Chipolo ONE

Chipolo ONE

Chipolo
Bluetooth

Data da avaliação: 1 de Novembro de 2023

|
A Mozilla investigou por 8 horas
|

Opinião da Mozilla

|
Votos das pessoas: Muito assustador

If you're forgetful, spacy, or just anxious you're going to lose something, trackers are great. Plop one of these little, colorful trackers in your bag, car, or favorite hoodie and keep track of it through the Bluetooth on your phone and the Chipolo app up to 60 meters around you. Because its a close-range tracker, it works best for things you want to keep near you and take with you -- like your wallet or keys. And hey! It fits on a keyring. There's even a wallet-friendly one shaped like a card called, appropriately, the Chipolo CARD. How handy. Yay for never (well, probably not never) losing anything ever again. How is Chipolo at privacy...well, they are OK, but they do share your data for advertising purposes, so, yeah.

O que pode acontecer se algo der errado?

The original Chipolo ONE was designed to keep track of things at close range -- about 60m (or 200 feet) away. That's the length of a hockey rink, in case you were wondering. So if you lose something in your house, or even your backyard, you should definitely be able to find it with a Chipolo ONE tag. Unless you live in a very very large house -- in which case you can probably just buy another one. Because bluetooth trackers don't leverage a huge network to find your stuff, they don't raise the same privacy concerns -- that they could be used to track people's movements -- that other trackers do, like AirTags and Chipolo's AirTag alternative, the Chipolo ONE Spot.

As for Chipolo's privacy practices, they're just OK. They may share some of your personal information, including name and device IDs with third parties like advertisers Google, Facebook, TikTok, and Rakuten for advertising purposes. They also indicate they may use your location information to provide you with personalized offers with your explicit consent. Another thing we don't like to see is that Chipolo says they "... may also release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; ... respond to a government request." We really wish they'd have a higher bar for sharing with law enforcment that just a "request" . One cool thing is that it seems like Chipolo extends the rights afforded by Europe’s stronger privacy law, GDPR, to all its users, so it seems everyone can delete their data no matter where they live. We do like to see that.

So what’s the worst that could happen? Well, you are sharing a lot of location data with Chipolo. And that data can be used in lots of ways you might not like -- to track you, to learn about your habits, by law enforcement to see if you've visited a reproductive health clinic -- and so that data is out there in the world. You hope Chipolo does a good job of protecting it, but as they themselves say in their privacy policy, "Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security." This is a good reminder folks, nothing is absolutely secure so be careful out there!

Dicas para se proteger

- Check the tips on how to know if someone is tracking you without your consent.
- Do not sign up with third-party accounts. Better just log in with email and strong password.
- Chose a strong password! You may use a password control tool like 1Password, KeePass etc
- Use your device privacy controls to limit access to your personal information via app (do not give access to your camera, microphone, images, location unless neccessary)
- Keep your app regularly updated
- Limit ad tracking via your device (eg on iPhone go to Privacy -> Advertising -> Limit ad tracking) and biggest ad networks (for Google, go to Google account and turn off ad personalization)
- Request your data be deleted once you stop using the app. Simply deleting an app from your device usually does not erase your personal data.
- When starting a sign-up, do not agree to tracking of your data if possible."

  • mobile

Pode me bisbilhotar? informações

Câmera

Dispositivo: Não

Aplicativo: Sim

Microfone

Dispositivo: Não

Aplicativo: Não

Rastreia localização

Dispositivo: Sim

Aplicativo: Sim

O que pode ser usado para se inscrever?

You can register for the use of services by manually creating a Chipolo account or by using an existing third party account, such as Apple, Google or Facebook, to create one.

Que dados a empresa coleta?

Como a empresa usa esses dados?

We ding this product for sharing personal data for advertising partners for their own advertising purposes.

Privacy Policy

"We may share your data (including Personal Information) with our affiliates or Data Processing Partners, which are: <...>
Third Party Advertising Providers
Google Ads
Facebook
TikTok
Microsoft Advertising
Rakuten...

This list may change from time to time. We may share information that can be used to personally identify your device (e.g. persistent identifiers such as IDFA, IDFV, advertising ID and IP address) for the purposes of delivering our Services, displaying advertisements, conducting analysis and research and for measuring our Data Processing Partners’ advertising campaign performance.

The privacy policies of Data Processing Partners may include additional terms and disclosures regarding their data collection and use practices and tracking technologies, and we encourage you to check those privacy policies to learn more about their data collection and use practices, use of cookies and other similar tracking technologies.

We cannot guarantee that the Data Processing Partners will adhere to the contractual obligations or acceptable business practices. We strive to protect the information provided to our Data Processing Partners. We have no direct control over their use of the collected information. Therefore you acknowledge that we are not liable for any third-party privacy breach and that our liability for Data Processing Partners is limited to the amount we are able to receive as indemnification from Data Processing Partners."

"Although we make good faith efforts to store the information collected on the Service in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we attempt to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party "hackers" from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against, loss, misuse, or alteration by third parties. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security."

"Location Information ...
While the app is running on your device, it periodically transmits your Location Information (even while running in the background). This allows us to show you, on your map, the last place your Chipolo was seen by your device. It is one of the primary ways Chipolo helps you find your lost items.

We may also collect and update location information for your Chipolo(s) "anonymously" (i.e., we will not disclose your identity to the other user and not disclose the other user's identity to you) from other Chipolo users who are running the app within Bluetooth range of your device. We do this to provide you with the most recent and accurate location of your Chipolos, even if they are out of your devices’ Bluetooth range. The Location Information associated with your Chipolo(s) is never made available to these users.

If you use a computer, phone, or other device in relation to the Services, we use the IP address of that computer or device to determine an approximate location (only to the country level). We do this so that we can provide you with a better, more-personal experience.

We may also use your Location Information to promote the Services or provide you with personalized offers if you agree to such usage with separate consents. However, your Location Information is never shared with other users unless you choose to share it yourself through the use of the sharing features part of our Services."

"We use information collected through our Service for purposes described in this Privacy Policy or disclosed to you in connection with our Service. For example, we may use your information to: ...
Deliver marketing and promotional information:
Communicate with you about our offers, promotions, rewards, upcoming events, and other news about our Services and products only upon your explicit consent.

For statistical and research purposes:
We will anonymize your data and use them for our legitimate interests of processing Personal Information for research purposes, including market research, better understanding of our respective customers, and tailoring our respective products and Services to their needs;
Sharing aggregated data with business partners."

"Activity Recognition (Physical Activity and Health Data)
Chipolo app uses activity recognition (physical activity recognition) features on your phone to help with triggering the Out of Range Alerts and to help keep the Chipolo app running in the background. In terms of Out of Range Alerts, this data is used to reduce the number of false alerts and to reduce the latency of the alerts. Chipolo app never stores or sends your health data (collected via the activity recognition mechanisms on your mobile device) to the Chipolo servers or any 3rd party services. In other words - your health data collected via the Chipolo app never leaves your mobile device and we never see or process this data."

Como você pode controlar seus dados?

Privacy Policy

"You have the following rights in relation to your personal information, which you can exercise by writing to the following address [email protected]:
To request access to your personal information and information related to our use and processing of your personal information;
To request the correction or deletion of your personal information;
To request that we restrict our use of your personal information if technically viable;
To receive personal information which you have provided to us in a structured, commonly used and machine-readable format (e.g. an Excel spreadsheet) and the right to have that personal information transferred to another data controller (including a third party data controller);
To object to the processing of your personal information for certain purposes (for further information, see the section below entitled “Your right to object to the processing of your personal information for certain purposes”);
To withdraw your consent to our use of your personal information at any time where we rely on your consent to use or process that personal information. If you withdraw your consent, this will not affect the lawfulness of our use and processing of your personal information on the basis of your consent before the point in time when you withdraw your consent."

"We retain your information:
For as long as you have not deleted your account;
For any legal obligation to continue to process your information, such as any record-keeping and tax obligations imposed by applicable law or whether we have any legal basis to continue to process your personal information, such as your consent;
To retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
As indicated above we will store your information for no longer than necessary. When information is no longer needed, we shall delete it using reasonable measures to protect the information from unauthorized access or use."

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known incidents in the last 3 years.

Informações de privacidade infantil

Privacy Policy

"Our policy regarding children

We do not knowingly collect or solicit personal information from or direct or target interest based advertising to anyone under the age of fourteen (14) or knowingly allow such persons to use our Services. If you are under 14, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 14 may provide any Personal Information. In the event that we learn that we have collected personal information from a child under age 14, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under the age of 14, please contact us at [email protected]."

Este produto pode ser usado offline?

Sim

Bluetooth connection is still required to use the device.

Informações de privacidade fáceis de entender?

Sim

Links para informações de privacidade

Este produto atende aos nossos padrões mínimos de segurança? informações

Sim

Criptografia

Sim

A security researcher says that Chipolo app is using static keys, which is weak. (https://blog.d204n6.com/2020/08/ios-chipolo-app-research-and-encrypted.html) According to the company, the physical devices (Chipolos) "communicate with the owner's phone via a Bluetooth Low Energy connection and they don't use any extra encryption except what is already provided by the Bluetooth Low Energy's transport layer. There are, however, no personal information included in this communication - it is basically just a mechanism for the app to detect if a specific Chipolo is nearby and to make it ring on demand. Our apps use TLS for encrypting data in transit to the servers."

Senha forte

Sim

"Only our mobile apps require users to login. We don't require a password if people use their Google, Facebook or Apple account to sign in (and we encourage this way of logging in due to simplicity). We do basic checks for password strength when people decide to use a login with a password."

Atualizações de segurança

Sim

The latest Chipolo devices does not have a firmware update mechanism. The Chipolo app has regular updates.

Gerencia vulnerabilidades

Sim

Manage security vulnerabilities. Bug bounty is in the process of creation. "We can easily be reached via our support channels at support.chipolo.net or via our privacy email - [email protected]."

Política de privacidade

Sim

O produto usa inteligência artificial? informações

Não

*privacidade não incluída

Mergulhe mais fundo

Comentários

Tem um comentário a fazer? Nos diga.