Google's "Find My Device" network - The upcoming assault on user's privacy
My post relates very much to this one which is a month old. Like their Samsung device, this feature is now coming to my Redmi device also. Today only I received the email with subject, "Your Android devices will soon join the Find My Device network".
As always, the real privacy nightmare stuff is always hidden in between the large boring paragraphs or the fine print as they say. Here is the part which I think is the most problematic:
How it works
Devices in the network use Bluetooth to scan for nearby items. If other devices detect your items, they’ll securely send the locations where the items were detected to Find My Device. Your Android devices will do the same to help others find their offline items when detected nearby.
So, your devices are also supposed to co-operate by sending data to other devices which may want their location detected while offline. We are made to believe here that this data pertains to only our location and nothing else but once this thing becomes too ubiquitous, one can easily see the scope for surveillance capitalism by the powers that be?
This is very much like the Microsoft's recall scenario, I don't see much difference between this and that. At least there, the data is very much still on the user's device and doesn't leave its shores, this is arguably even worse. For such technology to be palatable to the power user, they must at the very least, be prepared to open source this code. I think recall would have still got some acceptance had Microsoft made the code open source. This whole "you trust me but I won't trust you" business is highly cynical and doesn't usually have a long shelf life.
I don't know a lot about it, but I'm wondering how it differs from Apple's "Find my" network (which is also crowdsourced), and also, what sort of privacy issues we've seen so far with Apple's version of this?
I don't know the details of Google's network, but Apple's Find My network is extremely privacy preserving.
The (simplified) way it works is:
First, you enroll your Find My device in the network. The device stores a master public key and your Apple device stores the corresponding private key. This all happens on-device and is synced encrypted through your iCloud keystore (like saved passwords, backup encryption keys, etc), Apple servers are never involved.
The Find My device will regularly send out a Bluetooth beacon with a "rolling" public key. These keys are cycled through every so often, meaning you'd have to listen for quite a while to be able to reliably track a specific device. Any Apple devices within earshot will take that key, encrypt the device's current location with the key, and then send it up to Apple servers (or cache it to be sent up later, if it has limited/no internet connection).
Later, anyone with a valid Apple ID can ask Apple for the beacons uploaded for a given public key (I believe Apple has been working on making this process use Oblivious HTTPS (OHTTPS), but I don't know if it's using it today). Apple doesn't limit what keys you can request the beacons for, and doesn't know what keys are associated with which accounts.
Then, your client will decrypt the beacons with the stored private key, and be able to show where your device is on a map, track it over time, etc.
Since the protocol is (technically) actually pretty open, if you know how the protocol works, you can use it to send beacons and track your own devices too, using a tool like OpenHaystack.
One key thing that might be easy to miss in this is that the company servers never know the locations of devices: all of the location info submitted to them is encrypted using the public key that the device broadcasts, so only the owner's devices with the private keys can decrypt the location info.
This is largely the same as Apple's network, and it was held back by Google waiting for Apple to agree to a shared standard so that both can detect unwanted devices regardless of which network you're on (which is good for preventing others using Airtags/equivalents for stalking).
You can also turn off your device's participation in the network in the Find My Device settings (you can either completely turn off offline detection or only use the last location of your device without connecting to the network). It's more or less trivial to opt out this way.
My ADHD makes it very difficult to remember where I last left my phone in the house, with it turned to silent. I use this feature a lot, at least twice a week....
Is there a less privacy concerning alternative? It "only" needs to be able to turn my phone volume from silent to max and make noise.
I use the "ring my phone" feature regularly. I also have Tiles and will use them to find my keys or phone or whichever.
But this is more about using all other Androids to work together to find your phone because it was stolen. Or your Pixel buds were left in the office, etc.
I'd say Find My Phone is pretty private solution.