Chipolo ONE

Bluetooth

Data da avaliação: 8 de Novembro de 2021

Opinião da Mozilla

If you're forgetful, spacy, or just anxious you're going to lose your wallet, trackers are great. Plop one of these little, colorful trackers in your bag, wallet, car, or favorite hoodie and keep track of it through the Bluetooth on your phone and the Chipolo app up to 60 meters around you. Get the Chipolo ONE Spot and get all the same benefits plus track all your belongings in the world through Apple's Find My network of millions of devices. Yay for never (well, probably not never) losing anything ever again.

O que pode acontecer se algo der errado?

Chipolo’s little Bluetooth trackers -- the ONE and the ONE Spot help users track lost stuff. The ONE Spot works on Apple’s huge Find My network, which is great if you’ve lost something out of Bluetooth range. The biggest concern with the Apple ‘s own Airtag trackers that work on their Find My network when they came out earlier in 2021 was whether they could be abused for stalking. Apple took steps to mitigate these concerns, by shortening the time an Airtag will sound an alert when separated from its owner from 3 days down to 8-24 hours. They also promised an Android app to allow Android phones to received alerts too. These are all good, if imperfect, steps forward. And while Chipolo does say they have unwanted tracking protection, unfortunately it looks like Chipolo hasn’t made the same updates to their ONE Spot trackers Apple made to their Airtags to strengthen these protections. In part because it would require a firmware update to the tracking device and Chipolo told us their latest trackers do not have a firmware update mechanism. This is a big concern for a device that could track users just about anywhere in the world on Apple’s Find My network of millions of phones and iPads.

When it comes to privacy, Chipolo says they may share some of your personal information, including name and device IDs with third parties like Google and Facebook for advertising purposes. They also say they may use your location information to provide you with personalized offers with your explicit consent. All in all, Chipolo’s privacy practices aren’t terrible, they also aren’t as strong as the privacy practices Apple uses for their Airtag trackers. Apple also uses stronger encryption to protect your location data.

What’s the worst that could go wrong with Chipolo’s trackers? Well, because we can’t confirm they have implemented the same stronger anti-stalking measures that Apple Airtags have to help protect users from unwanted tracking on Apple’s huge Find My network, we’re concerned the Chipolo ONE Spot tracker could be used to stalk an unsuspecting person, putting them in danger. This is the scary reality of our world with small, cheap tracking devices tied into a network of millions of connected devices. We hope Chipolo figures out how to better protect their user’s from stalking soon.

Dicas para se proteger

Check the tips on how to know if someone is tracking you without your consent.

mobile

Pode me bisbilhotar?

Câmera

Dispositivo: Não

Aplicativo: Não

Microfone

Dispositivo: Não

Aplicativo: Não

Rastreia localização

Dispositivo: Sim

Aplicativo: Sim

O que pode ser usado para se inscrever?

Que dados a empresa coleta?

Como a empresa usa esses dados?

Chipolo may share your data (including Personal Information) with their affiliates or Data Processing Partners. These include, for example, Amazon, Google Analytics, Facebook. Chipolo may share information that can be used to personally identify your device (e.g. persistent identifiers such as IDFA, IDFV, advertising ID and IP address) for the purposes of displaying advertisements.

Como você pode controlar seus dados?

You can request deletion or correction of your information. Chipolo promises they will store your information for no longer than necessary.

Qual é o histórico conhecido da empresa na proteção de dados dos usuários?

Médio

No known incidents in the last 3 years.

Este produto pode ser usado offline?

Sim

Bluetooth connection is still required to use the device.

Informações de privacidade fáceis de entender?

Sim

Links para informações de privacidade

Chipolo Privacy Policy

Este produto atende aos nossos padrões mínimos de segurança?

Sim

Criptografia

Sim

A security researcher says that Chipolo app is using static keys, which is weak. (https://blog.d204n6.com/2020/08/ios-chipolo-app-research-and-encrypted.html) According to the company, the physical devices (Chipolos) communicate with the owner's phone via a Bluetooth Low Energy connection and they don't use any extra encryption except what is already provided by the Bluetooth Low Energy's transport layer. There are, however, no personal information included in this communication - it is basically just a mechanism for the app to detect if a specific Chipolo is nearby and to make it ring on demand. Their apps use TLS for encrypting data in transit to the servers"

Senha forte

Sim

Only mobile apps require users to login. Chipolo do basic checks for password strength when people decide to use a login with a password.

Atualizações de segurança

Não

The latest Chipolo devices does not have a firmware update mechanism. The Chipolo app has regular updates.

Gerencia vulnerabilidades

Sim

Manage security vulnerabilities. Bug bounty is in the process of creation.

Política de privacidade

Sim

O produto usa inteligência artificial?

Não

Mergulhe mais fundo

I found my stolen Honda Civic using a Bluetooth tracker. It’s the latest controversial weapon against theft.
The Washington Post
5 Best AirTag Alternatives for Android Users
Guiding Tech
AirTag vs. Tile Mate vs. Chipolo ONE Spot: Which should you buy?
iGeeksBlog
iOS - Chipolo App Research and Encrypted Realm Databases
D20 Forensics
Can Stalkers Track You Using Apple AirTags?
Kinza Yasar