It's even worse than that. Most of the GPS child watches or other trackers use a few large Chinese providers; they have little or no security on their APIs and administrative panels, (absolutely no API key authentication in at least one case, or `admin`, `admin` type defaults that don't get changed) so don't ever buy any GPS tracking watches for your child.
Which is unfortunate because there are times when I wish my kid had one. I'm not too worried about kidnapping, but there are times when I want to say come back from the park for dinner.
Technology solves a problem that the old ways could not, or they were inferior.
I recall as a kid my parents driving to the park where we were because a family emergency meant we unexpectedly had to leave now - they would have preferred we walk home while they pack the car (the park was the opposite direction we had to go).
I can say be home at 6, but it is easy to lose track of time. Or say 6 and then realize supper will be ready at 5:30 not 6.
You have only a very limited number of grandparents that could suddenly die and need the kids to be home right now.
And why should the kids need to compensate for your problems with planning of the supper?
These were never really problems before, but now people start to force their tight schedules on kids by tracking them all around the clock. That's not okay.
The Apple Watch (and Apple devices in general) allow for device tracking and location sharing with end-to-end encryption and forward secrecy[1], so it's probably the most secure and privacy-conscious option available for such things.
I don't think a connection is implied. The previous poster is simply expressing his approval of Germany's decision in this particular case, as opposed to their recent attitude and legislation in free speech matters, which it seems he is not a fan of.
The software is being pushed so fast into the market and everyone doesn't want to be left behind. Security features are one of the first ones to be ignored, and that's very bad.
Not to mention that most companies seem to get off with nothing more than a slap-on-the-wrist type fine, if at all. It seems as if it's just become a cost of doing business.
> "Rapid7's researchers also found that the three smartwatches had the exact same default password: 123456. It's unlikely people would change this password, as the devices don't even tell the users that password exists or how they can change it"
And he comes to the same conclusion I did: skip the cheap-ass commodity shit and go buy an Apple Watch. Series 3 can be had for US$200, plus the matching phone. Yeah, that’s a shit-ton of money. That’s what it costs to track your child and not get something from a company that scrimped on security to have an office party (documented in the article).
Because the whole time I’m reading the article thinking, “oh, c’mon, I could scrape together capital to do better than that. Ain’t gonna be $69 at Wal-Mart, though.” As I designed it in my head, I realized that for $200 I’d redesigned what Apple already sells, and my low volume would have a hard time beating $200 on cost.
Watch-and-phone location sharing is a bit superfluous, since the phone will do it fine by itself.
I could see a future hypothetical standalone Apple Watching serving well in this role as a 'cheap' alternative to a smartphone, since it can already do audio Facetime calls over cellular, do basic SMS stuff, stream music, etc, while being nigh-useless for games (a factor that some parents would probably value pretty highly). The only reason one can't use it for that purpose already is the required phone tethering.
Despite all the valid criticism of Apple in general, you can still be reasonably sure there's not an admin panel with an admin:admin login sitting there with all your child's data. That's part of what you're paying for.
Security flaws are almost expected in devices like this. While parents equipping their children with these watches are probably a security risk themselves, I believe the realities of software development can explain the flaws we are seeing. I doubt the software has seen any tests at all. The developers are probably happy that it works at all.
When you read that one reseller “didn’t have money for security” lest they not have an office Christmas party, it’s obvious that it is not a systemic problem in software development itself.
“Almost expected”? Only if one is there for the cash-grab.
I am generalizing of course, but as an I don't think we have the engineering rigour of other engineering practices to ensure their security. We also tend to rely too much on third parties being trustworthy, be that software dependencies or SaaS providers.
Because unless you're deeply involved in politics or some nefarious activity, all that surveillance isn't likely to impact you immediately and directly in any noticeable way. Most of it isn't even seen by other humans. Whereas parents have direct power over their children, and they tend to pay close attention - which makes "eavesdropping" on children both a huge risk for parental abuse, and a general source of development issues, as tracked kids know their movements are watched and subject to consequences.
This was my first thought when reading the article. Why are these devices out there in the first place? Even if I had come to the conclusion that I needed one for my child, in no sane world would I hand that responsibility over to a tech startup that only just cobbled itself together. I'm sure they -could- be done securely, but I'll never get to see all the links in the security chain to make sure, and it's ultimately run by humans. Even the best technologically secure system can be ruined by a human with the right access.
Once a parent was looking for their 4 years old in panic with help of the police because the child for some reason decided to look for them outside of the house and ended up meeting some other children and went with them to the new playground, those parents look for something like a phone or something with GPS so they can find them earlier before something happens.
Not every of those parents have the overview of which company can be trusted and which can't so they need to believe what the advertisement says.
It’s also bad that “adult” devices eavesdrop in adults, but in theory adults can decide for themselves if they’re ok with it.
In practice, I suspect the average adult is as aware of how much their devices spy on them as they are of the terms and conditions of the products and services they use — a distant and meaningless theoretical that might as well be a work of fiction.
I like those devices too, but they, and all other kids smart-watches, have the same issue - huge attach surface due to use of cloud-based third party servers to gather and display information, change configuration of the device with a parent's smartphone via an app. I, personally, don't care about that level of convenience, which imposes lower security. I would prefer information about location to arrive even via SMS/email in form of good-old GPS coordinates, which can be requested only from a list of pre-approved phone numbers, all of which are configured using physical USB connection. The only problem with such an approach is hijacking of the phone number of one of parents, but that is very unlikely.
Apple device location sharing (including Apple Watch) uses end-to-end encryption with keys shared between devices when you explicitly accept a location sharing request or explicitly turn on the Find My X functionality, which is probably the closest thing on the market to what you're looking for.
You definitely pay the premium for the effort put into it, though.
