Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are the keys not tied to known apple products? Or do you make them up when you first register a device?

Trying to understand why apple doesn’t (or can’t?) already reject broadcast data from keys that are not apple products.



Two master secrets are randomly generated when pairing the AirTag for the first time, which are then saved to the iCloud keychain. Those secrets are then used to generate a new keypair every 15 minutes (at most), and the public key is broadcasted by the tag. Not only does Apple not know what the master secrets are in the first place (because they're stored in the keychain), but that's also an insane number of keys to compare against, with no real possibility to precompute them. And that's a big win in terms of privacy.


I would guess because they don’t care. The marginal cost is zero and I think they would only bother if someone ddoses or it becomes an issue.

Until then, more devices are probably positive for reducing potential pitchforking.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: