An AirTag never trusts the bag it's in to report where it is. The network around it does. Sello works the same way: every service your agent touches drops a sealed, verifiable sighting that only you can open. See where your agents went, and prove it.
sha256:e0c7 4b19 a2f8 6d35 … Find My already solved "track a thing you don't control, privately, using a network you don't own." Map it onto agents and you get Sello.
A tiny, tamper-evident token of presence. Here, each service stamps what it observed into a signed COSE envelope the agent can't forge.
Passing iPhones relay an AirTag's pings. Here, the services your agent calls relay sealed sightings into append-only public logs.
Every location report is a discrete, attributable event. Here, every action is a receipt signed by the service that saw it, with a verifiable time.
Apple can't see your stuff's location. Here, the network and the logs carry your trail, but only your key can decrypt what actually happened.
The finder reports the sighting. Never the thing being found.
A lost AirTag can't lie about where it is, because it isn't the one talking. The phones around it are. Sello moves the pen the same way: the service that handled the action signs the sighting, so a compromised agent can't quietly rewrite its own trail.
The agent passes through. The service seals what it saw and drops it in a public log. You pull it back later and verify. The agent never holds the pen.
The trail is public enough to prove and private enough to trust. Anyone can confirm a sighting exists. Only your key reveals what it says.
Every observer, every log, every passerby sees only this. Sealed to your key with HPKE.
Held only by the owner. The signature proves who sealed it; the log proves it existed.
The Find My picture is just the intuition. Underneath it is a concrete protocol: signed COSE receipts, HPKE encryption, and public transparency logs.