Product Idea: PineTracker
#1
Trackers like Tiles and Airtags are cheap and simple to make, very useful, and likely have a large audience of people who avoid them for privacy reasons.

The tracking infrastructure is hard to do, because it requires wide adoption, but not technically difficult or expensive because it can be done with a community run trustless servers, and more importantly, even without the large community network it still has value.

Plus, if it ever got popular, the network could have other uses like 2-way messaging, and could maybe even integrate with meshtastic.


My dream tracker would come in 2 versions.

The small keychain version would look like all the other assorted CR2023 based tags, but would have 2-5 buttons, an accelerometer, and perhaps light or hall effect sensing.

The larger version would have a glowstick-like form factor and would add a rechargeable battery, light sensor, and passive IR motion sensor at the bottom.  This would let you attach it to your backpack and have it act as a visibility light at night,  or hang it up to keep an eye on a trailer at a job site, etc.   It could act as a motion triggered light, or glow dimly all the time to find things in the darkness.

Depending on cost/volume/etc, it could probably even have a tiny solar cell since BLE is so efficient.

Open firmware would allow a lot of stuff that's currently impossible:

* Link tags directly, give them to multiple people, press one to alert your group
* Use one as a home automation remote
* Get alerted on your phone if someone is messing with your bag
* Cool rainbow color patterns(Maybe even multiple LEDs) on visibility lights
* Maybe they could even be walkie talkies, if there's a mic cheap enough
* Act as a fixed public beacon anyone can find locally for geocaching type games
* Temperature sensing usually comes free on most chips
* They'd be decent dev boards
* Selfie remote

* Maybe they could even have an expansion port to control things(USB-C should be able to do I2C as an alternate mode)


 


The companion app that makes it work could use community hosted infrastructure managed like the NTP pool.  Anyone can apply to be on the official server list, anyone can choose to use a different list instead.

Since it's all open, clients can be built into anything and everything.  Dedicated hardware receivers could be made with ESP32s.





Sketch of how the protocol could work(Random notes, not edited) without completely cloning any other system:

Same as other tags, but using pure symmetric encryption for simplicity.

Every device generates an internal preshared key when it factory resets.  It also maintains time sync this way.

Hashing the time(Change every hour) with this produces the temporary key.

Hashing the temporary key produces the broadcast key.


The BLE advertisements contain 24 bytes of the broadcast key, plus an 8 byte lookup key made by hashing just the first 16 bytes of the temporary key with the time.

As we only have 27 bytes of data in an advertisement(After accounting for the type code and manufacturer code usually used),  we use 5 bytes of the MAC.

Listeners use the broadcast key to encrypt the GPS data, plus any other data the tag sent(Can just use standard Bluetooth data broadcasts for that in separate packets).

They then find a server in the official server list which has the ID that is closest to the broadcast key, and send it there(It's a distributed hash table, but not dynamic because that has efficiency issues).

Servers index data by the lookup key.


When the client wants to find the tag, they use the same process to look up the server. However they subscribe for updates by using the first 16 bytes of that temporary key as a password.


The server  hashes it to get the corresponding lookup key and do a lookup, but it is missing the rest of it so it cannot guess the broadcast key and decrypt anything itself.

64 bits is far too much to brute force anything, because the server is rate limited and keys change hourly.

A local eavesdropper knows the encryption key, but cannot get the data because it doesn't have the lookup password.

The server has the data, but it does not know the encryption key, and anyone who could set up a collusion between a corrupt server and a corrupt listener probably has much better ways to spy on you.



To keep it even simpler,  there's no concept of accounts or any persistent data.    Instead,  you can pair a tag with multiple devices, or import/export keys.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Possible new Pine64 product - Pine Blue Ray DVD Linux tv box Omnios 5 1,394 07-24-2023, 03:21 PM
Last Post: Omnios
  Modular product design Zotax 0 830 01-28-2023, 11:50 AM
Last Post: Zotax
  New product idea: Pine Glasses Blathers 2 2,716 12-02-2022, 09:51 PM
Last Post: erikzoltan
  Product Idea: USB Flash Drives barray 104 88,825 09-01-2022, 01:19 PM
Last Post: tarksur
Lightbulb Product Idea: Pine Graphics Tablet israel 10 8,108 04-19-2022, 04:12 AM
Last Post: Houstand345
  Rackmount cluster case as a Pine Store product? dfr 3 3,295 09-30-2021, 04:52 PM
Last Post: poVoq
  E-Note Device (E-Ink, E-Paper, Project Idea) Sirius 9 8,971 08-18-2021, 08:28 AM
Last Post: biketool
  PineVR as a new product? poVoq 11 11,273 05-31-2021, 09:33 AM
Last Post: MirceaKitsune
  Product Idea : PineProbe fdlamotte 3 3,651 04-07-2021, 06:19 AM
Last Post: fdlamotte
  Product Hopes for new Rockchip series TailorHouse 11 9,736 03-14-2021, 01:08 PM
Last Post: dsimic

Forum Jump:


Users browsing this thread: 1 Guest(s)