I spoke about the role of Internet of Things open standards at the Connectivity Standards Alliance's annual conference last week. One thing I did not have time for was the importance of open standards for security and privacy. It's counterintuitive, but an open standard is far more secure and private than a proprietary system. A good case study is Apple AirTag, which launched five years ago.

AirTags are little buttons that can be put in a wallet or pet collar or just about anything else to track and locate it. Apple has sold over 100 million of them so far. The AirTag works in an ingenious way: it uses Bluetooth to chirp a rotating cryptographic ID number that will be detected by any nearby Apple device no matter who owns it. If you have an iPhone or MacBook, those devices are constantly receiving pings from AirTags you don't own or even know about, and your device is sending that ID to Apple, which uses the location of your device as a proxy for the location of the AirTag. It's a brilliant participatory sensing solution to a difficult Internet of Things problem that works well anywhere there is a high density of mobile Apple devices, which is much of the world.

But there was a problem.

AirTags could be—and were—used to stalk people by slipping a tag into their bag or pocket or vehicle without their consent or knowledge. Apple tried to prevent this in two ways: an AirTag made a sound if it did not see one of its owner's devices for between 8 and 24 hours, and if an AirTag you did not own appeared to be traveling with you, any Apple device would alert you automatically.

Until recently, there was an easy way to defeat this: if you located an AirTag somewhere it could not be heard, such as under a car, or wrapped it in something to absorb some of the sound, you could still use it to stalk someone who does not use Apple devices. Apple made an Android app that could detect AirTags, but few Android users knew about or used it.

Enter open standards. Apple, Google, Samsung, Tile, and other companies collaborated via the Internet Engineering Taskforce to create an open standard called DULT (for Detecting Unwanted Location Trackers). If your phone runs Android 6.0 or later, or iOS 17.5 or later, it uses DULT and will alert you if there's an unknown AirTag (or any similar device, like a Samsung SmartTag or a Life360 Tile) traveling with you, allow you to activate its speaker so you can find the tag, and tell you how to deactivate it. The DULT standard is not ratified yet, but will be soon.

It's not unbeatable—removing the speaker on a tag will defeat the audible signal, and DULT can only detect DULT-compliant tags—but it is more secure from stalking than the earlier proprietary AirTag system, and an excellent example of how open IOT standards can provide benefits beyond the convenience of interoperability into areas that are far more important.