do, like AirTags and Chipolo's AirTag alternative, the Chipolo ONE Spot.
As for Chipolo's privacy practices, they're just OK. They may share some of your personal information, including name and device IDs with third parties like advertisers Google, Facebook, TikTok, and Rakuten for advertising purposes. They also indicate they may use your location information to provide you with personalized offers with your explicit consent. Another thing we don't like to see is that Chipolo says they "... may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; ... respond to a government request." We really wish they'd have a higher bar for sharing with law enforcment that just a "request" . One cool thing is that it seems like Chipolo extends the rights afforded by Europe’s stronger privacy law, GDPR, to all its users, so it seems everyone can delete their data no matter where they live. We do like to see that.
So what’s the worst that could happen? Well, you are sharing a lot of location data with Chipolo. And that data can be used in lots of ways you might not like -- to track you, to learn about your habits, by law enforcement to see if you've visited a reproductive health clinic -- and so that data is out there in the world. You hope Chipolo does a good job of protecting it, but as they themselves say in their privacy policy, "Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security." This is a good reminder folks, nothing is absolutely secure so be careful out there!
Conseils pour vous protéger
- Check the tips on how to know if someone is tracking you without your consent.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible."
Ce produit peut-il m’espionner ?
Caméra
Appareil : Non
Application : Oui
Microphone
Appareil : Non
Application : Non
Piste la géolocalisation
Appareil : Oui
Application : Oui
Que peut-on utiliser pour s’inscrire ?
Adresse e-mail
Oui
Téléphone
Non
Compte tiers
Oui
You can register for the use of services by manually creating a Chipolo account or by using an existing third party account, such as Apple, Google or Facebook, to create one.
Quelles données l’entreprise collecte-t-elle ?
Personnelles
An email address, a first and last name, and a shipping and billing address; contact phone number; location information; approximate location (IP address).
Corporelles
Sociales
Comment l’entreprise utilise-t-elle les données ?
Comment pouvez-vous contrôler vos données ?
Quel est l’historique de l’entreprise en matière de protection des données des utilisateurs et utilisatrices ?
No known incidents in the last 3 years.
Informations liées à la vie privée des enfants
Ce produit peut-il être utilisé hors connexion ?
Bluetooth connection is still required to use the device.
Informations relatives à la vie privée accessibles et compréhensibles ?
Liens vers les informations concernant la vie privée
Ce produit respecte-t-il nos critères élémentaires de sécurité ?
Chiffrement
A security researcher says that Chipolo app is using static keys, which is weak. (https://blog.d204n6.com/2020/08/ios-chipolo-app-research-and-encrypted.html) According to the company, the physical devices (Chipolos) "communicate with the owner's phone via a Bluetooth Low Energy connection and they don't use any extra encryption except what is already provided by the Bluetooth Low Energy's transport layer. There are, however, no personal information included in this communication - it is basically just a mechanism for the app to detect if a specific Chipolo is nearby and to make it ring on demand. Our apps use TLS for encrypting data in transit to the servers."
Mot de passe robuste
"Only our mobile apps require users to login. We don't require a password if people use their Google, Facebook or Apple account to sign in (and we encourage this way of logging in due to simplicity). We do basic checks for password strength when people decide to use a login with a password."
Mises à jour de sécurité
The latest Chipolo devices does not have a firmware update mechanism. The Chipolo app has regular updates.
Gestion des vulnérabilités
Manage security vulnerabilities. Bug bounty is in the process of creation. "We can easily be reached via our support channels at support.chipolo.net or via our privacy email - [email protected]."
Politique de confidentialité
Pour aller plus loin
-
Use ‘Find My’ phone apps. But don’t trust them.The Washington Post
-
I found my stolen Honda Civic using a Bluetooth tracker. It’s the latest controversial weapon against theft.The Washington Post
-
5 Best AirTag Alternatives for Android UsersGuiding Tech
-
AirTag vs. Tile Mate vs. Chipolo ONE Spot: Which should you buy?iGeeksBlog
-
iOS - Chipolo App Research and Encrypted Realm DatabasesD20 Forensics
-
Can Stalkers Track You Using Apple AirTags?Kinza Yasar
Commentaires
Vous avez un commentaire ? Dites-nous tout.