FindMyFreedomPhone
A solution for ordinary people to find their lost Freedom Phone or track and disable it if stolen.
Find My Freedom Phone
Wiki pages: Research | NGI Proposal
Find my lost phone. Track and disable my stolen phone.
A convenient solution, that's there when we need it, for human-centred, ethical mobile devices.
All of this... | with none of this... |
---|---|
Introduction
One of the quality-of-life functions we expect from our smartphones is a group of features known by names like "Find my phone". Most of the time we don't need it, but when we do then we're at best inconvenienced and at worst devastated by theft.
The way Big Tech does this puts themselves in full control over people's devices, with no feasible alternative.
We need "Find my phone" for freedom phones, in a way that gives people full authority over their devices.
"Find my Freedom Phone" is freedom software, and open standards, that that puts a person in control of finding and remotely controlling certain aspects of their own smartphones and similar devices.
Power users can already find and configure software which gives them remote control over their devices. There are several kinds.
My proposal is to integrate techniques from these existing technologies in a way which makes them readily accessible to ordinary people. Towards a "one click" set-up.
The Wider Scene, Background, Rationale
With the "find my phone" concept we are referring to a group of functions to help in case of loss or theft, such as ringing the device loudly even if it was in "silent" mode, reporting its location, remotely disabling it, and more. Each big tech vendor offers their own variations on this theme.
People deserve both the right and the practical possibility to use a phone that is not controlled by Big Tech but by themself or their choice of provider, perhaps local to them. Freedom phones are not controlled by big tech, and instead connect to freedom services and run freedom software. There are by now several options for freedom phones, and they are well developed in their primary functions, the things we interact with, like the web browser, phone calls and installable apps.
To greatly improve ordinary people's option to use a freedom phone, we now need to build the quality-of-life features. Things like backup and restore, software upgrades, passwords and encryption, and push notifications. Across the ecosystem in general these are at early stages of development.
Scope
This NGI-MobiFree project covers integration towards "find my phone" being available to ordinary people using freedom phones. People will find that the functions they need will be ready to use when they need them, without (much) prior thought and configuration.
This project's focus is on the core functionality, together with published APIs and protocols. There is architectural separation between core functionality and its user interfaces, both device-side and server-side. (Seeing a working implementation, other developers may then improve UI/UX or create alternatives.)
Requirements / Use Cases
Scenarios:
- Lost at home: ring or otherwise locate my (or partner's) phone...
- Lost in public: locate, track, soft-disable, message to finder...
- Theft: locate, track, hard-disable, wipe...
Access modes (device owner may use any combination):
- Owner delegates authority to or through a chosen service provider.
- Peer-to-peer: group of trusted devices; no service provider.
- SMS: a limited kind of service provider, widely available. (Caution: insecure system.)
Authority modes (device owner chooses one):
- delegate authority: device owner fully trusts the service provider or peer devices: they can control our device.
- delegate access only: device owner keeps their device credentials separately.
A hybrid authority mode is reasonable: for example, let the service provider or peer devices have access credentials for common actions such as "ringing", but not for more destructive or sensitive actions.
Pre-configuration:
-
A freedom phone supplier or service provider can pre-configure the devices they supply to connect automatically to their services, select which remote functions they enable by default, and choose security requirements, so an individual owner doesn't have to think about and set up these things in advance.
-
A device owner wishing to be independent of service providers may configure their own local service that implements the published APIs and protocols, and/or may use the peer-to-peer mode.
-
Specifying which functions may be supported on-device (ringing, camera, track location, wipe, ...) and by a service provider (monitoring/tracking, access to device functions, and more) is an adjacent topic: the core design is flexible.
Starting Points
- FMD -- main starting point
- KDE-connect -- additional technical and UX ideas
- clues from what big tech does
Invoking
- manually send SMS (from trusted number or with pass-code)
- dedicated app (convenient to put a "find now" button on one's other device or partner's phone)
- server GUI
Response
- ringing, at loud volume (option to start soft)
- replying with its location and/or any useful info
- theft scenario responses (such as lock, wipe, photo, displaying a message)
Transports
Important to have best chance of any kind of connection.
- WiFi:
- UnifiedPush
- KDEconnect protocol?
- SMS
- Bluetooth
- (research big tech's methods)
Reliability: ensuring reception
- Proactive checking:
- end-to-end connectivity
- restrictions like battery optimisation
- volume control and vibrate permission
- start at boot time
- Multiple transports
- server and dedicated app should be able to try alternate transports, e.g. send SMS if target is unreachable via internet.
- Periodic reporting (to other trusted device or personal server), in case "find now" fails for any reason.
- with location
Security Considerations
Multiple risks, due to using root permissions and providing remote access to functions like tracking and data wiping.
Will need security reviews from several angles.
OS Integration Objectives
- integrate with OS so permissions are available
- integrate with Services Account (Single Sign-On)
- integrate with other devices, peer-to-peer
- integrate with UnifiedPush for efficient always listening
- integrate with SMS, any other transports
- integrate with backup/restore
Convenience
- widget "find partner's phone", one click (plus confirm), on home/lock screen.
- easy reciprocal set up: for me to find partner's/family's and they to find mine; for me to find all my devices from any.
- quiet start: gentle ringing so can be used when people may be sleeping.
- web integration: via a personal server of my choice.
- minimal notifications. We may notify when device has been accessed remotely, but no more than necessary: for some people notifications are unwelcome clutter.
Server
Server component should be optional. Should work without configuring a server, and also if server is non-responsive.
Remote Control
Remote controls are especially useful for (suspected) theft scenarios. Some are also useful in other scenarios.
- remote lock
- remote wipe
- remote view
- remote listen
- remote display picture/message
- remote invite finder to send a message or make a call
- remote track (more frequent location updates & other sensors)
- etc.
User Experience: Setting Up
At OS new user set-up time: let the owner decide whether to delegate administrative power over this device to a remote authority. That authority could be:
- an account (their own or another's) at a service provider (commercial, non-commercial, self-managed), or
- another device or group of devices
We might also offer the person a choice to set up additional credentials to access this function. (They may skip this if they consider the chosen authority to be secure and trustworthy.)
Main account integration
FMFF integrates into person's "main account" for authorization (idea of a "main account" to be developed)...
Non-Technical Challenges
Persuading potential adopters of the need to run a service (location tracking server, GUI, UnifiedPush) or create ways for their device owners to run or get access to such a service.
References
- FMD issue #243 proposing FindMyFreedomPhone
-
FMD matrix room:
#fmd:trax.im
or matrix:r/fmd:trax.im