Why it matters: A recent federal appeals court ruling has turned a routine software update into a high-stakes precedent for how consumers "agree" to the fine print governing connected devices, with Tile's Bluetooth trackers and their anti-stalking safeguards at the center of the dispute.
The case stems from a 2023 class-action lawsuit accusing Tile, its parent Life360, and Amazon of negligence for allegedly failing to design effective protections against stalking and other misuse of Tile's quarter-sized Bluetooth tags.
Plaintiffs say third parties used Tile trackers to follow them in the real world, and they argue the companies should have anticipated these risks given how the product works and how it was marketed. Life360 acquired Tile in 2021, adding the tags to its location-centric "family safety" ecosystem.
At a technical level, Tile tags pair with a smartphone app over Bluetooth, using short-range radio to report their presence when within roughly 100 feet of the owner's device. Beyond that range, Tile relies on what it calls "crowd GPS": when any nearby phone with the Tile app installed hears a tag's Bluetooth broadcast, it can relay that tag's location back to Tile's servers so the owner can see where the object was last detected.
A subsequent partnership with Amazon expanded that crowd network to include the company's Echo, Ring, and Sidewalk Bridge devices, dramatically increasing the number of listening points that can report a tag's location.
That architecture makes it a powerful stalking tool, according to the lawsuit. Plaintiffs contend the design was defective and that the risk was foreseeable, pointing to online comments in Tile ads where users openly talked about using trackers to stalk women.
Separate research by a Georgia Tech team found that Tile tags broadcast an unencrypted MAC address and unique ID, and that this information is also transmitted unencrypted to Tile's servers, potentially allowing a determined observer – or Tile itself – to track tags and their owners over time despite claims to the contrary.
The Ninth Circuit's recent memorandum does not resolve the core stalking allegations but instead focuses on whether two plaintiffs are bound by arbitration language that Tile added in October 2023. Tile notified account holders by email that updated terms would take effect, stating that continued use of any Life360 or Tile apps or websites after November 26, 2023 would constitute agreement to the new terms.
One plaintiff later found the notice in her spam folder; another says she never saw it and only downloaded the Tile app in 2024 to run the Scan and Secure feature in an attempt to locate a suspected stalker's tracker.
Despite that context, the court held that both plaintiffs "unambiguously manifested assent" to the October 2023 terms through their use of the Tile app after the notice. Under California law, the panel concluded, the email provided reasonably conspicuous notice and clearly explained that continued use would be treated as consent, even if the users did not focus on or fully understand the revised arbitration language.
As a result, their claims related to Tile's products and accounts are steered toward arbitration, leaving the broader debate over Bluetooth tracker safety to proceed under constrained procedural rules.
For security engineers and privacy professionals, the ramifications are stark: a mass-market tracking architecture that researchers say transmits identifiers and locations in the clear, combined with a judicial finding that an email and continued app usage are enough to bind victims of alleged misuse to a private forum.
Or put another way, design decisions at the protocol level now sit alongside legal questions about consent and arbitration in determining how safe these ubiquitous location tags really are.