Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is the E2EE applying to the Bluetooth ID's?

I think it's referring to other aspects of the system -- this sentence is specifically referring to location data, not Bluetooth ID's.

In any case, my point remains that obviously Apple has to be internally associating the Bluetooth ID's with owner ID's.



They aren't. The tag generates and broadcasts a public key that is rotated every 15 minutes. A nearby "finder" device receives a broadcast, encrypts its location with the received key and sends it with a hash of the public key to Apple's anonymous location directory. The owner (who keeps the same key pair rotation algorithm running from the same seed key) can look up a bunch of key hashes for a range of 15-minute intervals and then fetch and decrypt location payloads. No device or account IDs are transmitted in the process.


Ah ha, got it, thanks -- I was definitely incorrect then. Wish I could edit my original comment to say "never mind" but the edit window passed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: