I don't know a lot about it, but I'm wondering how it differs from Apple's "Find my" network (which is also crowdsourced), and also, what sort of privacy issues we've seen so far with Apple's...
I don't know a lot about it, but I'm wondering how it differs from Apple's "Find my" network (which is also crowdsourced), and also, what sort of privacy issues we've seen so far with Apple's version of this?
I don't know the details of Google's network, but Apple's Find My network is extremely privacy preserving. The (simplified) way it works is: First, you enroll your Find My device in the network....
Exemplary
I don't know the details of Google's network, but Apple's Find My network is extremely privacy preserving.
The (simplified) way it works is:
First, you enroll your Find My device in the network. The device stores a master public key and your Apple device stores the corresponding private key. This all happens on-device and is synced encrypted through your iCloud keystore (like saved passwords, backup encryption keys, etc), Apple servers are never involved.
The Find My device will regularly send out a Bluetooth beacon with a "rolling" public key. These keys are cycled through every so often, meaning you'd have to listen for quite a while to be able to reliably track a specific device. Any Apple devices within earshot will take that key, encrypt the device's current location with the key, and then send it up to Apple servers (or cache it to be sent up later, if it has limited/no internet connection).
Later, anyone with a valid Apple ID can ask Apple for the beacons uploaded for a given public key (I believe Apple has been working on making this process use Oblivious HTTPS (OHTTPS), but I don't know if it's using it today). Apple doesn't limit what keys you can request the beacons for, and doesn't know what keys are associated with which accounts.
Then, your client will decrypt the beacons with the stored private key, and be able to show where your device is on a map, track it over time, etc.
Since the protocol is (technically) actually pretty open, if you know how the protocol works, you can use it to send beacons and track your own devices too, using a tool like OpenHaystack.
One key thing that might be easy to miss in this is that the company servers never know the locations of devices: all of the location info submitted to them is encrypted using the public key that...
One key thing that might be easy to miss in this is that the company servers never know the locations of devices: all of the location info submitted to them is encrypted using the public key that the device broadcasts, so only the owner's devices with the private keys can decrypt the location info.
This is largely the same as Apple's network, and it was held back by Google waiting for Apple to agree to a shared standard so that both can detect unwanted devices regardless of which network...
This is largely the same as Apple's network, and it was held back by Google waiting for Apple to agree to a shared standard so that both can detect unwanted devices regardless of which network you're on (which is good for preventing others using Airtags/equivalents for stalking).
You can also turn off your device's participation in the network in the Find My Device settings (you can either completely turn off offline detection or only use the last location of your device without connecting to the network). It's more or less trivial to opt out this way.
My ADHD makes it very difficult to remember where I last left my phone in the house, with it turned to silent. I use this feature a lot, at least twice a week.... Is there a less privacy...
My ADHD makes it very difficult to remember where I last left my phone in the house, with it turned to silent. I use this feature a lot, at least twice a week....
Is there a less privacy concerning alternative? It "only" needs to be able to turn my phone volume from silent to max and make noise.
I use the "ring my phone" feature regularly. I also have Tiles and will use them to find my keys or phone or whichever. But this is more about using all other Androids to work together to find...
I use the "ring my phone" feature regularly. I also have Tiles and will use them to find my keys or phone or whichever.
But this is more about using all other Androids to work together to find your phone because it was stolen. Or your Pixel buds were left in the office, etc.
I don't know a lot about it, but I'm wondering how it differs from Apple's "Find my" network (which is also crowdsourced), and also, what sort of privacy issues we've seen so far with Apple's version of this?
I don't know the details of Google's network, but Apple's Find My network is extremely privacy preserving.
The (simplified) way it works is:
First, you enroll your Find My device in the network. The device stores a master public key and your Apple device stores the corresponding private key. This all happens on-device and is synced encrypted through your iCloud keystore (like saved passwords, backup encryption keys, etc), Apple servers are never involved.
The Find My device will regularly send out a Bluetooth beacon with a "rolling" public key. These keys are cycled through every so often, meaning you'd have to listen for quite a while to be able to reliably track a specific device. Any Apple devices within earshot will take that key, encrypt the device's current location with the key, and then send it up to Apple servers (or cache it to be sent up later, if it has limited/no internet connection).
Later, anyone with a valid Apple ID can ask Apple for the beacons uploaded for a given public key (I believe Apple has been working on making this process use Oblivious HTTPS (OHTTPS), but I don't know if it's using it today). Apple doesn't limit what keys you can request the beacons for, and doesn't know what keys are associated with which accounts.
Then, your client will decrypt the beacons with the stored private key, and be able to show where your device is on a map, track it over time, etc.
Since the protocol is (technically) actually pretty open, if you know how the protocol works, you can use it to send beacons and track your own devices too, using a tool like OpenHaystack.
One key thing that might be easy to miss in this is that the company servers never know the locations of devices: all of the location info submitted to them is encrypted using the public key that the device broadcasts, so only the owner's devices with the private keys can decrypt the location info.
This is largely the same as Apple's network, and it was held back by Google waiting for Apple to agree to a shared standard so that both can detect unwanted devices regardless of which network you're on (which is good for preventing others using Airtags/equivalents for stalking).
You can also turn off your device's participation in the network in the Find My Device settings (you can either completely turn off offline detection or only use the last location of your device without connecting to the network). It's more or less trivial to opt out this way.
My ADHD makes it very difficult to remember where I last left my phone in the house, with it turned to silent. I use this feature a lot, at least twice a week....
Is there a less privacy concerning alternative? It "only" needs to be able to turn my phone volume from silent to max and make noise.
I use the "ring my phone" feature regularly. I also have Tiles and will use them to find my keys or phone or whichever.
But this is more about using all other Androids to work together to find your phone because it was stolen. Or your Pixel buds were left in the office, etc.