Openhaystack: Build 'AirTags' – track Bluetooth devices via Apple's network

Original Article ↗ Hacker News Discussion ↗

Project capabilities & Apple’s network

  • OpenHaystack lets you build custom Bluetooth beacons that piggyback on Apple’s Find My network.
  • Tags use BLE identities that are practically indistinguishable from Apple’s, including MAC rotation.
  • Apple could more easily block the method used to fetch encrypted location reports than block the BLE broadcasts themselves.
  • Original OpenHaystack relies on macOS Mail entitlements for access; other projects replicate access using just an Apple account and can run off Apple hardware.

Third‑party & clone trackers

  • Apple officially supports third‑party Find My devices via MFi / Find My programs; vendors need Apple‑issued keys for pairing.
  • Cheap “Find My”‑compatible tags and credit‑card‑style trackers are widely available from Chinese sellers; they pair directly in the Find My app.
  • These clones generally lack UWB precision finding and provide only a map pin + sound, but are much cheaper and easy to disassemble or repackage.
  • It’s unclear whether all very cheap tags use legitimate keys or have copied credentials from other approved devices.

Form factors & DIY hardware

  • Strong interest in non‑standard form factors: ultra‑thin wallet cards, pet‑friendly collars, integration into batteries, power banks, and other gadgets.
  • Most tag thickness comes from CR2032 holders, speakers, and buttons; these can be minimized or removed for one‑time setup devices.
  • nRF51/nRF52 chips work with the protocol; some implementations are written in Rust and run on microcontrollers or Linux.
  • Benefits of DIY vs $5 clones are debated; niche use‑cases include embedded tracking in laptops, equipment fleets, or custom devices.

Privacy, tracking abuse & protocol behavior

  • AirTags rotate keys to prevent long‑term tracking; projects can also pre‑allocate or derive many keys to evade “unknown tag nearby” alerts.
  • One project (FindYou) and other references show this can be used to circumvent anti‑stalking notifications.
  • Another demonstration used the Find My network for covert data exfiltration (e.g., hardware keyloggers) and for mailbox state sensing.
  • A user experiment (older) reported never receiving iOS alerts for an OpenHaystack‑based car tracker; current behavior is unclear.
  • Concerns raised about potential DoS by simulating massive numbers of BLE devices; Apple’s limits and device‑side buffering are unknown.

Competing networks & non‑Apple options

  • Some commenters want a robust non‑Apple equivalent; Google’s Find My Device network is criticized as slow, rate‑limited, and coverage‑poor due to aggressive privacy protections.
  • Opinions split: weaker network is comforting for privacy, but undermines theft/loss recovery.
  • Samsung’s tracking solution is reported as surprisingly strong, even in remote areas.
  • LoRaWAN, Amazon Sidewalk, and satellite‑IoT (e.g., Swarm) are mentioned as alternative small‑payload networks, but not equivalently open or ubiquitous.